Any tips on using Rundeck with Ansible

[mike liu]

I'm planning on using Rundeck as a standin for Ansible Tower.  Basically, putting a scheduler and UI in front of Ansible.  Anyone have experience with this?  Any best practices, tips, etc are welcome.  Thanks for your time!

[Justin Mitchell]

Any luck Mike?

[mike liu]

There is a story in my next sprint to implement this.  I'll post my findings, gotchas, etc.

On Monday, January 12, 2015 at 1:52:09 AM UTC-8, Justin Mitchell wrote:

Any luck Mike?

[Deshi Xiao]

In my mind, i build a rundeck and ansible in one build server, then use rundeck to invoke ansible-playbook. but i need a satisfied way, rundeck have a ansible-plugin to standard the api interface, it will fast our purpose. i have search the plugin repo, i have not found any clues for this plugins, maybe we can made it.

[Rishi]

Also it would be nice to have a Ansible node plugin based on the inventory format

[mike liu]

So, I have our ansible repo cloned and rundeck installed on a single server.  Here are my takeaways...

 - Within Rundeck I have a "project" called AnsibleRunner which has one job.  

 - The job runs with the following cron expression "0 0,30 * * * ? *", this is to say at the top and bottom of the hour.  

 - Within the job I have multiple "workflow steps", each step runs a playbook for a specific server type (as a command that executes locally).  That is to say, each step will provision a specific type of server (i.e. web, app, db, etc).  The steps are run sequentially (per rundeck default).

 - Also, I have configured the workflow to "Run remaining steps before failing", so a failure on a step will not prevent subsequent steps from running.  

 - Once great thing with rundeck is that you can set the "job" to notify on failure, which I've also done.  

 - I also really like how you can review the output from historical job executions.  So, when I get a failure email during the night, I'll review the following morning (and fix as needed).

 - Also, since I run the jobs at the top and bottom of the hour, I periodically check to see if the job take longer than 30 mins.  If it does, I'll just create another Rundeck job or somehow split the workload in an Ansible playbook.

 - I have all Rundeck projects pointing at the same "SSH Key File path" and "Resource Model Source".  This allows all projects to share the same priv key and inventory node list.

 - w/r/t to the Resource Model Source xml file.  I have a bash script (running out of cron) that'll generate an up-to-date resources.xml based the current Ansible inventory file.  This has nothing to do with running ansible playbooks for provisioning, as all commands are run locally, not on any remote server.  But it's useful to have for executing one off "commands" on multiple nodes.

So far, things have been very solid and easy to configure.  I will have to figure out how to make the system as a whole HA (highly available AKA redundant).  I def want to play around more with other Rundeck features and plugins.  I just haven't had the chance.

Questions, comments, suggestions welcomed.

-Mike

[nightwol...@gmail.com]

Nice Mike! 

Out of curiosity - how do you automate pulls of your ansible (git) repo? I.e. when a git change happens pull the latest from origin on the Rundeck server and kick off a workflow? 

[Neelendhar Yeedi]

Here is the scenario how we are using: We are upgrading ubuntu server using ansible + rundeck, rundeck python api  and elasticsearch.

1. we have a play book for ansible which will patch ubuntu servers so far only ubuntu.
2. We are calling ansible-playbook customized on set of servers in one job, so we have tons of jobs, and reporting logs to elasticsearch.

Issues we are facing is.
1. Calender notifications. i.e if some one subscribe to a job they will notify an hour before. [hope we can achieve this with rundeck-api ]
2. at least calender representation of jobs. I am not good in java to write a plugin directly in rundeck , and not sure that we have such flexibility in rundeck-plugins or not.
3. Main thing is link snooze kind of option for rundeck jobs.
4. scm for jobs this is only for maintaining schedule time. : if we have api option for changing schedule time hope we can fix both 3. and 4. making use of api.

If some one has any improvements/suggestions for my scenario are much appreciated.
If some one has this kind of scenario we can work in parallel on plugins.
and if some one looking for similar kind of issue these points might be helpful.

Thanks,
Neel

[mike liu]

I haven't tied my git repo to automatically pull when a commit happens on master.  I just have a cronjob that'll git pull (master) every 5 mins.  I guess the idea here is that our system will eventually have the correct configuration.  Of course, if we want a change to happen immediately, then we'll manually git pull and run the ansible playbook.

I guess the only good way to do what you're asking is to do a webhook in github/bitbucket to hit your rundeck api??  I haven't explored this.

[Chris Gilbert]

I have taken a slightly different approach with Rundeck after a lot of head-scratching on how to make this work well.  What I did is set the default node executor plugin for each project to a script, and then write a bash script to call ansible, or ansible playbook appropriately.  The advantage of this is that you can use the Rundeck node lists, ad-hoc commands and so on, in a way that they will work pretty nicely with ansible rather than directly over SSH.  This was a little tricky to set up, and I had some issues and compromises.  Here is the gist though of what I did though:

https://gist.github.com/chrisgilbert/58f57c82f74162ed5c0f

I stuck this in /usr/bin/run-via-ansible and then put this in my node executor scripts:

Script:/usr/bin/run-via-ansible ${node.hostname} ${exec.command}

Interpreter: bash -c

Directory: /var/rundeck/gitrepos/ansible-develop

I used a different git directory for each project to enable a git change control workflow.  These are then updated via another script each time a job is run, and periodically via cron.

The way the bash script works is to parse the first argument it is given, and if it contains ".yml" assume it is a playbook, and pass the rest to ansible-playbook appropriately.  If it is a one off ad-hoc command, it gets passed to the ansible command like this:

ansible --module-name={module} --args=\"$3 $4 $5 $6 $7 $8 $9\""

So you would give in your ad-hoc command the module name, and the key=value arguments to pass to ansible.  E.g:

yum name=bash state=latest

This seems to work quite well, and you even get coloured output in the rundeck logs.  What doesn't work great yet is inventory, but my plan is to hold that in a central way in something like etcd or consul, and provide the appropriate JSON output to both Rundeck and Ansible so that it works nicely for both.  In the meantime, it just pulls inventory from a file at:

/etc/ansible/hosts/$RD_JOB_PROJECT

So you just need to name your inventory file the same as the project in Rundeck to have some easy/effective way of doing role based access control to particular servers.

[Alex Honor]

Hi Chris,

This looks pretty cool. Curious about the node inventory. In your example, is this in the Ansible INI format? Do you have any code that translates that to Rundeck XML or Yaml resources?

Thanks

--
You received this message because you are subscribed to the Google Groups "rundeck-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rundeck-discu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Alex Honor

[SimplifyOps, Inc | a...@simplifyops.com ]

Be sure to comment and vote on Rundeck Feature Development!

[Chris Gilbert]

Hi Alex,

No, I've not written that yet and presently just using ini files for ansible and static yml for rundeck.

My plan is to try to have a script for each that pulls the information from an external service (etcd or consul probably).  That way I can enter node information once there and have it populate both ansible inventory and rundeck node lists.  Alternatively, I might just use the rundeck execution script to write a new ansible inventory file on the fly for each job, rather than maintaining another list.  

I am also planning on using the key-value store in consul/etcd to store information about each node, so we will have a database of information about them.  Some of that can come through to ansible and rundeck (I think I would add a groups listing for each node which would then populate the tags in rundeck and also be mapped to groups in ansible).  But it's still early days, so not sure how much of this I'll get time to do!

I will post some updates on here if I manage to write any of these scripts though.

Thanks,

Chris

--
You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/8rJWEmjhwnM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.

[Neelendhar Yeedi]

Hi chris,

That looks good ,  but after searching and doing some research we planned to move to jenkins. now everything is pretty automated except few. but I got most of thing with out making manual changes ..

[Mikhail Moskalev]

I found ansible role generating resource for RunDeck in yml format.
https://galaxy.ansible.com/list#/roles/3327

суббота, 25 апреля 2015 г., 7:54:08 UTC+3 пользователь Neelendhar Yeedi написал:

--

Alex Honor

[SimplifyOps, Inc | a....@simplifyops.com ]

Be sure to comment and vote on Rundeck Feature Development!

--
You received this message because you are subscribed to a topic in the Google Groups "rundeck-discuss" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rundeck-discuss/8rJWEmjhwnM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rundeck-discu...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Ashish Mishra]

I 'm working on the spike to find an alternative to Ansible tower. I 'm trying my hands on Rundeck, it kinda does the job. But there are too many things for which I need to SSH into the server mainly for Host file. 

I 'd be great if someone can suggest a workaround to pass the hosts from the Rundeck GUI as an Argument or something. 

I need the Rundeck GUI to have full control of my infrastructure orchestration. 

[David Kirstein]

Hi,

see here and here for a new Ansible plugin.

Cheers

David

[Nic_H]

digging up here , 

I am trying to evaluate Rundeck as a replacement to Tower.

the way we use Tower is to define SCM/git project that match a branch and then assign it to a ansible playbook's template.

This make the management easy at scale and in a collaborative environment as it s easy to create a new project for each feature branch .

How can I accomplish the same thing with Rundeck ? 

The only SCM I found was to sync rundeck jobs definitions, but how can I retrieve my remotes ansible playbooks? 

Any hints on such similar workflow? 

thanks

[rac...@rundeck.com]

Hi Nic,

You can create a specific Rundeck job using this plugin (check the installation guide here) to get your Ansible playbooks.

Hope it helps!

[Nic_H]

Sounds good ,I am running rundeck on docker for now , not too sure how I can integrate a new plugin then,  is there a way to test this on docker ?

Le jeudi 24 juin 2021 à 05:53:01 UTC-7, rac a écrit :

Hi Nic,

You can create a specific Rundeck job using this plugin (check the installation guide here) to get your Ansible playbooks.

Hope it helps!

On Thursday, June 24, 2021 at 8:33:50 AM UTC-4 Nic_H wrote:

digging up here , 

I am trying to evaluate Rundeck as a replacement to Tower.

the way we use Tower is to define SCM/git project that match a branch and then assign it to a ansible playbook's template.

This make the management easy at scale and in a collaborative environment as it s easy to create a new project for each feature branch .

How can I accomplish the same thing with Rundeck ? 

The only SCM I found was to sync rundeck jobs definitions, but how can I retrieve my remotes ansible playbooks? 

Any hints on such similar workflow? 

thanks

[rac...@rundeck.com]

Hi Nic,

Rundeck docker image doesn't include Ansible, for that you need to extend the image (also to include the GIT plugin) or use this one from Batix.

Greetings!

[Nic_H]

I think it does , at least in the image 3.4.0 I run there is the ansible plugins , I can see it. 

My main concern was about GIT plugins not Ansible .