Enable running jobs on diffrent nodes
Description
Rundeck can be used for running very diffrent jobs in many locations (such as backups, restores, monitors etc.). Such approach is very insecure and we should think how to limit access to other servers with core apllications/services.
Proposals
-
Buy Rundeck Enterprice and use feature called Remote job execution - this feature allows cluster members to forward job executions to other cluster members based on a policy configuration. So Rundeck workers could be located in many locations and request for jobs the main Rundeck front end api see more here
-
➕ :- Can isolate — and scale independently — the load from user activity and the load from job execution.
-
➖ :- Rundeck Enterprice price is in the range from 20 to 60 thousand $ per year which is too much
-
-
Use feature called SSH node execution. This feature allows to run jobs on remote nodes, it needs ssh connection and if our jobs are defined to run in docker we need also docker group privileges which is very insecure see more here
-
➕ :- Feature available in Rundeck base version, no cost
- Simple configuration
-
➖ :- Not so secure, user on remote node needs accerss to docker which is comparable to having sudo permissions
-
-
Nearly the same as previous but making SSH connection to running dedicated for each job docker container which can only done job and nothing more on remote host
-
➕ :- Also no cost
- Secure solution, no need sudo or docker priviliges on remote host
-
➖ :- Needs of having some containers running on many remote hosts which will be idle most of the time, but on the other hand Enterprice solution needs running workers on remote host so it is not so bad
- Configuration of such solution is much more complicated
- Diffrent jobs may requier to maintain diffrent containers, or maybe one container with option to define job(s) that can be run in it ??
-