Testing rundeck v1.5.2 (rpm dist).
I am uploading a very large set of jobs which are concatenated in a single job xml (as opposed to loading many jobxml's with 1 per file) and using api v5 to upload via curl
This is to expedite the job loading process. Unfortunately it appears to take a very long time and sometimes my curl api connection will terminate (probably apache timing it out as the async process will continue)
The rundeck.audit.log after iterating a few times has grown very large in just a very short time.
And yes a lot of jobs (2313).
It appears that there is a lot of access control activity going on for each individual job entry:
2013-06-12 09:14:08,257 - Evaluating Decision for: res<type:job, name:stopPKAppDynamics, group:deploy/uat4/frontend/pk> subject<Username:cscott2 Group:GS-EComm-WebAdmins Group:SNC-Ecommerce Performance Group:Ecom EO DevOps Group:GS-Misg-MIS-CORP Group:UnixUsers Group:GS-Members-MISMO-CORP Group:VPN-Users Associates Group:IT eCommerce Organization Group:SNC-Ecommerce Search Group:GS-APMQALDAP Group:All North Point - Associates Group:Clarity Users Group:GS-WebSiteAccess-MIS-CORP Group:SNC-Ecommerce Middleware Group:SNC-Ecommerce Non-Production Systems Group:GS-PrivNAS-AK-CORP Group:WebAdmins Group:GS-Everyone-MISMO-CORP Group:$MISMO Group:GS-APMPRDLDAP Group:GS-MAC Users-Merch> action<update> env<
http://dtolabs.com/rundeck/env/project:wsgc>: authorized: true: GRANTED, reason: GRANTED, evaluations: /etc/rundeck/WebAdmins.aclpolicy[1][rule: 1: {allow=[create, read, update, delete, run, kill]}] for actions: [update, delete, kill, read, run, create] => GRANTED_ACTIONS_AND_COMMANDS_MATCHED (0ms)
2013-06-12 09:14:08,355 - Evaluating Decision for: res<type:job, name:stopPK, group:deploy/uat4/frontend/pk> subject<Username:cscott2 Group:GS-EComm-WebAdmins Group:SNC-Ecommerce Performance Group:Ecom EO DevOps Group:GS-Misg-MIS-CORP Group:UnixUsers Group:GS-Members-MISMO-CORP Group:VPN-Users Associates Group:IT eCommerce Organization Group:SNC-Ecommerce Search Group:GS-APMQALDAP Group:All North Point - Associates Group:Clarity Users Group:GS-WebSiteAccess-MIS-CORP Group:SNC-Ecommerce Middleware Group:SNC-Ecommerce Non-Production Systems Group:GS-PrivNAS-AK-CORP Group:WebAdmins Group:GS-Everyone-MISMO-CORP Group:$MISMO Group:GS-APMPRDLDAP Group:GS-MAC Users-Merch> action<update> env<
http://dtolabs.com/rundeck/env/project:wsgc>: authorized: true: GRANTED, reason: GRANTED, evaluations: /etc/rundeck/WebAdmins.aclpolicy[1][rule: 1: {allow=[create, read, update, delete, run, kill]}] for actions: [update, delete, kill, read, run, create] => GRANTED_ACTIONS_AND_COMMANDS_MATCHED (0ms)
2013-06-12 09:14:08,451 - Evaluating Decision for: res<type:job, name:deployPKAppDynamics, group:deploy/uat4/frontend/pk> subject<Username:cscott2 Group:GS-EComm-WebAdmins Group:SNC-Ecommerce Performance Group:Ecom EO DevOps Group:GS-Misg-MIS-CORP Group:UnixUsers Group:GS-Members-MISMO-CORP Group:VPN-Users Associates Group:IT eCommerce Organization Group:SNC-Ecommerce Search Group:GS-APMQALDAP Group:All North Point - Associates Group:Clarity Users Group:GS-WebSiteAccess-MIS-CORP Group:SNC-Ecommerce Middleware Group:SNC-Ecommerce Non-Production Systems Group:GS-PrivNAS-AK-CORP Group:WebAdmins Group:GS-Everyone-MISMO-CORP Group:$MISMO Group:GS-APMPRDLDAP Group:GS-MAC Users-Merch> action<update> env<
http://dtolabs.com/rundeck/env/project:wsgc>: authorized: true: GRANTED, reason: GRANTED, evaluations: /etc/rundeck/WebAdmins.aclpolicy[1][rule: 1: {allow=[create, read, update, delete, run, kill]}] for actions: [update, delete, kill, read, run, create] => GRANTED_ACTIONS_AND_COMMANDS_MATCHED (0ms)
2013-06-12 09:14:08,551 - Evaluating Decision for: res<type:job, name:statusPK, group:deploy/uat4/frontend/pk> subject<Username:cscott2 Group:GS-EComm-WebAdmins Group:SNC-Ecommerce Performance Group:Ecom EO DevOps Group:GS-Misg-MIS-CORP Group:UnixUsers Group:GS-Members-MISMO-CORP Group:VPN-Users Associates Group:IT eCommerce Organization Group:SNC-Ecommerce Search Group:GS-APMQALDAP Group:All North Point - Associates Group:Clarity Users Group:GS-WebSiteAccess-MIS-CORP Group:SNC-Ecommerce Middleware Group:SNC-Ecommerce Non-Production Systems Group:GS-PrivNAS-AK-CORP Group:WebAdmins Group:GS-Everyone-MISMO-CORP Group:$MISMO Group:GS-APMPRDLDAP Group:GS-MAC Users-Merch> action<update> env<
http://dtolabs.com/rundeck/env/project:wsgc>: authorized: true: GRANTED, reason: GRANTED, evaluations: /etc/rundeck/WebAdmins.aclpolicy[1][rule: 1: {allow=[create, read, update, delete, run, kill]}] for actions: [update, delete, kill, read, run, create] => GRANTED_ACTIONS_AND_COMMANDS_MATCHED (0ms)
It appears that each job entry has to be granted access.
In an older rundeck (1.3) I believe this may not be the case, however, I will need to test that as we are using a similar method over api v1.