This is a plugin for Rundeck that uses Amazon S3 to store execution log files for backups or for cloud-friendly behavior.
./gradlew clean build
-
Copy the
rundeck-s3-log-plugin-x.y.jar
file to thelibext/
directory inside your Rundeck installation. You can find the releases here. -
Enable the ExecutionFileStorage provider named
org.rundeck.amazon-s3
in yourrundeck-config.properties
file:
# Set log execution storage backend to Amazon S3
rundeck.execution.logs.fileStoragePlugin=org.rundeck.amazon-s3
You can define the configuration values $RUNDECK_DIR/framework.properties
by prefixing the property name with the stem. For example:
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.<key>=<value>
Alternatively, use project.properties file with the stem project.plugin.ExecutionFileStorage.org.rundeck.amazon-s3
to achieve per-project configuration.
The plugin will use the "credentials provider chain" for AWS access credentials, which allows you to externally configure the credentials in any of three ways:
- Environment variables
AWS_ACCESS_KEY_ID
andAWS_SECRET_KEY
- Java system properties
aws.accessKeyId
andaws.secretKey
- Instance Profile credentials, if you are running on EC2. (See the IAM user guide).
If you want to specify access key and secret key, you can do so in the configuration:
The plugin allows you to set the following property key/values for credentials:
NB: These are stemmed with
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3
AWSAccessKeyId
: AWS access key, required if using AWSSecretKey
AWSSecretKey
: AWS secret key, required if using AWSAccessKeyId
AWSCredentialsFile
: Properties file which contains accessKey
and secretKey
entries. The alternative to specifying
the AWSAccessKeyId
and AWSSecretKey
The plugin uses uses the following key/values for configuring the AWS S3 Bucket:
bucket
: The name of the S3 bucket to use. This is the shorthand name, eg test-rundeck-logs
path
: A path-like string that defines where in the bucket to store the log for a particular execution. You can
include variables. Default value: rundeck/project/$PROJECT/logs/$ID
Variables in the path
value include:
${job.execid}
- the execution ID${job.project}
- the project name${job.id}
- the Job UUID if it exists${job.group}
- the Job Group if it exists${job.path}
- the Job Name if it exists
region
: AWS region name to use. Default: us-east-1
endpoint
: Optional, a custom S3 compatible endpoint to use, such as https://my-host.com/s3
pathStyle
: Optional, boolean, default=False, set to True if you need to define the bucket in your S3 like endpoint URL. e.g:
https://\<s3_like_end_point_url\>/\<your_bucket_name\>
A custom way of defining buckets for your endpoint. Useful for non-AWS S3 like object storage technology e.g SwiftStack, Optums, etc. This background information should be useful.
# AWSAccessKeyId and AWSSecretKey can be specified in the file
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.AWSAccessKeyId=ABC123...
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.AWSSecretKey=ABC321...
# Alternately, AWSCredentialsFile can point to a custom file which contains `accessKey` and `secretKey`
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.AWSCredentialsFile=/path/to/awscredentials.properties
# Name of the bucket
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.bucket=test-rundeck-logs
# Path to store the logs
framework.plugin.ExecutionFileStorage.org.rundeck.amazon-s3.path=logs/${job.project}/${job.execid}.log
If you want to use this plugin when you have Rundeck configured with a custom SSL truststore, you will need to import the Amazon S3 SSL certificates to your truststore.
echo -n | openssl s_client -connect my-bucket.s3.amazonaws.com:443 > certs.out
keytool -importcert -trustcacerts -file certs.out -alias s3-amazonaws -keystore $RDECK_BASE/etc/truststore