diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index fa185203f22c240f5ba2f4d8a7236364c3cce3fc..01abae8f1591b700810f825265309f4fc1c8d4ba 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -29,9 +29,6 @@ nginx:
# - {from: roundcube.crans.org, to: 10.231.136.105}
# - {from: phabricator.crans.org, to: 10.231.136.123}
# - {from: trackerusercontent.crans.org, to: 10.231.136.123}
- # - {from: cas.crans.org, to: 10.231.136.18}
- # - {from: auth.crans.org, to: 10.231.136.18}
- # - {from: login.crans.org, to: 10.231.136.18}
# - {from: webmail.crans.org, to: 10.231.136.107}
# - {from: horde.crans.org, to: 10.231.136.107}
# - {from: owncloud.crans.org, to: 10.231.136.26}
@@ -49,6 +46,9 @@ nginx:
# - {from: webirc.crans.org, to: "10.231.136.1:9000"}
- {from: framadate.crans.org, to: 172.16.10.109}
- {from: stream.crans.org, to: 172.16.10.118}
+ - {from: cas.crans.org, to: 172.16.10.120}
+ - {from: auth.crans.org, to: 172.16.10.120}
+ - {from: login.crans.org, to: 172.16.10.120}
# - {from: mailman.crans.org, to: 10.231.136.180}
#
# # Zamok
diff --git a/plays/cas.yml b/plays/cas.yml
index 009e7030fe5acda7c67f5b18443ca2f822b53bca..9fe922239ecbe709d4b9ad91adaaa953f107783c 100755
--- a/plays/cas.yml
+++ b/plays/cas.yml
@@ -3,4 +3,7 @@
# Django CAS server
- hosts: casouley.adm.crans.org
+ vars:
+ cas_secret_key: "{{ vault_cas_secret_key }}"
+ cas_ldap_password: "{{ vault_cas_ldap_password }}"
roles: ["django-cas"]
diff --git a/roles/django-cas/README.md b/roles/django-cas/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..6b9b47c5a55dbebdd4426148d054be4d4c511f3c
--- /dev/null
+++ b/roles/django-cas/README.md
@@ -0,0 +1,3 @@
+# Django CAS
+
+Une fois le rôle appliqué il faut aller dans `/var/local/django-cas` et faire un `./manage.py collectstatic`.
diff --git a/roles/django-cas/tasks/main.yml b/roles/django-cas/tasks/main.yml
index 069d70445e8bbeef21455c59af691331abaab02f..6472c51592559c133f0e63190258335c8e3f952c 100644
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@@ -8,6 +8,7 @@
- uwsgi-plugin-python3
- python3-django
- python3-django-cas-server
+ - python3-psycopg2
register: apt_result
retries: 3
until: apt_result is succeeded
@@ -21,6 +22,20 @@
when:
- ansible_lsb.codename == 'buster'
+- name: Clone Django CAS project repository
+ git:
+ repo: http://gitlab.adm.crans.org/nounous/django-cas.git
+ dest: /var/local/django-cas
+ version: master
+ umask: '002'
+
+- name: Configure Django CAS
+ template:
+ src: cas/settings_local.py.j2
+ dest: /var/local/django-cas/cas/settings_local.py
+ mode: 0600
+ notify: Restart uwsgi
+
- name: Configure NGINX site
template:
src: nginx/sites-available/cas.j2
diff --git a/roles/django-cas/templates/cas/settings_local.py.j2 b/roles/django-cas/templates/cas/settings_local.py.j2
new file mode 100644
index 0000000000000000000000000000000000000000..aaaebe11076ed23d0a186999007ec5b7b1afbe25
--- /dev/null
+++ b/roles/django-cas/templates/cas/settings_local.py.j2
@@ -0,0 +1,9 @@
+{{ ansible_header | comment }}
+
+SECRET_KEY = '{{ cas_secret_key }}'
+
+# Settings for the CAS server
+CAS_LDAP_SERVER = "172.16.10.90"
+CAS_LDAP_USER = "cn=cas,ou=service-users,dc=crans,dc=org"
+CAS_LDAP_PASSWORD = "{{ cas_ldap_password }}"
+CAS_LDAP_BASE_DN = "cn=Utilisateurs,dc=crans,dc=org"