You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upon first login to Rundeck using Azure SSO an Azure Admin level user will need to consent to the `Directory.Read.All` permission. Make sure to click the checkbox that asks to consent for the **whole organization**.
113
+
If using the `GroupMember.Read.All` permission for group name mapping, an Azure Admin level user will need to consent upon first login to Rundeck using Azure SSO. Make sure to click the checkbox that asks to consent for the **whole organization**.
@@ -115,7 +121,7 @@ By default, Azure does not send group information in the SSO token. You can conf
115
121

116
122
117
123
118
-
**If you need to sync user groups by group name**, you need to enable the Rundeck plugin that uses the MS Graph API to get user/group information. Using this requires additional API permissions that were setup in the App Registration.
124
+
**If you need to sync user groups by group name**, you need to enable the Rundeck plugin that uses the MS Graph API to get user/group information. Using this requires the `GroupMember.Read.All` Application permission configured in the App Registration above.
119
125
120
126
To enable this plugin, enable the *Enable Azure UserGroupSource Plugin* setting in the **System Configuration** page (config key `framework.plugin.UserGroupSource.AzureGroupSource.enabled`), or add the following to the `framework.properties` file:
Copy file name to clipboardExpand all lines: docs/learning/howto/runner-service-windows.md
+50-18Lines changed: 50 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,8 +22,8 @@ Skip this section if you have already installed an Enterprise Runner on a Window
22
22
23
23
2. Edit the `rundeck-config.properties` file and add the following line:
24
24
25
-
```
26
-
rundeck.feature.runner.enabled=true
25
+
```properties
26
+
rundeck.feature.runner.enabled = true
27
27
```
28
28
29
29
This line enables the Enterprise Runner functionality on Runbook Automation Self-Hosted. Runbook Automation SaaS includes this feature out of the box.
@@ -112,55 +112,87 @@ To register the Enterprise Runner as a service, check the following steps:
112
112
113
113
2. Uncompress the file and copy the `prunmgr.exe` and `prunsrv.exe` files to the `C:\runner\` folder.
114
114
115
+
:::warning Use the 64-bit binary on a 64-bit JDK/JRE
116
+
On a 64-bit system running a 64-bit JDK/JRE, use the 64-bit `prunsrv.exe` located in the `amd64\` subfolder of the uncompressed archive — **not** the 32-bit `prunsrv.exe` in the root of the archive. (`prunmgr.exe`, the GUI monitor, is 32-bit only — that is expected and fine.)
117
+
:::
118
+
115
119
3. Rename the `prunsrv.exe` as `runner.exe`, and `prunmgr.exe` as `runnerw.exe`.
116
120
117
-
4. Open a new CMD terminal with Administrative rights.
121
+
:::warning Architecture mismatch
122
+
If a 32-bit `runner.exe` is used with a 64-bit JRE/JDK, it cannot load the 64-bit `jvm.dll`, and the service will fail to start or stop with the error `%1 is not a valid Win32 application`. You can confirm which architecture is in use by checking `commons-daemon.log`: the startup line should read `procrun (1.x.x.x 64-bit) started`.
123
+
:::
124
+
125
+
4. Create a stop script named `stop-runner.bat` in the `C:\runner\` folder with the content below. This script stops only the Runner process that the service started — it reads the PID that procrun writes to `runner.pid` — instead of killing every `java.exe` process on the host:
5.Open a new CMD terminal with Administrative rights.
120
139
121
-
6.Execute the following command (you can copy and paste it directly on the CMD terminal to execute it):
140
+
6.Go to the `C:\runner\` folder.
122
141
123
-
```
124
-
runner.exe //IS/runner ^
142
+
7. Execute the following command (you can copy and paste it directly on the CMD terminal to execute it):
143
+
144
+
```bat
145
+
runner.exe //IS//Runner ^
125
146
--DisplayName=Runner ^
126
-
--LogLevel=Debug ^
147
+
--LogLevel=Info ^
127
148
--LogPath=C:\runner ^
128
149
--ServiceUser=LocalSystem ^
129
150
--Startup=auto ^
151
+
--Jvm=auto ^
130
152
--StartMode=java ^
131
153
--StartPath=C:\runner ^
132
154
--StartParams=-jar#runner.jar ^
133
155
--StopMode=exe ^
156
+
--StopImage=C:\Windows\System32\cmd.exe ^
157
+
--StopParams=/c#C:\runner\stop-runner.bat ^
134
158
--StopPath=C:\runner ^
135
-
--StopImage=TASKKILL.exe ^
136
159
--StopTimeout=30 ^
137
-
--PidFile=rundeck.pid ^
138
-
--JvmMs=1024 --JvmMx=2048 ^
160
+
--PidFile=runner.pid ^
161
+
--JvmMs=1024 ^
162
+
--JvmMx=4096 ^
139
163
--StdOutput=C:\runner\runner.log ^
140
164
--StdError=C:\runner\runner.log
141
165
```
142
166
143
-
You will see the following messages:
167
+
:::tip Note
168
+
The service name uses a double slash (`//IS//runner`) — this is the procrun syntax for "install service". `--Jvm=auto` lets procrun locate `jvm.dll` automatically from `JAVA_HOME` / the registry. The stop is delegated to `stop-runner.bat` through `cmd.exe`; the full path to `cmd.exe` is required because procrun passes `--StopImage` directly to `CreateProcess`, which does not search the `PATH` (a bare `cmd` fails with `The system cannot find the file specified`).
9. Click the right button and select "Start", after a couple of seconds, the service must be shown as "Running" status.
188
+
10. Click the right button and select "Start", after a couple of seconds, the service must be shown as "Running" status.
161
189
162
190
<br>
163
191
192
+
:::tip Note
193
+
If you install the service at `--LogLevel=Debug`, the stop sequence may log repeated `conhost.exe ... Still here!` lines for a few seconds while procrun tears down the console host of the spawned `java.exe` process. This is cosmetic — the service still reaches the `Stopped` state. Running at `--LogLevel=Info` (as shown above) keeps the log clean. Note that the Runner's own application logs are written under `C:\runner\runner\logs\`, separate from the procrun `--StdOutput`/`--StdError` file.
194
+
:::
195
+
164
196
### How to remove the service
165
197
166
198
To stop and remove the Enterprise Runner service check the following steps:
@@ -169,7 +201,7 @@ To stop and remove the Enterprise Runner service check the following steps:
169
201
170
202
2. Go to the `C:\runner\` folder.
171
203
172
-
3. Execute `runner.exe //DS/Runner`. This process could take around 30 seconds.
204
+
3. Execute `runner.exe //DS//Runner`. This process could take around 30 seconds.
173
205
174
206
Now, the service is down and unregistered from Windows Services.
0 commit comments