More CAS configuration

all.yml

@@ -14,6 +14,7 @@
 - import_playbook: plays/monitoring.yml
 
 # Services that only apply to a subset of server
+- import_playbook: plays/cas.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns.yml
 - import_playbook: plays/etherpad.yml

hosts

@@ -90,6 +90,8 @@ monitoring.adm.crans.org
 boeing.adm.crans.org
 fluxx.adm.crans.org
 unifi.adm.crans.org
+pastemoisa.adm.crans.org
+casouley.adm.crans.org
 
 [ovh_physical]
 sputnik.adm.crans.org

plays/cas.yml

@@ -0,0 +1,6 @@
+#!/usr/bin/env ansible-playbook
+---
+# Django CAS server
+
+- hosts: casouley.adm.crans.org
+  roles: ["django-cas"]

roles/django-cas/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+- name: Restart nginx
+  service:
+    name: nginx
+    state: restarted
+
+- name: Restart uwsgi
+  service:
+    name: uwsgi
+    state: restarted

roles/django-cas/tasks/main.yml

@@ -12,6 +12,43 @@
   retries: 3
   until: apt_result is succeeded
 
+- name: Upgrade to Bullseye Django CAS
+  apt:
+    deb: http://mirror.adm.crans.org/debian/pool/main/d/django-cas-server/python3-django-cas-server_1.1.0-2_all.deb
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+  when:
+    - ansible_lsb.codename == 'buster'
+
+- name: Configure NGINX site
+  template:
+    src: nginx/sites-available/cas.j2
+    dest: /etc/nginx/sites-available/cas
+    mode: 0644
+  notify: Restart nginx
+
+- name: Enable nginx site
+  file:
+    src: /etc/nginx/sites-available/cas
+    dest: /etc/nginx/sites-enabled/cas
+    state: link
+  notify: Restart nginx
+
+- name: Configure UWSGI app
+  template:
+    src: uwsgi/apps-available/cas.ini.j2
+    dest: /etc/uwsgi/apps-available/cas.ini
+    mode: 0644
+  notify: Restart uwsgi
+
+- name: Enable uwsgi app
+  file:
+    src: /etc/uwsgi/apps-available/cas.ini
+    dest: /etc/uwsgi/apps-enabled/cas.ini
+    state: link
+  notify: Restart uwsgi
+
 - name: Install CAS crons
   template:
     src: cron.d/cas.j2

roles/django-cas/templates/cron.d/cas.j2

@@ -1,4 +1,4 @@
 {{ ansible_header | comment }}
-0   0  * * * www-data /usr/local/django/cas/manage.py clearsessions
+0   0  * * * www-data /var/local/django-cas/manage.py clearsessions
-*/5 *  * * * www-data /usr/local/django/cas/manage.py cas_clean_tickets
+*/5 *  * * * www-data /var/local/django-cas/manage.py cas_clean_tickets
-5   0  * * * www-data /usr/local/django/cas/manage.py cas_clean_sessions
+5   0  * * * www-data /var/local/django-cas/manage.py cas_clean_sessions

roles/django-cas/templates/nginx/sites-available/cas.j2

@@ -0,0 +1,25 @@
+{{ ansible_header | comment }}
+
+server {
+     server_name cas.crans.org cas.adm.crans.org login.crans.org login.adm.crans.org auth.crans.org auth.adm.crans.org;
+     listen 80;
+     listen [::]:80;
+
+     location /cas {
+         rewrite ^/cas$ / redirect;
+         rewrite ^/cas/(.*)$ /$1 redirect;
+     }
+
+     location /static {
+         alias /var/local/django-cas/cas/local_static;
+     }
+
+     set_real_ip_from 10.231.136.0/24;
+     set_real_ip_from 2a0c:700:0:2::/64;
+     real_ip_header P-Real-Ip;
+
+     location / {
+         uwsgi_pass unix:///var/run/uwsgi/app/cas/socket;
+         include uwsgi_params;
+     }
+}

roles/django-cas/templates/update-motd.d/05-service.j2

@@ -1,3 +1,3 @@
 #!/usr/bin/tail +14
 {{ ansible_header | comment }}
-> django-cas-server a été déployé sur cette machine. Voir /usr/local/django/cas/.
+> django-cas-server a été déployé sur cette machine. Voir /var/local/django-cas/.

roles/django-cas/templates/uwsgi/apps-available/cas.ini.j2

@@ -0,0 +1,17 @@
+{{ ansible_header | comment }}
+
+[uwsgi]
+plugin = python3
+chdir = /var/local/django-cas/
+wsgi-file = /var/local/django-cas/cas/wsgi.py
+max-request=50
+cheaper = 1
+cheaper-initial = 1
+workers = 2
+die-on-term = true
+memory-report = true
+reload-on-rss = 75M
+evil-reload-on-rss = 200M
+limit-as = 450M
+reload-on-as = 350M
+evil-reload-on-as = 500M