From 40cd9400e307eb14eaa25334ef6ec69731f6e0ee Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Sun, 27 Dec 2015 13:52:58 +0100 Subject: [PATCH] library/roles/redmine/tasks: Change the ldap sync cron job so that it syncs the ldap groups too. library/roles/ubuntu-deb-general/tasks/disable-unneeded-services.yml: Disable some services that we do not want running. --- redmine/defaults/main.yml | 4 ++++ redmine/tasks/redmine-plugins.yml | 13 ++++++++++++- redmine/tasks/redmine.yml | 7 ------- redmine/templates/redmine-ldap-sync.cron.j2 | 2 +- ubuntu-deb-general/defaults/main.yml | 5 +++++ .../tasks/disable-unneeded-services.yml | 5 +++++ ubuntu-deb-general/tasks/main.yml | 1 + 7 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 ubuntu-deb-general/tasks/disable-unneeded-services.yml diff --git a/redmine/defaults/main.yml b/redmine/defaults/main.yml index 3e50b2a..920385b 100644 --- a/redmine/defaults/main.yml +++ b/redmine/defaults/main.yml @@ -16,12 +16,16 @@ redmine_user: redmine redmine_group: redmine # Minutes, from 1 to 60 redmine_ldap_sync_freq: 10 +# users, groups, all +redmine_ldap_sync_who: all redmine_glob_user: www-data redmine_glob_group: www-data redmine_glob_users_home_base: /srv/redmine-home # Plugins +rm_ldap_auth: True +rm_ldap_synch: True rm_embedded_tabs_plugin: False rm_recurring_tasks_plugin: False redmine_install_agile_plugin: False diff --git a/redmine/tasks/redmine-plugins.yml b/redmine/tasks/redmine-plugins.yml index cf639b5..ae2a068 100644 --- a/redmine/tasks/redmine-plugins.yml +++ b/redmine/tasks/redmine-plugins.yml @@ -15,9 +15,15 @@ - name: Install the ldap sync plugin git: repo=https://github.com/thorin/redmine_ldap_sync.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_ldap_sync update=no + when: rm_ldap_synch notify: - Bundle install and reconfigure redmine - tags: [ 'redmine', 'redmine_plugins' ] + tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_synch' ] + +- name: Cron job that manages the ldap synch + template: src=redmine-ldap-sync.cron.j2 dest=/etc/cron.d/redmine-ldap-sync owner=root group=root mode=0444 + when: rm_ldap_synch + tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_synch' ] - name: Redmine login audit plugin git: repo=https://github.com/martin-denizet/redmine_login_audit.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_login_audit update=no @@ -66,6 +72,11 @@ when: rm_recurring_tasks_plugin tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ] +- name: Cron job that manages the recurring tasks + template: src=redmine-recurring-tasks.cron.j2 dest=/etc/cron.d/redmine-recurring-tasks owner=root group=root mode=0444 + when: rm_recurring_tasks_plugin + tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ] + - name: Redmine agile plugin. Free version from www.redminecrm.com unarchive: src=redmine_agile.zip dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins creates={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_agile/init.rb when: redmine_install_agile_plugin diff --git a/redmine/tasks/redmine.yml b/redmine/tasks/redmine.yml index f90d4e2..9074f63 100644 --- a/redmine/tasks/redmine.yml +++ b/redmine/tasks/redmine.yml @@ -100,13 +100,6 @@ - Reload unicorn when needed tags: redmine -- name: Cron jobs that manage recurring tasks - template: src={{ item }}.cron.j2 dest=/etc/cron.d/{{ item }} owner=root group=root mode=0444 - with_items: - - redmine-recurring-tasks - - redmine-ldap-sync - tags: redmine - - name: Add unicorn to the redmine Gemfile copy: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Gemfile.local content='gem "unicorn"\n' owner={{ redmine_user }} group={{ redmine_group }} when: ruby_use_unicorn diff --git a/redmine/templates/redmine-ldap-sync.cron.j2 b/redmine/templates/redmine-ldap-sync.cron.j2 index 7243d79..67bb8e9 100644 --- a/redmine/templates/redmine-ldap-sync.cron.j2 +++ b/redmine/templates/redmine-ldap-sync.cron.j2 @@ -1 +1 @@ -*/{{ redmine_ldap_sync_freq }} * * * * {{ redmine_user }} /usr/local/bin/rake -f {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Rakefile --silent redmine:plugins:ldap_sync:sync_users RAILS_ENV=production >{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log/redmine-ldap-sync.log 2>&1 +*/{{ redmine_ldap_sync_freq }} * * * * {{ redmine_user }} /usr/local/bin/rake -f {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Rakefile --silent redmine:plugins:ldap_sync:sync_{{ redmine_ldap_sync_who }} RAILS_ENV=production >{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log/redmine-ldap-sync.log 2>&1 diff --git a/ubuntu-deb-general/defaults/main.yml b/ubuntu-deb-general/defaults/main.yml index bce118a..5c1a82b 100644 --- a/ubuntu-deb-general/defaults/main.yml +++ b/ubuntu-deb-general/defaults/main.yml @@ -75,6 +75,11 @@ exim_email_server_pkgs: - exim4-config - exim4-daemon-light +services_to_be_disabled: + - rpcbind + - atd + - acpid + disable_ipv6: True ipv6_sysctl_value: 1 ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf diff --git a/ubuntu-deb-general/tasks/disable-unneeded-services.yml b/ubuntu-deb-general/tasks/disable-unneeded-services.yml new file mode 100644 index 0000000..6347d54 --- /dev/null +++ b/ubuntu-deb-general/tasks/disable-unneeded-services.yml @@ -0,0 +1,5 @@ +--- +- name: Disable some unneeded services + service: name={{ item }} state=stopped enabled=no + with_items: services_to_be_disabled + tags: [ 'bootstrap', 'disable_services' ] diff --git a/ubuntu-deb-general/tasks/main.yml b/ubuntu-deb-general/tasks/main.yml index fb2f15a..952b15f 100644 --- a/ubuntu-deb-general/tasks/main.yml +++ b/ubuntu-deb-general/tasks/main.yml @@ -5,6 +5,7 @@ - include: packages.yml - include: ntp.yml - include: remove-unneeded-pkgs.yml +- include: disable-unneeded-services.yml - include: manage-ipv6-status.yml when: is_not_debian_less_than_6 - include: disable-ipv6-old-servers.yml