Following Rundeck documentation

[gsluka]

Under the "Environment Variables" section of your GitHub page, you often refer to documentation located at Rundeck's page (http://rundeck.org/docs/......). Rundeck's documentation will often provide details for RPM Install and Launcher Install. Which set of directions should we follow when configuring the rundeck container you put together, RPM or Launcher?

I'm having a hard time using ldap to sign in. Thanks for your help!

[jjethwa]

Hi @gsluka

The container uses the Debian package. You should just need to modify /etc/rundeck/jaas-loginmodule.conf

It should look something similar to:

RDpropertyfilelogin {

com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule sufficient
    debug="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    .
    .
    .
    cacheDurationMillis="300000"
    reportStatistics="true";

org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
    debug="false"
    file="/etc/rundeck/realm.properties"
    refreshInterval="60";
};

[gsluka]

Thank you!

Do I need to add LOGIN_MODULE or JAAS_CONF_FILE to my docker run command?

[jjethwa]

@gsluka No problem 😄 There's no need to add those as they are already set to the default values in /etc/rundeck/profile

[jjethwa]

Hi @gsluka

Any updates?

[gsluka]

Thank you for following up. I was able to login with my AD creds but was told I didn't have permission to view jobs (or do anything really). I'm trying to replicate how our current Production Rundeck is setup. I'll send additional info in the next few days.

[jjethwa]

Hi @gsluka

You'll need to add aclpolicy files to handle permissions (probably tied to one of your AD groups) 😄

[gsluka]

@jjethwa Here is our current Rundeck setup that I am trying to replicate with my container.

In my container, I copied over the rundeck_users.aclpolicy from our current setup. I also added the information from our current setup into the container's jaas-loginmodule.conf file:

After entering my docker run command and entering my credentials, the webpage resolved with an error page:

Any advice where I'm going wrong?

[jjethwa]

Hi @gsluka

Looks like the LDAP config is probably good or else you would have related errors in the rundeck or service.log and would not get past the login screen. It seems that the role you are getting back from LDAP or the supplementalRole, rundeck-users, is not matching up with what is in the realm.properties or aclpolicy files. Do you have an aclpolicy file defined for rundeck-users? If you login as admin, can you confirm that all of the aclpolicy files are being loaded?

[gsluka]

I am logged in as Admin but am not sure how I can tell if acl policies are being loaded or not. I'm fairly new to Rundeck and still trying to learn my way around.

[gsluka]

I can confirm the rundeck_users ACL policy was loaded into the container:

[jjethwa]

Thanks @gsluka

Since the aclpolicy files are loaded, it looks like the user may not be getting the rundeck-users role when authenticating. I found this issue: https://github.com/rundeck/rundeck/issues/2781

If it is that issue, you'll need a newer version of Rundeck to get the fix.

[gsluka]

The fix was editing /var/lib/rundeck/exp/webapp/WEB-INF/web.xml on the container. Security-role needed changed to "rundeck-users". I made the file on the host, then copied the file into the container.

Once the new file was moved, I restarted the container and everything worked. Thanks for your help!