quico-containers/rundeck
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
rundeck/README.md

4.2 KiB
Raw Blame History

Rundeck Docker Compose files

Docker Compose files to spin up an instance of Rundeck.

How to run

Add a COMPOSE_ENV file and save its location as a shell variable along with the location where this repo lives, here for example /opt/containers/rundeck plus all other variables. At env/fqdn_context.env.example you'll find an example environment file.

When everything's ready start Rundeck with Docker Compose, otherwise head down to Initial setup first.

Environment

export COMPOSE_DIR='/opt/containers/rundeck'
export COMPOSE_CTX='ux_vilnius'
export COMPOSE_PROJECT='rundeck-'"${COMPOSE_CTX}"
export COMPOSE_FILE="${COMPOSE_DIR}"'/docker-compose.yml'
export COMPOSE_ENV=<add accordingly>

Start

docker compose --project-name "${COMPOSE_PROJECT}" --file "${COMPOSE_FILE}" --env-file "${COMPOSE_ENV}" --profile 'full' up --detach

Initial setup

We're assuming you run Docker Compose workloads with ZFS-based bind mounts. ZFS management, creating a zpool and setting adequate properties for its datasets is out of scope of this document.

Datasets

Create ZFS datasets and set permissions as needed.

  • Parent dateset

    zfs create -o mountpoint=/opt/docker-data 'zpool/docker-data'

  • Container-specific datasets

    zfs create -p 'zpool/docker-data/rundeck-'"${COMPOSE_CTX}"'/rundeck'
zfs create -p 'zpool/docker-data/rundeck-'"${COMPOSE_CTX}"'/postgres'

  • Create subdirs

    mkdir -p '/opt/docker-data/rundeck-'"${COMPOSE_CTX}"'/rundeck/'{'.ssh','config','data','projects'}

  • Prefill content

    • Rundeck settings in realm.properties

      At the very least override Rundeck's default realm.properties file with one of your own and set a username and a password for local login. Default credentials will otherwise be admin:admin. Per Rundeck's manual on Jetty and JAAS authentication section "PropertyFileLoginModule" you're going to need Rundeck's rundeck.war file to create a bcrypt hash for your password. Run the official Rundeck Docker image in a throwaway container like so where rundeck/rundeck:4.13.0 is an example version you want to use:

      docker run \
    --rm \
    --tty \
    --interactive \
    --entrypoint bash \
    rundeck/rundeck:4.13.0 \
    -c 'java -jar /home/rundeck/rundeck.war --encryptpwd Jetty'

      This will download rundeck/rundeck:4.13.0 if needed and open up something along the lines of:

      Required values are marked with: * 
Username (Optional, but necessary for Crypt encoding):

      Type your desired username, type <Enter> and then your plain text password followed by <Enter> again. The whole exchange may look like this:

      Required values are marked with: * 
Username (Optional, but necessary for Crypt encoding):
my-username
*Value To Encrypt (The text you want to encrypt):
t0psecr3t            

==ENCRYPTED OUTPUT==
bcrypt: BCRYPT:$2a$10$jMWQvKbjpmBrKdA0Qi0/n.UvHot1F7Cvf7/Avlv9afknHpbvT6j7y
obfuscate: OBF:1z0f18qk1xtp1vgv1t331vfz1xtt18qq1z0f
md5: MD5:962aefc8c283c13e13d9c990dafdfba9
crypt: CRYPT:myS5y0c4wMQts

      Put a single line into an otherwise empty /opt/docker-data/rundeck-'"${COMPOSE_CTX}"'/rundeck/config/realm.properties:

      my-username: BCRYPT:$2a$10$jMWQvKbjpmBrKdA0Qi0/n.UvHot1F7Cvf7/Avlv9afknHpbvT6j7y,user,admin

      The account my-username will have roles user and admin and it'll be the only existing account when Rundeck starts.

    • SSH known_hosts file

      Place an empty known_hosts file at /opt/docker-data/rundeck-'"${COMPOSE_CTX}"'/rundeck/.ssh/known_hosts. Feel free to optionally prefill it with SSH public host keys.

  • Change ownership

    chown -R 999 '/opt/docker-data/rundeck-'"${COMPOSE_CTX}"'/postgres'
chown -R 1000 '/opt/docker-data/rundeck-'"${COMPOSE_CTX}"'/rundeck'

When done head back up to How to run.