library/roles/redmine/tasks: Change the ldap sync cron job so that it syncs the ldap groups too.

library/roles/ubuntu-deb-general/tasks/disable-unneeded-services.yml: Disable some services that we do not want running.
2015-12-27 13:52:58 +01:00 · 2015-12-27 13:52:58 +01:00 · 40cd9400e3
parent be595c9db5
commit 40cd9400e3
7 changed files with 28 additions and 9 deletions
--- a/redmine/defaults/main.yml
+++ b/redmine/defaults/main.yml
@ -16,12 +16,16 @@ redmine_user: redmine
 redmine_group: redmine
 # Minutes, from 1 to 60
 redmine_ldap_sync_freq: 10
+# users, groups, all
+redmine_ldap_sync_who: all

 redmine_glob_user: www-data
 redmine_glob_group: www-data
 redmine_glob_users_home_base: /srv/redmine-home

 # Plugins
+rm_ldap_auth: True
+rm_ldap_synch: True
 rm_embedded_tabs_plugin: False
 rm_recurring_tasks_plugin: False
 redmine_install_agile_plugin: False
--- a/redmine/tasks/redmine-plugins.yml
+++ b/redmine/tasks/redmine-plugins.yml
@ -15,9 +15,15 @@

 - name: Install the ldap sync plugin
  git: repo=https://github.com/thorin/redmine_ldap_sync.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_ldap_sync update=no
+  when: rm_ldap_synch
  notify:
    - Bundle install and reconfigure redmine
-  tags: [ 'redmine', 'redmine_plugins' ]
+  tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_synch' ]
+
+- name: Cron job that manages the ldap synch
+  template: src=redmine-ldap-sync.cron.j2 dest=/etc/cron.d/redmine-ldap-sync owner=root group=root mode=0444
+  when: rm_ldap_synch
+  tags: [ 'redmine', 'redmine_plugins', 'rm_ldap_synch' ]

 - name: Redmine login audit plugin
  git: repo=https://github.com/martin-denizet/redmine_login_audit.git dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_login_audit update=no
@ -66,6 +72,11 @@
  when: rm_recurring_tasks_plugin
  tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ]

+- name: Cron job that manages the recurring tasks
+  template: src=redmine-recurring-tasks.cron.j2 dest=/etc/cron.d/redmine-recurring-tasks owner=root group=root mode=0444
+  when: rm_recurring_tasks_plugin
+  tags: [ 'redmine', 'redmine_plugins', 'rm_recurring_tasks' ]
+
 - name: Redmine agile plugin. Free version from www.redminecrm.com
  unarchive: src=redmine_agile.zip dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins creates={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/plugins/redmine_agile/init.rb
  when: redmine_install_agile_plugin
--- a/redmine/tasks/redmine.yml
+++ b/redmine/tasks/redmine.yml
@ -100,13 +100,6 @@
    - Reload unicorn when needed
  tags: redmine

- name: Cron jobs that manage recurring tasks
-  template: src={{ item }}.cron.j2 dest=/etc/cron.d/{{ item }} owner=root group=root mode=0444
-  with_items:
-    - redmine-recurring-tasks
-    - redmine-ldap-sync
-  tags: redmine
-
 - name: Add unicorn to the redmine Gemfile
  copy: dest={{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Gemfile.local content='gem "unicorn"\n' owner={{ redmine_user }} group={{ redmine_group }}
  when: ruby_use_unicorn
--- a/redmine/templates/redmine-ldap-sync.cron.j2
+++ b/redmine/templates/redmine-ldap-sync.cron.j2
@ -1 +1 @@
-*/{{ redmine_ldap_sync_freq }} * * * *	{{ redmine_user }}	/usr/local/bin/rake -f {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Rakefile --silent redmine:plugins:ldap_sync:sync_users RAILS_ENV=production >{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log/redmine-ldap-sync.log 2>&1
+*/{{ redmine_ldap_sync_freq }} * * * *	{{ redmine_user }}	/usr/local/bin/rake -f {{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/Rakefile --silent redmine:plugins:ldap_sync:sync_{{ redmine_ldap_sync_who }} RAILS_ENV=production >{{ redmine_glob_root_dir }}/{{ redmine_inst_dir }}/log/redmine-ldap-sync.log 2>&1
--- a/ubuntu-deb-general/defaults/main.yml
+++ b/ubuntu-deb-general/defaults/main.yml
@ -75,6 +75,11 @@ exim_email_server_pkgs:
  - exim4-config
  - exim4-daemon-light

+services_to_be_disabled:
+  - rpcbind
+  - atd
+  - acpid
+  
 disable_ipv6: True
 ipv6_sysctl_value: 1
 ipv6_sysctl_file: /etc/sysctl.d/10-ipv6-disable.conf
--- a/ubuntu-deb-general/tasks/disable-unneeded-services.yml
+++ b/ubuntu-deb-general/tasks/disable-unneeded-services.yml
@ -0,0 +1,5 @@
+---
+- name: Disable some unneeded services
+  service: name={{ item }} state=stopped enabled=no
+  with_items: services_to_be_disabled
+  tags: [ 'bootstrap', 'disable_services' ]
--- a/ubuntu-deb-general/tasks/main.yml
+++ b/ubuntu-deb-general/tasks/main.yml
@ -5,6 +5,7 @@
 - include: packages.yml
 - include: ntp.yml
 - include: remove-unneeded-pkgs.yml
+- include: disable-unneeded-services.yml
 - include: manage-ipv6-status.yml
  when: is_not_debian_less_than_6
 - include: disable-ipv6-old-servers.yml