Merge branch 'develop' to make tagged release.

README.md

@@ -1,33 +1,35 @@
 # Ansible Rundeck Role
 
-This is an [Ansible](http://www.ansible.com/) role to installed, configured and to ensure sure rundeck is running.
-Feedback, bug-reports, requests, is welcomed and can be done via [github issues](https://github.com/New-Edge-Engineering/ansible-time/issues).
+This is an [Ansible](http://www.ansible.com/) role to install, configure and ensure sure rundeck is running.
+Feedback, bug-reports, requests are welcomed and can be done via [github issues](https://github.com/New-Edge-Engineering/ansible-rundeck/issues).
 
 ## Execution Requirements
-- Tested on Mac OS X with Ansible 1.7 .
+- Tested on Mac OS X with Ansible 1.7.
 
 ## Role Variables
 
 The following variables can be overridden:
 
- * `rundeck_domain`: Defaults to localhost but should the host name web application with accessed by.
- * `rundeck_database_type`: Defaults to hsqldb but can be set to postgresql (or mysql, coming soon) to those databases. Users and databases are not automatically created.
- * `rundeck_database_port`: Defaults to None and only needs to be set if using a different port than the default database type.
+ * `rundeck_domain`: Defaults to localhost:4440 but should the host name web application with accessed by.
+ * `rundeck_database_type`: Defaults to hsqldb but can be set to postgresql or mysql to use those databases. Users and databases are not automatically created.
+ * `rundeck_database_host`: Defaults to localhost and only needs to be set if using an externally hosted database.
+ * `rundeck_database_port`: Defaults to None and must be set if using a different database than the default hsqldb.
  * `rundeck_database_name`: Defaults to rundeck but allows you to use a different rundeck database name.
- * `rundeck_database_user`: Defaults to rundeck but allows you to use a different rundeck database username that accesses the rundeck database.
- * `rundeck_database_pass`: Defaults to rundeck but allows you to use a different rundeck database password that the user access to the rundeck database.
+ * `rundeck_database_user`: Defaults to rundeck but allows you to use a different username to accesses the rundeck database.
+ * `rundeck_database_pass`: Defaults to rundeck but allows you to use a different password for the user access to the rundeck database.
  * `rundeck_users`: A list of dictionaries of name, password ([hashed](http://rundeck.org/docs/administration/authenticating-users.html#propertyfileloginmodule)) and a list of roles (One must be an admin). If empty the default admin is not removed.
  * `rundeck_plugins`: A list of plugin urls that are downloaded and installed into the rundeck libext, default is none.
+ * `rundeck_generate_ssh`: True  # automatically generate ssh key, set to False to stop this action.
 
 
 ## Dependencies
-This role does not have a hard dependency on any other role to deploy but rundeck does require java to be installed. smola.java role is a good choice with the
+This role does not have a hard dependency on any other role to deploy but rundeck does require java to be installed. smola's [ansible-java-role](https://github.com/smola/ansible-java-role) is a good choice with the
 following configuration:
 
  * **Debian:** Ensure java_packages has a debian java package in it, i.e. openjdk-7-jre-headless
  * **RedHat:** Ensure java_packages has a debian java package in it, i.e. java-1.7.0-openjdk, had to adjust role to include RedHat.yml in main.yml to work.
 
-If you choose to use a database then please ensure it is installed before executing this role. The following roles have been used to create databses:
+If you choose to use a database then please ensure it is installed before executing this role. The following roles have been used to create databases:
 
  * **Ubuntu 12.04 & 14.04/PostgreSQL:** [postgresql](https://galaxy.ansible.com/list#/roles/512)
  * **Centos 6.5 & 7.0/PostgreSQL:** [postgresql-on-el6](https://galaxy.ansible.com/list#/roles/766) (with tweeks, watch this space for updates)

defaults/main.yml

@@ -1,13 +1,14 @@
 ---
 # Rundeck
 rundeck_download_path: "{{ temp_dir }}"
-rundeck_domain: localhost  # the domain that the web application is associated with.
+rundeck_domain: "localhost:4440"  # the domain that the web application is associated with.
 rundeck_database_type: 'hsqldb'
 rundeck_database_host: 'localhost'
 rundeck_database_name: 'rundeck'
 rundeck_database_user: 'rundeck'
 rundeck_database_pass: 'rundeck'
 rundeck_users: []  # list of users as dictionary of name, password and list of roles
 rundeck_plugins: []  # list of plugin urls that are downloaded and installed into the rundeck libext.
+rundeck_generate_ssh: True  # automatically generate ssh key, set to False to stop this action.
 # OS, kept for backward compatibility, use rundeck_download_path instead.
 temp_dir: /tmp

tasks/install_debian.yml

@@ -75,7 +75,7 @@
     - packages
 
 - name: Rundeck | install from .deb package
-  command: "dpkg --skip-same-version -i {{ rundeck_download_path }}/{{ rundeck_deb_package.stdout }}"
+  command: "dpkg --skip-same-version --force-confold -i {{ rundeck_download_path }}/{{ rundeck_deb_package.stdout }}"
   when: (rundeck_download_check is defined and rundeck_download_check.stat.exists == true) or rundeck_downloaded|changed
   changed_when: "dpkg_result.stdout.startswith('Selecting')"
   register: dpkg_result
@@ -86,3 +86,34 @@
     - rundeck
     - install
     - packages
+
+- name: Rundeck | check upstart configuration exists
+  register: upstart_config
+  stat:
+    path: /etc/init/rundeckd.conf
+    get_md5: no
+    get_checksum: no
+  tags:
+    - rundeck
+    - install
+    - packages
+
+- name: Rundeck | remove System V init.d script if upstart config exists
+  file:
+    path: /etc/init.d/rundeckd
+    state: absent
+  when: upstart_config.stat.exists
+  tags:
+    - rundeck
+    - install
+    - packages
+
+- name: Rundeck | ensure service log file has correct ownership
+  file:
+    path: /var/log/rundeck/service.log
+    owner: rundeck
+    state: touch
+  tags:
+    - rundeck
+    - install
+    - packages

tasks/main.yml

@@ -9,7 +9,7 @@
 # corrections to run with other jetty applications
 #  create groups and adjust user
 - name: Rundeck | Ensure jetty group exists
-  group:
+  group: >
     name=jetty
     system=yes
   when: ansible_os_family == 'Debian'
@@ -19,7 +19,7 @@
     - groups
 
 - name: Rundeck | Ensure rundeck user is apart of jetty group
-  user:
+  user: >
     name=rundeck
     groups=jetty
     createhome=yes
@@ -43,7 +43,7 @@
 
 # configuration adjustment
 - name: Rundeck | Ensure upstart setgid is set to jetty group
-  lineinfile:
+  lineinfile: >
     dest=/etc/init/rundeckd.conf
     regexp="^setgid "
     line="setgid jetty"
@@ -55,7 +55,7 @@
     - configuration
 
 - name: Rundeck | Ensure server url is configured
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^grails.serverURL="
     line="grails.serverURL=http://{{ rundeck_domain }}"
@@ -77,7 +77,7 @@
 
 # extras
 - name: download rundeck plugins
-  get_url:
+  get_url: >
     dest=/var/lib/rundeck/libext/{{ item.split('/')|last }}
     url={{ item }}
   with_items: rundeck_plugins
@@ -87,3 +87,6 @@
     - rundeck
     - plugins
 
+# ssh key generation
+- include: ssh.yml
+  when: rundeck_generate_ssh == True

tasks/mysql.yml

@@ -1,6 +1,6 @@
 ---
 - name: Rundeck - MySQL | make server lib directory
-  file:
+  file: >
     group=rundeck
     mode=0655
     owner=rundeck
@@ -12,7 +12,7 @@
     - mysql
 
 - name: Rundeck - MySQL | download jdbc driver
-  get_url:
+  get_url: >
     dest=/tmp/mysql-connector-java-3.0.17-ga.tar.gz
     url="http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-3.0.17-ga.tar.gz"
   tags:
@@ -32,15 +32,15 @@
 
 - name: Rundeck - MySQL | copy jdbc driver
   command: mv /tmp/mysql-connector-java-3.0.17-ga/mysql-connector-java-3.0.17-ga-bin.jar /var/lib/rundeck/lib/
-  args: 
+  args:
     creates: /var/lib/rundeck/lib/mysql-connector-java-3.0.17-ga-bin.jar
   tags:
     - rundeck
     - jdbc
     - mysql
 
 - name: Rundeck - MySQL | update database connection in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.url"
     line="dataSource.url=jdbc:mysql://{{ rundeck_database_host }}:{{ rundeck_database_port }}/{{ rundeck_database_name }}"
@@ -52,7 +52,7 @@
     - mysql
 
 - name: Rundeck - MySQL | update database driver in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.driverClassName"
     line="dataSource.driverClassName=com.mysql.jdbc.Driver"
@@ -64,7 +64,7 @@
     - mysql
 
 - name: Rundeck - MySQL | update database dialect in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.dialect"
     line="dataSource.dialect=org.hibernate.dialect.MySQLDialect"
@@ -76,7 +76,7 @@
     - mysql
 
 - name: Rundeck - MySQL | update database username in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.username"
     line="dataSource.username={{ rundeck_database_user }}"
@@ -88,7 +88,7 @@
     - mysql
 
 - name: Rundeck - MySQL | update database password in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.password"
     line="dataSource.password={{ rundeck_database_pass }}"
@@ -98,3 +98,16 @@
     - rundeck
     - configuration
     - mysql
+
+- name: Rundeck - MySQL | ensure database is used to store projects
+  lineinfile: >
+    dest=/etc/rundeck/rundeck-config.properties
+    line="rundeck.projectsStorageType=db"
+    state="present"
+  when: rundeck_targeting_version.stdout|version_compare('2.5.0', '>=')
+  notify:
+    - restart rundeck
+  tags:
+    - rundeck
+    - configuration
+    - mysql

tasks/postgresql.yml

@@ -1,6 +1,6 @@
 ---
 - name: Rundeck - PostgreSQL | make server lib directory
-  file:
+  file: >
     group=rundeck
     mode=0655
     owner=rundeck
@@ -12,7 +12,7 @@
     - postgresql
 
 - name: Rundeck - PostgreSQL | download postgreSQL jdbc driver
-  get_url:
+  get_url: >
     dest=/var/lib/rundeck/lib/postgresql-9.3-1101.jdbc3.jar
     url="http://jdbc.postgresql.org/download/postgresql-9.3-1101.jdbc3.jar"
     group=rundeck
@@ -24,7 +24,7 @@
     - postgresql
 
 - name: Rundeck - PostgreSQL | update database connection in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.url"
     line="dataSource.url=jdbc:postgresql://{{ rundeck_database_host }}:{{ rundeck_database_port|default('5432') }}/{{ rundeck_database_name }}"
@@ -36,7 +36,7 @@
     - postgresql
 
 - name: Rundeck - PostgreSQL | update database driver in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.driverClassName"
     line="dataSource.driverClassName=org.postgresql.Driver"
@@ -48,7 +48,7 @@
     - postgresql
 
 - name: Rundeck - PostgreSQL | update database dialect in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.dialect"
     line="dataSource.dialect=org.hibernate.dialect.PostgreSQLDialect"
@@ -60,7 +60,7 @@
     - postgresql
 
 - name: Rundeck - PostgreSQL | update database username in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.username"
     line="dataSource.username={{ rundeck_database_user }}"
@@ -72,7 +72,7 @@
     - postgresql
 
 - name: Rundeck - PostgreSQL | update database password in configuration
-  lineinfile:
+  lineinfile: >
     dest=/etc/rundeck/rundeck-config.properties
     regexp="^dataSource.password"
     line="dataSource.password={{ rundeck_database_pass }}"
@@ -82,3 +82,16 @@
     - rundeck
     - configuration
     - postgresql
+
+- name: Rundeck - PostgreSQL | ensure database is used to store projects
+  lineinfile: >
+    dest=/etc/rundeck/rundeck-config.properties
+    line="rundeck.projectsStorageType=db"
+    state="present"
+  when: rundeck_targeting_version.stdout|version_compare('2.5.0', '>=')
+  notify:
+    - restart rundeck
+  tags:
+    - rundeck
+    - configuration
+    - postgresql

tasks/ssh.yml

@@ -0,0 +1,24 @@
+---
+- name: Rundeck | Ensure .ssh directory exists
+  file:
+    path: /var/lib/rundeck/.ssh
+    state: directory
+    owner: rundeck
+    group: rundeck
+    mode: 0700
+  sudo: yes
+  tags:
+    - ssh
+    - rundeck
+
+# ssh key
+- name: generate a ssh key
+  user:
+    name: rundeck
+    generate_ssh_key: yes
+    ssh_key_file: /var/lib/rundeck/.ssh/id_rsa
+    ssh_key_type: rsa
+  sudo: yes
+  tags:
+    - ssh
+    - rundeck

tasks/users.yml

@@ -1,15 +1,23 @@
 # Should ideally create user passwords dynamically like the following but failing:
-#- name: Rundeck | update basic security to have users
-#  debug: msg="{{ lookup('pipe','java -cp /var/lib/rundeck/bootstrap/jetty-all-7.6.0.v20120127.jar org.eclipse.jetty.util.security.Password jsmith mypass 2>&1 | grep MD5') }} is the raw result of running this command"
+- name: Rundeck | encode users password
+  shell: "java -cp {{ rundeck_jetty_jar }} org.eclipse.jetty.util.security.Password {{ item.name }} {{ item.password }} 2>&1 | grep MD5"
+  become: True
+  register: rundeck_encoded_users
+  when: rundeck_users|length > 0
+  with_items: rundeck_users
+
+- name: Rundeck | users passswords
+  debug: var=rundeck_encoded_users
+  when: rundeck_users|length > 0
 
 - name: Rundeck | update basic security to have users
   lineinfile:
     dest: /etc/rundeck/realm.properties
-    regexp: "^{{ item.name }}: {{ item.password }},{{ item.roles|join(',')}}"
-    line: "{{ item.name }}: {{ item.password }},{{ item.roles|join(',')}}"
+    regexp: "^{{ item.item.name }}:{{ item.stdout }},{{ item.item.roles|join(',')}}"
+    line: "{{ item.item.name }}:{{ item.stdout }},{{ item.item.roles|join(',')}}"
     state: present
-  when: rundeck_users|length > 0
-  with_items: rundeck_users
+  when: rundeck_encoded_users|success
+  with_items: rundeck_encoded_users.results
   notify:
     - restart rundeck
   tags: