Rundeck Win Lin Mixed Env

From Bitbull Wiki
Revision as of 09:22, 6 November 2023 by Chris (talk | contribs) (→‎RUNDECK CONFIG NOTES)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

1 DESCRIPTION

Ansible integration in Rundeck isn't that great, so there is still a need to run native bash and powershell jobs

2 PRE_REQ

  • rundeck user must have working winrm setup:
pip3 install --user requests urllib3 pywinrm

python -> Python 3.6.8 (default, Nov 8 2022, 11:32:15)

  • linux and windows hosts are joined to same AD
  • Ansible installed and working as rundeck user
  • Linux Inventory is working
ansible -m ping linux_all
  • Windows Inventory is working
ansible -m win_ping windows_all

[rundeck@rundeck-02 ~]$ ansible-inventory --host gitea-01
		{
		    "ansible_become_password": "{{ ansible_password }}",
		    "ansible_password": "xxxxxx",
		    "ansible_port": 222,
		    "ansible_user": "adm_ansible",
		}
		[rundeck@rundeck-02 ~]$ ansible-inventory --host xapp-01
		{
		    "ansible_become": false,
		    "ansible_become_password": "{{ ansible_password }}",
		    "ansible_connection": "winrm",
		    "ansible_password": "xxxxxx",
		    "ansible_port": 5985,
		    "ansible_shell_type": "powershell",
		    "ansible_user": "adm_ansible",
		    "ansible_winrm_server_cert_validation": "ignore",
		    "ansible_winrm_transport": "ntlm",
		}


3 RUNDECK CONFIG NOTES

PROJECT: Support
  Default Node Executor: ssh
    SSH Password Storage Path: keys/project/Support/AD/adm_ansible
    SSH Authentication: password
  Default File Copier: SCP
    SSH Password Storage Path: keys/project/Support/AD/adm_ansible
    SSH Authentication: password
  Nodes:
    1. Ansible Resource Model Source
      Ansible config file path:/etc/ansible/ansible.cfg
      Gather Facts: yes 
      Ignore Host Discovery Errors: yes 
      Limit Targets:linux*
      Additional host tag:ansible
      Import host vars: yes 
      SSH Authentication: password 
      SSH Timeout:10
      Use become privilege escalation.: yes   
    2. Ansible Resource Model Source
      Ansible config file path:/etc/ansible/ansible.cfg
      Gather Facts: yes 
      Ignore Host Discovery Errors: yes 
      Limit Targets:windows*
    3. Local  
    4. File #key option may get needed, I used ssh-keys
      Format: resourcexml 
      File Path:/var/lib/rundeck/manual_nodes.xml
      Writeable: yes 
      ------
      <?xml version="1.0" encoding="UTF-8"?>
      <project>
        <node name="srv-pgitea-01" hostname="gitea-01:222" username="adm_ansible"/>
      </project>
      ------
  Enhancers:
  1. Attribute Match
    Attribute: tags=~windows.*
    Attributes:
      winrm-authtype=ntlm
      winrm-user=adm_ansible
      winrm-password-storage-path=keys/project/Support/AD/adm_ansible
      winrm-port=5985
      winrm-protocol=http
      winrm-domain=domain.local
      node-executor=WinRMPython
      file-copier=WinRMcpPython

4 TEST

Commands -> select all, run: hostname
Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Rundeck_Win_Lin_Mixed_Env&oldid=5752"