[constellation] Deploy constellation

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

group_vars/constellation.yml

@@ -0,0 +1,31 @@
+---
+glob_constellation:
+  django_secret_key: "{{ vault.constellation_django_secret_key }}"
+  admins:
+    - ('Root', 'root@crans.org')
+  allowed_hosts:
+    - 'constellation.crans.org'
+    - 'intranet.crans.org'
+  email:
+    ssl: false
+    host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
+    port: 25
+    user: ''
+    password: ''
+    from: "root@crans.org"
+    from_full: "Crans <root@crans.org>"
+  database:
+    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
+    port: 5432
+    user: 'constellation'
+    password: "{{ vault.constellation_django_db_password }}"
+    name: 'constellation'
+  comnpay:
+    tpe: 'VAD-941-415'
+    secret: '{{ vault.comnpay_secret }}'
+  debug: false
+  owner: root
+  group: nounou
+  version: master
+  settings_local_owner: www-data
+  settings_local_group: nounou

host_vars/constellation-dev.adm.crans.org.yml

@@ -1,3 +1,12 @@
 ---
 interfaces:
   adm: eth0
+
+loc_constellation:
+  allowed_hosts:
+    - 'constellation-dev.crans.org'
+  comnpay:
+    tpe: 'HOM-832-854'
+    secret: '{{ vault.comnpay_homologation_secret }}'
+  debug: true
+  version: comnpay

plays/constellation.yml

@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: constellation
+  vars:
+    constellation: "{{ glob_constellation | combine(loc_constellation | default({})) }}"
+  roles:
+    - constellation

roles/constellation/tasks/main.yml

@@ -0,0 +1,70 @@
+---
+- name: Install constellation dependencies
+  apt:
+    update_cache: true
+    install_recommends: false
+    name:
+      - python3-django
+      - python3-django-crispy-forms
+      - python3-django-extensions
+      - python3-django-polymorphic
+      - python3-djangorestframework
+      - python3-django-tables2
+      - python3-ipython
+      - python3-pip
+      - python3-psycopg2
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Install constellation pip dependencies
+  pip:
+    name:
+      - django-dnsmanager>=0.2.1
+
+- name: Create constellation directory
+  file:
+    path: /var/local/constellation
+    state: directory
+    mode: '2775'
+    owner: "{{ constellation.owner }}"
+    group: "{{ constellation.group }}"
+
+- name: Set ACL for constellation directory
+  acl:
+    path: /var/local/constellation
+    default: true
+    entity: nounou
+    etype: group
+    permissions: rwx
+    state: query
+  ignore_errors: "{{ ansible_check_mode }}"
+
+- name: Clone constellation repository
+  git:
+    repo: 'https://gitlab.adm.crans.org/nounous/constellation.git'
+    dest: /var/local/constellation
+    umask: '002'
+    version: "{{ constellation.version }}"
+    recursive: true
+
+- name: Set owner of cloned project
+  file:
+    path: /var/local/constellation
+    owner: "{{ constellation.owner }}"
+    group: "{{ constellation.group }}"
+    recurse: true
+
+- name: Indicate constellation in motd
+  template:
+    src: update-motd.d/05-service.j2
+    dest: /etc/update-motd.d/05-constellation
+    mode: 0755
+
+- name: Deploy Constellation settings_local.py
+  template:
+    src: constellation/settings_local.py.j2
+    dest: /var/local/constellation/constellation/settings_local.py
+    mode: 0660
+    owner: "{{ constellation.settings_local_owner }}"
+    group: "{{ constellation.settings_local_group }}"

roles/constellation/templates/constellation/settings_local.py.j2

@@ -0,0 +1,43 @@
+# -*- mode: python; coding: utf-8 -*-
+{{ ansible_header | comment }}
+
+# A secret key used by the server.
+SECRET_KEY = '{{ constellation.django_secret_key }}'
+
+# Should the server run in debug mode ?
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = {{ constellation.debug }}
+
+# A list of admins of the services. Receive mails when an error occurs
+ADMINS = [{% for admin in constellation.admins %}{{ admin }}, {% endfor %}]
+
+# The list of hostname the server will respond to.
+ALLOWED_HOSTS = [{% for host in constellation.allowed_hosts %}'{{ host }}', {% endfor %}]
+
+# The time zone the server is runned in
+TIME_ZONE = 'Europe/Paris'
+
+# The storage systems parameters to use
+DATABASES = {
+    'default': {  # The DB
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': '{{ constellation.database.name }}',
+        'USER': '{{ constellation.database.user }}',
+        'PASSWORD': '{{ constellation.database.password }}',
+        'HOST': '{{ constellation.database.host }}',
+        'PORT': '{{ constellation.database.port }}',
+    },
+}
+
+# The mail configuration for Constellation to send mails
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_USE_SSL = {{ constellation.email.ssl }}
+EMAIL_HOST = '{{ constellation.email.host }}'
+EMAIL_PORT = {{ constellation.email.port }}
+EMAIL_HOST_USER = '{{ constellation.email.user }}'
+EMAIL_HOST_PASSWORD = '{{ constellation.email.password }}'
+SERVER_EMAIL = '{{ constellation.email.from }}'
+DEFAULT_FROM_EMAIL = '{{ constellation.email.from_full }}'
+
+COMNPAY_ID_TPE = '{{ constellation.comnpay.tpe }}'
+COMNPAY_SECRET_KEY = '{{ constellation.comnpay.secret }}'

roles/constellation/templates/update-motd.d/05-service.j2

@@ -0,0 +1,3 @@
+#!/usr/bin/tail +14
+{{ ansible_header | comment }}
+> Constellation a été déployé sur cette machine. Voir /var/www/constellation/.