Closed stagrlee closed 8 years ago
Hi @stagrlee
I'm a little hesitant to add the admin account password as an environment variable as this has a few security ramifications. My thinking is that /etc/rundeck needs to be a volume so customization is persisted across container restarts.
I'm not totally closed off on adding it though. Would you be able to provide a use case of where the default framework.properties and realm.properties are needed, but the admin password needs to be modified?
Besides the obvious which is that unmodified the admin password is "admin" which is a wide open hole.
The use case I'm working on is to embed a little independent orchestration motor into a larger app and keep the configuration updates to the rundeck devs to default the config lean and secure. If I put the rundeck config files in my source code and inject all of that, I have to keep up with config file layout changes.
The app will pass in a project directory of jobs and an admin passord that is generated, let the node authority build up its node DB, and run the orchestrations. After that, reap the rundeck docker image like nothing ever happened... I want to keep updates to rundeck easy.
I was using an env variable as a parameter passing mechanism since that is how the DB pwd is passed in. Other parameter passing arrangements could be used I imagine.
Yeah, the default is admin:admin, but most users should be using the volume to persist their configurations and should know enough to change the admin password :)
I should have time to do some analysis of the changes that need to be made later this week to make sure it won't affect users that are already using the container in production.
In the interim, if you're planning on using the rundeck container transiently, you could try linking the container's together so the rundeck port is not exposed to the host or via the host's external IP. It doesn't solve the default admin password issue, but it's a slight mitigation.
I put in a pull request, see what you think
Thanks @stagrlee
I believe the password needs to be changed in the realm.properties file as well as the framework.properties password is used for the CLI tools. Do you want to update the PR or do you want me to? :)
Yikes... Thanks for the review. I pushed an updated PR.
Closing as @stagrlee changes were merged: https://github.com/jjethwa/rundeck/commit/215434c2e8f790dee6fbc01b4c12b35f5b394a0f
Really appreciate it :)
Similar to RUNDECK_PASSWORD, I would to be able to set the login password of the admin account into the GUI.
Suggest a new RUNDECK_ADMIN_PASSWORD environment variable that would overload in the
/etc/rundeck/framework.properties
fileand in
/etc/rundeck/realm.properties
, the second field in this line...