Skip to content

Latest commit

 

History

History
1394 lines (884 loc) · 36.2 KB

REFERENCE.md

File metadata and controls

1394 lines (884 loc) · 36.2 KB
Raw

Reference

Table of Contents

Classes

Public Classes

  • rundeck: Class to manage installation and configuration of Rundeck.
  • rundeck::cli: Class to manage installation and configuration of Rundeck CLI.

Private Classes

  • rundeck::config: This class is called from rundeck to manage the configuration.
  • rundeck::config::framework: This private class is called from rundeck::config used to manage the framework properties of rundeck.
  • rundeck::config::jaas_auth: This private class is called from rundeck::config used to manage jaas authentication for rundeck.
  • rundeck::config::ssl: This private class is called from rundeck::config used to manage the ssl properties if ssl is enabled.
  • rundeck::install: This class is called from rundeck for install.
  • rundeck::service: This class is called from rundeck to manage service.

Defined types

Functions

Data types

Classes

rundeck

Class to manage installation and configuration of Rundeck.

Parameters

The following parameters are available in the rundeck class:

override_dir

Data type: Stdlib::Absolutepath

An absolute path to the overrides directory. Examples/defaults for yumrepo can be found at RedHat.yaml, and for apt at Debian.yaml

repo_config

Data type: Hash

A hash of repository attributes for configuring the rundeck package repositories. Examples/defaults for yumrepo can be found at RedHat.yaml, and for apt at Debian.yaml

manage_repo

Data type: Boolean

Whether to manage the package repository.

Default value: true

package_ensure

Data type: String[1]

Ensure the state of the rundeck package, either present, absent or a specific version.

Default value: 'installed'

manage_home

Data type: Boolean

Whether to manage rundeck home dir.

Default value: true

user

Data type: String[1]

The user that rundeck is installed as.

Default value: 'rundeck'

group

Data type: String[1]

The group permission that rundeck is installed as.

Default value: 'rundeck'

manage_user

Data type: Boolean

Whether to manage user (and enforce user_id if set).

Default value: false

manage_group

Data type: Boolean

Whether to manage group (and enforce group_id if set).

Default value: false

user_id

Data type: Optional[Integer]

If you want to have always the same user id. Eg. because of a NFS share.

Default value: undef

group_id

Data type: Optional[Integer]

If you want to have always the same group id. Eg. because of a NFS share.

Default value: undef

admin_policies

Data type: Array[Hash]

Admin acl policies.

Default value:

[
    {
      'description' => 'Admin, all access',
      'context'     => { 'project' => '.*' },
      'for'         => {
        'resource' => [{ 'allow' => '*' }],
        'adhoc'    => [{ 'allow' => '*' }],
        'job'      => [{ 'allow' => '*' }],
        'node'     => [{ 'allow' => '*' }],
      },
      'by'          => [{ 'group' => ['admin'] }],
    },
    {
      'description' => 'Admin, all access',
      'context'     => { 'application' => 'rundeck' },
      'for'         => {
        'project'  => [{ 'allow' => '*' }],
        'resource' => [{ 'allow' => '*' }],
        'storage'  => [{ 'allow' => '*' }],
      },
      'by'          => [{ 'group' => ['admin'] }],
    },
  ]
api_policies

Data type: Array[Hash]

Apitoken acl policies.

Default value:

[
    {
      'description' => 'API project level access control',
      'context'     => { 'project' => '.*' },
      'for'         => {
        'resource' => [
          { 'equals' => { 'kind' => 'job' }, 'allow' => ['create', 'delete'] },
          { 'equals' => { 'kind' => 'node' }, 'allow' => ['read', 'create', 'update', 'refresh'] },
          { 'equals' => { 'kind' => 'event' }, 'allow' => ['read', 'create'] },
        ],
        'adhoc'    => [{ 'allow' => ['read', 'run', 'kill'] }],
        'job'      => [{ 'allow' => ['read', 'create', 'update', 'delete', 'run', 'kill'] }],
        'node'     => [{ 'allow' => ['read', 'run'] }],
      },
      'by'          => [{ 'group' => ['api_token_group'] }],
    },
    {
      'description' => 'API Application level access control',
      'context'     => { 'application' => 'rundeck' },
      'for'         => {
        'project'  => [{ 'match' => { 'name' => '.*' }, 'allow' => ['read'] }],
        'resource' => [{ 'equals' => { 'kind' => 'system' }, 'allow' => ['read'] }],
        'storage'  => [{ 'match' => { 'path' => '(keys|keys/.*)' }, 'allow' => '*' }],
      },
      'by'          => [{ 'group' => ['api_token_group'] }],
    },
  ]
manage_default_admin_policy

Data type: Boolean

Whether to manage the default admin policy.

Default value: true

manage_default_api_policy

Data type: Boolean

Whether to manage default api policy.

Default value: true

grails_server_url

Data type: Stdlib::HTTPUrl

Sets grails.serverURL so that Rundeck knows its external address.

Default value: "http://${facts['networking']['fqdn']}:4440"

clustermode_enabled

Data type: Boolean

Wheter to enable cluster mode.

Default value: false

execution_mode

Data type: Enum['active', 'passive']

Set the execution mode to 'active' or 'passive'.

Default value: 'active'

api_token_max_duration

Data type: String[1]

Set the token max duration.

Default value: '30d'

java_home

Data type: Optional[Stdlib::Absolutepath]

Set the home directory of java.

Default value: undef

jvm_args

Data type: String

Extra arguments for the JVM.

Default value: '-Xmx1024m -Xms256m -server'

quartz_job_threadcount

Data type: Integer

The maximum number of threads used by Rundeck for concurrent jobs.

Default value: 10

auth_config

Data type: Rundeck::Auth_config

Hash of properties for configuring Rundeck JAAS Authentication

Default value:

{
    'file' => {
      'auth_flag'    => 'required',
      'jaas_config'  => {
        'file' => '/etc/rundeck/realm.properties',
      },
      'realm_config' => {
        'admin_user'     => 'admin',
        'admin_password' => 'admin',
        'auth_users'     => [],
      },
    },
  }
database_config

Data type: Rundeck::Db_config

Hash of properties for configuring the Rundeck Database

Default value: { 'url' => 'jdbc:h2:file:/var/lib/rundeck/data/rundeckdb' }

feature_config

Data type: Hash

A hash of rundeck features.

Default value: {}

framework_config

Data type: Hash

Hash of properties for configuring the Rundeck Framework This hash will be merged with the Rundeck defaults

Default value: {}

grails_config

Data type: Hash

A hash of the rundeck grails configuration.

Default value: {}

gui_config

Data type: Hash

Hash of properties for customizing the Rundeck GUI

Default value: {}

mail_config

Data type: Rundeck::Mail_config

A hash of the notification email configuraton.

Default value: {}

security_config

Data type: Hash

A hash of the rundeck security configuration.

Default value: {}

preauthenticated_config

Data type: Hash

A hash of the rundeck preauthenticated configuration.

Default value: {}

key_storage_config

Data type: Rundeck::Key_storage_config

An array with hashes of properties for customizing the Rundeck Key Storage

Default value: [{ 'type' => 'db', 'path' => 'keys' }]

key_storage_encrypt_config

Data type: Array[Hash]

An array with hashes of properties for customizing the Rundeck Key Storage converter

Default value: []

root_log_level

Data type: Rundeck::Loglevel

The log4j root logging level to be set for Rundeck.

Default value: 'info'

app_log_level

Data type: Rundeck::Loglevel

The log4j logging level to be set for the Rundeck application.

Default value: 'info'

audit_log_level

Data type: Rundeck::Loglevel

The log4j logging level to be set for the Rundeck autorization.

Default value: 'info'

webhook_plugins_log_level

Data type: Rundeck::Loglevel

The log4j logging level to be set for the Rundeck plugin webhooks.

Default value: 'info'

execution_cleanup_log_level

Data type: Rundeck::Loglevel

The log4j logging level to be set for the Rundeck execution cleanup.

Default value: 'info'

jaas_log_level

Data type: Rundeck::Loglevel

The log4j logging level to be set for the Rundeck jaas security.

Default value: 'info'

config_template

Data type: String[1]

The template used for rundeck-config properties. Needs to be in epp format.

Default value: 'rundeck/rundeck-config.properties.epp'

override_template

Data type: String[1]

The template used for rundeck profile overrides. Needs to be in epp format.

Default value: 'rundeck/profile_overrides.epp'

realm_template

Data type: String[1]

The template used for jaas realm properties. Needs to be in epp format.

Default value: 'rundeck/realm.properties.epp'

log_properties_template

Data type: String[1]

The template used for log properties. Needs to be in epp format.

Default value: 'rundeck/log4j2.properties.epp'

rss_enabled

Data type: Boolean

Boolean value if set to true enables RSS feeds that are public (non-authenticated)

Default value: false

server_web_context

Data type: Optional[String[1]]

Web context path to use, such as "/rundeck". http://host.domain:port/server_web_context

Default value: undef

ssl_enabled

Data type: Boolean

Enable ssl for the rundeck web application.

Default value: false

ssl_port

Data type: Stdlib::Port

Ssl port of the rundeck web application.

Default value: 4443

ssl_certificate

Data type: Stdlib::Absolutepath

Full path to the SSL public key to be used by Rundeck.

Default value: '/etc/rundeck/ssl/rundeck.crt'

ssl_private_key

Data type: Stdlib::Absolutepath

Full path to the SSL private key to be used by Rundeck.

Default value: '/etc/rundeck/ssl/rundeck.key'

key_password

Data type: Optional[String[1]]

The password used to protect the key in keystore.

Default value: undef

keystore

Data type: Stdlib::Absolutepath

Full path to the java keystore to be used by Rundeck.

Default value: '/etc/rundeck/ssl/keystore'

keystore_password

Data type: String[1]

The password for the given keystore.

Default value: 'adminadmin'

truststore

Data type: Stdlib::Absolutepath

The full path to the java truststore to be used by Rundeck.

Default value: '/etc/rundeck/ssl/truststore'

truststore_password

Data type: String[1]

The password for the given truststore.

Default value: 'adminadmin'

service_name

Data type: String[1]

The name of the rundeck service.

Default value: 'rundeckd'

service_ensure

Data type: Enum['stopped', 'running']

State of the rundeck service.

Default value: 'running'

service_logs_dir

Data type: Stdlib::Absolutepath

The path to the directory to store service related logs.

Default value: '/var/log/rundeck'

service_notify

Data type: Boolean

Wheter to notify and restart the rundeck service if config changes.

Default value: true

service_config

Data type: Optional[String[1]]

Allows you to use your own override template instead to config rundeckd init script.

Default value: undef

service_script

Data type: Optional[String[1]]

Allows you to use your own override template instead of the default from the package maintainer for rundeckd init script.

Default value: undef

manage_cli

Data type: Boolean

Whether to manage rundeck cli config and resource with the rundeck class or not.

Default value: true

cli_version

Data type: String[1]

Ensure the state of the rundeck cli package, either present, absent or a specific version.

Default value: 'installed'

cli_user

Data type: String[1]

Cli user to authenticate.

Default value: 'admin'

cli_password

Data type: String[1]

Cli password to authenticate.

Default value: 'admin'

cli_token

Data type: Optional[String[8]]

Cli token to authenticate.

Default value: undef

cli_projects

Data type: Hash[String, Rundeck::Project]

Cli projects config.

Default value: {}

rundeck::cli

Class to manage installation and configuration of Rundeck CLI.

Examples

Use cli with token and project config.
class { 'rundeck::cli':
  manage_repo => false,
  url         => 'https://rundeck01.example.com',
  bypass_url  => 'https://rundeck.example.com',
  token       => 'very_secure',
  projects    => {
    'MyProject'   => {
      'update_method' => 'set',
      'config'        => {
        'project.description'        => 'This is My rundeck project',
        'project.disable.executions' => 'false',
      },
    },
    'TestProject' => {
      'config' => {
        'project.description'      => 'This is a rundeck test project',
        'project.disable.schedule' => 'false',
      },
    },
  },
}

Parameters

The following parameters are available in the rundeck::cli class:

repo_config

Data type: Hash

A hash of repository attributes for configuring the rundeck cli package repositories. Examples/defaults for yumrepo can be found at RedHat.yaml, and for apt at Debian.yaml

manage_repo

Data type: Boolean

Whether to manage the cli package repository.

Default value: true

notify_conn_check

Data type: Boolean

Wheter to notify the cli connection check if rundeck service changes.

Default value: false

version

Data type: String[1]

Ensure the state of the rundeck cli package, either present, absent or a specific version.

Default value: 'installed'

url

Data type: Stdlib::HTTPUrl

Rundeck instance/api url.

Default value: 'http://localhost:4440'

bypass_url

Data type: Stdlib::HTTPUrl

Rundeck external url to bypass. This will rewrite any redirect to $bypass_url as $url

Default value: 'http://localhost:4440'

user

Data type: String[1]

Cli user to authenticate.

Default value: 'admin'

password

Data type: String[1]

Cli password to authenticate.

Default value: 'admin'

token

Data type: Optional[String[8]]

Cli token to authenticate.

Default value: undef

projects

Data type: Hash[String, Rundeck::Project]

Cli projects config. See example for structure and rundeck::config::project for available params.

Default value: {}

Defined types

rundeck::config::aclpolicyfile

This define will create a custom acl policy file.

Examples

Admin access.
rundeck::config::aclpolicyfile { 'myPolicyFile':
  acl_policies => [
    {
      'description' => 'Admin, all access',
      'context'     => { 'project' => '.*' },
      'for'         => {
        'resource' => [{ 'allow' => '*' }],
        'adhoc'    => [{ 'allow' => '*' }],
        'job'      => [{ 'allow' => '*' }],
        'node'     => [{ 'allow' => '*' }],
      },
      'by'          => [{ 'group' => ['admin'] }],
    },
    {
      'description' => 'Admin, all access',
      'context'     => { 'application' => 'rundeck' },
      'for'         => {
        'project'     => [{ 'allow' => '*' }],
        'resource'    => [{ 'allow' => '*' }],
        'storage'     => [{ 'allow' => '*' }],
      },
      'by'          => [{ 'group' => ['admin'] }],
    },
  ],
}

Parameters

The following parameters are available in the rundeck::config::aclpolicyfile defined type:

acl_policies

Data type: Array[Hash]

An array of hashes containing acl policies. See example.

ensure

Data type: Enum['present', 'absent']

Set present or absent to add or remove the acl policy file.

Default value: 'present'

owner

Data type: String[1]

The user that rundeck is installed as.

Default value: 'rundeck'

group

Data type: String[1]

The group permission that rundeck is installed as.

Default value: 'rundeck'

properties_dir

Data type: Stdlib::Absolutepath

The rundeck configuration directory.

Default value: '/etc/rundeck'

rundeck::config::plugin

This define will install a rundeck plugin.

Examples

Basic usage.
rundeck::config::plugin { 'rundeck-hipchat-plugin-1.0.0.jar':
  source => 'http://search.maven.org/remotecontent?filepath=com/hbakkum/rundeck/plugins/rundeck-hipchat-plugin/1.0.0/rundeck-hipchat-plugin-1.0.0.jar',
}

Parameters

The following parameters are available in the rundeck::config::plugin defined type:

source

Data type: String[1]

The http source or local path from which to get the plugin.

ensure

Data type: Enum['present', 'absent']

Set present or absent to add or remove the plugin.

Default value: 'present'

owner

Data type: String[1]

The user that rundeck is installed as.

Default value: 'rundeck'

group

Data type: String[1]

The group permission that rundeck is installed as.

Default value: 'rundeck'

plugins_dir

Data type: Stdlib::Absolutepath

Directory where plugins will be installed.

Default value: '/var/lib/rundeck/libext'

proxy_server

Data type: Optional[Stdlib::HTTPUrl]

Get the plugin trough a proxy server.

Default value: undef

rundeck::config::project

This define will manage projects and jobs.

Examples

Basic usage.
rundeck::config::project { 'MyProject':
  config => {
    'project.description'      => 'My test project',
    'project.disable.schedule' => 'false',
  },
}
Advanced usage with jobs.
rundeck::config::project { 'MyProject':
  config => {
    'project.description'      => 'My test project',
    'project.disable.schedule' => 'false',
  },
  jobs   => {
    'MyJob1' => {
      'path'   => '/etc/myjob1',
      'format' => 'yaml',
    },
    'MyJob2' => {
      'path'   => '/etc/myjob2',
      'format' => 'xml',
    },
    'DeleteJob1' => {
      'ensure' => 'absent',
      'path'   => '/etc/testjob1',
      'format' => 'yaml',
    },
  },
}
Advanced usage with scm_config.
rundeck::config::project { 'MyProject':
  config     => {
    'project.description'      => 'My test project',
    'project.disable.schedule' => 'false',
  },
  scm_config => {
    'import' => {
      'type'   => 'git-import',
      'config' => {
        'strictHostKeyChecking' => 'yes',
        'gitPasswordPath'       => 'keys/example-access-token',
        'format'                => 'xml',
        'dir'                   => '/var/lib/rundeck/projects/MyProject/ScmImport',
        'branch'                => 'master',
        'url'                   => 'https://[email protected]/example/example.git',
        'filePattern'           => '*.xml',
        'useFilePattern'        => 'true',
        'pathTemplate'          => "\${job.id}.\${config.format}",
        'importUuidBehavior'    => 'preserve',
        'sshPrivateKeyPath'     => '',
        'fetchAutomatically'    => 'true',
        'pullAutomatically'     => 'true',
      },
    },
  },
}

Parameters

The following parameters are available in the rundeck::config::project defined type:

ensure

Data type: Enum['absent', 'present']

Whether or not the project should be present.

Default value: 'present'

config

Data type: Hash[String, String]

Configuration properties for a project.

Default value:

{
    'project.description'                                 => "${name} project",
    'project.label'                                       => $name,
    'project.disable.executions'                          => 'false',
    'project.disable.schedule'                            => 'false',
    'project.execution.history.cleanup.batch'             => '500',
    'project.execution.history.cleanup.enabled'           => 'true',
    'project.execution.history.cleanup.retention.days'    => '60',
    'project.execution.history.cleanup.retention.minimum' => '50',
    'project.execution.history.cleanup.schedule'          => '0 0 0 1/1 * ? *',
    'project.jobs.gui.groupExpandLevel'                   => '1',
  }
update_method

Data type: Enum['set', 'update']

set: Overwrite all configuration properties for a project. Any config keys not included will be removed. update: Modify configuration properties for a project. Only the specified keys will be updated.

Default value: 'update'

jobs

Data type: Hash[String, Rundeck::Job]

Rundeck jobs related to a project.

Default value: {}

owner

Data type: String[1]

The user that rundeck is installed as.

Default value: 'rundeck'

group

Data type: String[1]

The group permission that rundeck is installed as.

Default value: 'rundeck'

projects_dir

Data type: Stdlib::Absolutepath

Directory where some project config will be stored.

Default value: '/var/lib/rundeck/projects'

scm_config

Data type: Optional[Rundeck::Scm]

A hash of name value pairs representing properties for the scm.json file.

Default value: undef

rundeck::config::secret

This define will manage secrets in key storage.

Examples

Basic usage.
rundeck::config::secret { 'keys/mysecret':
  content => 'very_secure_password',
}

Parameters

The following parameters are available in the rundeck::config::secret defined type:

content

Data type: Variant[String, Sensitive[String]]

The secret content.

ensure

Data type: Enum['absent', 'present']

Whether or not the secret should be present.

Default value: 'present'

type

Data type: Enum['password', 'privateKey', 'publicKey']

The type of the secret.

Default value: 'password'

keystorage_path

Data type: String[1]

The path in rundeck key storage.

Default value: $name

owner

Data type: String[1]

The user that rundeck is installed as.

Default value: 'rundeck'

group

Data type: String[1]

The group permission that rundeck is installed as.

Default value: 'rundeck'

keystorage_dir

Data type: Stdlib::Absolutepath

The directory on filesystem where the secret files are stored.

Default value: '/var/lib/rundeck/keystorage'

Functions

validate_rd_policy

Type: Ruby 3.x API

''

validate_rd_policy()

''

Returns: Any

Data types

Rundeck::Auth_config

Rundeck authentication config type.

Alias of

Struct[{
    Optional['file'] => Hash[String, Any],
    Optional['ldap'] => Hash[String, Any],
    Optional['pam']  => Hash[String, Any],
}]

Rundeck::Db_config

Rundeck database config type.

Alias of

Struct[{
    'url'                                  => String,
    Optional['driverClassName']            => String,
    Optional['username']                   => String,
    Optional['password']                   => Variant[String[8], Sensitive[String[8]]],
    Optional['dialect']                    => String,
    Optional['properties.validationQuery'] => String,
}]

Rundeck::Job

Rundeck job type.

Alias of

Struct[{
    'path'             => Stdlib::Absolutepath,
    'format'           => Enum['yaml', 'xml', 'json'],
    Optional['ensure'] => Enum['absent', 'present'],
}]

Rundeck::Key_storage_config

Rundeck key storage config type.

Alias of

Array[Struct[{
      'type'                       => String,
      'path'                       => String,
      Optional['removePathPrefix'] => Boolean,
      Optional['config']           => Hash,
  }]]

Rundeck::Loglevel

Rundeck log level type.

Alias of Enum['all', 'debug', 'error', 'fatal', 'info', 'off', 'trace', 'warn']

Rundeck::Mail_config

Rundeck mail config type.

Alias of

Struct[{
    Optional['host']         => String,
    Optional['port']         => Integer,
    Optional['username']     => String,
    Optional['password']     => Variant[String[8], Sensitive[String[8]]],
    Optional['props']        => Array[Hash],
    Optional['default.from'] => String,
    Optional['default.to']   => String,
    Optional['disabled']     => Boolean,
}]

Rundeck::Project

Rundeck project type.

Alias of

Struct[{
    Optional['ensure']        => Enum['absent', 'present'],
    Optional['config']        => Hash[String, String],
    Optional['update_method'] => Enum['set', 'update'],
    Optional['jobs']          => Hash[String, Rundeck::Job],
}]

Rundeck::Scm

Rundeck scm type.

Alias of

Variant[Struct[{
      'import' => Struct[{
          'type'   => String[1],
          'config' => Hash[String[1], String],
      }],
      Optional['export'] => Struct[{
          'type'   => String[1],
          'config' => Hash[String[1], String],
      }],
  }], Struct[{
      'export' => Struct[{
          'type'   => String[1],
          'config' => Hash[String[1], String],
      }],
      Optional['import'] => Struct[{
          'type'   => String[1],
          'config' => Hash[String[1], String],
      }],
  }]]