Configuration management and automation

Launched

Delegating Tasks

Managing permissions – and thus delegating projects or jobs – is not handled in the web interface, but instead in the Rundeck server configuration files with the use of access control policies usually written in the YAML format. By default, the /etc/rundeck directory already contains two policies – admin.aclpolicy and apitoken.aclpolicy – that regulate access to the admin account and the web API.

Policies let you define a finely granular rights structure that can apply to the entire Rundeck server, user management, storage, projects, or jobs. A whole series of actions are either allowed or denied to users (e.g., read, edit, delete, execute). Policies are assigned to users in the /etc/rundeck/realm.properties file, which lists the groups that can be used in the access control list (ACL). In addition to the documentation on the website, a YouTube movie by the Rundeck author shows an example of ACL policy configuration [3].

Conclusions

Rundeck is a pretty autonomous solution that lets you define arbitrary jobs and run them on computers. The finely granular permissions system also lets admins delegate jobs to employees who do not otherwise have wide-ranging rights on the computers.

From a purely technical point of view, Rundeck has no advantages over well-known configuration management tools like Ansible, Puppet, Chef, and SaltStack, but it does provide a user interface for triggering predefined tasks to less technology-oriented colleagues. Admins that use Ansible, for example, for server configuration can also deploy Rundeck as a replacement for the commercial Ansible front end, Tower. One drawback is the slow execution speed of the Java-based software, which is clearly noticeable when using the web interface.

Infos