Commit aff5a3be authored by erdnaxe's avatar erdnaxe 🎇

Merge branch 'casouley' into 'newinfra'

Casouley

See merge request !88
parents 09535213 2aedbe0a
......@@ -14,6 +14,7 @@
- import_playbook: plays/monitoring.yml
# Services that only apply to a subset of server
- import_playbook: plays/cas.yml
- import_playbook: plays/dhcp.yml
- import_playbook: plays/dns.yml
- import_playbook: plays/etherpad.yml
......
......@@ -29,9 +29,6 @@ nginx:
# - {from: roundcube.crans.org, to: 10.231.136.105}
# - {from: phabricator.crans.org, to: 10.231.136.123}
# - {from: trackerusercontent.crans.org, to: 10.231.136.123}
# - {from: cas.crans.org, to: 10.231.136.18}
# - {from: auth.crans.org, to: 10.231.136.18}
# - {from: login.crans.org, to: 10.231.136.18}
# - {from: webmail.crans.org, to: 10.231.136.107}
# - {from: horde.crans.org, to: 10.231.136.107}
# - {from: owncloud.crans.org, to: 10.231.136.26}
......@@ -49,6 +46,9 @@ nginx:
# - {from: webirc.crans.org, to: "10.231.136.1:9000"}
- {from: framadate.crans.org, to: 172.16.10.109}
- {from: stream.crans.org, to: 172.16.10.118}
- {from: cas.crans.org, to: 172.16.10.120}
- {from: auth.crans.org, to: 172.16.10.120}
- {from: login.crans.org, to: 172.16.10.120}
# - {from: mailman.crans.org, to: 10.231.136.180}
#
# # Zamok
......
......@@ -90,6 +90,8 @@ monitoring.adm.crans.org
boeing.adm.crans.org
fluxx.adm.crans.org
unifi.adm.crans.org
pastemoisa.adm.crans.org
casouley.adm.crans.org
[ovh_physical]
sputnik.adm.crans.org
......
#!/usr/bin/env ansible-playbook
---
# Django CAS server
- hosts: casouley.adm.crans.org
vars:
cas_secret_key: "{{ vault_cas_secret_key }}"
cas_ldap_password: "{{ vault_cas_ldap_password }}"
roles: ["django-cas"]
# Django CAS
Une fois le rôle appliqué il faut aller dans `/var/local/django-cas` et faire un `./manage.py collectstatic`.
---
- name: Restart nginx
service:
name: nginx
state: restarted
- name: Restart uwsgi
service:
name: uwsgi
state: restarted
......@@ -8,10 +8,62 @@
- uwsgi-plugin-python3
- python3-django
- python3-django-cas-server
- python3-psycopg2
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Upgrade to Bullseye Django CAS
apt:
deb: http://mirror.adm.crans.org/debian/pool/main/d/django-cas-server/python3-django-cas-server_1.1.0-2_all.deb
register: apt_result
retries: 3
until: apt_result is succeeded
when:
- ansible_lsb.codename == 'buster'
- name: Clone Django CAS project repository
git:
repo: http://gitlab.adm.crans.org/nounous/django-cas.git
dest: /var/local/django-cas
version: master
umask: '002'
- name: Configure Django CAS
template:
src: cas/settings_local.py.j2
dest: /var/local/django-cas/cas/settings_local.py
mode: 0600
notify: Restart uwsgi
- name: Configure NGINX site
template:
src: nginx/sites-available/cas.j2
dest: /etc/nginx/sites-available/cas
mode: 0644
notify: Restart nginx
- name: Enable nginx site
file:
src: /etc/nginx/sites-available/cas
dest: /etc/nginx/sites-enabled/cas
state: link
notify: Restart nginx
- name: Configure UWSGI app
template:
src: uwsgi/apps-available/cas.ini.j2
dest: /etc/uwsgi/apps-available/cas.ini
mode: 0644
notify: Restart uwsgi
- name: Enable uwsgi app
file:
src: /etc/uwsgi/apps-available/cas.ini
dest: /etc/uwsgi/apps-enabled/cas.ini
state: link
notify: Restart uwsgi
- name: Install CAS crons
template:
src: cron.d/cas.j2
......
{{ ansible_header | comment }}
SECRET_KEY = '{{ cas_secret_key }}'
# Settings for the CAS server
CAS_LDAP_SERVER = "172.16.10.90"
CAS_LDAP_USER = "cn=cas,ou=service-users,dc=crans,dc=org"
CAS_LDAP_PASSWORD = "{{ cas_ldap_password }}"
CAS_LDAP_BASE_DN = "cn=Utilisateurs,dc=crans,dc=org"
{{ ansible_header | comment }}
0 0 * * * www-data /usr/local/django/cas/manage.py clearsessions
*/5 * * * * www-data /usr/local/django/cas/manage.py cas_clean_tickets
5 0 * * * www-data /usr/local/django/cas/manage.py cas_clean_sessions
0 0 * * * www-data /var/local/django-cas/manage.py clearsessions
*/5 * * * * www-data /var/local/django-cas/manage.py cas_clean_tickets
5 0 * * * www-data /var/local/django-cas/manage.py cas_clean_sessions
{{ ansible_header | comment }}
server {
server_name cas.crans.org cas.adm.crans.org login.crans.org login.adm.crans.org auth.crans.org auth.adm.crans.org;
listen 80;
listen [::]:80;
location /cas {
rewrite ^/cas$ / redirect;
rewrite ^/cas/(.*)$ /$1 redirect;
}
location /static {
alias /var/local/django-cas/cas/local_static;
}
set_real_ip_from 10.231.136.0/24;
set_real_ip_from 2a0c:700:0:2::/64;
real_ip_header P-Real-Ip;
location / {
uwsgi_pass unix:///var/run/uwsgi/app/cas/socket;
include uwsgi_params;
}
}
#!/usr/bin/tail +14
{{ ansible_header | comment }}
> django-cas-server a été déployé sur cette machine. Voir /usr/local/django/cas/.
> django-cas-server a été déployé sur cette machine. Voir /var/local/django-cas/.
{{ ansible_header | comment }}
[uwsgi]
plugin = python3
chdir = /var/local/django-cas/
wsgi-file = /var/local/django-cas/cas/wsgi.py
max-request=50
cheaper = 1
cheaper-initial = 1
workers = 2
die-on-term = true
memory-report = true
reload-on-rss = 75M
evil-reload-on-rss = 200M
limit-as = 450M
reload-on-as = 350M
evil-reload-on-as = 500M
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment