From 44a8379294fe14a258bf9efc2853736201205212 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 19 Sep 2020 08:26:19 +0200 Subject: [PATCH] More CAS configuration --- all.yml | 1 + hosts | 2 + plays/cas.yml | 6 +++ roles/django-cas/handlers/main.yml | 10 +++++ roles/django-cas/tasks/main.yml | 37 +++++++++++++++++++ roles/django-cas/templates/cron.d/cas.j2 | 6 +-- .../templates/nginx/sites-available/cas.j2 | 25 +++++++++++++ .../templates/update-motd.d/05-service.j2 | 2 +- .../templates/uwsgi/apps-available/cas.ini.j2 | 17 +++++++++ 9 files changed, 102 insertions(+), 4 deletions(-) create mode 100755 plays/cas.yml create mode 100644 roles/django-cas/handlers/main.yml create mode 100644 roles/django-cas/templates/nginx/sites-available/cas.j2 create mode 100644 roles/django-cas/templates/uwsgi/apps-available/cas.ini.j2 diff --git a/all.yml b/all.yml index 0880c025..87ea3658 100755 --- a/all.yml +++ b/all.yml @@ -14,6 +14,7 @@ - import_playbook: plays/monitoring.yml # Services that only apply to a subset of server +- import_playbook: plays/cas.yml - import_playbook: plays/dhcp.yml - import_playbook: plays/dns.yml - import_playbook: plays/etherpad.yml diff --git a/hosts b/hosts index 7757a23d..d2e4bbc3 100644 --- a/hosts +++ b/hosts @@ -90,6 +90,8 @@ monitoring.adm.crans.org boeing.adm.crans.org fluxx.adm.crans.org unifi.adm.crans.org +pastemoisa.adm.crans.org +casouley.adm.crans.org [ovh_physical] sputnik.adm.crans.org diff --git a/plays/cas.yml b/plays/cas.yml new file mode 100755 index 00000000..009e7030 --- /dev/null +++ b/plays/cas.yml @@ -0,0 +1,6 @@ +#!/usr/bin/env ansible-playbook +--- +# Django CAS server + +- hosts: casouley.adm.crans.org + roles: ["django-cas"] diff --git a/roles/django-cas/handlers/main.yml b/roles/django-cas/handlers/main.yml new file mode 100644 index 00000000..fe8fbf15 --- /dev/null +++ b/roles/django-cas/handlers/main.yml @@ -0,0 +1,10 @@ +--- +- name: Restart nginx + service: + name: nginx + state: restarted + +- name: Restart uwsgi + service: + name: uwsgi + state: restarted diff --git a/roles/django-cas/tasks/main.yml b/roles/django-cas/tasks/main.yml index 80307620..069d7044 100644 --- a/roles/django-cas/tasks/main.yml +++ b/roles/django-cas/tasks/main.yml @@ -12,6 +12,43 @@ retries: 3 until: apt_result is succeeded +- name: Upgrade to Bullseye Django CAS + apt: + deb: http://mirror.adm.crans.org/debian/pool/main/d/django-cas-server/python3-django-cas-server_1.1.0-2_all.deb + register: apt_result + retries: 3 + until: apt_result is succeeded + when: + - ansible_lsb.codename == 'buster' + +- name: Configure NGINX site + template: + src: nginx/sites-available/cas.j2 + dest: /etc/nginx/sites-available/cas + mode: 0644 + notify: Restart nginx + +- name: Enable nginx site + file: + src: /etc/nginx/sites-available/cas + dest: /etc/nginx/sites-enabled/cas + state: link + notify: Restart nginx + +- name: Configure UWSGI app + template: + src: uwsgi/apps-available/cas.ini.j2 + dest: /etc/uwsgi/apps-available/cas.ini + mode: 0644 + notify: Restart uwsgi + +- name: Enable uwsgi app + file: + src: /etc/uwsgi/apps-available/cas.ini + dest: /etc/uwsgi/apps-enabled/cas.ini + state: link + notify: Restart uwsgi + - name: Install CAS crons template: src: cron.d/cas.j2 diff --git a/roles/django-cas/templates/cron.d/cas.j2 b/roles/django-cas/templates/cron.d/cas.j2 index ec29265e..0fd4795d 100644 --- a/roles/django-cas/templates/cron.d/cas.j2 +++ b/roles/django-cas/templates/cron.d/cas.j2 @@ -1,4 +1,4 @@ {{ ansible_header | comment }} -0 0 * * * www-data /usr/local/django/cas/manage.py clearsessions -*/5 * * * * www-data /usr/local/django/cas/manage.py cas_clean_tickets -5 0 * * * www-data /usr/local/django/cas/manage.py cas_clean_sessions +0 0 * * * www-data /var/local/django-cas/manage.py clearsessions +*/5 * * * * www-data /var/local/django-cas/manage.py cas_clean_tickets +5 0 * * * www-data /var/local/django-cas/manage.py cas_clean_sessions diff --git a/roles/django-cas/templates/nginx/sites-available/cas.j2 b/roles/django-cas/templates/nginx/sites-available/cas.j2 new file mode 100644 index 00000000..c243822e --- /dev/null +++ b/roles/django-cas/templates/nginx/sites-available/cas.j2 @@ -0,0 +1,25 @@ +{{ ansible_header | comment }} + +server { + server_name cas.crans.org cas.adm.crans.org login.crans.org login.adm.crans.org auth.crans.org auth.adm.crans.org; + listen 80; + listen [::]:80; + + location /cas { + rewrite ^/cas$ / redirect; + rewrite ^/cas/(.*)$ /$1 redirect; + } + + location /static { + alias /var/local/django-cas/cas/local_static; + } + + set_real_ip_from 10.231.136.0/24; + set_real_ip_from 2a0c:700:0:2::/64; + real_ip_header P-Real-Ip; + + location / { + uwsgi_pass unix:///var/run/uwsgi/app/cas/socket; + include uwsgi_params; + } +} diff --git a/roles/django-cas/templates/update-motd.d/05-service.j2 b/roles/django-cas/templates/update-motd.d/05-service.j2 index 0a1da54c..242bc2ca 100755 --- a/roles/django-cas/templates/update-motd.d/05-service.j2 +++ b/roles/django-cas/templates/update-motd.d/05-service.j2 @@ -1,3 +1,3 @@ #!/usr/bin/tail +14 {{ ansible_header | comment }} -> django-cas-server a été déployé sur cette machine. Voir /usr/local/django/cas/. +> django-cas-server a été déployé sur cette machine. Voir /var/local/django-cas/. diff --git a/roles/django-cas/templates/uwsgi/apps-available/cas.ini.j2 b/roles/django-cas/templates/uwsgi/apps-available/cas.ini.j2 new file mode 100644 index 00000000..7ec92804 --- /dev/null +++ b/roles/django-cas/templates/uwsgi/apps-available/cas.ini.j2 @@ -0,0 +1,17 @@ +{{ ansible_header | comment }} + +[uwsgi] +plugin = python3 +chdir = /var/local/django-cas/ +wsgi-file = /var/local/django-cas/cas/wsgi.py +max-request=50 +cheaper = 1 +cheaper-initial = 1 +workers = 2 +die-on-term = true +memory-report = true +reload-on-rss = 75M +evil-reload-on-rss = 200M +limit-as = 450M +reload-on-as = 350M +evil-reload-on-as = 500M