crowd
Ansible role crowd
Install and configure crowd on your system.
GitHub | Version | Issues | Pull Requests | Downloads |
---|---|---|---|---|
Example Playbook
This example is taken from molecule/default/converge.yml
and is tested on each push, pull request and release.
---
- name: Converge
hosts: all
become: true
gather_facts: true
roles:
- role: buluma.crowd
The machine needs to be prepared. In CI this is done using molecule/default/prepare.yml
:
---
- hosts: all
remote_user: root
become: true
gather_facts: false
roles:
- role: buluma.bootstrap
- role: buluma.java
tasks:
- name: redhat | subscription-manager register
ansible.builtin.raw: |
set -eu
subscription-manager register \
--username={{ lookup('env', 'REDHAT_USERNAME') }} \
--password={{ lookup('env', 'REDHAT_PASSWORD') }} \
--auto-attach
changed_when: false
failed_when: false
- name: debian | apt-get install python3
ansible.builtin.raw: |
set -eu
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y python3
changed_when: false
failed_when: false
- name: redhat | yum install python3
ansible.builtin.raw: |
set -eu
yum makecache
yum install -y python3
changed_when: false
failed_when: false
- name: suse | zypper install python3
ansible.builtin.raw: |
set -eu
zypper -n --gpg-auto-import-keys refresh
zypper -n install -y python3
changed_when: false
failed_when: false
- hosts: all
remote_user: root
become: true
tasks:
- name: cp -rfT /etc/skel /root
ansible.builtin.raw: |
set -eu
cp -rfT /etc/skel /root
changed_when: false
failed_when: false
- name: setenforce 0
ansible.builtin.raw: |
set -eu
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config
changed_when: false
failed_when: false
- name: systemctl stop firewalld.service
ansible.builtin.raw: |
set -eu
systemctl stop firewalld.service
systemctl disable firewalld.service
changed_when: false
failed_when: false
- name: systemctl stop ufw.service
ansible.builtin.raw: |
set -eu
systemctl stop ufw.service
systemctl disable ufw.service
changed_when: false
failed_when: false
- name: debian | apt-get install *.deb
ansible.builtin.raw: |
set -eu
DEBIAN_FRONTEND=noninteractive apt-get install -y bzip2 ca-certificates curl gcc gnupg gzip hostname iproute2 passwd procps python3 python3-apt python3-jmespath python3-lxml python3-pip python3-setuptools python3-venv python3-virtualenv python3-wheel rsync sudo tar unzip util-linux zip
when: ansible_os_family | lower == "debian"
changed_when: false
failed_when: false
# TODO: Pinning due to CVE-2024-3094
- name: debian | Try to install xz-utils packages
ansible.builtin.pip:
name: xz-utils==5.4.6
state: present
when: ansible_os_family | lower == "debian"
changed_when: false
failed_when: false
- name: fedora | yum install *.rpm
ansible.builtin.raw: |
set -eu
yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-dnf-plugin-versionlock python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-utils zip
when: ansible_distribution | lower == "fedora"
changed_when: false
failed_when: false
- name: redhat-9 | yum install *.rpm
ansible.builtin.raw: |
set -eu
yum-config-manager --enable crb || echo $?
yum-config-manager --enable codeready-builder-beta-for-rhel-9-x86_64-rpms || echo $?
yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-dnf-plugin-versionlock python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-utils zip
when: ansible_os_family | lower == "redhat" and ansible_distribution_major_version | lower == "9"
changed_when: false
failed_when: false
- name: redhat-8 | yum install *.rpm
ansible.builtin.raw: |
set -eu
yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-dnf-plugin-versionlock python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-utils zip
when: ansible_os_family | lower == "redhat" and ansible_distribution_major_version | lower == "8"
changed_when: false
failed_when: false
- name: redhat-7 | yum install *.rpm
ansible.builtin.raw: |
set -eu
subscription-manager repos --enable=rhel-7-server-optional-rpms || echo $?
yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-plugin-versionlock yum-utils zip
when: ansible_os_family | lower == "redhat" and ansible_distribution_major_version | lower == "7"
changed_when: false
failed_when: false
- name: suse | zypper -n install *.rpm
ansible.builtin.raw: |
set -eu
zypper -n install -y bzip2 ca-certificates curl gcc gpg2 gzip hostname iproute2 procps python3 python3-jmespath python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow sudo tar unzip util-linux xz zip
when: ansible_os_family | lower == "suse"
changed_when: false
failed_when: false
Also see a full explanation and example on how to use these roles.
Role Variables
The default values for the variables are set in defaults/main.yml
:
---
# defaults file for crowd
# PostgreSQL JDBC release.
postgresql_jdbc_release: "42.3"
# PostgreSQL JDBC version.
postgresql_jdbc_version: "{{ _postgresql_jdbc_version[postgresql_jdbc_release] }}"
# PostgreSQL JDBC download details.
postgresql_jdbc_download: "{{ _postgresql_jdbc_download[postgresql_jdbc_version] }}"
# Crowd release.
crowd_release: "4.4"
# Crowd version.
crowd_version: "{{ _crowd_version[crowd_release] }}"
# Crowd download details.
crowd_download: "{{ _crowd_download[crowd_version] }}"
# Owner and group for Crowd.
crowd_owner: "crowd"
crowd_group: "crowd"
# Crowd home directory.
crowd_home: "/var/atlassian/application-data/crowd"
# Crowd installation directory.
crowd_catalina: "/opt/atlassian/crowd"
# JVM minimal and maximum memory usage.
crowd_jvm_minimum_memory: "1024m"
crowd_jvm_maximum_memory: "1024m"
# Proxy and context path setup.
crowd_catalina_connector_proxyname: ~
crowd_catalina_connector_proxyport: ~
crowd_catalina_connector_scheme: "http"
crowd_catalina_connector_secure: "false"
crowd_catalina_context_path: ~
# Atlassian Support recommended JVM arguments.
crowd_jvm_support_recommended_args: >-
-Datlassian.plugins.enable.wait=300
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-XX:MaxRAMFraction=1
# Session timeout (in minutes).
crowd_session_timeout: "120"
Requirements
- pip packages listed in requirements.txt.
State of used roles
The following roles are used to prepare a system. You can prepare your system in another way.
Requirement | GitHub | Version |
---|---|---|
buluma.bootstrap | ||
buluma.java | ||
alvistack.openjdk |
Context
This role is a part of many compatible roles. Have a look at the documentation of these roles for further information.
Here is an overview of related roles:
Compatibility
This role has been tested on these container images:
container | tags |
---|---|
Amazon | Candidate |
EL | 8 |
Debian | all |
Fedora | all |
opensuse | all |
Ubuntu | all |
The minimum version of Ansible required is 2.12, tests have been done to:
- The previous version.
- The current version.
- The development version.
If you find issues, please register them in GitHub
Changelog
License
Author Information
ansible-galaxy install buluma/ansible-role-crowd