How to Configure Rundeck WinRM Plugin for Windows Hosts

How to Configure the Rundeck WinRM Plugin for Windows Hosts

Rundeck is a powerful open-source job scheduler and automation tool used to manage routine tasks across development and production environments. With the Rundeck WinRM plugin, you can automate tasks on Windows servers remotely, enabling seamless execution of commands, workflows, and more.

In this guide, we’ll walk you through the steps to configure the Rundeck WinRM Plugin for connecting to and managing Windows hosts using WinRM (Windows Remote Management). This includes installation, configuration, and testing to ensure everything runs smoothly.

Step 1: Install the Rundeck WinRM Plugin

To get started, you need to download and install the Rundeck WinRM plugin. Use the following commands to install it:

wget https://github.com/rundeck-plugins/rundeck-winrm-plugin/releases/download/v1.3.4/rundeck-winrm-plugin-1.3.4.jar -P /var/lib/rundeck/libext/
chown -R rundeck. /var/lib/rundeck/libext/

After installation, restart the Rundeck daemon to apply changes:

/etc/init.d/rundeckd restart

Step 2: Configure the Windows Host for WinRM

Next, you’ll need to configure the remote Windows server to allow WinRM connections. On the Windows server, run PowerShell as Administrator and execute the following commands:

winrm qc
winrm set winrm/config/client/auth '@{Basic="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/client '@{AllowUnencrypted="true"}'

This configures WinRM to allow unencrypted connections and basic authentication. For enhanced security, you can configure Kerberos authentication, but that will require additional steps.

Step 3: Configure Kerberos Authentication on Rundeck Server

If you want to use Kerberos authentication, you’ll need to add a domain user account to the Administrators group on the Windows host and configure the Rundeck server. This involves editing the profile file on the Rundeck server to define the domain controller settings:

1. Open the /etc/rundeck/profile file.
2. Modify the JVM configuration as follows:

RDECK_JVM="-Drundeck.jaaslogin=$JAAS_LOGIN \
           -Djava.security.krb5.realm=YOUR_DOMAIN \
           -Djava.security.krb5.kdc=YOUR_DOMAIN_CONTROLLER_IP \
           -Djava.security.auth.login.config=$JAAS_CONF \
           -Dloginmodule.name=$LOGIN_MODULE \
           -Drdeck.config=$RDECK_CONFIG \
           -Drundeck.server.configDir=$RDECK_SERVER_CONFIG \
           -Dserver.datastore.path=$RDECK_SERVER_DATA/rundeck \
           -Drundeck.server.serverDir=$RDECK_INSTALL \
           -Drdeck.projects=$RDECK_PROJECTS \
           -Drdeck.runlogs=$RUNDECK_LOGDIR \
           -Drundeck.config.location=$RDECK_CONFIG_FILE \
           -Djava.io.tmpdir=$RUNDECK_TEMPDIR \
           -Drundeck.server.workDir=$RUNDECK_WORKDIR \
           -Dserver.http.port=$RDECK_HTTP_PORT \
           -Drdeck.base=$RDECK_BASE"

This step configures the Kerberos authentication for accessing the remote host using your Windows domain credentials.

Step 4: Set Up Key Storage for Secure Password Management

For secure management of sensitive credentials, such as passwords, use Rundeck’s Key Storage feature. This allows you to store the Windows user password safely without passing it directly in configuration files.

To configure Key Storage:

1. Go to the Rundeck settings menu.
2. Select the Key Storage option.
3. Choose Password as the key type and input the password for your domain user account.
4. Optionally, set a storage path for organizational purposes and save the entry.

Step 5: Add the Windows Node to Your Rundeck Project

Now that your server and authentication methods are set up, add the Windows host to the Rundeck project by modifying the resources.xml file in your project folder. Use the following configuration:

<node name="your-node-name" hostname="192.168.1.2" username="your-username"
      osFamily="Windows" osName="Microsoft Windows Server 2012 R2"
      osArch="amd64" node-executor="overthere-winrm"
      winrm-auth-type="kerberos" winrm-protocol="http"
      winrm-cmd="CMD" winrm-kerberos-debug="true"
      winrm-domain="YOUR_DOMAIN" winrm-password-storage-path="keys/yourpassword.key"/>

Step 6: Test the Connection

To verify the setup, run a simple command such as ipconfig on the remote Windows host:

rundeck job run --node your-node-name --command "ipconfig"

This test will confirm whether the WinRM connection and authentication are properly configured.

ZippyOPS: Enhance Your DevOps Efficiency

By integrating Rundeck with ZippyOPS, you can unlock enhanced automation capabilities across your DevOps processes. ZippyOPS offers consulting, implementation, and managed services that can streamline your DevOps, DataOps, and MLOps workflows, ensuring that your systems operate seamlessly.

ZippyOPS provides a comprehensive range of solutions, including Automated Operations (AIOps), Cloud Infrastructure management, and Microservices architecture. With expertise in DevSecOps and Security management, ZippyOPS helps organizations reduce complexity and improve operational efficiency.

For more information, explore ZippyOPS Services and ZippyOPS Products.

Conclusion for Configuring the Rundeck WinRM plugin

Configuring the Rundeck WinRM plugin for Windows hosts ensures that your automation tasks are efficiently managed across environments. By following these steps, you can easily set up a secure and reliable system for executing commands remotely on Windows servers. If you’re looking for comprehensive DevOps solutions and expert guidance, ZippyOPS is here to help. Contact us at sales@zippyops.com to learn more.