From 585d947b6f879e0cf17e69033abb71a2877046cf Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 2 Jan 2021 09:34:22 +0100
Subject: [PATCH] Migrate CAS to new infra
---
group_vars/reverseproxy.yml | 5 +----
hosts | 2 +-
plays/cas.yml | 3 ++-
roles/django-cas/tasks/main.yml | 11 ++---------
roles/django-cas/templates/cas/settings_local.py.j2 | 11 +++++++++++
5 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml
index 5387c9ba..2eef7bea 100644
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@@ -19,19 +19,16 @@ nginx:
reverseproxy_sites:
# Services web Crans
- # - {from: lutim.crans.org, to: 10.231.136.69}
- # - {from: ftps.crans.org, to: 10.231.136.98}
# - {from: re2o.crans.org, to: 10.231.136.9}
# - {from: intranet.crans.org, to: 10.231.136.9}
# - {from: grafana.crans.org, to: "10.231.136.102:3000"}
+ - {from: ftps.crans.org, to: 172.16.10.30}
- {from: webmail.crans.org, to: 172.16.10.108}
- {from: webirc.crans.org, to: "172.16.10.31:9000"}
- {from: horde.crans.org, to: 172.16.10.108}
- {from: framadate.crans.org, to: 172.16.10.109}
- {from: stream.crans.org, to: 172.16.10.118}
- {from: cas.crans.org, to: 172.16.10.120}
- - {from: auth.crans.org, to: 172.16.10.120}
- - {from: login.crans.org, to: 172.16.10.120}
- {from: phabricator.crans.org, to: 172.16.10.116}
- {from: trackerusercontent.crans.org, to: 172.16.10.116}
- {from: wiki.crans.org, to: 172.16.10.161}
diff --git a/hosts b/hosts
index a87d64d9..ae16dbc0 100644
--- a/hosts
+++ b/hosts
@@ -126,7 +126,7 @@ virtu
#belenios.adm.crans.org
bigbluebutton.adm.crans.org
#boeing.adm.crans.org
-#casouley.adm.crans.org
+cas.adm.crans.org
codichotomie.adm.crans.org
#ethercalc-srv.adm.crans.org
fluxx.adm.crans.org
diff --git a/plays/cas.yml b/plays/cas.yml
index 9fe92223..f9006c6c 100755
--- a/plays/cas.yml
+++ b/plays/cas.yml
@@ -2,8 +2,9 @@
---
# Django CAS server
-- hosts: casouley.adm.crans.org
+- hosts: cas.adm.crans.org
vars:
cas_secret_key: "{{ vault_cas_secret_key }}"
cas_ldap_password: "{{ vault_cas_ldap_password }}"
+ cas_database_password: "{{ vault_cas_database_password }}"
roles: ["django-cas"]
diff --git a/roles/django-cas/tasks/main.yml b/roles/django-cas/tasks/main.yml
index 6472c515..1d3b919a 100644
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@@ -9,19 +9,11 @@
- python3-django
- python3-django-cas-server
- python3-psycopg2
+ - python3-ldap3
register: apt_result
retries: 3
until: apt_result is succeeded
-- name: Upgrade to Bullseye Django CAS
- apt:
- deb: http://mirror.adm.crans.org/debian/pool/main/d/django-cas-server/python3-django-cas-server_1.1.0-2_all.deb
- register: apt_result
- retries: 3
- until: apt_result is succeeded
- when:
- - ansible_lsb.codename == 'buster'
-
- name: Clone Django CAS project repository
git:
repo: http://gitlab.adm.crans.org/nounous/django-cas.git
@@ -34,6 +26,7 @@
src: cas/settings_local.py.j2
dest: /var/local/django-cas/cas/settings_local.py
mode: 0600
+ owner: www-data
notify: Restart uwsgi
- name: Configure NGINX site
diff --git a/roles/django-cas/templates/cas/settings_local.py.j2 b/roles/django-cas/templates/cas/settings_local.py.j2
index aaaebe11..5ae99cf1 100644
--- a/roles/django-cas/templates/cas/settings_local.py.j2
+++ b/roles/django-cas/templates/cas/settings_local.py.j2
@@ -7,3 +7,14 @@ CAS_LDAP_SERVER = "172.16.10.90"
CAS_LDAP_USER = "cn=cas,ou=service-users,dc=crans,dc=org"
CAS_LDAP_PASSWORD = "{{ cas_ldap_password }}"
CAS_LDAP_BASE_DN = "cn=Utilisateurs,dc=crans,dc=org"
+
+# Database
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql_psycopg2',
+ 'NAME': 'cas',
+ 'HOST': 'pgsql.adm.crans.org',
+ 'USER': 'cas',
+ 'PASSWORD': '{{ cas_database_password }}',
+ }
+}
--
GitLab