LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@ldr

Rundeck -構築(H/Aなし)-

Last updated at Posted at 2015-12-23

イメージ

cloudcraft - Rundeck_nonH-A.png

環境

  • Amazon Linux AMI 2015.09.1
  • t2.medium(CPU利用が常時20%を超えて、頻繁にバーストする為、運用するプロジェクト数にもよるがC4.large以上がいいかも。)
  • db.t2.micro(デフォルトでは/var/lib/rundeck/data/のH2 Databaseを利用するようになっているが、負荷分散とメンテナンスを考慮しRDSへ変更)
  • java-1.8.0-openjdk.x86_64 1:1.8.0.65-2.b17.7.amzn1
  • rundeck.noarch 0:2.6.2-1.13.GA

構築

ELBでの証明書使用やSES、Route53の設定は省きます。

インストール

$ sudo yum install java-1.8.0
$ rpm -Uvh http://repo.rundeck.org/latest.rpm
$ sudo yum install rundeck.repo

設定

limits.conf
$ sudo cp /etc/security/limits.conf /etc/security/limits.conf.origin&&sudo vim /etc/security/limits.conf
# ----------------------------------------------------------------
# OS全体で使用できるファイル数の上限を上げる
# root soft nofile 65536
# root hard nofile 65536
# * soft nofile 65536
# * hard nofile 65536
# ----------------------------------------------------------------
# /etc/security/limits.conf
#
# This file sets the resource limits for the users logged in via PAM.
# It does not affect resource limits of the system services.
#
# Also note that configuration files in /etc/security/limits.d directory,
# which are read in alphabetical order, override the settings in this
# file in case the domain is the same or more specific.
# That means for example that setting a limit for wildcard domain here
# can be overriden with a wildcard setting in a config file in the
# subdirectory, but a user specific setting here can be overriden only
# with a user specific setting in the subdirectory.
#
# Each line describes a limit for a user in the form:
#
# <domain>        <type>  <item>  <value>
#
# Where:
# <domain> can be:
#        - a user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
# <type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
# <item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open file descriptors
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
# <domain>      <type>  <item>         <value>
#

# *               soft    core            0
# *               hard    rss             10000
# @student        hard    nproc           20
# @faculty        soft    nproc           20
# @faculty        hard    nproc           50
# ftp             hard    nproc           0
# @student        -       maxlogins       4
root soft nofile 65536
root hard nofile 65536
* soft nofile 65536
* hard nofile 65536
# End of file

# 設定反映の為、OSを再起動し設定を確認
$ ulimit -n
65536

$ cd /etc/rundeck
$ sudo cp framework.properties framework.properties.origin&&sudo cp rundeck-config.properties rundeck-config.properties.origin&&sudo cp profile profile.origin&&sudo cp jaas-loginmodule.conf jaas-loginmodule.conf.origin
framework.properties
# framework.properties -
#

# ----------------------------------------------------------------
# Rundeck server connection information
# ----------------------------------------------------------------
 
framework.server.name = FQDN
framework.server.hostname = FQDN
framework.server.port = 4440
framework.server.url = http//FQDN:4440
# Username/password used by CLI tools.
framework.server.username = admin
framework.server.password = admin
 
# ----------------------------------------------------------------
# Installation locations
# ログ出力先を変更[/var/lib/rundeck/logs > /var/log/rundeck/log]
# ----------------------------------------------------------------
 
rdeck.base=/var/lib/rundeck
 
framework.projects.dir=/var/rundeck/projects
framework.etc.dir=/etc/rundeck
framework.var.dir=/var/lib/rundeck/var
framework.tmp.dir=/var/lib/rundeck/var/tmp
framework.logs.dir=/var/log/rundeck/logs
framework.libext.dir=/var/lib/rundeck/libext
 
# ----------------------------------------------------------------
# SSH defaults for node executor and file copier
# ----------------------------------------------------------------
 
framework.ssh.keypath = /var/lib/rundeck/.ssh/id_rsa
framework.ssh.user = rundeck

# ssh connection timeout after a specified number of milliseconds.
# "0" value means wait forever.
framework.ssh.timeout = 0
rundeck-config.properties
# ----------------------------------------------------------------
# RDSへの接続情報を記述
# 通知用にmail settingディレクティブを記述
# ----------------------------------------------------------------
# loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
loglevel.default=INFO
rdeck.base=/var/lib/rundeck

# rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
rss.enabled=false
# change hostname here
grails.serverURL=https://FQDN:443
dataSource.dbCreate = update
dataSource.url = jdbc:mysql://RDS-Endpoint/DB-Name?autoReconnect=true
dataSource.username=rundeck
dataSource.password=******

# Enables DB for Project configuration storage
rundeck.projectsStorageType = db

# Encryption for project config storage
rundeck.config.storage.converter.1.type = jasypt-encryption
rundeck.config.storage.converter.1.path = projects
rundeck.config.storage.converter.1.config.password = mysecret

# Enable DB for Key Storage
rundeck.storage.provider.1.type = db
rundeck.storage.provider.1.path = keys

# Encryption for Key Storage
rundeck.storage.converter.1.type = jasypt-encryption
rundeck.storage.converter.1.path = keys
rundeck.storage.converter.1.config.password = mysecret

# mail setting
grails.mail.port=25
grails.mail.default.from=rundeck-server@domain
profile
# ----------------------------------------------------------------
# SSH defaults for node executor and file copier
# SSL Terminated Proxyを有効にするため、$RDECK_JVMにDrundeck.jetty.connector.forwarded=trueを記述
# ----------------------------------------------------------------

RDECK_BASE=/var/lib/rundeck
export RDECK_BASE

JAVA_CMD=java
RUNDECK_TEMPDIR=/tmp/rundeck

RDECK_HTTP_PORT=4440
RDECK_HTTPS_PORT=4443

#
# If JAVA_HOME is set, then add it to home and set JAVA_CMD to use the version specified in that
# path.  JAVA_HOME can be set in the rundeck profile.  Or set in this file.
# JAVA_HOME=<path/to/JDK or JRE/install>

if [ ! -z $JAVA_HOME ]; then
        PATH=$PATH:$JAVA_HOME/bin
        export PATH
        JAVA_CMD=$JAVA_HOME/bin/java
fi



export CLI_CP=$(find /var/lib/rundeck/cli -name \*.jar -printf %p:)
export BOOTSTRAP_CP=$(find /var/lib/rundeck/bootstrap -name \*.jar -printf %p:)
export RDECK_JVM="-Djava.security.auth.login.config=/etc/rundeck/jaas-loginmodule.conf \
        -Dloginmodule.name=RDpropertyfilelogin \
        -Drdeck.config=/etc/rundeck \
        -Drdeck.base=/var/lib/rundeck \
        -Drundeck.server.configDir=/etc/rundeck \
        -Dserver.datastore.path=/var/lib/rundeck/data \
        -Drundeck.server.serverDir=/var/lib/rundeck \
        -Drdeck.projects=/var/rundeck/projects \
        -Drdeck.runlogs=/var/lib/rundeck/logs \
        -Drundeck.config.location=/etc/rundeck/rundeck-config.properties \
        -Djava.io.tmpdir=$RUNDECK_TEMPDIR \
        -Drundeck.jetty.connector.forwarded=true"
#
# Set min/max heap size
#
RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms256m -XX:MaxPermSize=256m -server"
#
# SSL Configuration - Uncomment the following to enable.  Check SSL.properties for details.
#
# export RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=/etc/rundeck/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"

export RDECK_SSL_OPTS="-Djavax.net.ssl.trustStore=/etc/rundeck/ssl/truststore -Djavax.net.ssl.trustStoreType=jks -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol"

if test -t 0 -a -z "$RUNDECK_CLI_TERSE"
then
  RUNDECK_CLI_TERSE=true
  export RUNDECK_CLI_TERSE
fi

if test -n "$JRE_HOME"
then
   unset JRE_HOME
logrotate.d
$ sudo touch rundeck&&sudo vim rundeck
/var/log/rundeck/*{
daily
rotate 31
create rundeck rundeck
compress
missingok
      sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/rundeckd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

$ mysql -h RDS-Endpoint -u username -p
mysql> grant ALL on rundeck.* to 'rundeck'@'localhost' identified by 'password';

$ sudo service rundeckd start&&sudo chkconfig rundeckd on

$ sudo tail -f /var/log/rundeck/service.log
# 下記ログが出力されることを確認する
INFO:oejs.AbstractConnector:Started SelectChannelConnector@0.0.0.0:4440

フロントエンドへ接続

Screenshot from 2015-12-23 16:03:36.png
Screenshot from 2015-12-23 16:07:39.png

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?