Rundeck Windows Nodes Configuration
While trying to evaluate Rundeck I came across one challenge i.e integrating rundeck windows nodes. Though rundeck work perfectly fine with non windows nodes but for windows nodes management there are not much documentation or working examples. I had tried to use the google groups for getting some info on rundeck windows nodes integration and to my surprise I got few responses but all seems to be a work around way to integrate windows nodes.
Current latest rundeck version is 2.5.1 with many different updates and new features. So in this article I will be using the latest available rundeck for all integration tasks. I had used Rundeck WinRM plugin which uses the overthere plugin Follow below steps to integrate rundeck windows nodes for inline commands. Overthere plugin does not currently support inline script execution etc. So to workaround the limitations I have done below steps.
Summary of steps needs to be done to integrate a windows node:
1. Setup overthere plugin in rundeck server.
2. Setup/enable winrm in remote windows client.
Purpose: To execute inline commands at remote windows node via winrm
3. Setup/enable OpenSSH server in remote windows node
Purpose: For copy of files and password less login to remote server, etc.
4. Disable the administrator mode so that it won’t ask for the UAC(User Access Control) screen each time.
Purpose: To enable remote windows node commands to run in administrative mode by default.
5. Add the windows node to resource.xml
Purpose: To enable the windows server listed as a node ready to receive commands from rundeck.
6. Execute test commands to check the integration.
Purpose: To make sure windows node is properly integrated to Rundeck server
Setting Up overthere plugin in rundeck:
- Download the plugin from Github Overthere Plugin
- Login to Rundeck machine and cd to RUNDECK_BASE/libext or in this article /opt/rundeck/libext
- Copy the rundeck-winrm-plugin-1.3.1.jar file to the libext folder.
- Restart the RunDeck services to make the plugin active.
Setup/enable winrm in remote windows client:
- Login to the windows node machine as administrative user using remote desktop.
- Open command prompt in administrative mode and execute below commands one by one to enable WinRM in the windows server
winrm qc
winrm set winrm/config/client/auth @{Basic=”true”}
winrm set winrm/config/service/auth @{Basic=”true”}
winrm set winrm/config/service @{AllowUnencrypted=”true”}
C:\Windows\system32>winrm qc WinRM already is set up to receive requests on this machine. WinRM is not set up to allow remote access to this machine for management. The following changes must be made: Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. Enable the WinRM firewall exception. Make these changes [y/n]? y WinRM has been updated for remote management. Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine. WinRM firewall exception enabled. C:\Windows\system32>winrm set winrm/config/client/auth @{Basic="true"} Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = false C:\Windows\system32>winrm set winrm/config/service/auth @{Basic="true"} Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed C:\Windows\system32>winrm set winrm/config/service @{AllowUnencrypted="true"} Service RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD) MaxConcurrentOperations = 4294967295 MaxConcurrentOperationsPerUser = 15 EnumerationTimeoutms = 60000 MaxConnections = 25 MaxPacketRetrievalTimeSeconds = 120 AllowUnencrypted = true Auth Basic = true Kerberos = true Negotiate = true Certificate = false CredSSP = false CbtHardeningLevel = Relaxed DefaultPorts HTTP = 5985 HTTPS = 5986 IPv4Filter = * IPv6Filter = * EnableCompatibilityHttpListener = false EnableCompatibilityHttpsListener = false CertificateThumbprint
Run below command to open the user and groups manager to add a user say winrmuser as the user to run the commands in remote user.
C:\Windows\system32> lusrmgr
Add a new local user winrmuser and add it to administrator group.
Setup/enable OpenSSH server in remote windows node:
Follow Openssh Setup and password less authentication link for setting up open ssh server for scp copy of files and artifacts to remote windows servers. Once this is done you will be able to send files with password less authentication from your rundeck server to the remote windows machine. If you have cygwin then you can also add that to the PATH to make your windows machine more compatible with running shell scripts also, so that you wont need to rewrite the shell script to batch script to run in windows machine.
Disable the administrator mode in remote windows machine:
- Execute below commands to open the windows policies using below command and complete below steps.
C:\Windows\system32> GPEDIT.MSC
a. Go to Computer Configuration –> Windows Settings –> Security Settings –> Local Policies –> Security Options
b. Search for below policiesUser Account Control: Admin Approval Mode for the Built-in Administrator account User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode User Account Control: Run all administrators in Admin Approval Mode
c. Set the policies settings as follows in the following order as per the screenshot below:
Disabled Elevate without prompting Disabled
Add the windows node to resource.xml :
Open the resource.xml file present at /opt/rundeck/projects/MyProject/etc folder and add below entry to add the windows node to resource list.
<node name="remote_windows_host_fqdn" connectionType="WINRM_NATIVE" node-executor="overthere-winrm" winrm-password-option="winrmPassword" winrm-protocol="http" winrm-auth-type="basic" username="winrmuser" winrmPassword="welcome*123" description="Rundeck server node Windows" tags="" hostname="remote_windows_host_fqdn:5985" osArch="x86_64" osFamily="windows" osName="Microsoft Windows Server 2008 R2 Standard" osVersion="Microsoft Windows Server 2008 R2 Standard" />
Example:
<node name="alfa1app1.techpaste.com" connectionType="WINRM_NATIVE" node-executor="overthere-winrm" winrm-password-option="winrmPassword" winrm-protocol="http" winrm-auth-type="basic" username="winrmuser" winrmPassword="welcome*123" description="Rundeck Exxon server node Windows" tags="" hostname="alfa1app1.techpaste.com:5985" osArch="x86_64" osFamily="windows" osName="Microsoft Windows Server 2008 R2 Standard" osVersion="Microsoft Windows Server 2008 R2 Standard" />
Execute test commands to check the integration:
Create a test job with below options to authenticate and execute the remote command.
Make sure below options are checked.
Add a sample command (Ex: ipconfig /all) and choose execute on remote node and select the node which you had selected while adding to resources.xml file of rundeck.
Now run the job and see if the job is successful and the output window is showing the commands output.
Note: Here we had a single project with multiple nodes out of which some are of windows and some were of unix nodes and rundeck server was hosted on a Linux machine. Here we had requirement of file copy, passwordless remote login to windows machine, unattended user access control and remote batch files execution, due to that reason we had to equip the remote windows host with so many pre-requisites. If you are not having any complex requirements and just want to play around creating a windows node then you can follow below url which has very simple way to integrate windows for sample command runs only. Do remember copy and other functionalities like inline script running etc, are not supported.
diegoluisi.eti.br/2015/06/linux/rundeck-how-to-add-windows-node/
In case of any ©Copyright or missing credits issue please check CopyRights page for faster resolutions.
if we have ssh server enabled on Windows, why would we need to use winrm? thanks!
Depends on your requirement. We had few winRM jobs which needed to be ported to rundeck so we had to enable both.
Hi ! Just add a node, you can use my simple script! I ask only to change the options for the format when credited with an array @ data
This is a reference to a script:
https://github.com/alexey-pankratyev/ruby_scripts/blob/master/rundeck_customservers/prcustom.rb