Configure CAS

group_vars/reverseproxy.yml

@@ -29,9 +29,6 @@ nginx:
     #    - {from: roundcube.crans.org, to: 10.231.136.105}
     #    - {from: phabricator.crans.org, to: 10.231.136.123}
     #    - {from: trackerusercontent.crans.org, to: 10.231.136.123}
-    #    - {from: cas.crans.org, to: 10.231.136.18}
-    #    - {from: auth.crans.org, to: 10.231.136.18}
-    #    - {from: login.crans.org, to: 10.231.136.18}
     #    - {from: webmail.crans.org, to: 10.231.136.107}
     #    - {from: horde.crans.org, to: 10.231.136.107}
     #    - {from: owncloud.crans.org, to: 10.231.136.26}
@@ -49,6 +46,9 @@ nginx:
     #    - {from: webirc.crans.org, to: "10.231.136.1:9000"}
     - {from: framadate.crans.org, to: 172.16.10.109}
     - {from: stream.crans.org, to: 172.16.10.118}
+    - {from: cas.crans.org, to: 172.16.10.120}
+    - {from: auth.crans.org, to: 172.16.10.120}
+    - {from: login.crans.org, to: 172.16.10.120}
     #    - {from: mailman.crans.org, to: 10.231.136.180}
     #
     #    # Zamok

plays/cas.yml

@@ -3,4 +3,7 @@
 # Django CAS server
 
 - hosts: casouley.adm.crans.org
+  vars:
+    cas_secret_key: "{{ vault_cas_secret_key }}"
+    cas_ldap_password: "{{ vault_cas_ldap_password }}"
   roles: ["django-cas"]

roles/django-cas/README.md

+# Django CAS
+
+Une fois le rôle appliqué il faut aller dans `/var/local/django-cas` et faire un `./manage.py collectstatic`.

roles/django-cas/tasks/main.yml

@@ -8,6 +8,7 @@
       - uwsgi-plugin-python3
       - python3-django
       - python3-django-cas-server
+      - python3-psycopg2
   register: apt_result
   retries: 3
   until: apt_result is succeeded
@@ -21,6 +22,20 @@
   when:
     - ansible_lsb.codename == 'buster'
 
+- name: Clone Django CAS project repository
+  git:
+    repo: http://gitlab.adm.crans.org/nounous/django-cas.git
+    dest: /var/local/django-cas
+    version: master
+    umask: '002'
+
+- name: Configure Django CAS
+  template:
+    src: cas/settings_local.py.j2
+    dest: /var/local/django-cas/cas/settings_local.py
+    mode: 0600
+  notify: Restart uwsgi
+
 - name: Configure NGINX site
   template:
     src: nginx/sites-available/cas.j2

roles/django-cas/templates/cas/settings_local.py.j2

+{{ ansible_header | comment }}
+
+SECRET_KEY = '{{ cas_secret_key }}'
+
+# Settings for the CAS server
+CAS_LDAP_SERVER = "172.16.10.90"
+CAS_LDAP_USER = "cn=cas,ou=service-users,dc=crans,dc=org"
+CAS_LDAP_PASSWORD = "{{ cas_ldap_password }}"
+CAS_LDAP_BASE_DN = "cn=Utilisateurs,dc=crans,dc=org"