This is a Resource Model Source plugin for Rundeck 4.0.0 and up that provides Rudder nodes as nodes for the Rundeck server.
It works with Rudder standard API v12 for Rudder 6.x and up.
Download the latest rundeck-rudder-nodes-plugin-X.Y.jar from the releases page.
Alternatively, you can build the project from source with Maven (mvn install) and use the resulting jar from your local repository (see Maven console output for the exact location).
NOTE: Building this plugin requires JDK 11, Scala 3.7.X, and Maven 3.9.Y
WARNING: The size of the plugin
.jar(~40MB) will likely exceed the maximum file size that can be uploaded from the web interface of Rundeck (26MB). In order to import the plugin, you can either :
- Manually copy the
.jarinto the plugin directory (Launcher:$RDECK_BASE/libext, RPM,DEB:/var/lib/rundeck/libext) of your Rundeck server. If you are running Rundeck from a Docker container, you can copy it withdocker cp:$ docker cp target/rundeck-rudder-nodes-plugin-X.Y.jar my-rundeck:$RDECK_BASE/libext/rundeck-rudder-nodes-plugin-X.Y.jar # Launcher$ docker cp target/rundeck-rudder-nodes-plugin-X.Y.jar my-rundeck:$/var/lib/rundeck/libext/rundeck-rudder-nodes-plugin-X.Y.jar # RPM, DEB
- Override the maximum upload size in the
rundeck-config.propertiesfile. You should then be able to upload the plugin from the web interface : open the System menu (gear icon on the top right) > Plugins > Upload plugin, and upload the plugin.jar.
Whichever way you choose to install it, the Rudder Resources plugin should now appear when you navigate to the System > Plugins > Installed plugins page.
By default, Rundeck uses SSH with private key authentication in order to log into your nodes. Hence, you will need a single SSH key that will be used to log into all the Rudder nodes you want to manage with Rundeck.
If you already have a SSH key that is authorized on all the Rudder nodes you want to manage, you can directly proceed to the Creating a Rudder API Token section.
Otherwise, the easiest way to authorize this key when you have a large number of nodes is to create a new Rudder Directive that will automatically add the new authorized key to your Rudder nodes.
Firstly, generate a new SSH key if needed. Then, in the Rudder interface, select Configurations > Directives in the sidebar.
In the Directives tree, find the SSH Authorised Keys technique (under System Settings > Remote access). Click the Create button.
After picking a name in the Information tab, navigate to the Parameters tab to configure your directive.
- Key tag : a descriptive tag for your SSH key (this tag will not be used in your nodes'
authorized_keysfile). - Username : set this field to
rundeck - Key : the public SSH key that will be authorized for all the Rudder nodes you want to manage. It will be inserted in the
authorized_keysfile of therundeckuser of each node.
Now, let's create a new rule that will apply this Directive. In the sidebar, select Configuration > Rules.
Click the Create button to create a new rule.
Pick a name for the rule. Then, in the Directives tab, select your new directive.
In the Groups tab, select a group that contains all the Rudder nodes you wish to import into Rundeck (it is recommended that you create a new group).
Save your changes to apply the directive to all the chosen nodes. If the directive was successfully applied, your public key will have been added to the authorized_keys file of the rundeck user in each of your Rudder nodes.
In order to access your Rudder nodes from Rundeck, you will need a Rudder API token. It is recommended that you create a new one. This step requires the api-authorization Rudder plugin.
In the Rudder interface, select Users & access > API accounts in the sidebar.
Click the Create an account button. Choose a fitting name for the token, and under Access level, choose "Custom ACL" from the drop-down menu.
The only required rights are GET groups and GET nodes. Select them both.
After you click Save, the token value will be displayed. Write it down as this token will be needed in the next step.
We can now import our Rudder nodes into Rundeck. In the Rundeck interface, select Project Settings (gear icon on the bottom left) > Edit nodes.
In the Nodes menu, click the Add a new Node Source button.
Select the Rudder Resources option.
You can now configure your Rudder node source :
- Rudder base URL : the Rudder url of your company, e.g. https://my.company.com/rudder/
- API token : the Rudder API token you have created earlier.
- Rundeck user : set this field to
rundeck
After saving your changes, your Rudder nodes should now be listed alongside your existing nodes when you navigate to the Nodes page.
NOTE: The Rudder Groups your nodes are in will be imported as Tags in Rundeck.
For more information on Node Sources, see the Rundeck documentation for Resource Model Sources.
Make sure that the IP addresses of the Rudder nodes can be resolved by the rundeck server. In practice, this means that the Rudder nodes you want to manage should be included in your company's DNS record, or the
/etc/hostsfile of the rundeck server, or whichever way you choose to resolve IP adresses.
You can now run jobs and commands on your imported Rudder nodes like you would on any Rundeck node. To test this out, create a Job with a single Workflow step (e.g. an echo shell command ), and try to run it on your Rudder nodes.
If the execution succeeds on all your nodes, you're all set !
