Getting started

Requirements

• Unix operating system with at least:
  • 1 vCPU
  • 1 GB memory
  • 500GB of free disk
• Java 8 or 11
• git 1.7 or greater
• ssh
• sudo

Optional

• ETCD, JDBC or AWS DynamoDB for configuration management
• SQL database or AWS DynamoDB and S3 for job execution logging
• AWS Cognito or Unix PAM for user management

1. Installation

Install BeyondCron using your preferred distribution:

• Debian (deb) package
• RedHat (rpm) package
• zip installation

2. Configure ssh

bc-agent

In order to execute commands on remote servers, bc-agent expects the bc-agent user bc-daemon to have passwordless ssh access to each remote server.

bc-server

When joining a cluster, each BeyondCron server syncs its local git repository with a running server. It order to do this, the user  bc-daemon requires passwordless ssh access to the other BeyondCron servers.

3. Configure sudo

bc-agent executes jobs, locally and remotely, via sudo. As such, you must allow the bc-agent user bc-daemon on every server where BeyondCron executes commands, to execute commands for other users.

A minimal entry within the /etc/sudoers to allow the agent to execute commands for any user except root, would be:

bc-daemon ALL=(ALL,!root) NOPASSWD:SETENV: ALL

If you wish to allow the BeyondCron agent to execute commands as root, the safest option is to explicitly define each command that you wish to allow the agent to execute. e.g.

bc-daemon ALL=(ALL,!root) NOPASSWD:SETENV: ALL, (root) /usr/bin/tee,/sbin/reboot

Note: BeyondCron uses the tee command so save the command output, so should always be included in the commands that the BeyondCron agent can sudo to, when allowing BeyondCron to execute commands as root.

Note: If sudo is configured with a secure path, and you wish to allow BeyondCron/users to set the PATH environment variable, you can add the bc-agent user to the sudoers exempt_group. e.g.

Defaults exempt_group += bc-daemon 

4. Setting yourself up as the admin user

LDAP user directory

If the host server is configured to use LDAP for user authentication, BeyondCron can be configured to authenticate against LDAP.

To designate yourself as a BeyondCron administrator in your LDAP directory service:

1. create the group bc_admin
2. add yourself to the new bc_admin group

Using bc-cli, enable the unix user service:

sudo -u bc-daemon /usr/local/bin/bc-cli --admin
config set beyondcron.user.service Unix
user service reload
exit

You can now login to BeyondCron using bc-cli or bc-web, using your LDAP user name/password.

Internal user directory

If BeyondCron is not configured with a user service, then it will manage users internally using the user & rolecommands.

To create yourself as a BeyondCron administrator: