committing changes in /etc made by "-bash"

Package changes:

.etckeeper

@@ -4292,6 +4292,7 @@ maybe chmod 0755 'rc.d/init.d/bestcrypt'
 maybe chmod 0755 'rc.d/init.d/falco'
 maybe chmod 0644 'rc.d/init.d/functions'
 maybe chmod 0755 'rc.d/init.d/network'
+maybe chmod 0755 'rc.d/init.d/rundeckd'
 maybe chmod 0755 'rc.d/init.d/vpn-gazduire'
 maybe chmod 0755 'rc.d/rc.local'
 maybe chmod 0755 'rc.d/rc0.d'
@@ -4424,6 +4425,57 @@ maybe chmod 0644 'rspamd/worker-proxy.inc'
 maybe chmod 0644 'rsyslog.conf'
 maybe chmod 0755 'rsyslog.d'
 maybe chmod 0644 'rsyslog.d/ignore-systemd-session-slice.conf'
+maybe chown 'rundeck' 'rundeck'
+maybe chgrp 'rundeck' 'rundeck'
+maybe chmod 0755 'rundeck'
+maybe chown 'rundeck' 'rundeck/admin.aclpolicy'
+maybe chgrp 'rundeck' 'rundeck/admin.aclpolicy'
+maybe chmod 0640 'rundeck/admin.aclpolicy'
+maybe chown 'rundeck' 'rundeck/apitoken.aclpolicy'
+maybe chgrp 'rundeck' 'rundeck/apitoken.aclpolicy'
+maybe chmod 0640 'rundeck/apitoken.aclpolicy'
+maybe chown 'rundeck' 'rundeck/framework.properties'
+maybe chgrp 'rundeck' 'rundeck/framework.properties'
+maybe chmod 0640 'rundeck/framework.properties'
+maybe chown 'rundeck' 'rundeck/jaas-loginmodule.conf'
+maybe chgrp 'rundeck' 'rundeck/jaas-loginmodule.conf'
+maybe chmod 0640 'rundeck/jaas-loginmodule.conf'
+maybe chown 'rundeck' 'rundeck/log4j2.properties'
+maybe chgrp 'rundeck' 'rundeck/log4j2.properties'
+maybe chmod 0640 'rundeck/log4j2.properties'
+maybe chown 'rundeck' 'rundeck/profile'
+maybe chgrp 'rundeck' 'rundeck/profile'
+maybe chmod 0640 'rundeck/profile'
+maybe chown 'rundeck' 'rundeck/project.properties'
+maybe chgrp 'rundeck' 'rundeck/project.properties'
+maybe chmod 0640 'rundeck/project.properties'
+maybe chown 'rundeck' 'rundeck/realm.properties'
+maybe chgrp 'rundeck' 'rundeck/realm.properties'
+maybe chmod 0640 'rundeck/realm.properties'
+maybe chown 'rundeck' 'rundeck/rundeck-config.properties'
+maybe chgrp 'rundeck' 'rundeck/rundeck-config.properties'
+maybe chmod 0640 'rundeck/rundeck-config.properties'
+maybe chown 'rundeck' 'rundeck/ssl'
+maybe chgrp 'rundeck' 'rundeck/ssl'
+maybe chmod 0755 'rundeck/ssl'
+maybe chown 'rundeck' 'rundeck/ssl/ssl.properties'
+maybe chgrp 'rundeck' 'rundeck/ssl/ssl.properties'
+maybe chmod 0640 'rundeck/ssl/ssl.properties'
+maybe chown 'rundeck' 'rundeck/system-job_reader.aclpolicy_template'
+maybe chgrp 'rundeck' 'rundeck/system-job_reader.aclpolicy_template'
+maybe chmod 0640 'rundeck/system-job_reader.aclpolicy_template'
+maybe chown 'rundeck' 'rundeck/system-job_runner.aclpolicy_template'
+maybe chgrp 'rundeck' 'rundeck/system-job_runner.aclpolicy_template'
+maybe chmod 0640 'rundeck/system-job_runner.aclpolicy_template'
+maybe chown 'rundeck' 'rundeck/system-job_viewer.aclpolicy_template'
+maybe chgrp 'rundeck' 'rundeck/system-job_viewer.aclpolicy_template'
+maybe chmod 0640 'rundeck/system-job_viewer.aclpolicy_template'
+maybe chown 'rundeck' 'rundeck/system-job_writer.aclpolicy_template'
+maybe chgrp 'rundeck' 'rundeck/system-job_writer.aclpolicy_template'
+maybe chmod 0640 'rundeck/system-job_writer.aclpolicy_template'
+maybe chown 'rundeck' 'rundeck/system-project_admin.aclpolicy_template'
+maybe chgrp 'rundeck' 'rundeck/system-project_admin.aclpolicy_template'
+maybe chmod 0640 'rundeck/system-project_admin.aclpolicy_template'
 maybe chmod 0755 'rwtab.d'
 maybe chmod 0644 'rwtab.d/logrotate'
 maybe chmod 0644 'rwtab.d/named'

group

@@ -99,3 +99,4 @@ PxAzpq9B:x:1014:
 _AodQqBu:x:1015:
 cfb:x:1016:
 mailcow:x:1017:
+rundeck:x:1018:

group-

@@ -98,3 +98,4 @@ ZTmpNnll:x:1013:
 PxAzpq9B:x:1014:
 _AodQqBu:x:1015:
 cfb:x:1016:
+mailcow:x:1017:

gshadow

@@ -99,3 +99,4 @@ PxAzpq9B:!::
 _AodQqBu:!::
 cfb:!::
 mailcow:!::
+rundeck:!::

gshadow-

@@ -98,3 +98,4 @@ ZTmpNnll:!::
 PxAzpq9B:!::
 _AodQqBu:!::
 cfb:!::
+mailcow:!::

passwd

@@ -70,3 +70,4 @@ PxAzpq9B:x:1013:1014:PxAzpq9B:/mnt/volume-fra1-01/backup2021:/sbin/nologin
 _AodQqBu:x:1014:1015:_AodQqBu:/mnt/volume-fra1-01/backup2021:/sbin/nologin
 cfb:x:1015:1016::/home/cfb:/bin/bash
 mailcow:x:1016:1017::/home/mailcow:/bin/bash
+rundeck:x:1017:1018::/var/lib/rundeck:/bin/bash

passwd-

@@ -69,3 +69,4 @@ ZTmpNnll:x:1012:1013:ZTmpNnll:/mnt/volume-fra1-01/backup2021:/sbin/nologin
 PxAzpq9B:x:1013:1014:PxAzpq9B:/mnt/volume-fra1-01/backup2021:/sbin/nologin
 _AodQqBu:x:1014:1015:_AodQqBu:/mnt/volume-fra1-01/backup2021:/sbin/nologin
 cfb:x:1015:1016::/home/cfb:/bin/bash
+mailcow:x:1016:1017::/home/mailcow:/bin/bash

rc.d/init.d/rundeckd

@@ -0,0 +1,83 @@
+#!/bin/bash 
+#
+# rundeckd    Startup script for the rundeck
+#
+# chkconfig: 2345 90 10
+# description: rundeckd, providing rundeckd
+# pidfile: /var/run/rundeckd.pid
+
+# Source function library
+
+prog="rundeckd"
+RETVAL=0
+PID_FILE=/var/run/${prog}.pid
+servicelog=/var/log/rundeck/service.log
+
+. /etc/rc.d/init.d/functions
+
+. /etc/rundeck/profile
+
+start() {
+	status -p $PID_FILE $prog >/dev/null
+	RETVAL=$?
+	if [ $RETVAL -eq 0 ]; then
+		echo Already started.
+		return $RETVAL
+	fi
+	echo -n $"Starting $prog: "
+	if ! touch $servicelog; then
+		echo No access to $servicelog. This usually means you need to be root
+		echo_failure
+		echo
+		return 1
+	fi
+	nohup runuser -s /bin/bash -l rundeck -c "$rundeckd" >>$servicelog 2>&1 &
+	RETVAL=$?	
+	PID=$!
+	echo $PID > $PID_FILE
+	if [ $RETVAL -eq 0 ]; then
+		touch /var/lock/subsys/$prog
+		echo_success
+	else
+		echo_failure
+	fi
+	echo
+	return $RETVAL
+}
+
+stop() {
+	echo -n $"Stopping $prog: "
+	killproc -p $PID_FILE "$rundeckd"
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
+	return $RETVAL
+}
+
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	restart)
+		stop
+		start
+		;;
+	condrestart)
+		if [ -f /var/lock/subsys/$prog ]; then
+			stop
+			start
+		fi
+		;;
+	status)
+		status -p $PID_FILE $prog
+		RETVAL=$?
+		;;
+	*)
+		echo $"Usage: $0 {start|stop|restart|condrestart|status}"
+		RETVAL=1
+esac
+
+exit $RETVAL

rc.d/rc0.d/K10rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rc.d/rc1.d/K10rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rc.d/rc2.d/S90rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rc.d/rc3.d/S90rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rc.d/rc4.d/S90rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rc.d/rc5.d/S90rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rc.d/rc6.d/K10rundeckd

@@ -0,0 +1 @@
+../init.d/rundeckd

rundeck/admin.aclpolicy

@@ -0,0 +1,31 @@
+description: Admin, all access.
+context:
+  project: '.*' # all projects
+for:
+  resource:
+    - allow: '*' # allow read/create all kinds
+  adhoc:
+    - allow: '*' # allow read/running/killing adhoc jobs
+  job: 
+    - allow: '*' # allow read/write/delete/run/kill of all jobs
+  node:
+    - allow: '*' # allow read/run for all nodes
+by:
+  group: admin
+
+---
+
+description: Admin, all access.
+context:
+  application: 'rundeck'
+for:
+  resource:
+    - allow: '*' # allow create of projects
+  project:
+    - allow: '*' # allow view/admin of all projects
+  project_acl:
+    - allow: '*' # allow admin of all project-level ACL policies
+  storage:
+    - allow: '*' # allow read/create/update/delete for all /keys/* storage content
+by:
+  group: admin

rundeck/apitoken.aclpolicy

@@ -0,0 +1,43 @@
+description: API project level access control
+context:
+  project: '.*' # all projects
+for:
+  resource:
+    - equals:
+        kind: job
+      allow: [create,delete] # allow create and delete jobs
+    - equals:
+        kind: node
+      allow: [read,create,update,refresh] # allow refresh node sources
+    - equals:
+        kind: event
+      allow: [read,create] # allow read/create events
+  adhoc:
+    - allow: [read,run,kill] # allow running/killing adhoc jobs and read output
+  job: 
+    - allow: [create,read,update,delete,run,kill] # allow create/read/write/delete/run/kill of all jobs
+  node:
+    - allow: [read,run] # allow read/run for all nodes
+by:
+  group: api_token_group
+
+---
+
+description: API Application level access control
+context:
+  application: 'rundeck'
+for:
+  resource:
+    - equals:
+        kind: system
+      allow: [read] # allow read of system info
+  project:
+    - match:
+        name: '.*'
+      allow: [read] # allow view of all projects
+  storage:
+    - match:
+        path: '(keys|keys/.*)'
+      allow: '*' # allow all access to manage stored keys
+by:
+  group: api_token_group

rundeck/framework.properties

@@ -0,0 +1,41 @@
+# framework.properties -
+#
+
+# ----------------------------------------------------------------
+# Rundeck server connection information
+# ----------------------------------------------------------------
+
+framework.server.name = localhost
+framework.server.hostname = localhost
+framework.server.port = 4440
+framework.server.url = http://localhost:4440
+
+# ----------------------------------------------------------------
+# Installation locations
+# ----------------------------------------------------------------
+
+rdeck.base=/var/lib/rundeck
+
+framework.projects.dir=/var/lib/rundeck/projects
+framework.etc.dir=/etc/rundeck
+framework.var.dir=/var/lib/rundeck/var
+framework.tmp.dir=/var/lib/rundeck/var/tmp
+framework.logs.dir=/var/lib/rundeck/logs
+framework.libext.dir=/var/lib/rundeck/libext
+
+# ----------------------------------------------------------------
+# SSH defaults for node executor and file copier
+# ----------------------------------------------------------------
+
+framework.ssh.keypath = /var/lib/rundeck/.ssh/id_rsa
+framework.ssh.user = rundeck
+
+# ssh connection timeout after a specified number of milliseconds.
+# "0" value means wait forever.
+framework.ssh.timeout = 0
+
+
+# ----------------------------------------------------------------
+# Auto generated server UUID: c86b0213-35d0-45a8-8522-725247f43595
+# ----------------------------------------------------------------
+rundeck.server.uuid = c86b0213-35d0-45a8-8522-725247f43595

rundeck/jaas-loginmodule.conf

@@ -0,0 +1,5 @@
+RDpropertyfilelogin {
+org.eclipse.jetty.jaas.spi.PropertyFileLoginModule required
+debug="true"
+file="/etc/rundeck/realm.properties";
+};

rundeck/log4j2.properties

@@ -0,0 +1,258 @@
+
+name = Rundeck Logging Configuration
+
+property.baseDir = /var/log/rundeck
+property.classLength = 2
+property.noConsoleNoAnsi = true
+property.prefix = [%style{%d{ISO8601}}{dim, noConsoleNoAnsi=${noConsoleNoAnsi}}] %highlight{%-5p}{noConsoleNoAnsi=${noConsoleNoAnsi}} %style{%c{${classLength}}}{cyan,noConsoleNoAnsi=${noConsoleNoAnsi}}
+
+appender.console.type = Console
+appender.console.name = STDOUT
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = ${prefix} - %m%n
+
+appender.rundeck.type = RollingFile
+appender.rundeck.name = rundeck
+appender.rundeck.fileName = ${baseDir}/rundeck.log
+appender.rundeck.append = true
+appender.rundeck.bufferedIO = true
+appender.rundeck.filePattern = ${baseDir}/rundeck.log.%d{yyyy-MM-dd}.gz
+appender.rundeck.layout.type = PatternLayout
+appender.rundeck.layout.pattern = ${prefix} [%t] - %m%n
+appender.rundeck.policies.type = Policies
+appender.rundeck.policies.time.type = TimeBasedTriggeringPolicy
+appender.rundeck.policies.time.interval = 1
+
+appender.audit.type = RollingFile
+appender.audit.name = audit
+appender.audit.fileName = ${baseDir}/rundeck.audit.log
+appender.audit.append = true
+appender.audit.bufferedIO = true
+appender.audit.filePattern = ${baseDir}/rundeck.audit.log.%d{yyyy-MM-dd}.gz
+appender.audit.layout.type = PatternLayout
+appender.audit.layout.pattern = ${prefix} - %m%n
+appender.audit.policies.type = Policies
+appender.audit.policies.time.type = TimeBasedTriggeringPolicy
+appender.audit.policies.time.interval = 1
+
+appender.options.type = RollingFile
+appender.options.name = options
+appender.options.fileName = ${baseDir}/rundeck.options.log
+appender.options.append = true
+appender.options.bufferedIO = true
+appender.options.filePattern = ${baseDir}/rundeck.options.log.%d{yyyy-MM-dd}.gz
+appender.options.layout.type = PatternLayout
+appender.options.layout.pattern = ${prefix} %X{httpStatusCode} %X{contentLength}B %X{durationTime}ms %X{lastModifiedDateTime} [%X{jobName}] %X{url} %X{contentSHA1}%n
+appender.options.policies.type = Policies
+appender.options.policies.time.type = TimeBasedTriggeringPolicy
+appender.options.policies.time.interval = 1
+
+appender.storage.type = RollingFile
+appender.storage.name = storage
+appender.storage.fileName = ${baseDir}/rundeck.storage.log
+appender.storage.append = true
+appender.storage.bufferedIO = true
+appender.storage.filePattern = ${baseDir}/rundeck.storage.log.%d{yyyy-MM-dd}.gz
+appender.storage.layout.type = PatternLayout
+appender.storage.layout.pattern = ${prefix} %X{action} %X{type} %X{path} %X{status} %X{metadata}%n
+appender.storage.policies.type = Policies
+appender.storage.policies.time.type = TimeBasedTriggeringPolicy
+appender.storage.policies.time.interval = 1
+
+appender.jobchanges.type = RollingFile
+appender.jobchanges.name = jobchanges
+appender.jobchanges.fileName = ${baseDir}/rundeck.jobs.log
+appender.jobchanges.append = true
+appender.jobchanges.bufferedIO = true
+appender.jobchanges.filePattern = ${baseDir}/rundeck.jobs.log.%d{yyyy-MM-dd}.gz
+appender.jobchanges.layout.type = PatternLayout
+appender.jobchanges.layout.pattern = ${prefix} %X{user} %X{change} [%X{id}] %X{project} "%X{groupPath}/%X{jobName}" (%X{method})%X{extraInfo}%n
+appender.jobchanges.policies.type = Policies
+appender.jobchanges.policies.time.type = TimeBasedTriggeringPolicy
+appender.jobchanges.policies.time.interval = 1
+
+appender.execevents.type = RollingFile
+appender.execevents.name = execevents
+appender.execevents.fileName = ${baseDir}/rundeck.executions.log
+appender.execevents.append = true
+appender.execevents.bufferedIO = true
+appender.execevents.filePattern = ${baseDir}/rundeck.executions.log.%d{yyyy-MM-dd}.gz
+appender.execevents.layout.type = PatternLayout
+appender.execevents.layout.pattern = ${prefix} %X{eventUser} %X{event} [%X{id}:%X{state}] %X{project} %X{user}/%X{abortedby} \"%X{groupPath}/%X{jobName}  %X{argString}\"[%X{uuid}] %n
+appender.execevents.policies.type = Policies
+appender.execevents.policies.time.type = TimeBasedTriggeringPolicy
+appender.execevents.policies.time.interval = 1
+
+appender.apirequests.type = RollingFile
+appender.apirequests.name = apirequests
+appender.apirequests.fileName = ${baseDir}/rundeck.api.log
+appender.apirequests.append = true
+appender.apirequests.bufferedIO = true
+appender.apirequests.filePattern = ${baseDir}/rundeck.api.log.%d{yyyy-MM-dd}.gz
+appender.apirequests.layout.type = PatternLayout
+appender.apirequests.layout.pattern = ${prefix} "%X{method} %X{uri}" %X{remoteHost} %X{secure} %X{remoteUser} %X{authToken} %X{duration} %X{project} (%X{userAgent})%n
+appender.apirequests.policies.type = Policies
+appender.apirequests.policies.time.type = TimeBasedTriggeringPolicy
+appender.apirequests.policies.time.interval = 1
+
+appender.access.type = RollingFile
+appender.access.name = access
+appender.access.fileName = ${baseDir}/rundeck.access.log
+appender.access.append = true
+appender.access.bufferedIO = true
+appender.access.filePattern = ${baseDir}/rundeck.access.log.%d{yyyy-MM-dd}.gz
+appender.access.layout.type = PatternLayout
+appender.access.layout.pattern = ${prefix} "%X{method} %X{uri}" %X{remoteHost} %X{secure} %X{remoteUser} %X{authToken} %X{duration} %X{project} [%X{contentType}] (%X{userAgent})%n
+appender.access.policies.type = Policies
+appender.access.policies.time.type = TimeBasedTriggeringPolicy
+appender.access.policies.time.interval = 1
+
+appender.project.type = RollingFile
+appender.project.name = project
+appender.project.fileName = ${baseDir}/rundeck.project.log
+appender.project.append = true
+appender.project.bufferedIO = true
+appender.project.filePattern = ${baseDir}/rundeck.project.log.%d{yyyy-MM-dd}.gz
+appender.project.layout.type = PatternLayout
+appender.project.layout.pattern = ${prefix} - %m%n
+appender.project.policies.type = Policies
+appender.project.policies.time.type = TimeBasedTriggeringPolicy
+appender.project.policies.time.interval = 1
+
+appender.cleanup.type = RollingFile
+appender.cleanup.name = cleanup
+appender.cleanup.fileName = ${baseDir}/rundeck.cleanup.log
+appender.cleanup.append = true
+appender.cleanup.bufferedIO = true
+appender.cleanup.filePattern = ${baseDir}/rundeck.cleanup.log.%d{yyyy-MM-dd}.gz
+appender.cleanup.layout.type = PatternLayout
+appender.cleanup.layout.pattern = ${prefix} - %m%n
+appender.cleanup.policies.type = Policies
+appender.cleanup.policies.time.type = TimeBasedTriggeringPolicy
+appender.cleanup.policies.time.interval = 1
+
+appender.webhooks.type = RollingFile
+appender.webhooks.name = webhooks
+appender.webhooks.fileName = ${baseDir}/rundeck.webhooks.log
+appender.webhooks.append = true
+appender.webhooks.bufferedIO = true
+appender.webhooks.filePattern = ${baseDir}/rundeck.webhooks.log.%d{yyyy-MM-dd}.gz
+appender.webhooks.layout.type = PatternLayout
+appender.webhooks.layout.pattern = ${prefix} - %m%n
+appender.webhooks.policies.type = Policies
+appender.webhooks.policies.time.type = TimeBasedTriggeringPolicy
+appender.webhooks.policies.time.interval = 1
+
+rootLogger.level = warn
+rootLogger.appenderRef.stdout.ref = STDOUT
+rootLogger.appenderRef.rundeck.ref = rundeck
+
+logger.interceptors.name = rundeck.interceptors
+logger.interceptors.level = info
+logger.interceptors.additivity = false
+logger.interceptors.appenderRef.stdout.ref = STDOUT
+
+logger.rundeckapp.name = rundeckapp
+logger.rundeckapp.level = info
+logger.rundeckapp.additivity = false
+logger.rundeckapp.appenderRef.stdout.ref = STDOUT
+
+logger.bootstrap.name = rundeckapp.BootStrap
+logger.bootstrap.level = info
+logger.bootstrap.additivity = false
+logger.bootstrap.appenderRef.stdout.ref = STDOUT
+
+logger.grails.name = grails
+logger.grails.level = warn
+logger.grails.additivity = false
+logger.grails.appenderRef.stdout.ref = STDOUT
+
+logger.grails_env.name = grails.util.Environment
+logger.grails_env.level = error
+logger.grails_env.additivity = false
+logger.grails_env.appenderRef.stdout.ref = STDOUT
+
+logger.prjmanager.name = grails.app.services.rundeck.services.ProjectManagerService
+logger.prjmanager.level = info
+logger.prjmanager.additivity = false
+logger.prjmanager.appenderRef.stdout.ref = STDOUT
+
+logger.authorization.name = com.dtolabs.rundeck.core.authorization
+logger.authorization.level = info
+logger.authorization.additivity = false
+logger.authorization.appenderRef.stdout.ref = audit
+
+logger.options.name = com.dtolabs.rundeck.remoteservice.http.options
+logger.options.level = info
+logger.options.additivity = false
+logger.options.appenderRef.stdout.ref = options
+
+logger.jobchanges.name = com.dtolabs.rundeck.data.jobs.changes
+logger.jobchanges.level = info
+logger.jobchanges.additivity = false
+logger.jobchanges.appenderRef.stdout.ref = jobchanges
+
+logger.execevents.name = org.rundeck.execution.status
+logger.execevents.level = info
+logger.execevents.additivity = false
+logger.execevents.appenderRef.stdout.ref = execevents
+
+logger.apirequests.name = org.rundeck.api.requests
+logger.apirequests.level = info
+logger.apirequests.additivity = false
+logger.apirequests.appenderRef.stdout.ref = apirequests
+
+logger.access.name = org.rundeck.web.requests
+logger.access.level = info
+logger.access.additivity = false
+logger.access.appenderRef.access.ref = access
+
+logger.project.name = org.rundeck.project.events
+logger.project.level = info
+logger.project.additivity = false
+logger.project.appenderRef.stdout.ref = project
+
+logger.storage.name = org.rundeck.storage.events
+logger.storage.level = info
+logger.storage.additivity = false
+logger.storage.appenderRef.storage.ref = storage
+
+logger.webhook_events.name = org.rundeck.webhook.events
+logger.webhook_events.level = info
+logger.webhook_events.additivity = false
+logger.webhook_events.appenderRef.webhooks.ref = webhooks
+
+logger.webhook_plugins.name = org.rundeck.plugin.webhook
+logger.webhook_plugins.level = debug
+logger.webhook_plugins.additivity = false
+logger.webhook_plugins.appenderRef.webhooks.ref = webhooks
+
+logger.cleanup.name = rundeck.quartzjobs.ExecutionsCleanUp
+logger.cleanup.level = debug
+logger.cleanup.additivity = false
+logger.cleanup.appenderRef.cleanup.ref = cleanup
+
+logger.jetty.name = org.mortbay.log
+logger.jetty.level = warn
+logger.jetty.additivity = false
+logger.jetty.appenderRef.stdout.ref = STDOUT
+
+logger.hibernate.name = org.hibernate.orm.deprecation
+logger.hibernate.level = error
+logger.hibernate.additivity = false
+logger.hibernate.appenderRef.stdout.ref = STDOUT
+
+logger.rundeck_jaas.name = com.dtolabs.rundeck.jetty.jaas
+logger.rundeck_jaas.level = debug
+logger.rundeck_jaas.additivity = false
+logger.rundeck_jaas.appenderRef.stdout.ref = STDOUT
+
+logger.spring_security.name = grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter
+logger.spring_security.level = debug
+logger.spring_security.additivity = false
+logger.spring_security.appenderRef.stdout.ref = STDOUT
+
+logger.jaas.name = org.rundeck.jaas
+logger.jaas.level = debug
+logger.jaas.additivity = false
+logger.jaas.appenderRef.stdout.ref = STDOUT

rundeck/profile

@@ -0,0 +1,100 @@
+#########
+# Rundeck Profile sourced from /etc/rc.d/init.d/rundeckd
+#########
+#
+# NOTE: DO NOT MODIFY THIS FILE
+# It will be replaced when the package is upgraded and your changes will not be saved.
+#
+# ##################
+#
+# To override variables in this file, you can instead create a file at:
+#
+#     # Centos/Redhat default:
+#
+#     /etc/sysconfig/rundeckd
+#
+# Or
+#
+#     # Ubuntu/Debian default:
+#
+#     /etc/default/rundeckd
+#
+# which contains exports for any of the variables listed below. E.g.:
+#
+#     RUNDECK_TEMPDIR=/path/to/tmpdir
+#
+# That file will be sourced before this one, allowing your exports to take precedence.
+#
+###############
+
+prog="rundeckd"
+[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
+[ -e /etc/default/$prog ] && . /etc/default/$prog
+
+RDECK_INSTALL="${RDECK_INSTALL:-/var/lib/rundeck}"
+RDECK_BASE="${RDECK_BASE:-/var/lib/rundeck}"
+RDECK_CONFIG="${RDECK_CONFIG:-/etc/rundeck}"
+RDECK_CONFIG_FILE="${RDECK_CONFIG_FILE:-$RDECK_CONFIG/rundeck-config.properties}"
+RDECK_SERVER_BASE="${RDECK_SERVER_BASE:-$RDECK_BASE}"
+RDECK_SERVER_CONFIG="${RDECK_SERVER_CONFIG:-$RDECK_CONFIG}"
+RDECK_SERVER_DATA="${RDECK_SERVER_DATA:-$RDECK_BASE/data}"
+RDECK_PROJECTS="${RDECK_PROJECTS:-$RDECK_BASE/projects}"
+RUNDECK_TEMPDIR="${RUNDECK_TEMPDIR:-/tmp/rundeck}"
+RUNDECK_WORKDIR="${RUNDECK_TEMPDIR:-$RDECK_BASE/work}"
+RUNDECK_LOGDIR="${RUNDECK_LOGDIR:-$RDECK_BASE/logs}"
+RDECK_JVM_SETTINGS="${RDECK_JVM_SETTINGS:- -Xmx1024m -Xms256m -XX:MaxMetaspaceSize=256m -server}"
+RDECK_TRUSTSTORE_FILE="${RDECK_TRUSTSTORE_FILE:-$RDECK_CONFIG/ssl/truststore}"
+RDECK_TRUSTSTORE_TYPE="${RDECK_TRUSTSTORE_TYPE:-jks}"
+JAAS_LOGIN="${JAAS_LOGIN:-true}"
+JAAS_CONF="${JAAS_CONF:-$RDECK_CONFIG/jaas-loginmodule.conf}"
+LOGIN_MODULE="${LOGIN_MODULE:-RDpropertyfilelogin}"
+RDECK_HTTP_PORT=${RDECK_HTTP_PORT:-4440}
+RDECK_HTTPS_PORT=${RDECK_HTTPS_PORT:-4443}
+
+
+# If no JAVA_CMD, try to find it in $JAVA_HOME
+if [ -z "$JAVA_CMD" ] && [ -n "$JAVA_HOME" ] && [ -x "$JAVA_HOME/bin/java" ] ; then
+  JAVA_CMD=$JAVA_HOME/bin/java
+  PATH=$PATH:$JAVA_HOME/bin
+  export JAVA_HOME
+elif [ -z "$JAVA_CMD" ] ; then
+  JAVA_CMD=java
+fi
+
+for war in $(find $RDECK_INSTALL/bootstrap -name '*.war') ; do
+  EXECUTABLE_WAR=$war
+done
+
+RDECK_JVM="-Drundeck.jaaslogin=$JAAS_LOGIN \
+           -Djava.security.auth.login.config=$JAAS_CONF \
+           -Dloginmodule.name=$LOGIN_MODULE \
+           -Drdeck.config=$RDECK_CONFIG \
+           -Drundeck.server.configDir=$RDECK_SERVER_CONFIG \
+           -Dserver.datastore.path=$RDECK_SERVER_DATA/rundeck \
+           -Drundeck.server.serverDir=$RDECK_INSTALL \
+           -Drdeck.projects=$RDECK_PROJECTS \
+           -Dlog4j.configurationFile=$RDECK_SERVER_CONFIG/log4j2.properties \
+           -Dlogging.config=file:$RDECK_SERVER_CONFIG/log4j2.properties \
+           -Drdeck.runlogs=$RUNDECK_LOGDIR \
+           -Drundeck.server.logDir=$RUNDECK_LOGDIR \
+           -Drundeck.config.location=$RDECK_CONFIG_FILE \
+           -Djava.io.tmpdir=$RUNDECK_TEMPDIR \
+           -Drundeck.server.workDir=$RUNDECK_WORKDIR \
+           -Dserver.http.port=$RDECK_HTTP_PORT \
+           -Drdeck.base=$RDECK_BASE"
+#
+# Set min/max heap size
+#
+RDECK_JVM="$RDECK_JVM $RDECK_JVM_SETTINGS"
+#
+# SSL Configuration - Uncomment the following to enable.  Check SSL.properties for details.
+#
+if [ -n "$RUNDECK_WITH_SSL" ] ; then
+  RDECK_JVM="$RDECK_JVM -Drundeck.ssl.config=$RDECK_SERVER_CONFIG/ssl/ssl.properties -Dserver.https.port=${RDECK_HTTPS_PORT}"
+fi
+
+unset JRE_HOME
+
+umask 002
+
+rundeckd="$JAVA_CMD $RDECK_JVM $RDECK_JVM_OPTS -jar $EXECUTABLE_WAR --skipinstall"

rundeck/project.properties

@@ -0,0 +1,27 @@
+# project.properties
+#
+# $Id: project.properties.template 2126 2010-08-17 21:06:08Z ahonor $
+#
+
+#
+# The base directory for this project's instances
+#
+project.dir = /var/lib/rundeck/projects/${project.name}
+#
+# The base directory of project specific configuration files
+#
+project.etc.dir = /var/lib/rundeck/projects/${project.name}/etc
+
+#
+# The resources registration file
+#
+project.resources.file = /var/lib/rundeck/projects/${project.name}/etc/resources.xml
+
+#
+# The project description
+#
+project.description = 
+#
+# The organization 
+#
+project.organization = 

rundeck/realm.properties

@@ -0,0 +1,33 @@
+#
+# This file defines users passwords and roles for a HashUserRealm
+#
+# The format is
+#  <username>: <password>[,<rolename> ...]
+#
+# Passwords may be clear text, obfuscated or checksummed.  The class 
+# org.mortbay.util.Password should be used to generate obfuscated
+# passwords or password checksums
+#
+# If DIGEST Authentication is used, the password must be in a recoverable
+# format, either plain text or OBF:.
+#
+#jetty: MD5:164c88b302622e17050af52c89945d44,user
+#admin: CRYPT:ad1ks..kc.1Ug,server-administrator,content-administrator,admin
+#other: OBF:1xmk1w261u9r1w1c1xmq
+#plain: plain
+#user: password
+# This entry is for digest auth.  The credential is a MD5 hash of username:realmname:password
+#digest: MD5:6e120743ad67abfbc385bc2bb754e297
+
+#
+# This sets the default user accounts for the Rundeck app
+#
+admin:admin,user,admin,architect,deploy,build
+
+#
+# example users matching the example aclpolicy template roles
+#
+#job-runner:admin,user,job_runner
+#job-writer:admin,user,job_writer
+#job-reader:admin,user,job_reader
+#job-viewer:admin,user,job_viewer

rundeck/rundeck-config.properties

@@ -0,0 +1,33 @@
+#loglevel.default is the default log level for jobs: ERROR,WARN,INFO,VERBOSE,DEBUG
+loglevel.default=INFO
+rdeck.base=/var/lib/rundeck
+
+#rss.enabled if set to true enables RSS feeds that are public (non-authenticated)
+rss.enabled=false
+# change hostname here
+grails.serverURL=http://localhost:4440
+dataSource.dbCreate = update
+dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
+
+# Encryption for key storage
+rundeck.storage.provider.1.type=db
+rundeck.storage.provider.1.path=keys
+
+rundeck.storage.converter.1.type=jasypt-encryption
+rundeck.storage.converter.1.path=keys
+rundeck.storage.converter.1.config.encryptorType=custom
+rundeck.storage.converter.1.config.password=eea687e3ff09b3c0
+rundeck.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
+rundeck.storage.converter.1.config.provider=BC
+
+# Encryption for project config storage
+rundeck.projectsStorageType=db
+
+rundeck.config.storage.converter.1.type=jasypt-encryption
+rundeck.config.storage.converter.1.path=projects
+rundeck.config.storage.converter.1.config.password=eea687e3ff09b3c0
+rundeck.config.storage.converter.1.config.encryptorType=custom
+rundeck.config.storage.converter.1.config.algorithm=PBEWITHSHA256AND128BITAES-CBC-BC
+rundeck.config.storage.converter.1.config.provider=BC
+
+rundeck.feature.repository.enabled=true

rundeck/ssl/ssl.properties

@@ -0,0 +1,5 @@
+keystore=/etc/rundeck/ssl/keystore
+keystore.password=adminadmin
+key.password=adminadmin
+truststore=/etc/rundeck/ssl/truststore
+truststore.password=adminadmin

rundeck/system-job_reader.aclpolicy_template

@@ -0,0 +1,27 @@
+description: Allow groups to list projects
+context:
+  application: 'rundeck'
+for:
+  project:
+  - allow: read
+    match:
+      name: '.*'
+by:
+  group: job_reader
+
+---
+
+description: Global read access to job_reader role
+context:
+  project: '.*'
+for:
+  job:
+  - allow: [read]
+    match:
+      name: '.*'
+  resource:
+  - allow: read
+    equals:
+      kind: event
+by:
+  group: job_reader

rundeck/system-job_runner.aclpolicy_template

@@ -0,0 +1,35 @@
+description: Allow groups to list projects
+context:
+  application: 'rundeck'
+for:
+  project:
+  - allow: read
+    match:
+      name: '.*'
+by:
+  group: job_runner
+
+---
+
+description: Global run permissions to job_runner role
+context:
+  project: '.*'
+for:
+  resource:
+  - equals:
+      kind: 'node'
+    allow: [read,refresh]
+  job:
+  - allow: [read, run]
+    match:
+      name: '.*'
+  node:
+  - allow: [read, run, refresh]
+    match:
+      nodename: '.*'
+  resource:
+  - allow: read
+    equals:
+      kind: event
+by:
+  group: job_runner

rundeck/system-job_viewer.aclpolicy_template

@@ -0,0 +1,27 @@
+description: Allow groups to list projects
+context:
+  application: 'rundeck'
+for:
+  project:
+  - allow: read
+    match:
+      name: '.*'
+by:
+  group: job_viewer
+
+---
+
+description: Global read access to job_reader role
+context:
+  project: '.*'
+for:
+  job:
+  - allow: [view]
+    match:
+      name: '.*'
+  resource:
+  - allow: read
+    equals:
+      kind: event
+by:
+  group: job_viewer

rundeck/system-job_writer.aclpolicy_template

@@ -0,0 +1,37 @@
+description: Allow groups to list projects
+context:
+  application: 'rundeck'
+for:
+  project:
+  - allow: read
+    match:
+      name: '.*'
+by:
+  group: job_writer
+
+---
+
+description: Global write permissions to job_writer role
+context:
+  project: '.*'
+for:
+  resource:
+  - equals:
+      kind: 'node'
+    allow: [read,refresh]
+  - equals:
+      kind: job
+    allow: [create, delete]
+  - equals:
+      kind: event
+    allow: [read]
+  job:
+  - allow: [create,read,update,delete,run,kill]
+    match:
+      name: '.*'
+  node:
+  - allow: [read, run, refresh]
+    match:
+      nodename: '.*'
+by:
+  group: job_writer

rundeck/system-project_admin.aclpolicy_template

@@ -0,0 +1,51 @@
+description: Allow groups to list projects
+context:
+  application: 'rundeck'
+for:
+  project:
+  - allow: read
+    match:
+      name: '.*'
+by:
+  group: project_admin
+
+---
+description: Global project admin permissions to project_admin role
+context:
+  project: '.*'
+for:
+  resource:
+  - equals:
+      kind: job
+    allow: '*'
+  - equals:
+      kind: node
+    allow: '*'
+  - equals:
+      kind: event
+    allow: '*'
+  adhoc:
+    - allow: '*'
+  job:
+    - allow: '*'
+  node:
+    - allow: '*'
+  project:
+    - allow: '*'
+by:
+  group: project_admin
+---
+description: project_admin application scope permissions
+context:
+  application: 'rundeck'
+for:
+  resource:
+  - equals:
+      kind: project
+    allow: '*'
+  project:
+  - match:
+      name: '.*'
+    allow: '*'
+by:
+  group: project_admin

shadow

@@ -70,3 +70,4 @@ PxAzpq9B:$1$F6ZjZcoN$gX11Ys/26Yo/jxJVh0dcZ1:18658:0:99999:7:30::
 _AodQqBu:$1$SrfZx/5I$Xw.KOzTE2gE7eBTcbP7sB.:18658:0:99999:7:30::
 cfb:$6$qp3Fo53PpelMFPxu$kpw4lw/ODVjqSnohBn7MeduZuorwzWLD5QQGiZ5ARhGylK.56a7FswSh/OaN/LcXYR3I92ZUshb9vgsOoksSr0:18731:0:99999:7:30::
 mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmIRMt8n4irsVtV4zhCwECzlZN8Q6kKezmwp0:18768:0:99999:7:30::
+rundeck:!!:18772:0:99999:7:30::

shadow-

@@ -69,3 +69,4 @@ ZTmpNnll:$1$pEQFJ/iz$JUnmcIcUyUssWzOnDL0Fv0:18658:0:99999:7:30::
 PxAzpq9B:$1$F6ZjZcoN$gX11Ys/26Yo/jxJVh0dcZ1:18658:0:99999:7:30::
 _AodQqBu:$1$SrfZx/5I$Xw.KOzTE2gE7eBTcbP7sB.:18658:0:99999:7:30::
 cfb:$6$qp3Fo53PpelMFPxu$kpw4lw/ODVjqSnohBn7MeduZuorwzWLD5QQGiZ5ARhGylK.56a7FswSh/OaN/LcXYR3I92ZUshb9vgsOoksSr0:18731:0:99999:7:30::
+mailcow:$6$7vT203MTlIc8ROf0$VxXn56jKN5.UAPyXsgvv4r2XQDaL5yjo8Tk1We6rPS1eB7fRxbmIRMt8n4irsVtV4zhCwECzlZN8Q6kKezmwp0:18768:0:99999:7:30::

subgid

@@ -14,3 +14,4 @@ PxAzpq9B:886432:65536
 _AodQqBu:951968:65536
 cfb:1017504:65536
 mailcow:1083040:65536
+rundeck:1148576:65536

subgid-

@@ -13,3 +13,4 @@ ZTmpNnll:820896:65536
 PxAzpq9B:886432:65536
 _AodQqBu:951968:65536
 cfb:1017504:65536
+mailcow:1083040:65536

subuid

@@ -14,3 +14,4 @@ PxAzpq9B:886432:65536
 _AodQqBu:951968:65536
 cfb:1017504:65536
 mailcow:1083040:65536
+rundeck:1148576:65536

subuid-

@@ -13,3 +13,4 @@ ZTmpNnll:820896:65536
 PxAzpq9B:886432:65536
 _AodQqBu:951968:65536
 cfb:1017504:65536
+mailcow:1083040:65536