This is a step by step guide to configure database backend for Rundeck to replace the default H2, an embedded database. H2 DB is great for testing and experimental purposes but not ready yet for production instances. Blackduck scan run against the default setup show H2 DB as one of the vulnerabilities.
H2 Database’s backup function contains an arbitrary file read flaw due to insecure file permissions. This could be exploited by an attacker supplying a specially crafted database file which triggers a symlink attack. If successfully exploited, the user could read protected files on the system without valid permissions.
To use the industry’s best databases like PostgreSQL and MySQL, a JDBC driver is required for the Rundeck to establish the connection and transact with the respective DBs.
You can download and install the JDBC driver for
MySQL :: (MySQL Connector/J) from here
PostgreSQL :: PostgreSQL JDBC driver from here
After downloading the latest version of JDBC driver JAR file, copy the file/s to /var/lib/rundeck/libext and /var/lib/rundeck/lib
Comment the below line in the file /etc/rundeck/rundeck-config.properties
#dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true
Once above steps are completed please follow below links to fully configure respective databases
After the configuration is completed modify the firewall rules to allow access to the DB server from the Rundeck server.
MySQL:
firewall-cmd –add-service=mysql –permanent
firewall-cmd reload
PostgreSQL:
firewall-cmd –add-service=postgresql –permanent
firewall-cmd reload
Here is the screenshot of rundeck PostgreSQL database
Hope you’ve followed all the steps and able to create multiple users using ansible automation.
If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on your social platforms. Thank you!
What am I missing here? Let me know in the comments and I’ll add it in!
