In today’s ever-evolving IT landscape, the need for self-service automation and precise scheduling has become significant. Enter Rundeck and Ansible, two formidable tools that empower organizations to speed up their infrastructure management. When combined with the containerization capabilities of Podman and the orchestration provided by Podman-Compose, you can create a robust automation environment that not only simplifies self-service tasks but also enables precise scheduling.
![](https://tomsitcafe.com/wp-content/uploads/2023/05/image-7.png?w=406)
![](https://tomsitcafe.com/wp-content/uploads/2023/02/image-15.png?w=455)
Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES
Prerequisites
Before we dive into the setup, make sure you have the following prerequisites in place:
- A Linux server with Podman and Podman-Compose installed (or Docker and Docker Compose).
- Basic knowledge of Rundeck and Ansible.
- A project directory for the configuration files.
- SSH keys for remote connections.
Setting up a Rundeck image with Ansible
The first step is to build a basic Rundeck container image with Ansible installed.
We can use the official image and the latest version tag to write a Containerfile
in which we install Ansible and Python, add the volumes and make a note to expose the 4440 port for the UI.
FROM docker.io/rundeck/rundeck:4.16.0
LABEL maintaner = "Tamas Molnar <tmolnar0831@gmail.com> - https://tomsitcafe.com"
USER root
RUN apt-get update && apt-get -y install ansible python3
VOLUME ansible-data:/etc/ansible/
VOLUME rundeck-home:/home/rundeck/
EXPOSE 4440/tcp
USER rundeck
For more information about the Containerfile format consult with the Dockerfile reference.
Optional: setting up an SSH test container
We can set up an image with a running an SSH server inside to test the SSH connections from the Rundeck. It is not mandatory, but handy for initial testing. At first we need an SSH key pair in PEM format. We can create a key pair with the ssh-keygen
command.
ssh-keygen -t rsa -m pem
The command will generate the key.pem
and the key.pem.pub
files in the project directory.
The Containerfile
will build an image with an OpenSSH server in it, add a public key for authentication and a test user. We use the 2222 port for the SSH.
FROM docker.io/library/debian:12
LABEL maintaner = "Tamas Molnar <tmolnar0831@gmail.com> - https://tomsitcafe.com"
USER root
RUN apt-get update && apt-get -y install vim python3 openssh-server && \
useradd -m -s /bin/bash sshtest && \
mkdir /var/run/sshd
COPY key.pem.pub /home/sshtest/.ssh/authorized_keys
RUN chmod 0700 /home/sshtest/.ssh && \
chmod 0600 /home/sshtest/.ssh/authorized_keys && \
chown -R sshtest:sshtest /home/sshtest/.ssh
EXPOSE 2222/tcp
CMD ["/usr/sbin/sshd", "-D"]
Putting it all together: writing the compose file
Let’s define the individual services into a package in the compose.yml
file! For detailed explanations consult with the Docker Compose File reference.
services:
rundeck:
build:
context: .
dockerfile: Containerfile.rundeck
links:
- mysql
depends_on:
- mysql
env_file: .env
volumes:
- ansible-data:/etc/ansible/
- rundeck-home:/home/rundeck/
ports:
- "4440:4440"
mysql:
image: mysql:5.7
expose:
- "3306"
env_file: .env
volumes:
- dbdata:/var/lib/mysql
sshtest:
build:
context: .
dockerfile: Containerfile.openssh
ports:
- "2222:22"
volumes:
dbdata:
ansible-data:
rundeck-home:
The above Composefile
declares three services. The Rundeck and MySQL services are linked together, so Rundeck can run in a production profile and MySQL will store the data.
Ansible can be managed from the /etc/ansible
directory shared with the host as a persistent volume.
Volumes can be listed easily with the podman volume ls
command.
Using the out we can inspect these volumes with the podman volume inspect <volume name>
command.
Podman stores the named volumes under the /home/<user>/.local/share/containers/storage/volumes/
directory in the user home.
The .env file
We do not want to scatter our configuration and secrets around the file system, not to mention that accidentally pushing secrets to Git.
A .env
file can be simply ignored from Git and used in the Containerfile
.
RUNDECK_DATABASE_DRIVER=org.mariadb.jdbc.Driver
RUNDECK_DATABASE_USERNAME=rundeck
RUNDECK_DATABASE_PASSWORD=pass
RUNDECK_DATABASE_URL=jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
RUNDECK_GRAILS_URL=http://localhost:4440
MYSQL_ROOT_PASSWORD=root
MYSQL_DATABASE=rundeck
MYSQL_USER=rundeck
MYSQL_PASSWORD=pass
Usage
To start the services simply use the
podman-compose up -d
command in the project directory.
The -d
option starts the services in detached mode.
The UI will be reachable on the http://localhost:4440 URL.
Please note that the communication with the UI is still unencrypted! A proxy server with TLS is stil missing.
To stop the services use the
podman-compose down
command in the project directory.
The Rundeck usage is a topic for an upcoming blog post.
Conclusion
By running Rundeck and Ansible in Podman containers with MySQL and managing them using Podman-Compose, you’ve created a powerful automation environment that is easy to set up, maintain, and scale. You can expand this setup to include additional services and integrations as your automation needs grow. With the right configurations and practices in place, you can achieve efficient, scalable, and reliable infrastructure automation for your organization. Happy automating!
Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES