Rundeck can work as a remote execution engine using its very flexible rest API.
This could be helpful if there no access to SSH and still you need to manage a node from a GUI.
We can set up a central Rundeck instance and have it control remote instances also using Rundeck.
This setup can also off load the central Rundeck and have it control various other client Rundecks remotely.
The easiest way to do this is to have Rundeck runing remotely and then we can send it adhoc scripts that are to be executed.
Making use of Rundeck Adhoc scripts is more quick and much easier than building a full manifest of a Rundeck Job and have that executed from remote.
Please check the Rundeck API documentation: http://rundeck.org/2.6.0/api/index.html#running-adhoc-scripts
To do this lets create a script like the below:
[root@Beren rundeck]# cat rundeckquery.sh
ACTION=${1}
URI=${2}
DATA=${3}
TYPE=${4}
case ${ACTION} in
GET|get|Get)
curl http://10.0.0.26:4440${URI} -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3"
;;
POST|post|Post)
curl http://10.0.0.26:4440${URI} -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3" -X POST -d"${DATA}" -H "Content-Type: ${TYPE}"
;;
SCRIPT|script|Script)
curl http://10.76.139.26:4440${URI} -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3" -F scriptFile=@${DATA}
;;
default)
exit 1
;;
esac
[root@Beren rundeck]#
This script would allow us to run most of the API queries that we need.
The last option in the case would allow us to submit a script file using curl -F option (POST request with multipart/form-data content type)
The Rundeck api that we will be using is:
We need to POST the script as mentioned by api doc:
For Content-Type:
bash rundeckquery.sh script /api/14/project/mytest2/run/script?scriptFile=test_script.sh test_script.sh
Which will translate to:
curl http://10.0.0.26:4440/api/14/project/mytest2/run/script?scriptFile=test_script.sh -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3" -F scriptFile=@test_script.sh
Note that the -F should take same name 'scriptFile' as the content name for the script data. It took me a while to figure this out. Also always make sure to have the '@' symbol infront of the file name so that the file is sent over to be executed remotely.
Once submitted, Rundeck will reply with an execution ID for the script as below:
<execution id='16' href='http://10.0.0.26:4440/api/16/execution/16' permalink='http://10.0.0.26:4440/project/mytest2/execution/show/16' />
You can follow the link to check the script status.
This could be used to validate executions and to trigger alerts of needed.
One last note, ensure you have allowed the user owning the Rundeck token to be able to execute remote API calls. you can make him member of the group: api_token_group
Also you might want to expand the ACL access for apitoken.aclpolicy a bit to ensure things will work fine.
This could be helpful if there no access to SSH and still you need to manage a node from a GUI.
We can set up a central Rundeck instance and have it control remote instances also using Rundeck.
This setup can also off load the central Rundeck and have it control various other client Rundecks remotely.
The easiest way to do this is to have Rundeck runing remotely and then we can send it adhoc scripts that are to be executed.
Making use of Rundeck Adhoc scripts is more quick and much easier than building a full manifest of a Rundeck Job and have that executed from remote.
Please check the Rundeck API documentation: http://rundeck.org/2.6.0/api/index.html#running-adhoc-scripts
To do this lets create a script like the below:
[root@Beren rundeck]# cat rundeckquery.sh
ACTION=${1}
URI=${2}
DATA=${3}
TYPE=${4}
case ${ACTION} in
GET|get|Get)
curl http://10.0.0.26:4440${URI} -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3"
;;
POST|post|Post)
curl http://10.0.0.26:4440${URI} -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3" -X POST -d"${DATA}" -H "Content-Type: ${TYPE}"
;;
SCRIPT|script|Script)
curl http://10.76.139.26:4440${URI} -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3" -F scriptFile=@${DATA}
;;
default)
exit 1
;;
esac
[root@Beren rundeck]#
This script would allow us to run most of the API queries that we need.
The last option in the case would allow us to submit a script file using curl -F option (POST request with multipart/form-data content type)
The Rundeck api that we will be using is:
POST /api/14/project/[PROJECT]/run/scriptWe need to POST the script as mentioned by api doc:
For Content-Type:
multipart/form-datascriptFile: the script file contents (scriptFilebeing thenameattribute of theContent-Dispositionheader)
bash rundeckquery.sh script /api/14/project/mytest2/run/script?scriptFile=test_script.sh test_script.sh
Which will translate to:
curl http://10.0.0.26:4440/api/14/project/mytest2/run/script?scriptFile=test_script.sh -H "X-Rundeck-Auth-Token: o7Oynx00wqoVi3xOoaKxg1GXy1f5Weo3" -F scriptFile=@test_script.sh
Note that the -F should take same name 'scriptFile' as the content name for the script data. It took me a while to figure this out. Also always make sure to have the '@' symbol infront of the file name so that the file is sent over to be executed remotely.
Once submitted, Rundeck will reply with an execution ID for the script as below:
<execution id='16' href='http://10.0.0.26:4440/api/16/execution/16' permalink='http://10.0.0.26:4440/project/mytest2/execution/show/16' />
You can follow the link to check the script status.
This could be used to validate executions and to trigger alerts of needed.
One last note, ensure you have allowed the user owning the Rundeck token to be able to execute remote API calls. you can make him member of the group: api_token_group
Also you might want to expand the ACL access for apitoken.aclpolicy a bit to ensure things will work fine.
