Wednesday, March 15, 2017

Rundeck - How to purge job history



1 Introduction

I love Rundeck, it is a open source software that allow me to automate ad-hoc and routine procedures. Rundeck also has access control, workflow building, scheduling, logging, and etc. In summary, it make my life much easier and allow me to delegate routine operation procedures to others by creating a Rundeck job for them.
One thing I find out missing from the Rundeck is a function to purge job history. It does not make sense to keep old job history forever, but somehow, this feature is just not there. So, I decided to create a Rundeck job to allow me to purge old job history.

2 Prerequisites

2.1 Install xmlstartlet on the Rundeck server

We are going to interact Rundeck with REST API with a script, we need to install xmlstartlet to parse xml data return from Rundeck.
Login to the rundeck server and run the following command:

2.2 Change permission to allow job delete with REST API

On the Rundeck server, edit /etc/rundeck/apitoken.aclpolicy file on the rundeck server and add “delete_execution” like the following (in red color)
description: API project level access control
context:
 project: '.*' # all projects
for:
 resource:
- equals:
    kind: job
  allow: [create,delete] # allow create and delete jobs
- equals:
    kind: node
  allow: [read,create,update,refresh] # allow refresh node sources
- equals:
    kind: event
  allow: [read,create] # allow read/create events
 adhoc:
- allow: [read,run,kill] # allow running/killing adhoc jobs and read output
 job:
- allow: [create,read,update,delete,run,kill] # allow create/read/write/delete/run/kill of all jobs
 node:
- allow: [read,run] # allow read/run for all nodes
by:
 group: api_token_group

---

description: API Application level access control
context:
 application: 'rundeck'
for:
 resource:
- equals:
    kind: system
  allow: [read] # allow read of system info
 project:
- match:
    name: '.*'
  allow: [delete_execution,read] # allow view and delete executions of all projects
 storage:
- match:
    path: '(keys|keys/.*)'
  allow: '*' # allow all access to manage stored keys
by:
 group: api_token_group

2.3 Create an authorization token

Look into the file /etc/rundeck/realm.properties to find out the administrator user ID and password
Log in to the Rundeck GUI using the administrator account that has "admin" credentials. Click on the username in the header of the page, and you will be shown your User Profile page. From this page you can manage your API Tokens. Click "Generate API Token" to create a new one. The unique string that is shown is the API Token.


Now, login to the RunDeck server and create a file to store the token value. For example
$ echo “<token you just created>”  >  /var/lib/rundeck/admin_api_token

3 Shell script for purging the Rundeck job history record

Following is the shell script that that can be used to purge job history. You should create a routine Rundeck job to run this shell script.
#!/bin/bash
if [[ $# -ne 2 ]]; then
  echo "Usage:"
  echo "purge_history <retention days> <api tokent file name>"
  exit 1
fi

if [[ -f "$2" ]]; then
  TOKEN=`cat $2`
else
  echo "Can not locate $2"
  exit 1
fi

RETENTION=$1
NODE=localhost


echo "Executing purge_job_history for project ${PROJECT} retention ${RETENTION}"
date

CURL_OUT=/tmp/curl.out.$$

URL="http://${NODE}:4440/api/2/projects"
curl -H "X-RunDeck-Auth-Token:$TOKEN" "Content-Type: application/xml"  -X GET "$URL"  2>/dev/null  > $CURL_OUT

projects=`xmlstarlet sel -t -m "/result/projects/project" -v name -n $CURL_OUT`

purged=0
for PROJECT in $projects
do
  URL="http://${NODE}:4440/api/2/project/${PROJECT}/jobs"
  curl -H "X-RunDeck-Auth-Token:$TOKEN" -o $CURL_OUT -H "Content-Type: application/xml" -X POST "$URL" >/dev/null  2>&1

  for JOB in $(xmlstarlet sel -t -m "/result/jobs/job" -m "@id" -v . -n ${CURL_OUT})
  do
# For each job get the oldest executions
URL="http://${NODE}:4440/api/1/job/${JOB}/executions?offset=${RETENTION}"
curl -H "X-RunDeck-Auth-Token:$TOKEN" -o $CURL_OUT -H "Content-Type: application/xml" -X GET "$URL" >/dev/null 2>&1
for ID in $(xmlstarlet sel -t -m "/result/executions/execution" -m "@id" -v . -n ${CURL_OUT})
do
   URL="http://${NODE}:4440/api/12/executions/delete?ids=${ID}"

   echo "#################################################################"
   echo "Detelet job $URL"

   #echo curl -H "X-RunDeck-Auth-Token:$TOKEN"  -X POST "$URL"  2>&1

   curl -H "X-RunDeck-Auth-Token:$TOKEN"  -X POST "$URL"  2>&1

   purged=$((purged+1))
done
  done
done

echo "Job executions purged:  $purged"
You can test the script by running the following:
$ chmod +x purge_history.sh
$ purge_history.sh 90 /var/lib/rundeck/admin_api_token

Any job history record older than 90 days will be deleted.

4 Reference


Posted by at

3 comments:

  1. UnknownMay 16, 2017 at 1:57 AM

    devops jobs
    devops jobs in hyderabad

    ReplyDelete
  2. AnonymousAugust 11, 2017 at 2:41 AM

    API Request: /api/2/projects. Reason: Minimum supported version: 11
    how to fix this error?

    ReplyDelete
  3. mp3's GaloreApril 10, 2018 at 6:18 PM

    This comment has been removed by the author.

    ReplyDelete

Subscribe to: Post Comments (Atom)