diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml
index 44aee99313dd6fc6fb6000ba16433defa7790fc6..defee09cc7bac9a3268320e8cdafa35e28922686 100644
--- a/group_vars/all/vars.yaml
+++ b/group_vars/all/vars.yaml
@@ -1,4 +1,5 @@
---
+
# Custom header
dirty: "{{lookup('pipe', 'git diff --quiet || echo dirty')}}"
ansible_header: |
@@ -40,7 +41,8 @@ adm_subnet: 10.231.136.0/24
#
#
# # global server definitions
-# mail_server: smtp.adm.crans.org
+glob_smtp: smtp.adm.crans.org
+
glob_ldap:
servers:
- 172.16.10.1
diff --git a/group_vars/re2o.yml b/group_vars/re2o.yml
new file mode 100644
index 0000000000000000000000000000000000000000..63ed9d985eb23894fcdd5d2b08b9fef7da00aa65
--- /dev/null
+++ b/group_vars/re2o.yml
@@ -0,0 +1,17 @@
+---
+glob_re2o:
+ django_secret_key: "{{ vault_re2o_django_secret_key }}"
+ aes_key: "{{ vault_re2o_aes_key }}"
+ admins:
+ - ('Root', 'root@crans.org')
+ allowed_hosts:
+ - 're2o.adm.crans.org'
+ - 'intranet.adm.crans.org'
+ from_email: "root@crans.org"
+ ldap:
+ master_password: "{{ vault_ldap_master_password }}"
+ uri: "ldap://re2o-ldap.adm.crans.org/"
+ dn: "cn=admin,dc=crans,dc=org"
+ database:
+ password: "{{ vault_re2o_db_password }}"
+ uri: "tealc.adm.crans.org"
diff --git a/host_vars/re2o-newinfra.adm.crans.org.yml b/host_vars/re2o-newinfra.adm.crans.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9a00f5a18beea63f527f224ae13faef9e093f3a1
--- /dev/null
+++ b/host_vars/re2o-newinfra.adm.crans.org.yml
@@ -0,0 +1,12 @@
+---
+interfaces:
+ adm: eth0
+ srv-nat: eth1
+
+
+loc_re2o:
+ owner: root
+ group: nounou
+ version: master
+ settings_local_owner: root
+ settings_local_group: nounou
diff --git a/hosts b/hosts
index 10cf9866328b010bce9685ace65062105b93132c..a875a9ee8edccd4075b6a1690280f429d08ce393 100644
--- a/hosts
+++ b/hosts
@@ -25,6 +25,9 @@
# [test_vm]
# re2o-test.adm.crans.org
+[re2o]
+re2o-newinfra.adm.crans.org
+
[bdd]
tealc.adm.crans.org
@@ -62,6 +65,7 @@ jack.adm.crans.org
routeur-sam.adm.crans.org
routeur-daniel.adm.crans.org
belenios # on changera plus tard
+re2o-ldap.adm.crans.org
[ovh_physical]
sputnik.adm.crans.org
diff --git a/plays/re2o.yml b/plays/re2o.yml
new file mode 100755
index 0000000000000000000000000000000000000000..1aff13b2960940eacd9e1bf5802a26a4e2768392
--- /dev/null
+++ b/plays/re2o.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: re2o
+ vars:
+ re2o: "{{ glob_re2o | combine(loc_re2o) }}"
+ roles:
+ - re2o
diff --git a/roles/re2o/tasks/main.yml b/roles/re2o/tasks/main.yml
index 7ec7c9a4c9973fe076bc123386c9652beb4928fe..b16c0b552e2c6917c57e1d08c4d0f4bdba4df48f 100644
--- a/roles/re2o/tasks/main.yml
+++ b/roles/re2o/tasks/main.yml
@@ -14,7 +14,9 @@
- python3-dateutil
- python3-djangorestframework
- python3-django-reversion
+ - python3-django-ldapdb
- python3-pip
+ - python3-pil
- python3-crypto
- python3-git
- python3-psycopg2
@@ -32,7 +34,7 @@
executable: pip2
name:
- django-bootstrap3
- - django-ldapdb==0.9.0
+ - django-ldapdb==1.3.0
- django-macaddress
- name: Install re2o pip3 dependancies
@@ -40,7 +42,6 @@
executable: pip3
name:
- django-bootstrap3
- - django-ldapdb==0.9.0
- django-macaddress
- name: Create re2o directory
diff --git a/roles/re2o/templates/re2o/settings_local.py.j2 b/roles/re2o/templates/re2o/settings_local.py.j2
index a11c957f36a1caa3e0be53ea66fda1463ebf2335..4c45eed11c60a6626cea8eaca091d81c3fa4cd71 100644
--- a/roles/re2o/templates/re2o/settings_local.py.j2
+++ b/roles/re2o/templates/re2o/settings_local.py.j2
@@ -7,7 +7,7 @@ from __future__ import unicode_literals
SECRET_KEY = '{{ re2o.django_secret_key }}'
# The password to access the project database
-DB_PASSWORD = '{{ re2o.db_password }}'
+DB_PASSWORD = '{{ re2o.database.password }}'
# AES key for secret key encryption.
# The length must be a multiple of 16
@@ -18,10 +18,10 @@ AES_KEY = '{{ re2o.aes_key }}'
DEBUG = False
# A list of admins of the services. Receive mails when an error occurs
-ADMINS = [('Root', 'root@crans.org')]
+ADMINS = [{% for admin in re2o.admins %}{{ admin }}, {% endfor %}]
# The list of hostname the server will respond to.
-ALLOWED_HOSTS = ['re2o.crans.org', 're2o.adm.crans.org', 'intranet.crans.org', 'intranet.adm.crans.org', 're2o-srv.crans.org', 're2o-srv.adm.crans.org', 'intranet.switches.crans.org', 're2o.switches.crans.org', 're2o-srv.switches.crans.org']
+ALLOWED_HOSTS = [{% for host in re2o.allowed_hosts %}'{{ host }}', {% endfor %}]
# The time zone the server is runned in
TIME_ZONE = 'Europe/Paris'
@@ -33,7 +33,7 @@ DATABASES = {
'NAME': 're2o',
'USER': 're2o',
'PASSWORD': DB_PASSWORD,
- 'HOST': 'pgsql.adm.crans.org',
+ 'HOST': '{{ re2o.database.uri }}',
'TEST': {
'CHARSET': 'utf8',
'COLLATION': 'utf8_general_ci'
@@ -41,10 +41,10 @@ DATABASES = {
},
'ldap': { # The LDAP
'ENGINE': 'ldapdb.backends.ldap',
- 'NAME': 'ldap://re2o-ldap.adm.crans.org/',
- 'USER': 'cn=admin,dc=crans,dc=org',
+ 'NAME': '{{ re2o.ldap.uri }}',
+ 'USER': 'cn=admin,{{ glob_ldap.base }}',
'TLS': False,
- 'PASSWORD': '{{ ldap.master_password }}',
+ 'PASSWORD': '{{ re2o.ldap.master_password }}',
}
}
@@ -62,19 +62,19 @@ SESSION_COOKIE_AGE = 60 * 60 * 3
LOGO_PATH = "static_files/logo.png"
# The mail configuration for Re2o to send mails
-SERVER_EMAIL = 'root@crans.org' # The mail address to use
-EMAIL_HOST = 'smtp.adm.crans.org' # The host to use
+SERVER_EMAIL = '{{ re2o.from_email }}' # The mail address to use
+EMAIL_HOST = '{{ glob_smtp }}' # The host to use
EMAIL_PORT = 25 # The port to use
# Settings of the LDAP structure
LDAP = {
- 'base_user_dn' : u'cn=Utilisateurs,dc=crans,dc=org',
- 'base_userservice_dn' : u'ou=service-users,dc=crans,dc=org',
- 'base_usergroup_dn' : u'ou=posix,ou=groups,dc=crans,dc=org',
- 'base_userservicegroup_dn' : u'ou=services,ou=groups,dc=crans,dc=org',
- 'base_dn' : 'dc=crans,dc=org',
+ 'base_user_dn': u'cn=Utilisateurs,{{ glob_ldap.base }}',
+ 'base_userservice_dn': u'ou=service-users,{{ glob_ldap.base }}',
+ 'base_usergroup_dn': u'ou=posix,ou=groups,{{ glob_ldap.base }}',
+ 'base_userservicegroup_dn': u'ou=services,ou=groups,{{ glob_ldap.base }}',
+ 'base_dn': '{{ glob_ldap.base }}',
'user_gid': 500,
- }
+}
# A range of UID to use. Used in linux environement
UID_RANGES = {
@@ -87,7 +87,10 @@ GID_RANGES = {
'posix': [501, 600],
}
-CAPTIVE_IP_RANGE = "10.51.0.0/16"
+# CAPTIVE_IP_RANGE = "10.51.0.0/16"
+
+# Some optionnal Re2o Apps
+OPTIONNAL_APPS_RE2O = ()
# Some Django apps you want to add in you local project
-OPTIONNAL_APPS = ('api',)
+OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + ('api',)