library/roles/redmine/tasks: Change the ldap sync cron job so that it syncs the ldap groups too.

library/roles/ubuntu-deb-general/tasks/disable-unneeded-services.yml: Disable some services that we do not want running.
This commit is contained in:
Andrea Dell'Amico 2015-12-27 13:52:58 +01:00
parent be595c9db5
commit 40cd9400e3
7 changed files with 28 additions and 9 deletions

View File

@ -16,12 +16,16 @@ redmine_user: redmine
redmine_group: redmine redmine_group: redmine
# Minutes, from 1 to 60 # Minutes, from 1 to 60
redmine_ldap_sync_freq: 10 redmine_ldap_sync_freq: 10
# users, groups, all
redmine_ldap_sync_who: all
redmine_glob_user: www-data redmine_glob_user: www-data
redmine_glob_group: www-data redmine_glob_group: www-data
redmine_glob_users_home_base: /srv/redmine-home redmine_glob_users_home_base: /srv/redmine-home
# Plugins # Plugins
rm_ldap_auth: True
rm_ldap_synch: True
rm_embedded_tabs_plugin: False rm_embedded_tabs_plugin: False
rm_recurring_tasks_plugin: False rm_recurring_tasks_plugin: False
redmine_install_agile_plugin: False redmine_install_agile_plugin: False

View File

@ -15,9 +15,15 @@
- name: Install the ldap sync plugin - name: Install the ldap sync plugin
git: repo=https://github.com/thorin/redmine_ldap_sync.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_ldap_sync update=no git: repo=https://github.com/thorin/redmine_ldap_sync.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_ldap_sync update=no
when: rm_ldap_synch
notify: notify:
- Bundle install and reconfigure redmine - Bundle install and reconfigure redmine
tags: [ 'redmine', 'redmine_plugins' ] tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_synch' ]
- name: Cron job that manages the ldap synch
template: src=redmine-ldap-sync.cron.j2 dest=/etc/cron.d/redmine-ldap-sync owner=root group=root mode=0444
when: rm_ldap_synch
tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_synch' ]
- name: Redmine login audit plugin - name: Redmine login audit plugin
git: repo=https://github.com/martin-denizet/redmine_login_audit.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_login_audit update=no git: repo=https://github.com/martin-denizet/redmine_login_audit.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_login_audit update=no
@ -66,6 +72,11 @@
when: rm_recurring_tasks_plugin when: rm_recurring_tasks_plugin
tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ] tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ]
- name: Cron job that manages the recurring tasks
template: src=redmine-recurring-tasks.cron.j2 dest=/etc/cron.d/redmine-recurring-tasks owner=root group=root mode=0444
when: rm_recurring_tasks_plugin
tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ]
- name: Redmine agile plugin. Free version from www.redminecrm.com - name: Redmine agile plugin. Free version from www.redminecrm.com
unarchive: src=redmine_agile.zip dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins creates={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_agile/init.rb unarchive: src=redmine_agile.zip dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins creates={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_agile/init.rb
when: redmine_install_agile_plugin when: redmine_install_agile_plugin

View File

@ -100,13 +100,6 @@
- Reload unicorn when needed - Reload unicorn when needed
tags: redmine tags: redmine
- name: Cron jobs that manage recurring tasks
template: src={{ item }}.cron.j2 dest=/etc/cron.d/{{ item }} owner=root group=root mode=0444
with_items:
- redmine-recurring-tasks
- redmine-ldap-sync
tags: redmine
- name: Add unicorn to the redmine Gemfile - name: Add unicorn to the redmine Gemfile
copy: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Gemfile.local content='gem "unicorn"\n' owner={{ redmine_user }} group={{ redmine_group }} copy: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Gemfile.local content='gem "unicorn"\n' owner={{ redmine_user }} group={{ redmine_group }}
when: ruby_use_unicorn when: ruby_use_unicorn

View File

@ -1 +1 @@
*/{{ redmine_ldap_sync_freq }} * * * * {{ redmine_user }} /usr/local/bin/rake -f {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Rakefile --silent redmine:plugins:ldap_sync:sync_users RAILS_ENV=production >{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log/redmine-ldap-sync.log 2>&1 */{{ redmine_ldap_sync_freq }} * * * * {{ redmine_user }} /usr/local/bin/rake -f {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Rakefile --silent redmine:plugins:ldap_sync:sync_{{ redmine_ldap_sync_who }} RAILS_ENV=production >{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log/redmine-ldap-sync.log 2>&1

View File

@ -75,6 +75,11 @@ exim_email_server_pkgs:
- exim4-config - exim4-config
- exim4-daemon-light - exim4-daemon-light
services_to_be_disabled:
- rpcbind
- atd
- acpid
disable_ipv6: True disable_ipv6: True
ipv6_sysctl_value: 1 ipv6_sysctl_value: 1
ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf

View File

@ -0,0 +1,5 @@
---
- name: Disable some unneeded services
service: name={{ item }} state=stopped enabled=no
with_items: services_to_be_disabled
tags: [ 'bootstrap', 'disable_services' ]

View File

@ -5,6 +5,7 @@
- include: packages.yml - include: packages.yml
- include: ntp.yml - include: ntp.yml
- include: remove-unneeded-pkgs.yml - include: remove-unneeded-pkgs.yml
- include: disable-unneeded-services.yml
- include: manage-ipv6-status.yml - include: manage-ipv6-status.yml
when: is_not_debian_less_than_6 when: is_not_debian_less_than_6
- include: disable-ipv6-old-servers.yml - include: disable-ipv6-old-servers.yml