K3s探秘：Rundeck Community 5.1.1 安装配置实战

March 5, 2024
Rundeck Community 5.1.1
https://www.rundeck.com/downloads

背景知识：Rundeck，这款基于Java与Grails的开源运维自动化利器，简约而不简单，无多余之辞，直切运维之核心。它穿梭于节点之间，化日常操作为自动化流程，释放双手，减轻负重。Rundeck不仅具备跨节点执行任务之能，更以访问控制、工作流构建、任务调度、日志记录等精湛技艺，彰显其运维之精髓。其扩展之便，与外部源节点、选项数据之集成，皆得心应手。简而言之，Rundeck以高效实用之姿，成为运维人员之得力助手，引领企业运维管理新风尚。

--- ⚠️ 不说废话，直入主题：---

1、OpenJDK install & Config

# install openjdk
--------------------
mkdir -p /opt/distfiles && cd /opt/distfiles
wget https://download.java.net/java/GA/jdk20.0.2/6e380f22cbe7469fa75fb448bd903d8e/9/GPL/openjdk-20.0.2_linux-x64_bin.tar.gz

'''
#!/bin/bash
# Usage:
# chmod 755 openjdk-20.0.2_linux-x64_bin.install_jdk.sh
# ./openjdk-20.0.2_linux-x64_bin.install_jdk.sh openjdk-20.0.2_linux-x64_bin

version=$1
cd /opt/distfiles/
tar -xf ${version}.tar.gz -C /opt --transform s/jdk-20.0.2/openjdk-20.0.2_linux-x64_bin/

ln -f -s /opt/${version}/bin/java /usr/bin/java
ln -f -s /opt/${version}/bin/javac /usr/bin/javac
ln -f -s /opt/${version} /opt/jdk
ln -f -s /opt/${version}/jre /opt/jre

sed -i -e 's/securerandom\.source=file\:\/dev\/random/securerandom\.source=file\:\/dev\/\.\/random/g' /opt/jre/lib/security/java.security

[ -e /opt/distfiles/${version}.tar.gz ] && rm -f /opt/distfiles/${version}.tar.gz

cat << EOF > /etc/profile.d/${version}.sh
export JAVA_HOME=/opt/${version}
export JRE_HOME=/opt/${version}/jre
export PATH=\$JAVA_HOME/bin:\$JRE_HOME/bin:\$PATH
export CLASSPATH=\$JAVA_HOME/lib:\$JRE_HOME/lib:.
EOF
'''

chmod 755 openjdk-20.0.2_linux-x64_bin.install_jdk.sh
./openjdk-20.0.2_linux-x64_bin.install_jdk.sh openjdk-20.0.2_linux-x64_bin

/opt/jdk/bin/java -version
openjdk version "20.0.2" 2023-07-18
OpenJDK Runtime Environment (build 20.0.2+9-78)
OpenJDK 64-Bit Server VM (build 20.0.2+9-78, mixed mode, sharing)

2、MySQL install & Config

# install MySQL
--------------------
# 一键安装msql & 创建数据库
# sudo nohup ./ins_v1.6.sh mysql >> /tmp/install.log 2>&1 &  # 忽略！
# /opt/modules/mysql/bin/mysql -u root -p                    # 忽略！
# Enter password: *********.                                 # 忽略！
# ⚠️注：--- 脚本，可以打赏+好友^^ ---

mysql -h 127.0.0.1 -u root -p
Enter password: *********

mysql> create database `rundeck`;
Query OK, 1 row affected (0.00 sec)

mysql> ALTER USER 'root'@'%' IDENTIFIED BY '*********';
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

3、Rundeck install & Config

# install rundeck
--------------------
# https://docs.rundeck.com/download/jar/
f700b12b416d932fd50f129fd164bd2d rundeck-5.1.1-20240305.war

1、安装rundeck
wget -O rundeck-5.1.1-20240305.war https://packagecloud.io/pagerduty/rundeck/packages/java/org.rundeck/rundeck-5.1.1-20240305.war/artifacts/rundeck-5.1.1-20240305.war/download
mkdir -p /opt/rundeck
cp rundeck-5.1.1-20240305.war /opt/rundeck/ && cd /opt/rundeck/
java -jar rundeck-5.1.1-20240305.war
# ln -s /opt/jdk /opt/openjdk-20.0.2_linux-x64_bin
# ln -s /opt/jdk/bin/java /usr/bin/java

2、调整Xms MaxMetaspaceSize参数
vim /etc/profile
# rundeck
export RDECK_JVM="$RDECK_JVM -Xmx1024m -Xms1024m -XX:MaxMetaspaceSize=512m -server"
source /etc/profile

3、修改数据库为MySQL、rundeck默认端口、添加ldap认证方式
vim /opt/rundeck/server/config/rundeck-config.properties
# dataSource.url = jdbc:h2:file:/opt/rundeck/server/data/grailsdb;DB_CLOSE_ON_EXIT=FALSE
改为：
dataSource.url = jdbc:mysql://localhost:3306/rundeck?autoReconnect=true&useSSL=false
dataSource.username = root
dataSource.password = *********
dataSource.driverClassName = org.mariadb.jdbc.Driver
# server.address=localhost
# server.port=4440
改为：
server.address=0.0.0.0
server.port=14440

4、修改rundeck默认端口
vim /opt/rundeck/etc/framework.properties
# framework.server.port = 4440
# framework.server.url = http://localhost:4440
改为：
framework.server.port = 14440
framework.server.url = http://localhost:14440


vim /opt/rundeck/etc/preferences.properties
# framework.server.port=4440
# framework.rundeck.url=http\://localhost\:4440
# framework.server.url=http\://localhost\:4440
# server.http.port=4440
改为：
framework.server.port=14440
framework.rundeck.url=http\://localhost\:14440
framework.server.url=http\://localhost\:14440
server.http.port=14440
即：
sed -i "s/4440/14440/g" /opt/rundeck/etc/preferences.properties

5、置环境变量，生效
vim ~/.bashrc
export RDECK_BASE=/opt/rundeck
export PATH=$RDECK_BASE/bin:$PATH

source ~/.bashrc


6.配置rundeck域名绑定：
# sed -i "s/localhost:4440/deploy.youchang.net/g" /opt/rundeck/server/config/rundeck-config.properties # 最关键！
# grails.serverURL=http://localhost:4440
grails.serverURL=http://deploy.youchang.net:14440

# vim /etc/hosts
172.16.8.168 deploy.youchang.net:14440


7、把默认弱口令改一下：
------------------
# vim /opt/rundeck/server/config/realm.properties
admin:admin,user,admin
user:user,user
改为：
#admin:admin,user,admin
#user:user,user
admin: MD5:********************************,user,admin

4、Supervisor install & Config

# install supervisor
--------------------
apt install supervisor
systemctl enable supervisor && systemctl start supervisor && systemctl status supervisor # 设置开机自启、启动&查看supervisor服务

vim /etc/supervisor/conf.d/rundeck.conf
[program:rundeck]
command=/usr/bin/java -Xmx2048m -Xms256m -XX:MaxPermSize=256m -server -Dloginmodule.conf.name=jaas-ldap.conf -Dloginmodule.name=ldap -Dserver.http.port=14440 -Dfile.encoding=UTF-8 -Duser.country=US -Duser.language=en -jar /opt/rundeck/rundeck-5.1.1-20240305.war
directory=/opt/rundeck
autostart=true
autorestart=true
startretries=3
exitcodes=0,2
stopsignal=TERM
stopasgroup=true
stopwaitsecs=2
user=root
environment=JAVA_HOME="/opt/openjdk-20.0.2_linux-x64_bin",JRE_HOME="/opt/openjdk-20.0.2_linux-x64_bin/jre"
stdout_logfile=/var/log/supervisor/rundeck_stdout.log
stderr_logfile=/var/log/supervisor/rundeck_stderr.log
# /usr/bin/supervisorctl restart rundeck
rundeck: stopped
rundeck: started