RamNode logo
    Sign UpLogin
    Automation Guide

    Self-Hosted Rundeck

    Deploy Rundeck, the powerful runbook automation platform, on RamNode VPS. Centralized job scheduling, role-based access control, and comprehensive logging.

    Ubuntu 24.04 LTS
    DEB + Docker
    ⏱️ 25-35 minutes

    Why Rundeck?

    Rundeck is a powerful open-source runbook automation platform that enables you to define, build, deploy, and manage automation across your infrastructure.

    Centralized job scheduling and execution
    Role-based access control (RBAC)
    Multi-node orchestration
    Self-service operations for teams
    Comprehensive execution logging
    Webhooks and API integrations

    Prerequisites

    Requirements

    • • Ubuntu 24.04 LTS installed
    • • Minimum 2GB RAM (4GB recommended)
    • • Root or sudo access
    • • Domain name (optional, for SSL)

    Features

    • • Cron-style job scheduling
    • • SSH-based remote execution
    • • ACL policy-based security
    • • LDAP/AD integration
    1

    Initial Server Setup

    Update the system and install essential utilities:

    Update System
    sudo apt update && sudo apt upgrade -y
    Install Utilities
    sudo apt install -y curl wget gnupg2 software-properties-common apt-transport-https ca-certificates
    2

    Configure Firewall

    Allow SSH and Rundeck web interface:

    Firewall Rules
    sudo ufw allow OpenSSH
sudo ufw allow 4440/tcp
sudo ufw enable
sudo ufw status

    Port 4440 is the default Rundeck web interface port. If using Nginx reverse proxy with SSL, also open ports 80 and 443.

    Method 1: Traditional Installation

    1

    Install Java

    Rundeck requires Java 11 or later:

    Install OpenJDK 17
    sudo apt install -y openjdk-17-jdk
    Verify Installation
    java -version
    Set JAVA_HOME
    echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64' | sudo tee -a /etc/environment
source /etc/environment
    2

    Add Rundeck Repository

    Import the GPG key and add the repository:

    Add Repository
    curl -fsSL https://packages.rundeck.com/pagerduty/rundeck/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/rundeck-archive-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/rundeck-archive-keyring.gpg] https://packages.rundeck.com/pagerduty/rundeck/any/ any main" | sudo tee /etc/apt/sources.list.d/rundeck.list

sudo apt update
    3

    Install Rundeck

    Install the Rundeck package:

    Install Package
    sudo apt install -y rundeck
    4

    Configure Rundeck

    Edit the main configuration file:

    Edit Config
    sudo nano /etc/rundeck/rundeck-config.properties
    rundeck-config.properties
    grails.serverURL=http://YOUR_SERVER_IP:4440

    Also update the framework configuration:

    Edit Framework Config
    sudo nano /etc/rundeck/framework.properties
    framework.properties
    framework.server.name = YOUR_SERVER_IP
framework.server.hostname = YOUR_SERVER_IP
framework.server.port = 4440
framework.server.url = http://YOUR_SERVER_IP:4440
    5

    Start Rundeck

    Enable and start the service:

    Start Service
    sudo systemctl enable rundeckd
sudo systemctl start rundeckd
    Monitor Startup
    sudo tail -f /var/log/rundeck/service.log

    Initial startup may take a few minutes. Wait until you see a message indicating the server is ready.

    Check Status
    sudo systemctl status rundeckd

    Method 2: Docker Deployment

    1

    Install Docker

    Install Docker using the official script:

    Install Docker
    curl -fsSL https://get.docker.com | sudo sh
sudo usermod -aG docker $USER
newgrp docker
    2

    Create Docker Compose Configuration

    Create a directory and configuration file:

    Create Directory
    mkdir -p ~/rundeck && cd ~/rundeck
nano docker-compose.yml
    docker-compose.yml
    version: '3.8'

services:
  rundeck:
    image: rundeck/rundeck:5.9.0
    container_name: rundeck
    restart: unless-stopped
    ports:
      - "4440:4440"
    environment:
      - RUNDECK_GRAILS_URL=http://YOUR_SERVER_IP:4440
      - RUNDECK_SERVER_FORWARDED=true
      - RUNDECK_DATABASE_DRIVER=org.mariadb.jdbc.Driver
      - RUNDECK_DATABASE_URL=jdbc:mariadb://mariadb:3306/rundeck?autoReconnect=true&useSSL=false
      - RUNDECK_DATABASE_USERNAME=rundeck
      - RUNDECK_DATABASE_PASSWORD=rundeck_secure_password
    volumes:
      - rundeck-data:/home/rundeck/server/data
      - rundeck-logs:/home/rundeck/var/logs
      - rundeck-plugins:/home/rundeck/libext
      - rundeck-config:/home/rundeck/server/config
    depends_on:
      - mariadb
    networks:
      - rundeck-network

  mariadb:
    image: mariadb:10.11
    container_name: rundeck-db
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=root_secure_password
      - MYSQL_DATABASE=rundeck
      - MYSQL_USER=rundeck
      - MYSQL_PASSWORD=rundeck_secure_password
    volumes:
      - mariadb-data:/var/lib/mysql
    networks:
      - rundeck-network

volumes:
  rundeck-data:
  rundeck-logs:
  rundeck-plugins:
  rundeck-config:
  mariadb-data:

networks:
  rundeck-network:
    driver: bridge

    Important: Replace YOUR_SERVER_IP with your actual server IP or domain, and change the database passwords to secure values.

    3

    Deploy with Docker Compose

    Start the containers:

    Start Containers
    docker compose up -d
    Monitor Logs
    docker compose logs -f rundeck

    Accessing the Web Interface

    1

    Login to Rundeck

    Open your browser and navigate to:

    Dashboard URL
    http://YOUR_SERVER_IP:4440

    Default login credentials:

    • Username: admin
    • Password: admin

    Important: Change the default password immediately after your first login by clicking on the user icon → Profile.

    SSL with Nginx Reverse Proxy

    1

    Install Nginx and Certbot

    Install the required packages:

    Install Nginx
    sudo apt install -y nginx certbot python3-certbot-nginx
    2

    Create Nginx Configuration

    Create the Nginx site configuration:

    Create Config
    sudo nano /etc/nginx/sites-available/rundeck
    /etc/nginx/sites-available/rundeck
    upstream rundeck {
    server 127.0.0.1:4440;
}

server {
    listen 80;
    server_name rundeck.yourdomain.com;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name rundeck.yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/rundeck.yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/rundeck.yourdomain.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;

    add_header Strict-Transport-Security "max-age=63072000" always;

    location / {
        proxy_pass http://rundeck;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_buffering off;
    }
}
    3

    Obtain SSL Certificate

    Enable site and obtain certificate:

    Enable Site
    sudo ln -s /etc/nginx/sites-available/rundeck /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
    Get Certificate
    sudo certbot --nginx -d rundeck.yourdomain.com
    4

    Update Rundeck for SSL

    Update Rundeck configuration for HTTPS:

    Traditional Install
    # /etc/rundeck/rundeck-config.properties
grails.serverURL=https://rundeck.yourdomain.com

# /etc/rundeck/framework.properties
framework.server.url = https://rundeck.yourdomain.com
    Restart Rundeck
    sudo systemctl restart rundeckd

    For Docker, update the environment variable:

    Docker Environment
    - RUNDECK_GRAILS_URL=https://rundeck.yourdomain.com
    Restart Docker
    docker compose up -d

    Creating Your First Project

    1

    Create a Project

    After logging in, create a project to organize jobs and nodes:

    1. Click New Project
    2. Enter a Project Name (e.g., "production-servers")
    3. Add a Label (human-readable name)
    4. Add a Description of the project's purpose
    5. Configure the default node source

    Remote Node Access

    1

    Set Up SSH Keys

    Generate SSH keys for the Rundeck service account:

    Generate SSH Key
    sudo -u rundeck ssh-keygen -t ed25519 -f /var/lib/rundeck/.ssh/id_ed25519 -N ""
    View Public Key
    sudo cat /var/lib/rundeck/.ssh/id_ed25519.pub

    Add this public key to ~/.ssh/authorized_keys on each remote server you want to manage.

    2

    Add Nodes to Project

    Create a resources file for your nodes:

    Create Resources File
    sudo nano /var/lib/rundeck/projects/your-project/etc/resources.yaml
    resources.yaml
    web-server-1:
  hostname: 192.168.1.10
  username: deploy
  tags: web,production
  osFamily: unix
  osName: Ubuntu
  description: Production Web Server 1

db-server-1:
  hostname: 192.168.1.20
  username: deploy
  tags: database,production
  osFamily: unix
  osName: Ubuntu
  description: Production Database Server

    Navigate to Project Settings → Edit Nodes → Sources to add the file as a node source.

    Creating and Running Jobs

    1

    Create a Job

    Jobs are the core of Rundeck's automation:

    1. Navigate to your project and click Jobs → Create a New Job
    2. Enter a Job Name (e.g., "Check Disk Space")
    3. Optionally add a Group to organize jobs
    4. Add a Description
    5. Click Add a Step
    6. Select Command for shell commands
    7. Enter your command: df -h
    8. Select which nodes to run on
    9. Save the job

    Job Scheduling

    1

    Configure Schedules

    Rundeck supports cron-style scheduling:

    1. When editing a job, expand the Schedule section
    2. Enable Schedule this Job
    3. Choose simple scheduling or cron expression

    Example cron schedules:

    Cron Examples
    Every hour:         0 * * * *
Daily at 2 AM:      0 2 * * *
Every Monday 9 AM:  0 9 * * 1
First of month:     0 0 1 * *

    Security Hardening

    1

    Change Default Credentials

    For traditional installation, update realm.properties:

    Edit Realm
    sudo nano /etc/rundeck/realm.properties
    Generate Password Hash
    java -cp /var/lib/rundeck/bootstrap/jetty-util-*.jar org.eclipse.jetty.util.security.Password admin newpassword
    2

    Configure Access Control

    Create custom ACL policies:

    Create ACL Policy
    sudo nano /etc/rundeck/custom.aclpolicy
    custom.aclpolicy
    description: Limited access for operators
context:
  project: 'production-.*'
for:
  resource:
    - allow: [read]
  adhoc:
    - deny: '*'
  job:
    - allow: [read, run]
      match:
        group: 'maintenance/.*'
  node:
    - allow: [read, run]

by:
  group: operators
    3

    LDAP/Active Directory

    For enterprise environments, configure LDAP authentication:

    Edit JAAS Config
    sudo nano /etc/rundeck/jaas-loginmodule.conf
    LDAP Configuration
    RDpropertyfilelogin {
  com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule required
    debug="true"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    providerUrl="ldap://ldap.yourdomain.com:389"
    bindDn="cn=rundeck,ou=services,dc=yourdomain,dc=com"
    bindPassword="ldap_bind_password"
    authenticationMethod="simple"
    forceBindingLogin="true"
    userBaseDn="ou=users,dc=yourdomain,dc=com"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=yourdomain,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="member"
    roleObjectClass="groupOfNames"
    cacheDurationMillis="300000";
};

    Backup & Recovery

    1

    Traditional Installation Backup

    Create an automated backup script:

    /usr/local/bin/backup-rundeck.sh
    #!/bin/bash
BACKUP_DIR="/backup/rundeck"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Stop Rundeck for consistent backup
sudo systemctl stop rundeckd

# Backup configuration
sudo tar -czf $BACKUP_DIR/rundeck-config-$DATE.tar.gz /etc/rundeck/

# Backup data directory
sudo tar -czf $BACKUP_DIR/rundeck-data-$DATE.tar.gz /var/lib/rundeck/

# Backup logs (optional)
sudo tar -czf $BACKUP_DIR/rundeck-logs-$DATE.tar.gz /var/log/rundeck/

# Start Rundeck
sudo systemctl start rundeckd

# Remove backups older than 30 days
find $BACKUP_DIR -name "*.tar.gz" -mtime +30 -delete

echo "Backup completed: $DATE"
    Schedule Backup
    chmod +x /usr/local/bin/backup-rundeck.sh
echo "0 2 * * * root /usr/local/bin/backup-rundeck.sh" | sudo tee /etc/cron.d/rundeck-backup
    2

    Docker Backup

    Backup Docker volumes:

    Docker Backup Script
    #!/bin/bash
BACKUP_DIR="/backup/rundeck"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

cd ~/rundeck
docker compose stop

# Backup all volumes
for volume in rundeck-data rundeck-logs rundeck-plugins rundeck-config mariadb-data; do
  docker run --rm -v rundeck_${volume}:/source -v $BACKUP_DIR:/backup alpine tar -czf /backup/${volume}-$DATE.tar.gz -C /source .
done

docker compose start

echo "Docker backup completed: $DATE"

    Monitoring & Logging

    1

    Log Locations

    For traditional installation:

    • Service log: /var/log/rundeck/service.log
    • Rundeck log: /var/log/rundeck/rundeck.log
    • Execution logs: /var/lib/rundeck/logs/

    For Docker:

    Docker Logs
    docker compose logs -f rundeck
    2

    Log Rotation

    Configure logrotate:

    Create Logrotate Config
    sudo nano /etc/logrotate.d/rundeck
    /etc/logrotate.d/rundeck
    /var/log/rundeck/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0640 rundeck rundeck
    sharedscripts
    postrotate
        systemctl reload rundeckd > /dev/null 2>&1 || true
    endscript
}
    3

    Health Check

    Create a health monitoring script:

    Health Check Script
    #!/bin/bash
RUNDECK_URL="http://localhost:4440"

if curl -s -o /dev/null -w "%{http_code}" $RUNDECK_URL/api/14/system/info | grep -q "200"; then
    echo "Rundeck is healthy"
    exit 0
else
    echo "Rundeck is not responding"
    exit 1
fi

    Integrate with your monitoring system (Prometheus, Nagios, etc.) for alerting.

    Troubleshooting

    1

    Rundeck Won't Start

    Check the service log for errors:

    View Logs
    sudo tail -100 /var/log/rundeck/service.log

    Common issues:

    • Port in use: Check if another service is using port 4440
    • Java memory: Increase heap size in /etc/rundeck/profile
    • Database errors: Verify database credentials and connectivity
    2

    Job Execution Failures

    Check execution logs:

    View Execution Logs
    ls -la /var/lib/rundeck/logs/

    Common issues:

    • SSH key not accepted: Verify key permissions (600) and authorized_keys on remote hosts
    • Command not found: Ensure command exists on target node and is in PATH
    • Permission denied: Check user account has necessary privileges
    3

    Performance Tuning

    Adjust JVM settings for better performance:

    Edit Profile
    sudo nano /etc/rundeck/profile
    JVM Settings
    RDECK_JVM_SETTINGS="-Xms1024m -Xmx2048m -XX:MaxMetaspaceSize=512m"
    Restart Rundeck
    sudo systemctl restart rundeckd

    Setup Complete!

    You now have a fully functional Rundeck deployment on your RamNode VPS. From simple scheduled tasks to complex multi-node orchestration workflows, Rundeck provides a solid foundation for infrastructure automation.

    For advanced configurations, explore Rundeck's plugin ecosystem, webhook integrations, and API capabilities. Visit the official Rundeck documentation for more.