RunDeck
Introduction and use cases
Vincent Behar <vincent@behar.name>
Bruno Bonfils <asyd@asyd.net>
Follow us on twitter!
@vbehar, @bbonfils
jeudi 17 mars 2011
What?
• Job automation
• Job scheduling
the most awesome distributed command dispatching job console
jeudi 17 mars 2011
How?
• Connect to nodes and execute a script/command
• SSH (private key)
• WebUI (Jetty + Grails)
• CLI
jeudi 17 mars 2011
Installation
• wget ...
• java -jar rundeck-launcher-1.1.jar
•a rpm is also available (a deb is coming soon)
jeudi 17 mars 2011
The configuration
• One instance can handle multiple projects
• Per project:
• one XML file describe all available nodes
• osArch, osFamily, tags
• one XML per job
• Jobs can be organized in groups
jeudi 17 mars 2011
A node resource sample
<node name="asuka" type="Node"
description="xen dom0" tags="xen"
hostname="asuka.asyd.net"
osArch="amd64" osFamily="unix" osName="Linux"
osVersion="2.6.32-5-xen-amd64"
username="asyd"/>
jeudi 17 mars 2011
A job sample
[..]
<name>www.rtl.fr</name>
<group>lab/webapps/deploy</group>
<context>
<project>rtlnet</project>
<options>
<option name='version' value='LATEST' enforcedvalues='true'
required='true' valuesUrl='http://..../' />
</options>
</context>
<sequence threadcount='1' keepgoing='false' strategy='node-first'>
<command>
<exec>cp /repository/${option.version} $CATALINA_HOME/webapps</exec>
</command>
</sequence>
node-first: execute toute les commandes sur un node
<nodefilters> avant de passer au node suivant
<include> <tags>lab</tags> </include> step-first: execute la premiere sur chaque node
</nodefilters> avant d’executer la commande suivante
<dispatch>
<threadcount>2</threadcount>
<keepgoing>true</keepgoing>
</dispatch>
[..]
jeudi 17 mars 2011
Model providers
• Rundeck can use remote URL to get:
• the list of nodes (resource model provider) (XML)
• already available: Amazon EC2, Puppet, Chef
• the list of availables values for an option for a job(option
model provider) (JSON)
• already available: Jenkins, Nexus
jeudi 17 mars 2011
Access control
• Users are authenticated via JAAS (LDAP, flat file, etc.)
• Access control can be defined via policies
• Rules by project, group, job
jeudi 17 mars 2011
ad hoc control tools
• rundeck: java, cli + webui, ssh (no agents), raw commands
• controltier: java, cli + webui, agents on each node
• mcollective: ruby, cli, publish/subscribe (jms) - agents on
each node, DSL/plugins
• capistrano: ruby, cli, ssh (no agents), DSL
• fabric: python, cli, ssh (no agents), DSL
jeudi 17 mars 2011
Limitations of 1.1
• Only one private key (w/o passphrase) for all nodes
• No official remote API (REST in 1.2)
• Basic notifications by email (will be extended in 1.3)
• About 3500 files descriptors are used by Rundeck at startup
jeudi 17 mars 2011
RunDeck 1.2 Released
20110315
• REST API (XML at the moment, JSON for the next release)
• YAML available for jobs, resources (nodes), and ACL
• Multi-valued options, useful for WebUI
jeudi 17 mars 2011
Background
• Technologies: Java, Tomcat, Maven
• CI with Jenkins
• Artifacts managed by Nexus
•A test environnment
•A production environment
jeudi 17 mars 2011
Success story
•0 click deployment in test
•1 click deployment in production
• Automated and reproductible deployment
• History of deployments in production (who, when, what)
• The production deployment process is exactly the same as the
test
• More small deployments in production (less risky)
jeudi 17 mars 2011