Last active
January 10, 2018 14:40
-
-
Save huksley/ed30cd723128e4c36406 to your computer and use it in GitHub Desktop.
Installs Rundeck 2.6.11 and configures it with empty project and with auth token to access everything remotely
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
### WARNING!!! REMOVES PREVIOUS INSTANCE AND RUNDECK DB OFF THE SERVER!!! WARNING !!! ### | |
# | |
# Installs Rundeck and configures it with empty project and with auth token to access everything remotely. | |
# * Moves rundeck to /rundeck prefix so it can coexist with other projects. | |
# * Full cleanup from previous installation. | |
# * Removes POST limit in jetty (important for API calls) | |
# * Makes it ready for remote API calls | |
# | |
# Default user/password is admin:admin | |
# | |
# Listens to environment variables: | |
# RUNDECK_HOST=hostname - hostname to use instead of `hostname` | |
# RUNDECK_DB=default - database to configure (default - h2 or mysql - you will be prompted for mysql root password) | |
# RUNDECK_TOKEN=.... - API token to use, instead of using autogenerated one | |
# RUNDECK_PROJECT=local - project to create | |
# | |
# Tested on Ubuntu 14.04 | |
# project name | |
pname=${RUNDECK_PROJECT:-local} | |
# token, either generate it or use static | |
token=`dd if=/dev/urandom bs=1024 count=1 2>/dev/null| md5sum | cut -d" " -f1` | |
token=${RUNDECK_TOKEN:-$token} | |
# Make hostname instead of localhost so accessible from anywhere | |
hostname=`hostname` | |
rhost=${RUNDECK_HOST:-$hostname} | |
rport=${RUNDECK_PORT:-4440} | |
dbtype=${RUNDECK_DB:-default} | |
ver=${RUNDECK_VERSION:-2.6.11} | |
echo Installing Rundeck $ver URL $rhost:$rport project $pname token $token db $dbtype | |
# ensure no rundeck is running and all is clean | |
sudo service rundeckd stop | |
sudo rm -Rf /tmp/rundeck | |
sudo rm -Rf /var/rundeck | |
sudo rm -Rf /var/lib/rundeck | |
sudo rm -Rf /var/log/rundeck | |
sudo rm -Rf /etc/rundeck | |
sudo apt-get -y remove rundeck | |
sudo apt-get -y purge rundeck | |
# download rundeck deb | |
if [ ! -f /tmp/rundeck-$ver.deb ]; then | |
curl -L -o /tmp/rundeck-$ver.deb http://dl.bintray.com/rundeck/rundeck-deb/rundeck-$ver-1-GA.deb | |
fi | |
sudo dpkg -i /tmp/rundeck-$ver.deb | |
sudo mkdir -p /tmp/rundeck | |
# fix rights to folder sometimes it is wrong set | |
sudo chmod a+rw -R /tmp/rundeck | |
# init one project | |
sudo mkdir -p /var/rundeck/projects/$pname/etc/ | |
pxml=/var/rundeck/projects/$pname/etc/resources.xml | |
pfile=/var/rundeck/projects/$pname/etc/project.properties | |
echo project.name=$pname | sudo tee $pfile | |
echo resources.source.1.config.requireFileExists=false | sudo tee -a $pfile | |
echo project.ssh-authentication=privateKey | sudo tee -a $pfile | |
echo service.NodeExecutor.default.provider=jsch-ssh | sudo tee -a $pfile | |
echo resources.source.1.config.includeServerNode=true | sudo tee -a $pfile | |
echo resources.source.1.config.generateFileAutomatically=true | sudo tee -a $pfile | |
echo resources.source.1.config.format=resourcexml | sudo tee -a $pfile | |
echo resources.source.1.config.file=/var/rundeck/projects/$pname/etc/resources.xml | sudo tee -a $pfile | |
echo project.ssh-keypath=/var/lib/rundeck/.ssh/id_rsa | sudo tee -a $pfile | |
echo service.FileCopier.default.provider=jsch-scp | sudo tee -a $pfile | |
echo resources.source.1.type=file | sudo tee -a $pfile | |
# Change admin password | |
if [ "$ADMINPW" != "" ]; then | |
sudo echo "admin:$ADMINPW,user,admin,architect,deploy,build" | sudo tee /etc/rundeck/realm.properties | |
fi | |
sudo sed -i -re "s/localhost:4440/$rhost:$rport/g" /etc/rundeck/rundeck-config.properties | |
sudo sed -i -re "s/localhost:4440/$rhost:$rport/g" /etc/rundeck/framework.properties | |
# Init empty resources.xml with one (local) node | |
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" | sudo tee $pxml | |
echo "<project>" | sudo tee -a $pxml | |
echo "<node name=\"$hostname\" description=\"Rundeck server node\" tags=\"\" hostname=\"localhost\" osArch=\"amd64\" osFamily=\"unix\" osName=\"Linux\" username=\"rundeck\"/>" | sudo tee -a $pxml | |
echo "</project>" | sudo tee -a $pxml | |
sudo chown rundeck.rundeck -R /var/rundeck/ | |
sql=/tmp/rundeck.sql | |
if [ "$dbtype" = "default" ]; then | |
echo "Default H2 db update" | |
dburl="jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true" | |
jar=/var/lib/rundeck/exp/webapp/WEB-INF/lib/h2-1.3.164.jar | |
# this creates auth token | |
echo "set autocommit on;" >$sql | |
echo "create table if not exists auth_token (id bigint generated by default as identity, version bigint not null, auth_roles longvarchar not null, token varchar(255) not null unique, user_id bigint not null, primary key (id));" >>$sql | |
echo "insert into auth_token (VERSION, AUTH_ROLES, TOKEN, USER_ID) values (0, 'api_token_group', '$token', 1);" >>$sql | |
echo "SHUTDOWN COMPACT;" >>$sql | |
sudo java -classpath $jar org.h2.tools.RunScript -url "$dburl" -script $sql -showResults -continueOnError | |
sudo rm /var/lib/rundeck/data/rundeckdb.lock.db | |
sudo rm /var/lib/rundeck/data/rundeckdb.trace.db | |
sudo chown rundeck.rundeck /var/lib/rundeck/data/rundeckdb.h2.db | |
fi | |
if [ "$dbtype" = "mysql" ]; then | |
DBPW=`dd if=/dev/urandom bs=1 count=32 2>/dev/null | md5sum | cut -d" " -f1` | |
DBUSER=rundeck | |
echo "Creating MySQL user $DBUSER, enter ROOT password" | |
echo "GRANT ALL PRIVILEGES ON rundeck.* To '$DBUSER'@'localhost' IDENTIFIED BY '$DBPW';" | mysql | |
# this creates auth token | |
echo "drop database if exists rundeck;" >$sql | |
echo "create database rundeck;" >>$sql | |
echo "use rundeck;" >>$sql | |
echo "CREATE TABLE IF NOT EXISTS rduser(id bigint(20) NOT NULL AUTO_INCREMENT, version bigint(20) NOT NULL, dashboard_pref varchar(255) DEFAULT NULL, date_created datetime NOT NULL, email varchar(255) DEFAULT NULL, filter_pref varchar(255) DEFAULT NULL, first_name varchar(255) DEFAULT NULL, last_name varchar(255) DEFAULT NULL, last_updated datetime NOT NULL, login varchar(255) NOT NULL, password varchar(255) DEFAULT NULL, PRIMARY KEY (id)) ENGINE=InnoDB DEFAULT CHARSET=latin1;" >>$sql | |
echo "CREATE TABLE IF NOT EXISTS auth_token(id bigint(20) NOT NULL AUTO_INCREMENT, version bigint(20) NOT NULL, auth_roles longtext NOT NULL, token varchar(255) NOT NULL, user_id bigint(20) NOT NULL, PRIMARY KEY (id), UNIQUE KEY token (token)) ENGINE=InnoDB;" >>$sql | |
echo "insert into auth_token (VERSION, AUTH_ROLES, TOKEN, USER_ID) values (0, 'api_token_group', '$token', 1);" >>$sql | |
echo "insert into rduser (id, version, dashboard_pref, date_created, email, filter_pref, first_name, last_name, last_updated, login, password) select 1, 0, NULL, NOW(), 'admin@admin.com', NULL, NULL, NULL, NOW(), 'admin', NULL;" >>$sql | |
cat $sql | mysql -u$DBUSER -p$DBPW | |
sudo sed -i -re "s/dataSource.url/disabled.dataSourceUrl/g" /etc/rundeck/rundeck-config.properties | |
echo "dataSource.url = jdbc:mysql://localhost/rundeck?autoReconnect=true" | sudo tee -a /etc/rundeck/rundeck-config.properties | |
echo "dataSource.username = $DBUSER" | sudo tee -a /etc/rundeck/rundeck-config.properties | |
echo "dataSource.password = $DBPW" | sudo tee -a /etc/rundeck/rundeck-config.properties | |
fi | |
# move rundeck to /rundeck prefix in URL | |
# this is correct, no $ expansion | |
echo 'RDECK_JVM="$RDECK_JVM -Dserver.web.context=/rundeck"' | sudo tee -a /etc/rundeck/profile | |
sudo sed -i -re "s/$rhost:$rport.*/$rhost:$rport\/rundeck/g" /etc/rundeck/rundeck-config.properties | |
# Listen only on hostname | |
echo "RDECK_JVM=\"\$RDECK_JVM -Dserver.http.host=$rhost\"" | sudo tee -a /etc/rundeck/profile | |
# remove limit on post size | |
# this is correct, no $ expansion | |
echo 'RDECK_JVM="$RDECK_JVM -Dorg.eclipse.jetty.server.Request.maxFormContentSize=-1"' | sudo tee -a /etc/rundeck/profile | |
# start it now | |
sudo service rundeckd start | |
sudo update-rc.d rundeckd enable |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For no-prompt installation make sure mysql can connect without password (add user and password to ~/.my.cnf). Define env variables to alter behaviour. Make sudo without password (if running under underprivileged user).