Refactor OpenProject role:

- Add CPU, memory and PID limits to all services in config/main.yml to prevent OOM - Replace old LDAP admin bootstrap with new 02_admin.yml using OPENPROJECT_ADMINISTRATOR_* vars - Standardize variable names (uppercase convention) - Fix HTTPS/HSTS port check (443 instead of 433) - Allow docker_restart_policy override in base.yml.j2 - Cleanup redundant LDAP admin runner in 01_ldap.yml See: https://chatgpt.com/share/68d40c6e-ab9c-800f-a4a0-d9338d8c1b32
2025-10-11 03:08:10 +02:00 · 2025-09-24 17:22:47 +02:00
parent 4f59e8e48b
commit ca52dcda43
10 changed files with 134 additions and 88 deletions
--- a/roles/web-app-openproject/tasks/01_ldap.yml
+++ b/roles/web-app-openproject/tasks/01_ldap.yml
@@ -77,25 +77,3 @@
  when: ldap_check.query_result | length == 0
  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
-
-# This works just after the first admin login
-# @todo Remove and replace trough LDAP RBAC group
- name: Set LDAP user as admin via OpenProject Rails runner
-  shell: >
-    docker compose exec web bash -c "
-      cd /app &&
-      RAILS_ENV={{ ENVIRONMENT | lower }} bundle exec rails runner \"
-        user = User.find_by(mail: '{{ users.administrator.email }}');
-        if user.nil?;
-          puts 'User with email {{ users.administrator.email }} not found.';
-        else;
-          user.admin = true;
-          user.save!;
-          puts 'User \#{user.login} is now an admin.';
-        end
-      \"
-    "
-  args:
-    chdir: "{{ docker_compose.directories.instance }}"
-  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"