Install and Setup Rundeck on Ubuntu

Requirements: Ubuntu, Java

1. Install Java:

sudo apt install openjdk-8-jdk

2. Download the latest run deck debian packages from this link http://rundeck.org/download/deb

3. Install the package using the following command

sudo dpkg -i {rundeck package name}

4. You can now start the Rundeck server using:

sudo service rundeckd start

5. Now you can access the server at the url: http://localhost:4440

You will see a login page. Login as:

Username: admin
Password: admin

6. Create a new project at the url: http://localhost:4440/resources/createProject

Fill in the Name and Description and let all other details be set in their default values and click Create.

7. Add Nodes/Clients to the Project

Click on Edit for the Source file and mark the Writable option as checked and Save.

You would now be able to edit the nodes file.

Edit the nodes file and add the following line:

  <node name="client" description="Client Node" tags=""
  hostname="Put Client Node IP Here" osArch="amd64" osFamily="unix" 
  osName="Linux" osVersion="4.13.0-36-generic" 
  username="Put Client Node User Here" sudo-command-enabled="true"
  sudo-password-option="option.sudoPassword"/>

Save the file and click Save again.

8. Authenticated access to the clients: Rundeck uses ssh with ssh keys to securely access the client nodes. We need to set up access keys for this to happen.

Run the following steps on your rundeck server:

cd /var/lib/rundeck
mkdir -p .ssh
cd .ssh
sudo ssh-keygen

This will prompt you for a file name. Enter id_rsa. Just press enter for the prompt “Enter passphrase”. You will get something similar to the following:

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa): id_rsa
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
SHA256:brKX0tb8fVkqcuiupNeQVMkRGJl/xZwyfAAJ8lK17eU root@arkokoley-PC
The keys randomart image is:
+---[RSA 2048]----+
|      . +O=B.+ . |
|       ++ =o+ *  |
|      . .o. .=.  |
|       .. ...o   |
|       .S. .. E  |
|       .o       .|
|      ..+* .   .o|
|      .** * o....|
|      o=.+o+.... |
+----[SHA256]-----+

You can now view the id_rsa.pub file via cat id_rsa.pub. We need to copy the contents of this file to the client node.

Install and start ssh service on your client node:

sudo apt install ssh
sudo service ssh start

Copy the contents of id_rsa.pub file from the rundeck server and then perform the following operations in the client node:

cd ~
mkdir -p .ssh
cat >> ~/.ssh/authorized_keys
<Paste the contents of id_rsa.pub file from the rundeck server>

^C

Verify that the contents were copied properly by viewing the contents of ~/.ssh/authorized_keys in the client node.

cat ~/.ssh/authorized_keys

Now we can test that the Rundeck server is able to access the client node. Go to (Assuming “Test” is the name of your project): http://localhost:4440/project/Test/command/run

In the Nodes input box, put in your client node name and click Search. Then in the Command input box, type in the command echo test and then click Run on 1 Node. You will be able to see the output test below.

9. Create a Job:

To create a Job, go to (Assuming your project name is “Test”): http://localhost:4440/project/Test/job/create

Put in a Job Name, Description.

Earlier, when declaring our client node, we had put this piece of code:

sudo-command-enabled="true" sudo-password-option="option.sudoPassword"

This allows us to input sudo passwords for different client nodes on the go through the web GUI without having to store them in any config file.

To make use of this feature, we create an Option in the Job form.

Set the option Name as “sudoPassword”, the same as mentioned in the node file. Set Input Type as “Secure” and click Save.

Add any number of Steps in the Job workflow. All these steps will be run sequentially.

Set Nodes to “Dispatch to Nodes” and Set the Node Filter if you want to filter which nodes to run this job on.

Set the other options as required and click Create to save this job.

You can now open the Job and run it. Before you run, you can specify the sudo password in the sudoPassword.