1 Introduction
I love Rundeck, it is a open source software that allow me to automate ad-hoc and routine procedures. Rundeck also has access control, workflow building, scheduling, logging, and etc. In summary, it make my life much easier and allow me to delegate routine operation procedures to others by creating a Rundeck job for them.
One thing I find out missing from the Rundeck is a function to purge job history. It does not make sense to keep old job history forever, but somehow, this feature is just not there. So, I decided to create a Rundeck job to allow me to purge old job history.
2 Prerequisites
2.1 Install xmlstartlet on the Rundeck server
We are going to interact Rundeck with REST API with a script, we need to install xmlstartlet to parse xml data return from Rundeck.
Login to the rundeck server and run the following command:
# yum install xmlstartlet*.rpm
|
2.2 Change permission to allow job delete with REST API
On the Rundeck server, edit /etc/rundeck/apitoken.aclpolicy file on the rundeck server and add “delete_execution” like the following (in red color)
description: API project level access control
context:
project: '.*' # all projects
for:
resource:
- equals:
kind: job
allow: [create,delete] # allow create and delete jobs
- equals:
kind: node
allow: [read,create,update,refresh] # allow refresh node sources
- equals:
kind: event
allow: [read,create] # allow read/create events
adhoc:
- allow: [read,run,kill] # allow running/killing adhoc jobs and read output
job:
- allow: [create,read,update,delete,run,kill] # allow create/read/write/delete/run/kill of all jobs
node:
- allow: [read,run] # allow read/run for all nodes
by:
group: api_token_group
---
description: API Application level access control
context:
application: 'rundeck'
for:
resource:
- equals:
kind: system
allow: [read] # allow read of system info
project:
- match:
name: '.*'
allow: [delete_execution,read] # allow view and delete executions of all projects
storage:
- match:
path: '(keys|keys/.*)'
allow: '*' # allow all access to manage stored keys
by:
group: api_token_group
|
2.3 Create an authorization token
Look into the file /etc/rundeck/realm.properties to find out the administrator user ID and password
Log in to the Rundeck GUI using the administrator account that has "admin" credentials. Click on the username in the header of the page, and you will be shown your User Profile page. From this page you can manage your API Tokens. Click "Generate API Token" to create a new one. The unique string that is shown is the API Token.
Now, login to the RunDeck server and create a file to store the token value. For example
$ echo “<token you just created>” > /var/lib/rundeck/admin_api_token
|
3 Shell script for purging the Rundeck job history record
Following is the shell script that that can be used to purge job history. You should create a routine Rundeck job to run this shell script.
#!/bin/bash
if [[ $# -ne 2 ]]; then
echo "Usage:"
echo "purge_history <retention days> <api tokent file name>"
exit 1
fi
if [[ -f "$2" ]]; then
TOKEN=`cat $2`
else
echo "Can not locate $2"
exit 1
fi
RETENTION=$1
NODE=localhost
echo "Executing purge_job_history for project ${PROJECT} retention ${RETENTION}"
date
CURL_OUT=/tmp/curl.out.$$
URL="http://${NODE}:4440/api/2/projects"
curl -H "X-RunDeck-Auth-Token:$TOKEN" "Content-Type: application/xml" -X GET "$URL" 2>/dev/null > $CURL_OUT
projects=`xmlstarlet sel -t -m "/result/projects/project" -v name -n $CURL_OUT`
purged=0
for PROJECT in $projects
do
URL="http://${NODE}:4440/api/2/project/${PROJECT}/jobs"
curl -H "X-RunDeck-Auth-Token:$TOKEN" -o $CURL_OUT -H "Content-Type: application/xml" -X POST "$URL" >/dev/null 2>&1
for JOB in $(xmlstarlet sel -t -m "/result/jobs/job" -m "@id" -v . -n ${CURL_OUT})
do
# For each job get the oldest executions
URL="http://${NODE}:4440/api/1/job/${JOB}/executions?offset=${RETENTION}"
curl -H "X-RunDeck-Auth-Token:$TOKEN" -o $CURL_OUT -H "Content-Type: application/xml" -X GET "$URL" >/dev/null 2>&1
for ID in $(xmlstarlet sel -t -m "/result/executions/execution" -m "@id" -v . -n ${CURL_OUT})
do
URL="http://${NODE}:4440/api/12/executions/delete?ids=${ID}"
echo "#################################################################"
echo "Detelet job $URL"
#echo curl -H "X-RunDeck-Auth-Token:$TOKEN" -X POST "$URL" 2>&1
curl -H "X-RunDeck-Auth-Token:$TOKEN" -X POST "$URL" 2>&1
purged=$((purged+1))
done
done
done
echo "Job executions purged: $purged"
|
You can test the script by running the following:
$ chmod +x purge_history.sh
$ purge_history.sh 90 /var/lib/rundeck/admin_api_token
|
Any job history record older than 90 days will be deleted.
4 Reference
- Run job using curl: https://gist.github.com/gschueler/783971
- Rundeck API: http://rundeck.org/docs/api/