Comments (25)
(by Moses Lei at 2011-05-27T13:10:01-07:00)
Noah, I don't see how allowing executions for options providers is any more prone to abuse than allowing executions for arbitrary other code, which is what jobs are. Can you elaborate?
from rundeck.
I just got stuck wanting this. I want to run a script that invokes consul and then jq to create options. This would be trivial if I could just specify a path to a script that install via ansible when rundeck is installed. But having to standup a webserver just for this....
from rundeck.
+1.
iaingblack solution really don't work for me.
Also, could the options come from the result of an execution of a job?
I set up a job "A" that outputs JSON to stdout.
I set up another job "B" with an option that references "A"'s output.
When configuring "B" execution, rundeck launches "A" to retrieve options.
Completely self-contained solution.
Regards
from rundeck.
(by Noah Campbell at 2011-05-27T12:39:39-07:00)
This was considered, but we concluded that the potential for abuse might out weight the benefit. By focusing on the URL as the primary interface, the need to operate another option for reading values is not needed (file:/// is a url).
from rundeck.
(by Noah Campbell at 2011-05-27T13:24:21-07:00)
You bring up a good point about the default configuration of RunDeck. For your proposed idea, would these local script options be run as the rundeck user or the user of the java process?
from rundeck.
(by Moses Lei at 2011-05-27T14:22:07-07:00)
I don't know of any installations where the user running the java process is not rundeck... what concerns do you have either way?
from rundeck.
Hello,
(regard to original post)
We have a similar need as well. We are looking at how to provide users an option to automatically update a JSON on the Rundeck server ( for instance a key/value mapping of server and service account associated with the server etc).
Currently, I either manually update a JSON on the Rundeck server running apache and provide the options URI to the users, but that is not very scalable.
We are planning to write a separate CGI self service tools for users to update the JSON on the server side with these key/value son to be used as option providers.
Would be nice if we can have that part of the project /job in Rundeck.
Cheers, Dharmendra
from rundeck.
+1
from rundeck.
+1 for this as well, would be a great addition
from rundeck.
+1
from rundeck.
+1
from rundeck.
I'm a little unusure if it's obvious that the file:/// style URL can work as a half-way house as no-one comments on it any further, so i'll just mention what I tested just in case (apologies if stupidly obvious to everyone!).
You can place a JSON file on the rundeck server and use that via the file:/// reference (ie file:/var/rundeck/projects/mytestproject/etc/test.json). Create a job on the rundeck server to execute a script to generate this file on your behalf every x minutes/hours and you have a semi-workable solution. Have a job in the project users can run to refresh the file and it becomes slightly self-service.
I know it's not scalable and not much of an improvement on hosting the JSON on a web service but it at least removes the pain of having a website to manage security on etc...
from rundeck.
+1 facing the same issue. It would be great to have scripted input options without need to create separate job for option file updates.
from rundeck.
+1
from rundeck.
+1. Surprised this feature doesn't exist (nor planned). If I can arbitrarily pull any file via a file:/
URL then I don't see a [new] security issue here. (Worst case just leave the feature disabled unless an admin enables it? Or force the scripts to all live in a specific folder specified in the Rundeck config?)
Seems like a huge effort to drag out a web service stack and try to keep it in sync with my Rundeck environment's needs...
from rundeck.
+1
from rundeck.
@sjrd218 @gschueler I see this ticket is marked as closed and part of the 3.0.14 milestone. I'm running 3.1.0-20190731 and don't see any way to specify a script for getting options. I've checked the documentation and don't see anything referencing this feature. Is there some flag that needs to be set to enable this feature?
from rundeck.
The documentation for this feature is here: https://docs.rundeck.com/docs/developer/option-values-plugins.html
from rundeck.
Thanks for the quick response pointing me in the right direction, that seems like a complex way to solve this. Think I'll stick to hard coding options for now.
from rundeck.
I am facing the original issue myself, and looking into it, it seems maybe a simple configuration could solve this problem. Specifically, storing option values in consul, they can be returned using a ?raw query-string on the end of a key. The only issue currently is that this seems to return in the text/plain content type where rundeck requires application/json. It seem an easy configuration would be to add something like rundeck.jobs.options.acceptcontenttype = "anything"
Just my 2 cents. And definitely want to thank the folks dedicating their time to this project, it is a great product that continues to get better.
from rundeck.
@bigfish301 If you create your own option values plugin, you can do exactly what you are wanting to do. Just make sure you have option values plugins enabled: rundeck.feature.option-values-plugin.enabled=true
https://docs.rundeck.com/docs/developer/12-option-values-plugins.html#script-plugin-type
from rundeck.
@sjrd218 - Yes, I did notice that. Thanks for the reply. My challenge at the moment, anything I am putting the config does not seem to be working. Ideally, i would need to pass some parameters for each option to get a unique result. Currently have the following in my plugin.yaml but does not show up in the UI. Is this something that can only be updated in the job definition and uploaded?
config:
- type: String
name: optionname
title: option
description: 'reference name of option'
required: true
from rundeck.
Meanwhile until i can figure that out, I wrote a quick script to run a web server that return the kv values from consul as json content type. Just need to store the json format in the value. and you can reference it with the remote url in your option.
https://github.com/bigfish301/RDOptions_ConsulFrontEnd
from rundeck.
Update, in case anyone is still watching. Looks like there is a project option -
project.jobs.disableRemoteOptionJsonCheck
If you set your project config to include
project.jobs.disableRemoteOptionJsonCheck=true
You can reference Consul kv by using something like http://consul:8500/v1/kv/key?raw as the remote url for an option. Tested this and it works nicely.
from rundeck.
Update, in case anyone is still watching. Looks like there is a project option -
project.jobs.disableRemoteOptionJsonCheckIf you set your project config to include
project.jobs.disableRemoteOptionJsonCheck=trueYou can reference Consul kv by using something like http://consul:8500/v1/kv/key?raw as the remote url for an option. Tested this and it works nicely.
this is a nice trick to use the Consul KV! I think to try that.
from rundeck.
Related Issues (20)
- Mail Authentication issue HOT 4
- key secret is not parsing in job workflow HOT 5
- Navigation Menu and Quick links disappear from all pages...
- Node filter input field missing in "Execute Job" popup HOT 2
- rd projects archives export is failing with error "java.io.EOFException: \n not found" #550 HOT 3
- Ansible IO failure: Cannot run program "/usr/bin/ansible/ansible-playbook" (in directory "/tmp/rundeck/ansible-... HOT 4
- Feature Request: Nesting Jobs in Rundeck
- Running Rundeck with a DigitalOcean managed MySQL database fails due to sql_require_primary_key enabled by default
- Feature Request: Schedules API
- Feature Request: Dedicated Options API for Jobs
- Feature Request: Add "Last Modified" Date and By User to Jobs
- poor performance with internal query
- Feature Request: API Support to take over schedule for orphaned server UUIDs only in Open Source
- [Enhancement] Logging for Preauthenticated mode is difficult to enable
- A child job step run on a remote node reports _Killed_ but Job reports _Succeeded_
- Error stoping the rundeck windows service
- Docker: Can't persist config folder
- synchro rundeck repository - sha1 issue
- Failed: NonZeroResultCode: Result code was 127
- Recreating docker container also recreates DB, destroying existing data HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rundeck.