#142 Define aclpolicy that confines node execution - Rundeck Development

Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

#142 ✓resolved

Define aclpolicy that confines node execution

Reported by Alex-SF | December 17th, 2010 @ 08:54 AM | in Rundeck 1.4 (closed)

Define a policy configuration that controls which Nodes a user can execute commands. This should include the same node filtering model used for controlling command dispatch.

Below is a hypothetical example using the nodefilters element used in job definitions:

<policies>
  <policy description="Node filtering policy">
    <context project="anvils">
      <command group="*" job="*" actions="resource_exec"/>
    </context>
    <nodefilters excludeprecedence="true">
      <include>
        <tags>web</tags>
      </include>
    </nodefilters>
    <by>
      <group name="webop"/>
    </by>
  </policy>
</policies>

Comments and changes to this ticket

Alex-SF December 17th, 2010 @ 08:54 AM
- Tag set to “security feedback”
Alex-SF December 17th, 2010 @ 08:55 AM
- Tag changed from “security feedback” to “feedback, security”
Alex-SF January 14th, 2011 @ 07:28 AM
- Milestone set to “Rundeck 1.2”
- Milestone order changed from “15” to “0”
Alex-SF February 14th, 2011 @ 01:10 PM
- Milestone cleared.
- Milestone order changed from “1” to “0”
Alex-SF September 29th, 2011 @ 08:09 AM
- Milestone set to “Rundeck 1.4”
- Milestone order changed from “33” to “0”

Greg Schueler October 5th, 2011 @ 01:30 PM

State changed from “new” to “needs_verification”

This has been added as part of #429

Example restriction on nodes:

for:
  node:
    - contains:
        tags: [dev,qa]
      allow: [read,run]
    - contains:
        tags: [prod]
      allow: [read]
      deny: [run]
    - match:
        nodename: 'test.*'
      allow: [read,run]
    - equals:
        rundeck_server: 'true'
      deny: [run]

Greg Schueler October 5th, 2011 @ 01:30 PM
- Assigned user set to “Greg Schueler”
Greg Schueler October 25th, 2011 @ 12:37 PM
- State changed from “needs_verification” to “resolved”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins (Sort)

↓↑ drag 159 Open tickets
↓↑ drag 390 Resolved tickets
↓↑ drag 0 This week's tickets

Rundeck Rundeck Development → Rundeck 1.4

Define aclpolicy that confines node execution

Comments and changes to this ticket

Alex-SF December 17th, 2010 @ 08:54 AM

Alex-SF December 17th, 2010 @ 08:55 AM

Alex-SF January 14th, 2011 @ 07:28 AM

Alex-SF February 14th, 2011 @ 01:10 PM

Alex-SF September 29th, 2011 @ 08:09 AM

Greg Schueler October 5th, 2011 @ 01:30 PM

Greg Schueler October 5th, 2011 @ 01:30 PM

Greg Schueler October 25th, 2011 @ 12:37 PM

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages

Rundeck Rundeck Development → Rundeck 1.4

Keyword searching

Define aclpolicy that confines node execution

Comments and changes to this ticket

Create your profile

Shared Ticket Bins (Sort)

People watching this ticket

Tags

Pages