Puppet Class: rundeck

Inherits:
rundeck::params
Defined in:
manifests/init.pp

Overview

Class: rundeck

This will install rundeck (rundeck.org/) and manage its configration and plugins

Parameters

acl_template

The template used for admin acl policy. Default is rundeck/aclpolicy.erb.

api_template

The template used for apitoken acl policy. Default is rundeck/aclpolicy.erb.

auth_types

The method used to authenticate to rundeck. Default is file.

clustermode_enabled

Boolean value if set to true enables cluster mode

execution_mode

If set, allows setting the execution mode to ‘active’ or ‘passive’.

grails_server_url

Sets ‘grails.serverURL` so that Rundeck knows its external address.

repo_apt_key_id

Key ID for the GPG key for the Debian package

repo_apt_gpgkey

Location where the GPG key can be found

repo_apt_keyserver

Keysever for the GPG key for the Debian package

repo_apt_source

Baseurl for the apt repo

repo_yum_gpgkey

URL or path for the GPG key for the rpm

repo_yum_source

Baseurl for the yum repo

ssl_keyfile

Full path to the SSL private key to be used by Rundeck.

ssl_certfile

Full path to the SSL public key to be used by Rundeck.

group

The group permission that rundeck is installed as.

gui_config

Hash of properties for customizing the [Rundeck GUI](rundeck.org/docs/administration/gui-customization.html)

java_home

Set the home directory of java.

jvm_args

Extra arguments for the JVM.

kerberos_realms

A hash of mappings between Kerberos domain DNS names and realm names

key_password

The default key password.

key_storage_type

Type used to store secrets. Must be ‘file’, ‘db’ or ‘vault’

keystore

Full path to the java keystore to be used by Rundeck.

keystore_password

The password for the given keystore.

mail_config

A hash of the notification email configuraton.

manage_default_admin_policy

Boolean value if set to true enables default admin policy management

manage_default_api_policy

Boolean value if set to true enables default api policy management

manage_group

Whether to manage ‘group` (and enforce `group_id` if set). Defaults to false.

manage_user

Whether to manage ‘user` (and enforce `user_id` if set). Defaults to false.

package_ensure

Ensure the state of the rundeck package, either present, absent or a specific version

preauthenticated_config

A hash of the rundeck preauthenticated config mode

projects

The hash of projects in your instance.

projects_description

The description that will be set by default for any projects.

projects_organization

The organization value that will be set by default for any projects.

projects_storage_type

The storage type for any projects. Must be ‘filesystem’ or ‘db’

properties_dir

The path to the configuration directory where the properties file are stored.

quartz_job_threadcount

The maximum number of threads used by Rundeck for concurrent jobs by default is set to 10.

rd_loglevel

The log4j logging level to be set for the Rundeck application.

rd_auditlevel

The log4j logging level to be set for the Rundeck application.

rdeck_base

The installation directory for rundeck.

rdeck_config_template

Allows you to override the rundeck-config template

rdeck_home

directory under which the projects directories live.

rdeck_profile_template

Allows you to use your own profile template instead of the default from the package maintainer

rdeck_override_template

Allows you to use your own override template instead of the default from the package maintainer

rss_enabled

Boolean value if set to true enables RSS feeds that are public (non-authenticated)

security_config

A hash of the rundeck security configuration.

security_role

Name of the role that is required for all users to be allowed access.

server_web_context

Web context path to use, such as “/rundeck”. host.domain:port/server_web_context

service_logs_dir

The path to the directory to store logs.

service_name

The name of the rundeck service.

service_restart

The restart of the rundeck service (default to true)

service_ensure

State of the rundeck service (defaults to ‘running’)

session_timeout

Session timeout is an expired time limit for a logged in Rundeck GUI user which as been inactive for a period of time.

sshkey_manage

Should this module manage the sshkey used by rundeck at all.

ssl_enabled

Enable ssl for the rundeck web application.

ssl_port

ssl port of the rundeck web application (default to ‘4443’).

truststore

The full path to the java truststore to be used by Rundeck.

truststore_password

The password for the given truststore.

user

The user that rundeck is installed as.

user_id

If you want to have always the same user id. Eg. because of the NFS share.

group_id

If you want to have always the same group id. Eg. because of the NFS share.

security_roles_array_enabled

Boolean value if you need more roles. false or true (default is false).

security_roles_array

Array value if you need more roles and you set true the “security_roles_array_enabled” value. Example: my.hiera.yaml: … rundeck::config::global::web::security_roles_array_enabled: true rundeck::config::global::web::security_roles_array:

- DevOps
- roots_ito

… In your class: $security_roles_array_enabled = hiera(‘rundeck::config::global::web::security_roles_array_enabled’, true), $security_roles_array = hiera(‘rundeck::config::global::web::security_roles_array’, []),

storage_encrypt_config

Hash containing the necessary values to configure a plugin for key storage encryption. Example: rundeck::config::storage_encrypt_config:

type: 'jasypt-encryption'
path: 'keys'
config.encryptionType: 'basic'
config.password: 'verysecure'

Parameters:

  • acl_policies (Array[Hash]) (defaults to: $rundeck::params::acl_policies)
  • acl_template (String) (defaults to: $rundeck::params::acl_template)
  • api_policies (Array[Hash]) (defaults to: $rundeck::params::api_policies)
  • api_template (String) (defaults to: $rundeck::params::api_template)
  • auth_config (Hash) (defaults to: $rundeck::params::auth_config)
  • auth_template (String) (defaults to: $rundeck::params::auth_template)
  • auth_types (Array) (defaults to: $rundeck::params::auth_types)
  • clustermode_enabled (Boolean) (defaults to: $rundeck::params::clustermode_enabled)
  • database_config (Hash) (defaults to: $rundeck::params::database_config)
  • execution_mode (Optional[Enum['active', 'passive']]) (defaults to: undef)
  • file_keystorage_dir (Stdlib::Absolutepath) (defaults to: $rundeck::params::file_keystorage_dir)
  • file_keystorage_keys (Hash) (defaults to: $rundeck::params::file_keystorage_keys)
  • framework_config (Hash) (defaults to: $rundeck::params::framework_config)
  • grails_server_url (Stdlib::HTTPUrl) (defaults to: $rundeck::params::grails_server_url)
  • gui_config (Hash) (defaults to: $rundeck::params::gui_config)
  • java_home (Optional[Stdlib::Absolutepath]) (defaults to: undef)
  • jvm_args (String) (defaults to: $rundeck::params::jvm_args)
  • kerberos_realms (Hash) (defaults to: $rundeck::params::kerberos_realms)
  • key_password (String) (defaults to: $rundeck::params::key_password)
  • key_storage_type (Enum['db', 'file', 'vault']) (defaults to: $rundeck::params::key_storage_type)
  • keystore (Stdlib::Absolutepath) (defaults to: $rundeck::params::keystore)
  • vault_keystorage_url (Optional[Stdlib::HTTPSUrl]) (defaults to: undef)
  • vault_keystorage_prefix (Optional[String[1]]) (defaults to: undef)
  • vault_keystorage_approle_approleid (Optional[String[1]]) (defaults to: undef)
  • vault_keystorage_approle_secretid (Optional[String[1]]) (defaults to: undef)
  • vault_keystorage_approle_authmount (Optional[String[1]]) (defaults to: undef)
  • vault_keystorage_authbackend (Optional[String[1]]) (defaults to: undef)
  • keystore_password (String) (defaults to: $rundeck::params::keystore_password)
  • log_properties_template (String) (defaults to: $rundeck::params::log_properties_template)
  • mail_config (Hash) (defaults to: $rundeck::params::mail_config)
  • sshkey_manage (Boolean) (defaults to: $rundeck::params::sshkey_manage)
  • ssl_keyfile (Stdlib::Absolutepath) (defaults to: $rundeck::params::ssl_keyfile)
  • ssl_certfile (Stdlib::Absolutepath) (defaults to: $rundeck::params::ssl_certfile)
  • manage_default_admin_policy (Boolean) (defaults to: $rundeck::params::manage_default_admin_policy)
  • manage_default_api_policy (Boolean) (defaults to: $rundeck::params::manage_default_api_policy)
  • manage_repo (Boolean) (defaults to: $rundeck::params::manage_repo)
  • package_ensure (String) (defaults to: $rundeck::params::package_ensure)
  • preauthenticated_config (Hash) (defaults to: $rundeck::params::preauthenticated_config)
  • projects (Hash) (defaults to: $rundeck::params::projects)
  • projects_description (String) (defaults to: $rundeck::params::projects_default_desc)
  • projects_organization (String) (defaults to: $rundeck::params::projects_default_org)
  • projects_storage_type (Enum['db', 'filesystem']) (defaults to: $rundeck::params::projects_storage_type)
  • quartz_job_threadcount (Integer) (defaults to: $rundeck::params::quartz_job_threadcount)
  • rd_loglevel (Rundeck::Loglevel) (defaults to: $rundeck::params::loglevel)
  • rd_auditlevel (Rundeck::Loglevel) (defaults to: $rundeck::params::loglevel)
  • rdeck_config_template (String) (defaults to: $rundeck::params::rdeck_config_template)
  • rdeck_home (Stdlib::Absolutepath) (defaults to: $rundeck::params::rdeck_home)
  • manage_home (Boolean) (defaults to: $rundeck::params::manage_home)
  • rdeck_profile_template (Optional[String]) (defaults to: undef)
  • rdeck_override_template (String) (defaults to: 'rundeck/profile_overrides.erb')
  • realm_template (String) (defaults to: $rundeck::params::realm_template)
  • repo_yum_source (Stdlib::HTTPUrl) (defaults to: $rundeck::params::repo_yum_source)
  • repo_yum_gpgkey (String) (defaults to: $rundeck::params::repo_yum_gpgkey)
  • repo_apt_source (Stdlib::HTTPUrl) (defaults to: $rundeck::params::repo_apt_source)
  • repo_apt_key_id (String) (defaults to: $rundeck::params::repo_apt_key_id)
  • repo_apt_gpgkey (Stdlib::Httpsurl) (defaults to: $rundeck::params::repo_apt_gpgkey)
  • repo_apt_keyserver (String) (defaults to: $rundeck::params::repo_apt_keyserver)
  • rss_enabled (Boolean) (defaults to: $rundeck::params::rss_enabled)
  • security_config (Hash) (defaults to: $rundeck::params::security_config)
  • security_role (String) (defaults to: $rundeck::params::security_role)
  • server_web_context (Optional[String]) (defaults to: undef)
  • service_config (Optional[String]) (defaults to: undef)
  • service_logs_dir (Stdlib::Absolutepath) (defaults to: $rundeck::params::service_logs_dir)
  • service_name (String) (defaults to: $rundeck::params::service_name)
  • service_restart (Boolean) (defaults to: true)
  • service_script (Optional[String]) (defaults to: undef)
  • service_ensure (Enum['stopped', 'running']) (defaults to: $rundeck::params::service_ensure)
  • session_timeout (Integer) (defaults to: $rundeck::params::session_timeout)
  • ssl_enabled (Boolean) (defaults to: $rundeck::params::ssl_enabled)
  • ssl_port (Stdlib::Port) (defaults to: $rundeck::params::ssl_port)
  • truststore (Stdlib::Absolutepath) (defaults to: $rundeck::params::truststore)
  • truststore_password (String) (defaults to: $rundeck::params::truststore_password)
  • user (String) (defaults to: $rundeck::params::user)
  • group (String) (defaults to: $rundeck::params::group)
  • manage_user (Boolean) (defaults to: $rundeck::params::manage_user)
  • manage_group (Boolean) (defaults to: $rundeck::params::manage_group)
  • user_id (Optional[Integer]) (defaults to: undef)
  • group_id (Optional[Integer]) (defaults to: undef)
  • file_default_mode (String) (defaults to: $rundeck::params::file_default_mode)
  • security_roles_array_enabled (Boolean) (defaults to: $rundeck::params::security_roles_array_enabled)
  • security_roles_array (Array) (defaults to: $rundeck::params::security_roles_array)
  • storage_encrypt_config (Hash[String,String]) (defaults to: {}) 


224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
 
# File 'manifests/init.pp', line 224

class rundeck (
  Array[Hash] $acl_policies                                     = $rundeck::params::acl_policies,
  String $acl_template                                          = $rundeck::params::acl_template,
  Array[Hash] $api_policies                                     = $rundeck::params::api_policies,
  String $api_template                                          = $rundeck::params::api_template,
  Hash $auth_config                                             = $rundeck::params::auth_config,
  String $auth_template                                         = $rundeck::params::auth_template,
  Array $auth_types                                             = $rundeck::params::auth_types,
  Boolean $clustermode_enabled                                  = $rundeck::params::clustermode_enabled,
  Hash $database_config                                         = $rundeck::params::database_config,
  Optional[Enum['active', 'passive']] $execution_mode           = undef,
  Stdlib::Absolutepath $file_keystorage_dir                     = $rundeck::params::file_keystorage_dir,
  Hash $file_keystorage_keys                                    = $rundeck::params::file_keystorage_keys,
  Hash $framework_config                                        = $rundeck::params::framework_config,
  Stdlib::HTTPUrl $grails_server_url                            = $rundeck::params::grails_server_url,
  Hash $gui_config                                              = $rundeck::params::gui_config,
  Optional[Stdlib::Absolutepath] $java_home                     = undef,
  String $jvm_args                                              = $rundeck::params::jvm_args,
  Hash $kerberos_realms                                         = $rundeck::params::kerberos_realms,
  String $key_password                                          = $rundeck::params::key_password,
  Enum['db', 'file', 'vault'] $key_storage_type                 = $rundeck::params::key_storage_type,
  Stdlib::Absolutepath $keystore                                = $rundeck::params::keystore,
  Optional[Stdlib::HTTPSUrl] $vault_keystorage_url              = undef,
  Optional[String[1]] $vault_keystorage_prefix                  = undef,
  Optional[String[1]] $vault_keystorage_approle_approleid       = undef,
  Optional[String[1]] $vault_keystorage_approle_secretid        = undef,
  Optional[String[1]] $vault_keystorage_approle_authmount       = undef,
  Optional[String[1]] $vault_keystorage_authbackend             = undef,
  String $keystore_password                                     = $rundeck::params::keystore_password,
  String $log_properties_template                               = $rundeck::params::log_properties_template,
  Hash $mail_config                                             = $rundeck::params::mail_config,
  Boolean $sshkey_manage                                        = $rundeck::params::sshkey_manage,
  Stdlib::Absolutepath $ssl_keyfile                             = $rundeck::params::ssl_keyfile,
  Stdlib::Absolutepath $ssl_certfile                            = $rundeck::params::ssl_certfile,
  Boolean $manage_default_admin_policy                          = $rundeck::params::manage_default_admin_policy,
  Boolean $manage_default_api_policy                            = $rundeck::params::manage_default_api_policy,
  Boolean $manage_repo                                          = $rundeck::params::manage_repo,
  String $package_ensure                                        = $rundeck::params::package_ensure,
  Hash $preauthenticated_config                                 = $rundeck::params::preauthenticated_config,
  Hash $projects                                                = $rundeck::params::projects,
  String $projects_description                                  = $rundeck::params::projects_default_desc,
  String $projects_organization                                 = $rundeck::params::projects_default_org,
  Enum['db', 'filesystem'] $projects_storage_type               = $rundeck::params::projects_storage_type,
  Integer $quartz_job_threadcount                               = $rundeck::params::quartz_job_threadcount,
  Rundeck::Loglevel $rd_loglevel                                = $rundeck::params::loglevel,
  Rundeck::Loglevel $rd_auditlevel                              = $rundeck::params::loglevel,
  String $rdeck_config_template                                 = $rundeck::params::rdeck_config_template,
  Stdlib::Absolutepath $rdeck_home                              = $rundeck::params::rdeck_home,
  Boolean $manage_home                                          = $rundeck::params::manage_home,
  Optional[String] $rdeck_profile_template                      = undef,
  String $rdeck_override_template                               = 'rundeck/profile_overrides.erb',
  String $realm_template                                        = $rundeck::params::realm_template,
  Stdlib::HTTPUrl $repo_yum_source                              = $rundeck::params::repo_yum_source,
  String $repo_yum_gpgkey                                       = $rundeck::params::repo_yum_gpgkey,
  Stdlib::HTTPUrl $repo_apt_source                              = $rundeck::params::repo_apt_source,
  String $repo_apt_key_id                                       = $rundeck::params::repo_apt_key_id,
  Stdlib::Httpsurl $repo_apt_gpgkey                             = $rundeck::params::repo_apt_gpgkey,
  String $repo_apt_keyserver                                    = $rundeck::params::repo_apt_keyserver,
  Boolean $rss_enabled                                          = $rundeck::params::rss_enabled,
  Hash $security_config                                         = $rundeck::params::security_config,
  String $security_role                                         = $rundeck::params::security_role,
  Optional[String] $server_web_context                          = undef,
  Optional[String] $service_config                              = undef,
  Stdlib::Absolutepath $service_logs_dir                        = $rundeck::params::service_logs_dir,
  String $service_name                                          = $rundeck::params::service_name,
  Boolean $service_restart                                      = true,
  Optional[String] $service_script                              = undef,
  Enum['stopped', 'running'] $service_ensure                    = $rundeck::params::service_ensure,
  Integer $session_timeout                                      = $rundeck::params::session_timeout,
  Boolean $ssl_enabled                                          = $rundeck::params::ssl_enabled,
  Stdlib::Port $ssl_port                                        = $rundeck::params::ssl_port,
  Stdlib::Absolutepath $truststore                              = $rundeck::params::truststore,
  String $truststore_password                                   = $rundeck::params::truststore_password,
  String $user                                                  = $rundeck::params::user,
  String $group                                                 = $rundeck::params::group,
  Boolean $manage_user                                          = $rundeck::params::manage_user,
  Boolean $manage_group                                         = $rundeck::params::manage_group,
  Optional[Integer] $user_id                                    = undef,
  Optional[Integer] $group_id                                   = undef,
  String $file_default_mode                                     = $rundeck::params::file_default_mode,
  Boolean $security_roles_array_enabled                         = $rundeck::params::security_roles_array_enabled,
  Array $security_roles_array                                   = $rundeck::params::security_roles_array,
  Hash[String,String] $storage_encrypt_config                   = {},
) inherits rundeck::params {
  validate_rd_policy($acl_policies)

  contain rundeck::install
  contain rundeck::config
  contain rundeck::service

  Class['rundeck::install']
  -> Class['rundeck::config']
  ~> Class['rundeck::service']
}