Configure backend databases for Rundeck

This is a step by step guide to configure database backend for Rundeck to replace the default H2, an embedded database. H2 DB is great for testing and experimental purposes but not ready yet for production instances. Blackduck scan run against the default setup show H2 DB as one of the vulnerabilities.

H2 Database’s backup function contains an arbitrary file read flaw due to insecure file permissions. This could be exploited by an attacker supplying a specially crafted database file which triggers a symlink attack. If successfully exploited, the user could read protected files on the system without valid permissions.

To use the industry’s best databases like PostgreSQL and MySQL, a JDBC driver is required for the Rundeck to establish the connection and transact with the respective DBs.

You can download and install the JDBC driver for

MySQL :: (MySQL Connector/J) from here

PostgreSQL :: PostgreSQL JDBC driver from here

After downloading the latest version of JDBC driver JAR file, copy the file/s to /var/lib/rundeck/libext and /var/lib/rundeck/lib

Comment the below line in the file /etc/rundeck/rundeck-config.properties

#dataSource.url = jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true

Once above steps are completed please follow below links to fully configure respective databases

PostgreSQL:

MySQL:

After the configuration is completed modify the firewall rules to allow access to the DB server from the Rundeck server.

MySQL:

firewall-cmd –add-service=mysql –permanent

firewall-cmd reload

PostgreSQL:

firewall-cmd –add-service=postgresql –permanent

firewall-cmd reload

Here is the screenshot of rundeck PostgreSQL database

Hope you’ve followed all the steps and able to create multiple users using ansible automation.

If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on your social platforms. Thank you!

What am I missing here? Let me know in the comments and I’ll add it in!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s