Configure CAS

2020-09-19 10:32:09 +02:00 · 2020-09-19 10:32:09 +02:00 · 2aedbe0a16
parent 44a8379294
commit 2aedbe0a16
5 changed files with 33 additions and 3 deletions
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@ -29,9 +29,6 @@ nginx:
    #    - {from: roundcube.crans.org, to: 10.231.136.105}
    #    - {from: phabricator.crans.org, to: 10.231.136.123}
    #    - {from: trackerusercontent.crans.org, to: 10.231.136.123}
-    #    - {from: cas.crans.org, to: 10.231.136.18}
-    #    - {from: auth.crans.org, to: 10.231.136.18}
-    #    - {from: login.crans.org, to: 10.231.136.18}
    #    - {from: webmail.crans.org, to: 10.231.136.107}
    #    - {from: horde.crans.org, to: 10.231.136.107}
    #    - {from: owncloud.crans.org, to: 10.231.136.26}
@ -49,6 +46,9 @@ nginx:
    #    - {from: webirc.crans.org, to: "10.231.136.1:9000"}
    - {from: framadate.crans.org, to: 172.16.10.109}
    - {from: stream.crans.org, to: 172.16.10.118}
+    - {from: cas.crans.org, to: 172.16.10.120}
+    - {from: auth.crans.org, to: 172.16.10.120}
+    - {from: login.crans.org, to: 172.16.10.120}
    #    - {from: mailman.crans.org, to: 10.231.136.180}
    #
    #    # Zamok
--- a/plays/cas.yml
+++ b/plays/cas.yml
@ -3,4 +3,7 @@
 # Django CAS server

 - hosts: casouley.adm.crans.org
+  vars:
+    cas_secret_key: "{{ vault_cas_secret_key }}"
+    cas_ldap_password: "{{ vault_cas_ldap_password }}"
  roles: ["django-cas"]
--- a/roles/django-cas/README.md
+++ b/roles/django-cas/README.md
@ -0,0 +1,3 @@
+# Django CAS
+
+Une fois le rôle appliqué il faut aller dans `/var/local/django-cas` et faire un `./manage.py collectstatic`.
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@ -8,6 +8,7 @@
      - uwsgi-plugin-python3
      - python3-django
      - python3-django-cas-server
+      - python3-psycopg2
  register: apt_result
  retries: 3
  until: apt_result is succeeded
@ -21,6 +22,20 @@
  when:
    - ansible_lsb.codename == 'buster'

+- name: Clone Django CAS project repository
+  git:
+    repo: http://gitlab.adm.crans.org/nounous/django-cas.git
+    dest: /var/local/django-cas
+    version: master
+    umask: '002'
+
+- name: Configure Django CAS
+  template:
+    src: cas/settings_local.py.j2
+    dest: /var/local/django-cas/cas/settings_local.py
+    mode: 0600
+  notify: Restart uwsgi
+
 - name: Configure NGINX site
  template:
    src: nginx/sites-available/cas.j2
--- a/roles/django-cas/templates/cas/settings_local.py.j2
+++ b/roles/django-cas/templates/cas/settings_local.py.j2
@ -0,0 +1,9 @@
+{{ ansible_header | comment }}
+
+SECRET_KEY = '{{ cas_secret_key }}'
+
+# Settings for the CAS server
+CAS_LDAP_SERVER = "172.16.10.90"
+CAS_LDAP_USER = "cn=cas,ou=service-users,dc=crans,dc=org"
+CAS_LDAP_PASSWORD = "{{ cas_ldap_password }}"
+CAS_LDAP_BASE_DN = "cn=Utilisateurs,dc=crans,dc=org"