Ansible角色 crowd

在您的系统上安装和配置Crowd。

GitHub	版本	问题	拉取请求	下载

示例剧本

此示例来自 molecule/default/converge.yml，并在每次推送、拉取请求和发布时进行测试。

---
- name: 收敛
  hosts: all
  become: true
  gather_facts: true

  roles:
    - role: buluma.crowd

需要准备机器。在CI中，这通过 molecule/default/prepare.yml 完成：

---
- hosts: all
  remote_user: root
  become: true
  gather_facts: false

  roles:
    - role: buluma.bootstrap
    - role: buluma.java

  tasks:
    - name: redhat | 注册subscription-manager
      ansible.builtin.raw: |
        set -eu
        subscription-manager register \
          --username={{ lookup('env', 'REDHAT_USERNAME') }} \
          --password={{ lookup('env', 'REDHAT_PASSWORD') }} \
          --auto-attach
      changed_when: false
      failed_when: false

    - name: debian | 安装python3
      ansible.builtin.raw: |
        set -eu
        apt-get update
        DEBIAN_FRONTEND=noninteractive apt-get install -y python3
      changed_when: false
      failed_when: false

    - name: redhat | yum 安装python3
      ansible.builtin.raw: |
        set -eu
        yum makecache
        yum install -y python3
      changed_when: false
      failed_when: false

    - name: suse | zypper 安装python3
      ansible.builtin.raw: |
        set -eu
        zypper -n --gpg-auto-import-keys refresh
        zypper -n install -y python3
      changed_when: false
      failed_when: false

- hosts: all
  remote_user: root
  become: true
  tasks:
    - name: cp -rfT /etc/skel /root
      ansible.builtin.raw: |
        set -eu
        cp -rfT /etc/skel /root
      changed_when: false
      failed_when: false

    - name: setenforce 0
      ansible.builtin.raw: |
        set -eu
        setenforce 0
        sed -i 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config
      changed_when: false
      failed_when: false

    - name: systemctl 停止firewalld.service
      ansible.builtin.raw: |
        set -eu
        systemctl stop firewalld.service
        systemctl disable firewalld.service
      changed_when: false
      failed_when: false

    - name: systemctl 停止ufw.service
      ansible.builtin.raw: |
        set -eu
        systemctl stop ufw.service
        systemctl disable ufw.service
      changed_when: false
      failed_when: false

    - name: debian | apt-get 安装*.deb
      ansible.builtin.raw: |
        set -eu
        DEBIAN_FRONTEND=noninteractive apt-get install -y bzip2 ca-certificates curl gcc gnupg gzip hostname iproute2 passwd procps python3 python3-apt python3-jmespath python3-lxml python3-pip python3-setuptools python3-venv python3-virtualenv python3-wheel rsync sudo tar unzip util-linux zip
      when: ansible_os_family | lower == "debian"
      changed_when: false
      failed_when: false

    # TODO: 因CVE-2024-3094保持版本
    - name: debian | 尝试安装xz-utils软件包
      ansible.builtin.pip:
        name: xz-utils==5.4.6
        state: present
      when: ansible_os_family | lower == "debian"
      changed_when: false
      failed_when: false

    - name: fedora | yum 安装*.rpm
      ansible.builtin.raw: |
        set -eu
        yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-dnf-plugin-versionlock python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-utils zip
      when: ansible_distribution | lower == "fedora"
      changed_when: false
      failed_when: false

    - name: redhat-9 | yum 安装*.rpm
      ansible.builtin.raw: |
        set -eu
        yum-config-manager --enable crb || echo $?
        yum-config-manager --enable codeready-builder-beta-for-rhel-9-x86_64-rpms || echo $?
        yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
        yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-dnf-plugin-versionlock python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-utils zip
      when: ansible_os_family | lower == "redhat" and ansible_distribution_major_version | lower == "9"
      changed_when: false
      failed_when: false

    - name: redhat-8 | yum 安装*.rpm
      ansible.builtin.raw: |
        set -eu
        yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
        yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-dnf-plugin-versionlock python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-utils zip
      when: ansible_os_family | lower == "redhat" and ansible_distribution_major_version | lower == "8"
      changed_when: false
      failed_when: false

    - name: redhat-7 | yum 安装*.rpm
      ansible.builtin.raw: |
        set -eu
        subscription-manager repos --enable=rhel-7-server-optional-rpms || echo $?
        yum install -y http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
        yum install -y bzip2 ca-certificates curl gcc gnupg2 gzip hostname iproute procps-ng python3 python3-jmespath python3-libselinux python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow-utils sudo tar unzip util-linux xz yum-plugin-versionlock yum-utils zip
      when: ansible_os_family | lower == "redhat" and ansible_distribution_major_version | lower == "7"
      changed_when: false
      failed_when: false

    - name: suse | zypper -n 安装*.rpm
      ansible.builtin.raw: |
        set -eu
        zypper -n install -y bzip2 ca-certificates curl gcc gpg2 gzip hostname iproute2 procps python3 python3-jmespath python3-lxml python3-pip python3-setuptools python3-virtualenv python3-wheel rsync shadow sudo tar unzip util-linux xz zip
      when: ansible_os_family | lower == "suse"
      changed_when: false
      failed_when: false

另请查看 完整的说明和示例 了解如何使用这些角色。

角色变量

变量的默认值设置在 defaults/main.yml 中：

---
# crowd的默认文件

# PostgreSQL JDBC版本
postgresql_jdbc_release: "42.3"

# PostgreSQL JDBC版本。
postgresql_jdbc_version: "{{ _postgresql_jdbc_version[postgresql_jdbc_release] }}"

# PostgreSQL JDBC下载详情。
postgresql_jdbc_download: "{{ _postgresql_jdbc_download[postgresql_jdbc_version] }}"

# Crowd版本。
crowd_release: "4.4"

# Crowd版本。
crowd_version: "{{ _crowd_version[crowd_release] }}"

# Crowd下载详情。
crowd_download: "{{ _crowd_download[crowd_version] }}"

# Crowd的所有者和组。
crowd_owner: "crowd"
crowd_group: "crowd"

# Crowd主目录。
crowd_home: "/var/atlassian/application-data/crowd"

# Crowd安装目录。
crowd_catalina: "/opt/atlassian/crowd"

# JVM的最小和最大内存使用。
crowd_jvm_minimum_memory: "1024m"
crowd_jvm_maximum_memory: "1024m"

# 代理和上下文路径设置。
crowd_catalina_connector_proxyname: ~
crowd_catalina_connector_proxyport: ~
crowd_catalina_connector_scheme: "http"
crowd_catalina_connector_secure: "false"
crowd_catalina_context_path: ~

# Atlassian支持推荐的JVM参数。
crowd_jvm_support_recommended_args: >-
  -Datlassian.plugins.enable.wait=300
  -XX:+UnlockExperimentalVMOptions
  -XX:+UseCGroupMemoryLimitForHeap
  -XX:MaxRAMFraction=1

# 会话超时（以分钟为单位）。
crowd_session_timeout: "120"

要求

• 在 requirements.txt 中列出的pip包。

使用的角色状态

以下角色用于准备系统。您可以以其他方式准备您的系统。

要求	GitHub	版本
buluma.bootstrap
buluma.java
alvistack.openjdk

上下文

该角色是许多兼容角色的一部分。有关更多信息，请查看 这些角色的文档。

以下是相关角色的概览：

兼容性

此角色已在以下容器镜像上测试：

所需的Ansible最低版本为2.12，已针对以下版本进行测试：

• 先前版本。
• 当前版本。
• 开发版本。

如果您发现问题，请在 GitHub 上注册。

变更日志

角色历史

许可证

Apache-2.0

作者信息

Shadow Walker