This is a plugin for Rundeck that uses Amazon S3 to store execution log files for backups or for cloud-friendly behavior.
./gradlew clean buildCopy the rundeck-s3-log-plugin-x.y.jar file to the libext/ directory inside your Rundeck installation. You can find the releases here.
Enable the ExecutionFileStorage provider named org.rundeck.amazon-s3 in your rundeck-config.properties file:
# Set log execution storage backend to Amazon S3
rundeck.execution.logs.fileStoragePlugin=org.rundeck.amazon-s3You can define the configuration values $RUNDECK_DIR/framework.properties by prefixing the property name with the stem. For example:
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.<key>=<value>Alternatively, use project.properties file with the stem project.plugin.ExecutionFileStorage.org.rundeck.amazon-s3 to achieve per-project configuration.
The plugin will use the "credentials provider chain" for AWS access credentials, which allows you to externally configure the credentials in any of three ways:
AWS_ACCESS_KEY_ID and AWS_SECRET_KEYaws.accessKeyId and aws.secretKeyIf you want to specify access key and secret key, you can do so in the configuration:
The plugin allows you to set the following property key/values for credentials:
NB: These are stemmed with
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3
AWSAccessKeyId: AWS access key, required if using AWSSecretKey
AWSSecretKey: AWS secret key, required if using AWSAccessKeyId
AWSCredentialsFile: Properties file which contains accessKey and secretKey entries. The alternative to specifying
the AWSAccessKeyId and AWSSecretKey
The plugin uses uses the following key/values for configuring the AWS S3 Bucket:
bucket: The name of the S3 bucket to use. This is the shorthand name, eg test-rundeck-logs
path: A path-like string that defines where in the bucket to store the log for a particular execution. You can
include variables. Default value: rundeck/project/$PROJECT/logs/$ID
Variables in the path value include:
${job.execid} - the execution ID${job.project} - the project name${job.id} - the Job UUID if it exists${job.group} - the Job Group if it exists${job.path} - the Job Name if it existsregion: AWS region name to use. Default: us-east-1
endpoint: Optional, a custom S3 compatible endpoint to use, such as https://my-host.com/s3
pathStyle: Optional, boolean, default=False, set to True if you need to define the bucket in your S3 like endpoint URL. e.g:
https://\<s3_like_end_point_url\>/\<your_bucket_name\>
A custom way of defining buckets for your endpoint. Useful for non-AWS S3 like object storage technology e.g SwiftStack, Optums, etc. This background information should be useful.
# AWSAccessKeyId and AWSSecretKey can be specified in the file
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.AWSAccessKeyId=ABC123...
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.AWSSecretKey=ABC321...
# Alternately, AWSCredentialsFile can point to a custom file which contains `accessKey` and `secretKey`
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.AWSCredentialsFile=/path/to/awscredentials.properties
# Name of the bucket
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.bucket=test-rundeck-logs
# Path to store the logs
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.path=logs/${job.project}/${job.execid}.logIf you want to use this plugin when you have Rundeck configured with a custom SSL truststore, you will need to import the Amazon S3 SSL certificates to your truststore.
echo -n | openssl s_client -connect my-bucket.s3.amazonaws.com:443 > certs.out
keytool -importcert -trustcacerts -file certs.out -alias s3-amazonaws -keystore $RDECK_BASE/etc/truststore