-
Notifications
You must be signed in to change notification settings - Fork 100
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #66 from yassineazzouz/master
Release 2.0.0
- Loading branch information
Showing
27 changed files
with
2,860 additions
and
1,425 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,71 +1,76 @@ | ||
| # Created by .ignore support plugin (hsz.mobi) | ||
| ### JetBrains template | ||
| # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio | ||
|
|
||
| *.iml | ||
|
|
||
| ## Directory-based project format: | ||
| .idea/ | ||
| # if you remove the above rule, at least ignore the following: | ||
|
|
||
| # User-specific stuff: | ||
| # .idea/workspace.xml | ||
| # .idea/tasks.xml | ||
| # .idea/dictionaries | ||
|
|
||
| # Sensitive or high-churn files: | ||
| # .idea/dataSources.ids | ||
| # .idea/dataSources.xml | ||
| # .idea/sqlDataSources.xml | ||
| # .idea/dynamic.xml | ||
| # .idea/uiDesigner.xml | ||
|
|
||
| # Gradle: | ||
| # .idea/gradle.xml | ||
| # .idea/libraries | ||
|
|
||
| # Mongo Explorer plugin: | ||
| # .idea/mongoSettings.xml | ||
|
|
||
| ## File-based project format: | ||
| *.ipr | ||
| *.iws | ||
|
|
||
| ## Plugin-specific files: | ||
|
|
||
| # IntelliJ | ||
| /out/ | ||
|
|
||
| # mpeltonen/sbt-idea plugin | ||
| .idea_modules/ | ||
|
|
||
| # JIRA plugin | ||
| atlassian-ide-plugin.xml | ||
|
|
||
| # Crashlytics plugin (for Android Studio and IntelliJ) | ||
| com_crashlytics_export_strings.xml | ||
| crashlytics.properties | ||
| crashlytics-build.properties | ||
| ### Gradle template | ||
| .gradle | ||
| build/ | ||
|
|
||
| # Ignore Gradle GUI config | ||
| gradle-app.setting | ||
|
|
||
| # Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored) | ||
| !gradle-wrapper.jar | ||
| ### Java template | ||
| *.class | ||
|
|
||
| # Mobile Tools for Java (J2ME) | ||
| .mtj.tmp/ | ||
|
|
||
| # Package Files # | ||
| *.jar | ||
| *.war | ||
| *.ear | ||
|
|
||
| # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml | ||
| hs_err_pid* | ||
|
|
||
| # Created by .ignore support plugin (hsz.mobi) | ||
| ### JetBrains template | ||
| # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio | ||
|
|
||
| *.iml | ||
|
|
||
| ## Directory-based project format: | ||
| .idea/ | ||
| # if you remove the above rule, at least ignore the following: | ||
|
|
||
| # User-specific stuff: | ||
| # .idea/workspace.xml | ||
| # .idea/tasks.xml | ||
| # .idea/dictionaries | ||
|
|
||
| # Sensitive or high-churn files: | ||
| # .idea/dataSources.ids | ||
| # .idea/dataSources.xml | ||
| # .idea/sqlDataSources.xml | ||
| # .idea/dynamic.xml | ||
| # .idea/uiDesigner.xml | ||
|
|
||
| # Gradle: | ||
| # .idea/gradle.xml | ||
| # .idea/libraries | ||
|
|
||
| # Mongo Explorer plugin: | ||
| # .idea/mongoSettings.xml | ||
|
|
||
| ## File-based project format: | ||
| *.ipr | ||
| *.iws | ||
|
|
||
| ## Plugin-specific files: | ||
|
|
||
| # IntelliJ | ||
| /out/ | ||
|
|
||
| # mpeltonen/sbt-idea plugin | ||
| .idea_modules/ | ||
|
|
||
| # JIRA plugin | ||
| atlassian-ide-plugin.xml | ||
|
|
||
| # Crashlytics plugin (for Android Studio and IntelliJ) | ||
| com_crashlytics_export_strings.xml | ||
| crashlytics.properties | ||
| crashlytics-build.properties | ||
| ### Gradle template | ||
| .gradle | ||
| build/ | ||
|
|
||
| # Ignore Gradle GUI config | ||
| gradle-app.setting | ||
|
|
||
| # Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored) | ||
| !gradle-wrapper.jar | ||
| ### Java template | ||
| *.class | ||
|
|
||
| # Mobile Tools for Java (J2ME) | ||
| .mtj.tmp/ | ||
|
|
||
| # Package Files # | ||
| *.jar | ||
| *.war | ||
| *.ear | ||
|
|
||
| # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml | ||
| hs_err_pid* | ||
|
|
||
| # Eclipse Gradle module files | ||
| /bin/ | ||
| /.classpath | ||
| /.project | ||
| /.settings/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,73 +1,118 @@ | ||
| **This is an alpha release!** Use with caution. | ||
|
|
||
| Please [report](https://github.com/Batix/rundeck-ansible-plugin/issues) any errors or suggestions! | ||
|
|
||
| ## Rundeck Ansible Plugin ## | ||
|
|
||
| This plugin brings basic Ansible support to Rundeck. It imports hosts from Ansible's inventory, including a bunch of facts, and can run modules and playbooks. There is also a node executor and file copier for your project. | ||
|
|
||
| No SSH-Keys need to be shared between Ansible and Rundeck, everything is run through either `ansible` or `ansible-playbook` (even the node import). | ||
|
|
||
| The following bits are included: | ||
|
|
||
| ### Resource Model Source ### | ||
|
|
||
| Uses the default configured inventory to scan for nodes. Facts are discovered by default, but you can turn that off (although I highly recommend leaving it on). | ||
|
|
||
| Host groups are imported as tags, you can limit the import to just some selected [patterns](http://docs.ansible.com/ansible/intro_patterns.html), if you want. | ||
|
|
||
| A bunch of facts are imported as attributes ([sample screenshot](http://batix.de/static/files/rundeck-ansible/node.png)). | ||
|
|
||
| ### Node Executor ### | ||
|
|
||
| This makes it possible to run commands via the "Commands" menu or the default "Command" node step in a job. | ||
|
|
||
| The command is passed to Ansible's `shell` module. You can specify which shell to use in the project settings. | ||
|
|
||
| ### File Copier ### | ||
|
|
||
| Enables usage of the default "Copy File" and (in combination with the above) "Script" node steps. | ||
|
|
||
| Files are transferred using Ansible's `copy` module. | ||
|
|
||
| ### Run Ansible Modules ### | ||
|
|
||
| Run any Ansible module! You can specify the module name and arguments. | ||
|
|
||
| This is available as both a node and workflow step. | ||
|
|
||
| Note: The node step runs Ansible for every node, targeting only one node. The workflow step runs Ansible only once with a list of targets, so it should perform a bit better, if you don't need the individuality. | ||
|
|
||
| ### Run Ansible Playbooks ### | ||
|
|
||
| Run a playbook as a node or workflow step (see note above). You specify a path to a file, which must be accessible to Rundeck. | ||
|
|
||
| ## Requirements ## | ||
|
|
||
| - Ansible executables in `$PATH` of Rundeck user | ||
| - Rundeck user needs to be able to successfully run Ansible commands, that includes access to Ansible's config files and keys - it depends on your setup (whether you installed via .deb or launcher etc.) | ||
| - You can check if everything works with something like this: `su rundeck -s /bin/bash -c "ansible all -m ping"` | ||
| - If it complains, chances are that your rundeck `$HOME` directory isn't writable by Rundeck, fix it with e.g. `chown rundeck /var/lib/rundeck` (see [this issue](https://github.com/Batix/rundeck-ansible-plugin/issues/2#issuecomment-197000132)) | ||
| - Another thing, if you have a special setup: Rundeck's environment might be missing some things, if you are using `su` or similar to start rundeck - maybe you need to tell it to use a login shell via `-l` (see [this issue](https://github.com/Batix/rundeck-ansible-plugin/issues/3#issuecomment-198496564)) | ||
| - If you are running CentOS 6.7 or similar (RHEL) or another system using SELinux, you may need to install libselinux-python (`yum install libselinux-python`) or disable SELinux on boot (see [this issue](https://github.com/Batix/rundeck-ansible-plugin/issues/13)) | ||
|
|
||
| ## Installation ## | ||
|
|
||
| - [Download the .jar file from GitHub](https://github.com/Batix/rundeck-ansible-plugin/releases) or compile it yourself (using Gradle, either your own the included wrapper) | ||
| - Copy the .jar file to your Rundeck plugins directory (`/var/lib/rundeck/libext` if you installed the .deb, for example) | ||
| - Create a new project (this assumes you want every node in your project to be controlled via Ansible) | ||
| - Choose "Ansible Resource Model Source" as the resource model source | ||
| - Choose "Ansible Ad-Hoc Node Executor" as the default node executor | ||
| - Choose "Ansible File Copier" as the default node file copier | ||
| - Save, it can take a short time to import all the nodes, depending on your fleet | ||
| - You're all set! Try running a command | ||
|
|
||
| ## Debugging ## | ||
|
|
||
| If anything goes wrong you can enable debugging for all components. Just enable the DEBUG log level for your jobs and add a Java system property named `ansible.debug` with the value `true`. You can do that for example in `/etc/rundeck/profile`, make sure to restart your rundeck service. | ||
|
|
||
| This will print extra info either in some logs (e.g. `/var/log/rundeck/service.log`) or the web console. If you file an issue, make sure to include as much information in your report as you can. | ||
|
|
||
| ## Contributing ## | ||
|
|
||
| Discussions and pull requests are welcome. | ||
| **This is an alpha release!** Use with caution. | ||
|
|
||
| Please [report](https://github.com/Batix/rundeck-ansible-plugin/issues) any errors or suggestions! | ||
|
|
||
| ## Rundeck Ansible Plugin ## | ||
|
|
||
| This plugin brings basic Ansible support to Rundeck. It imports hosts from Ansible's inventory, including a bunch of facts, and can run modules and playbooks. There is also a node executor and file copier for your project. | ||
|
|
||
| No SSH-Keys need to be shared between Ansible and Rundeck, everything is run through either `ansible` or `ansible-playbook` (even the node import). | ||
|
|
||
| The following bits are included: | ||
|
|
||
| ### Resource Model Source ### | ||
|
|
||
| Uses the default configured inventory to scan for nodes. Facts are discovered by default, but you can turn that off (although I highly recommend leaving it on). | ||
|
|
||
| Host groups are imported as tags, you can limit the import to just some selected [patterns](http://docs.ansible.com/ansible/intro_patterns.html), if you want. | ||
|
|
||
| A bunch of facts are imported as attributes ([sample screenshot](http://batix.de/static/files/rundeck-ansible/node.png)). | ||
|
|
||
| ### Node Executor ### | ||
|
|
||
| This makes it possible to run commands via the "Commands" menu or the default "Command" node step in a job. | ||
|
|
||
| The command is passed to Ansible's `shell` module. You can specify which shell to use in the project settings. | ||
|
|
||
| ### File Copier ### | ||
|
|
||
| Enables usage of the default "Copy File" and (in combination with the above) "Script" node steps. | ||
|
|
||
| Files are transferred using Ansible's `copy` module. | ||
|
|
||
| ### Run Ansible Modules ### | ||
|
|
||
| Run any Ansible module! You can specify the module name and arguments. | ||
|
|
||
| ### Run Ansible Playbooks ### | ||
|
|
||
| Run a playbook as a node or workflow step (see note above). You specify a path to a file, which must be accessible to Rundeck. | ||
|
|
||
| ## Configuration ## | ||
|
|
||
| The Job Configuration, node, project and framework attributes can be used to customize how jobs are executed. On every run, the plugin will try to resolve | ||
| the value associated with each ansible configuration by checking the configuration attributes in the following order: | ||
|
|
||
| * If the attribute is defined for the job | ||
| * else if the attribute is defined for the node (Only for node executor) | ||
| * else if the attribute is defined at the project level | ||
| * else if the attribute is defined at the framework level | ||
|
|
||
| Note that Node attributes are only evaluated for Node Executor jobs, Workflow Jobs (Playbook and Module) use only job configurations, and project/framework configurations. | ||
|
|
||
| The following configuration attributes can be set on the Node, or in the project.properties or framework.properties. To add them to project.properties, prefix them with "project." and for framework.properties prefix them with "framework.": | ||
|
|
||
| * `ansible-inventory` - Specifies the ansible inventory to use, can defined a global inventory file at the project level without requiring setting the same variable for each job. (default /etc/ansible/hosts) | ||
| * `ansible-executable` - The executable to use for node Node Executor. (default /bin/sh) | ||
| * `ansible-limit` - Global groups limits can be set at the project level to filter hosts/groups from the Ansible inventory. See http://docs.ansible.com/ansible/intro_patterns.html for syntax help. | ||
| * `ansible-vault-path` - Default vault file path to use for Playbook Jobs. | ||
| * `ansible-vault-storage-path` - Specifies a [Key Storage Path][] to look up the ansible vault password from. If specified, it will be used instead of the `ansible-vault-path`. | ||
| * `ansible-ssh-auth-type` - Type of authentication to use, "password" or "privatekey", default: "privatekey". | ||
| * `ansible-ssh-user` - Ansible ssh User to user. (default rundeck) | ||
| * `ansible-ssh-password-option` - Specifies a [Secure Authentication Option][1] from a Job to use as the authentication password. (format: "NAME" ). This option take precedence over `ansible-ssh-password-storage-path` | ||
| * default-value: "ansible-ssh-password", so simply define a Secure Authentication Option on your Job with the name "ansible-ssh-password". | ||
| * `ansible-ssh-password-storage-path` - Specifies a [Key Storage Path][] to look up the authentication password from. | ||
| * `ansible-ssh-timeout` - Ansible ssh timeout, default: 10. | ||
| * `ansible-ssh-keypath` - Specifies the path the ssh private key to use as the authentication privatekey. | ||
| * `ansible-ssh-key-storage-path` - Specifies a [Secure Authentication Option][1] from a Job to use as the authentication privatekey, This option take precedence over `ansible-ssh-keypath`. | ||
| * `ansible-become` - Specifies whether to use becaume or not for Ansible jobs and Node Executor, default: "false". | ||
| * `ansible-become-user` - Ansible default become user. | ||
| * `ansible-become-method` - Specifies the become method to use, "sudo" or "su", default: "sudo". | ||
| * `ansible-become-password-option` - Specifies a [Secure Authentication Option][1] from a Job to use for become. (format: "NAME" ). If specified, it will be used instead of the `ansible-become-password-storage-path`. | ||
| * default-value: "ansible-become-password", so simply define a Secure Authentication Option on your Job with the name "ansible-become-password". | ||
| * `ansible-become-password-storage-path` - Specifies a [Key Storage Path][] to look up the become password from. | ||
|
|
||
| [Key Storage Path]: http://rundeck.org/docs/administration/key-storage.html | ||
|
|
||
| Password authentication can be performed in one of two ways: | ||
|
|
||
| 1. Create a Rundeck Job with a [Secure Authentication Option][1], to pass in the password to use. The default name of this option should be "ansible-ssh-password", but you can change the name that is expected, if necessary. | ||
| 2. Use the Rundeck [Key Storage Facility][2] to store a password, and use the path to it as the `ansible-ssh-password-storage-path` | ||
| Note that the first takes precedence in evaluation over the second. | ||
|
|
||
| Private Key authentication can be performed by using a full path to the shh private key (make sure the file is owned by rundeck and access permissions are set to 0600) or using [Key Storage Facility][2] to store a private key. | ||
|
|
||
| Become password configuration is very similar to ssh password, you can use either [Secure Authentication Option][1], the default option name should be "ansible-become-password" or use [Key Storage Facility][2] to store a password, and use the path to it as the `ansible-become-password-storage-path`. Also for become password just like ssh password the first takes precedence in evaluation over the second. | ||
|
|
||
| [1]: http://rundeck.org/docs/manual/job-options.html#secure-options | ||
| [2]: http://rundeck.org/docs/administration/key-storage.html | ||
|
|
||
| ## Requirements ## | ||
|
|
||
| - Ansible executables in `$PATH` of Rundeck user | ||
| - Rundeck user needs to be able to successfully run Ansible commands, that includes access to Ansible's config files and keys - it depends on your setup (whether you installed via .deb or launcher etc.) | ||
| - You can check if everything works with something like this: `su rundeck -s /bin/bash -c "ansible all -m ping"` | ||
| - If it complains, chances are that your rundeck `$HOME` directory isn't writable by Rundeck, fix it with e.g. `chown rundeck /var/lib/rundeck` (see [this issue](https://github.com/Batix/rundeck-ansible-plugin/issues/2#issuecomment-197000132)) | ||
| - Another thing, if you have a special setup: Rundeck's environment might be missing some things, if you are using `su` or similar to start rundeck - maybe you need to tell it to use a login shell via `-l` (see [this issue](https://github.com/Batix/rundeck-ansible-plugin/issues/3#issuecomment-198496564)) | ||
| - If you are running CentOS 6.7 or similar (RHEL) or another system using SELinux, you may need to install libselinux-python (`yum install libselinux-python`) or disable SELinux on boot (see [this issue](https://github.com/Batix/rundeck-ansible-plugin/issues/13)) | ||
|
|
||
| ## Installation ## | ||
|
|
||
| - [Download the .jar file from GitHub](https://github.com/Batix/rundeck-ansible-plugin/releases) or compile it yourself (using Gradle, either your own the included wrapper) | ||
| - Copy the .jar file to your Rundeck plugins directory (`/var/lib/rundeck/libext` if you installed the .deb, for example) | ||
| - Create a new project (this assumes you want every node in your project to be controlled via Ansible) | ||
| - Choose "Ansible Resource Model Source" as the resource model source | ||
| - Choose "Ansible Ad-Hoc Node Executor" as the default node executor | ||
| - Choose "Ansible File Copier" as the default node file copier | ||
| - Save, it can take a short time to import all the nodes, depending on your fleet | ||
| - You're all set! Try running a command | ||
|
|
||
| ## Debugging ## | ||
|
|
||
| If anything goes wrong you can enable debugging for all components. Just enable the DEBUG log level for your jobs and add a Java system property named `ansible.debug` with the value `true`. You can do that for example in `/etc/rundeck/profile`, make sure to restart your rundeck service. | ||
|
|
||
| This will print extra info either in some logs (e.g. `/var/log/rundeck/service.log`) or the web console. If you file an issue, make sure to include as much information in your report as you can. | ||
|
|
||
| ## Contributing ## | ||
|
|
||
| Discussions and pull requests are welcome. |
Oops, something went wrong.