Running Rundeck and Ansible in Podman with a MySQL Backend and Podman-Compose: A Comprehensive Guide

~ tmolnar0831

In today’s ever-evolving IT landscape, the need for self-service automation and precise scheduling has become significant. Enter Rundeck and Ansible, two formidable tools that empower organizations to speed up their infrastructure management. When combined with the containerization capabilities of Podman and the orchestration provided by Podman-Compose, you can create a robust automation environment that not only simplifies self-service tasks but also enables precise scheduling.

Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES

Prerequisites

Before we dive into the setup, make sure you have the following prerequisites in place:

  1. A Linux server with Podman and Podman-Compose installed (or Docker and Docker Compose).
  2. Basic knowledge of Rundeck and Ansible.
  3. A project directory for the configuration files.
  4. SSH keys for remote connections.

Setting up a Rundeck image with Ansible

The first step is to build a basic Rundeck container image with Ansible installed.

We can use the official image and the latest version tag to write a Containerfile in which we install Ansible and Python, add the volumes and make a note to expose the 4440 port for the UI. 

FROM docker.io/rundeck/rundeck:4.16.0
LABEL maintaner = "Tamas Molnar <tmolnar0831@gmail.com> - https://tomsitcafe.com"
USER root
RUN apt-get update && apt-get -y install ansible python3
VOLUME ansible-data:/etc/ansible/
VOLUME rundeck-home:/home/rundeck/
EXPOSE 4440/tcp
USER rundeck

For more information about the Containerfile format consult with the Dockerfile reference.

Optional: setting up an SSH test container

We can set up an image with a running an SSH server inside to test the SSH connections from the Rundeck. It is not mandatory, but handy for initial testing. At first we need an SSH key pair in PEM format. We can create a key pair with the ssh-keygen command.

ssh-keygen -t rsa -m pem

The command will generate the key.pem and the key.pem.pub files in the project directory.

The Containerfile will build an image with an OpenSSH server in it, add a public key for authentication and a test user. We use the 2222 port for the SSH.

FROM docker.io/library/debian:12
LABEL maintaner = "Tamas Molnar <tmolnar0831@gmail.com> - https://tomsitcafe.com"
USER root
RUN apt-get update && apt-get -y install vim python3 openssh-server && \
    useradd -m -s /bin/bash sshtest && \
    mkdir /var/run/sshd
COPY key.pem.pub /home/sshtest/.ssh/authorized_keys
RUN chmod 0700 /home/sshtest/.ssh && \
    chmod 0600 /home/sshtest/.ssh/authorized_keys && \
    chown -R sshtest:sshtest /home/sshtest/.ssh
EXPOSE 2222/tcp
CMD ["/usr/sbin/sshd", "-D"]

Putting it all together: writing the compose file

Let’s define the individual services into a package in the compose.yml file! For detailed explanations consult with the Docker Compose File reference.

services:
  rundeck:
    build:
      context: .
      dockerfile: Containerfile.rundeck
    links:
      - mysql
    depends_on:
      - mysql
    env_file: .env 
    volumes:
      - ansible-data:/etc/ansible/
      - rundeck-home:/home/rundeck/
    ports:
      - "4440:4440"
  mysql:
    image: mysql:5.7
    expose:
      - "3306"
    env_file: .env
    volumes:
      - dbdata:/var/lib/mysql
  sshtest:
    build:
      context: .
      dockerfile: Containerfile.openssh
    ports:
      - "2222:22"
volumes:
  dbdata:
  ansible-data:
  rundeck-home:

The above Composefile declares three services. The Rundeck and MySQL services are linked together, so Rundeck can run in a production profile and MySQL will store the data.

Ansible can be managed from the /etc/ansible directory shared with the host as a persistent volume.

Volumes can be listed easily with the podman volume ls command.

Using the out we can inspect these volumes with the podman volume inspect <volume name> command.

Podman stores the named volumes under the /home/<user>/.local/share/containers/storage/volumes/ directory in the user home.

The .env file

We do not want to scatter our configuration and secrets around the file system, not to mention that accidentally pushing secrets to Git.

A .env file can be simply ignored from Git and used in the Containerfile.

RUNDECK_DATABASE_DRIVER=org.mariadb.jdbc.Driver
RUNDECK_DATABASE_USERNAME=rundeck
RUNDECK_DATABASE_PASSWORD=pass
RUNDECK_DATABASE_URL=jdbc:mysql://mysql/rundeck?autoReconnect=true&useSSL=false
RUNDECK_GRAILS_URL=http://localhost:4440

MYSQL_ROOT_PASSWORD=root
MYSQL_DATABASE=rundeck
MYSQL_USER=rundeck
MYSQL_PASSWORD=pass

Usage

To start the services simply use the 

podman-compose up -d

command in the project directory.

The -d option starts the services in detached mode.

The UI will be reachable on the http://localhost:4440 URL.

Please note that the communication with the UI is still unencrypted! A proxy server with TLS is stil missing.

To stop the services use the

podman-compose down

command in the project directory.

The Rundeck usage is a topic for an upcoming blog post.

Conclusion

By running Rundeck and Ansible in Podman containers with MySQL and managing them using Podman-Compose, you’ve created a powerful automation environment that is easy to set up, maintain, and scale. You can expand this setup to include additional services and integrations as your automation needs grow. With the right configurations and practices in place, you can achieve efficient, scalable, and reliable infrastructure automation for your organization. Happy automating!

Don’t forget to join my Discord: https://discord.gg/YbSYGsQYES

Published by tmolnar0831

My name is Tom, and I’m the founder and main contributor to Tom's IT Cafe. I’m a technology enthusiast and IT professional with over two decades of experience in the industry.

Leave a comment