Rundeck


Rundeck User creation

It seems there might be a confusion with the operating system version mentioned. Oracle 7.9 is not an operating system; it is an Enterprise Linux distribution by Oracle, and Oracle Linux 7.x versions are available. Also, the process of creating a user and granting sudo privileges may slightly differ based on the Linux distribution you are using.

Assuming you are using Oracle Linux 7.x, here's how you can create a user named "rundeck" and give them sudo privileges:

  1. Log in to your Oracle Linux server as a user with sudo privileges or switch to the root user using the su command.

sudo useradd -m -s /bin/bash rundeck
 





===============


To install Rundeck on Oracle Linux 7.x, you can follow these steps. Rundeck is typically installed using a package manager like YUM, so make sure you have internet access and necessary repositories configured.

 Update the system:

sudo yum update
Install Java Development Kit (JDK):
Rundeck requires Java to run. You can install OpenJDK, which is an open-source implementation of the Java Platform.
sudo yum install java-1.8.0-openjdk-devel

 
Add the Rundeck YUM repository:

sudo rpm -Uvh http://repo.rundeck.org/latest.rpm

Install Rundeck:

sudo yum install rundeck

Start Rundeck service:

sudo systemctl start rundeckd

Enable Rundeck to start on boot:

sudo systemctl enable rundeckd


  1. By default, Rundeck listens on port 4440. Ensure that port 4440 is open in your firewall to access the Rundeck web interface.

  2. Access Rundeck Web Interface: Open your web browser and navigate to http://your_server_ip_or_domain:4440. You should see the Rundeck login page.

  3. The default username is admin, and the default password is admin. You should change the password after logging in for the first time.

That's it! Rundeck should now be installed and running on your Oracle Linux 7.x server. You can start creating projects, jobs, and workflows using the Rundeck web interface. If you encounter any issues, be sure to check the Rundeck logs located in /var/log/rundeck/ for troubleshooting.

Please note that the installation steps are based on the assumption that you have proper permissions and access to the repositories required for installing Rundeck and OpenJDK. Additionally, always make sure to follow best practices for security and keep your system up-to-date with security patches.


Deleting Rundeck
To uninstall Rundeck on Oracle Linux, you'll need to follow these steps:
Stop Rundeck service:
sudo systemctl stop rundeckd
 
Disable Rundeck service (optional):
sudo systemctl disable rundeckd
Remove Rundeck package and dependencies:
sudo yum remove rundeck
 
Remove Rundeck configuration files and directories:
sudo rm -rf /etc/rundeck
sudo rm -rf /var/lib/rundeck
sudo rm -rf /var/log/rundeck
 

If you had created any custom projects or data, make sure to back them up before removing the directories above.

sudo userdel rundeck

sudo rm -rf /home/rundeck

If you used the default Rundeck service user (e.g., rundeck), you may also want to remove the user and its home directory (if it was created during installation):
    

Ansible Code :
---
- name: Install and Upgrade Rundeck on Oracle Linux
  hosts: your_oracle_linux_servers
  become: true

  tasks:
    - name: Add EPEL repository (Extra Packages for Enterprise Linux)
      yum:
        name: epel-release
        state: present

    - name: Install required dependencies
      yum:
        name: java-1.8.0-openjdk
        state: present

    - name: Create Rundeck user
      user:
        name: rundeck
        group: rundeck
        home: /home/rundeck
        create_home: yes
        shell: /bin/bash

    - name: Download and run rpm-setup.sh script
      get_url:
        url: "https://raw.githubusercontent.com/rundeck/packaging/main/scripts/rpm-setup.sh"
        dest: /tmp/rpm-setup.sh
        mode: 0755

    - name: Run rpm-setup.sh script
      shell: /tmp/rpm-setup.sh rundeck
      args:
        creates: /etc/yum.repos.d/rundeck.repo

    - name: Upgrade Rundeck and Rundeck-config
      yum:
        name: "{{ item }}"
        state: latest
      with_items:
        - rundeck
        - rundeck-config

    - name: Start Rundeck service
      systemd:
        name: rundeckd
        state: started
        enabled: yes


In this modified playbook, we use the get_url module to download the rpm-setup.sh script, set its mode to executable (0755), and then use the shell module to run it with the rundeck argument. We also use the creates parameter to check if the /etc/yum.repos.d/rundeck.repo file has been created, which is an indicator that the script has been executed. This ensures that the script is executed only once.

After the script has set up the Rundeck repository, we use the yum module to upgrade the rundeck and rundeck-config packages to their latest versions.

Finally, the playbook starts and enables the Rundeck service as before.

Remember to replace your_oracle_linux_servers with the actual target host or group in the playbook and run the playbook using the ansible-playbook command with the hosts file:

ansible-playbook -i hosts install_rundeck.yml
 

CONNECTING TO THE AWS MACHINE ,
ansible all -m ping -u ec2-user -i <Mahine_ip_address>, --private-key=id_rsa


Make sure you copy the ssh_public key from the ansible host machine to the other machine.
Another computer inside 

Create a file 

```
inventory.ini

[check]
ip_address

```

And run the below command

ansible check -i inventory.ini -m ping


ROLE 
Create the Role Directory:

ansible-galaxy init install_rundeck

Sure! To convert the previous playbook into an Ansible role, follow these steps:
  1. Create the Role Directory:
bash
ansible-galaxy init install_rundeck

This command will create a directory named install_rundeck with the basic role structure and necessary files.
  1. Edit the Role Tasks:
Navigate to the role's tasks directory and edit the main.yml file:


```
---
- name: Download rpm-setup.sh script
  uri:
    url: https://raw.githubusercontent.com/rundeck/packaging/main/scripts/rpm-setup.sh
    dest: /tmp/rpm-setup.sh
    method: GET
    status_code: 200, 201
    validate_certs: no
  register: download_result
  until: download_result is succeeded
  retries: 5
  delay: 5

- name: Execute rpm-setup.sh script
  shell: bash /tmp/rpm-setup.sh rundeck
  args:
    warn: false

- name: Install Java 1.8
  yum:
    name: java-1.8.0-openjdk
    state: present

- name: Install Rundeck
  yum:
    name: rundeck
    state: present
  notify: Restart Rundeck service

- name: Upgrade Rundeck and Rundeck-config
  yum:
    name:
      - rundeck
      - rundeck-config
    state: latest

 
```

  1. Edit the Role Handlers:
Navigate to the role's handlers directory and edit the main.yml file:

---
- name: Restart Rundeck service
  service:
    name: rundeckd
    state: restarted





  1. Update the Role's meta Information:
Edit the meta/main.yml file to provide some meta-information about the role:

---
---
galaxy_info:
  role_name: install_rundeck_role
  description: Install Rundeck on CentOS/RHEL systems
  author: Your Name
  license: MIT
  min_ansible_version: 2.9
  platforms:
    - name: EL
      versions:
        - 8
  tags:
    - rundeck



  1. Use the Role in a Playbook:
Create a new playbook that references the role:
---
- name: Install Rundeck on Servers
  hosts: your_rundeck_servers
  become: yes

  roles:
    - install_rundeck_role


 
  1. Save the playbook.
  2. Replace your_rundeck_servers with the appropriate inventory group or hostname for your Rundeck servers.
  3. Execute the playbook using the ansible-playbook command:


ansible-playbook your_playbook.yml

=====MYSQL DATABASE
To ensure that Rundeck is communicating with MySQL on another EC2 instance and not on the localhost, you need to take the following steps:
Check Rundeck Configuration: First, verify that Rundeck is correctly configured to use the remote MySQL instance. Open the Rundeck configuration file (framework.properties) on the Rundeck EC2 instance, usually located at /etc/rundeck/framework.properties. Ensure that the following properties are set correctly:

dataSource.url=jdbc:mysql://MySQL_EC2_Private_IP:3306/rundeck_db
dataSource.username=rundeck_user
dataSource.password=your_password

 
  1. Replace MySQL_EC2_Private_IP, rundeck_user, and your_password with the actual values used to connect to the MySQL instance.
  2. Firewall and Security Group Settings: Verify that the appropriate ports are open in the firewall and security group settings on both the Rundeck and MySQL EC2 instances. Specifically, ensure that the MySQL port (usually 3306) is accessible from the Rundeck EC2 instance. On the MySQL instance, the MySQL port should be open to allow incoming connections from the Rundeck EC2 instance's private IP address.
  3. Private IP Address Usage: Make sure that the Rundeck EC2 instance is using the private IP address of the MySQL EC2 instance to connect to MySQL. Using the private IP address ensures that the communication remains within the private network, adding an extra layer of security.
  4. Test Connectivity: To verify that Rundeck is indeed connecting to the remote MySQL instance, you can run a simple test using the MySQL client on the Rundeck EC2 instance. Connect to the MySQL database using the same credentials specified in the Rundeck configuration:

    mysql -h MySQL_EC2_Private_IP -u rundeck_user -p


    1. You will be prompted to enter the MySQL password for the rundeck_user. If you can successfully connect to the MySQL database, it indicates that the Rundeck EC2 instance can communicate with the MySQL EC2 instance.
    2. Logging and Debugging: Monitor the Rundeck logs for any connection-related issues. The logs are usually located in the /var/log/rundeck/ directory. You can also enable debug-level logging to get more detailed information about Rundeck's communication with the MySQL instance.
    By following these steps, you can ensure that Rundeck is correctly communicating with the MySQL instance on the other EC2 instance. Always prioritize security by using private IP addresses and ensuring that the necessary ports are appropriately configured to prevent unauthorized access.


































Comments











Post a Comment
























Popular posts from this blog









OPA : Introduction to OPA




















Image







 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  OPA :  https://www.youtube.com/watch?v=Vdy26oA3py8    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  How OPA works ?  Alice is the customer support rep and she has access to all the service such as (payments / Accounts / Promotions / Notification ) etc . And if she get access to all the system that is not all right . If she decides to bring down all the services she can do which can lead to failure of service. Also if she wants to look up where Bob lives she can do that and find out all his personally identifiable information again this is not Ideal. So what we want to do is put some guard rails into the system to prevent these kinds of things from happening .  In order to get alice do all her job and yet does not hamper the security of the system we are going to put but she cannot do anything that is harmful to the system . In order to do th...








Read more










 IP Cutover




















Image







 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ IP Cutover is needed when the Base machine is CentOS-6 and the VM is CentOS-7 Lets consider this server running in CentOS 6 ,and now the application team is asking to cut-over , they will come to us for the cut over when we have the new and the old server ready . netutils02-eq This IP is reachable from our work station. We will need to disable the IP address in this server and enable the IP address in another server new server . We need to shutdown the interface first . $ /sbin/ifdown ens192 Before that we need to go to checkMK and make sure this server is configured for downtime . The two servers will have different IP addresses though they might be running in the same network. once the interface is down we will not be able to ping this IP address from our workstation.  Once after checking the checkMK if the server CentOS is ...








Read more










FIRST-SUCCESSFUL SCRIPT -- NEEDED EDITION -- FIRST SUCCESSFUL ONE





















#!/bin/bash # Server Tested : compute90-cc : 8.25.218.59 10.170.16.186 : compute90-cc.packet8-pilot.net #####   --  Author of Script  - Sreejith Balakrishnan    #####       Purpose : 1. This script capture failed logins for root users whoever fails to connect successfully in their first 5 attempts  #####                 2. And only if those 5 failed attempts happens within 15 min timeline -- In such cases logs are generated #set -x ###----------------- ##### Declarations : ###----------------- #####   --  Put in the number of Failed Login Attempts you want to capture attempted_counts=5 #####   --  Time in minutes within which the count of login attempts to be captured seconds=900 ###------------------------ ##### End of Declations : ###------------------------ root_login(){ #rm -Rf /tmp/logins_1.log #rm -Rf /tmp/logins_2.log #rm -Rf /tmp/logins_11.log #rm -Rf...








Read more