Merge branch 're2o' into 'newinfra'

Install re2o on new infra

See merge request nounous/ansible!36

group_vars/all/vars.yaml

@@ -1,4 +1,5 @@
 ---
+
 # Custom header
 dirty: "{{lookup('pipe', 'git diff --quiet || echo dirty')}}"
 ansible_header: |
@@ -40,7 +41,8 @@ adm_subnet: 10.231.136.0/24
 #
 #
 # # global server definitions
-# mail_server: smtp.adm.crans.org
+glob_smtp: smtp.adm.crans.org
+
 glob_ldap:
   servers:
     - 172.16.10.1

group_vars/re2o.yml

@@ -0,0 +1,17 @@
+---
+glob_re2o:
+  django_secret_key: "{{ vault_re2o_django_secret_key }}"
+  aes_key: "{{ vault_re2o_aes_key }}"
+  admins:
+    - ('Root', 'root@crans.org')
+  allowed_hosts:
+    - 're2o.adm.crans.org'
+    - 'intranet.adm.crans.org'
+  from_email: "root@crans.org"
+  ldap:
+    master_password: "{{ vault_ldap_master_password }}"
+    uri: "ldap://re2o-ldap.adm.crans.org/"
+    dn: "cn=admin,dc=crans,dc=org"
+  database:
+      password: "{{ vault_re2o_db_password }}"
+      uri: "tealc.adm.crans.org"

host_vars/re2o-newinfra.adm.crans.org.yml

@@ -0,0 +1,12 @@
+---
+interfaces:
+  adm: eth0
+  srv-nat: eth1
+
+
+loc_re2o:
+  owner: root
+  group: nounou
+  version: master
+  settings_local_owner: root
+  settings_local_group: nounou

hosts

@@ -25,6 +25,9 @@
 # [test_vm]
 # re2o-test.adm.crans.org
 
+[re2o]
+re2o-newinfra.adm.crans.org
+
 [bdd]
 tealc.adm.crans.org
 
@@ -62,6 +65,7 @@ jack.adm.crans.org
 routeur-sam.adm.crans.org
 routeur-daniel.adm.crans.org
 belenios # on changera plus tard
+re2o-ldap.adm.crans.org
 
 [ovh_physical]
 sputnik.adm.crans.org

plays/re2o.yml

@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: re2o
+  vars:
+    re2o: "{{ glob_re2o | combine(loc_re2o) }}"
+  roles:
+    - re2o

roles/re2o/tasks/main.yml

@@ -14,7 +14,9 @@
       - python3-dateutil
       - python3-djangorestframework
       - python3-django-reversion
+      - python3-django-ldapdb
       - python3-pip
+      - python3-pil
       - python3-crypto
       - python3-git
       - python3-psycopg2
@@ -32,7 +34,7 @@
     executable: pip2
     name:
       - django-bootstrap3
-      - django-ldapdb==0.9.0
+      - django-ldapdb==1.3.0
       - django-macaddress
 
 - name: Install re2o pip3 dependancies
@@ -40,7 +42,6 @@
     executable: pip3
     name:
       - django-bootstrap3
-      - django-ldapdb==0.9.0
       - django-macaddress
 
 - name: Create re2o directory

roles/re2o/templates/re2o/settings_local.py.j2

@@ -7,7 +7,7 @@ from __future__ import unicode_literals
 SECRET_KEY = '{{ re2o.django_secret_key }}'
 
 # The password to access the project database
-DB_PASSWORD = '{{ re2o.db_password }}'
+DB_PASSWORD = '{{ re2o.database.password }}'
 
 # AES key for secret key encryption.
 # The length must be a multiple of 16
@@ -18,10 +18,10 @@ AES_KEY = '{{ re2o.aes_key }}'
 DEBUG = False
 
 # A list of admins of the services. Receive mails when an error occurs
-ADMINS = [('Root', 'root@crans.org')]
+ADMINS = [{% for admin in re2o.admins %}{{ admin }}, {% endfor %}]
 
 # The list of hostname the server will respond to.
-ALLOWED_HOSTS = ['re2o.crans.org', 're2o.adm.crans.org', 'intranet.crans.org', 'intranet.adm.crans.org', 're2o-srv.crans.org', 're2o-srv.adm.crans.org', 'intranet.switches.crans.org', 're2o.switches.crans.org', 're2o-srv.switches.crans.org']
+ALLOWED_HOSTS = [{% for host in re2o.allowed_hosts %}'{{ host }}', {% endfor %}]
 
 # The time zone the server is runned in
 TIME_ZONE = 'Europe/Paris'
@@ -33,7 +33,7 @@ DATABASES = {
         'NAME': 're2o',
         'USER': 're2o',
         'PASSWORD': DB_PASSWORD,
-        'HOST': 'pgsql.adm.crans.org',
+        'HOST': '{{ re2o.database.uri }}',
         'TEST': {
             'CHARSET': 'utf8',
             'COLLATION': 'utf8_general_ci'
@@ -41,10 +41,10 @@ DATABASES = {
     },
     'ldap': {  # The LDAP
         'ENGINE': 'ldapdb.backends.ldap',
-        'NAME': 'ldap://re2o-ldap.adm.crans.org/',
-        'USER': 'cn=admin,dc=crans,dc=org',
+        'NAME': '{{ re2o.ldap.uri }}',
+        'USER': 'cn=admin,{{ glob_ldap.base }}',
         'TLS': False,
-        'PASSWORD': '{{ ldap.master_password }}',
+        'PASSWORD': '{{ re2o.ldap.master_password }}',
     }
 }
 
@@ -62,19 +62,19 @@ SESSION_COOKIE_AGE = 60 * 60 * 3
 LOGO_PATH = "static_files/logo.png"
 
 # The mail configuration for Re2o to send mails
-SERVER_EMAIL = 'root@crans.org'  # The mail address to use
-EMAIL_HOST = 'smtp.adm.crans.org'           # The host to use
+SERVER_EMAIL = '{{ re2o.from_email }}'  # The mail address to use
+EMAIL_HOST = '{{ glob_smtp }}'           # The host to use
 EMAIL_PORT = 25             # The port to use
 
 # Settings of the LDAP structure
 LDAP = {
-    'base_user_dn' : u'cn=Utilisateurs,dc=crans,dc=org',
-    'base_userservice_dn' : u'ou=service-users,dc=crans,dc=org',
-    'base_usergroup_dn' : u'ou=posix,ou=groups,dc=crans,dc=org',
-    'base_userservicegroup_dn' : u'ou=services,ou=groups,dc=crans,dc=org',
-    'base_dn' : 'dc=crans,dc=org',
+    'base_user_dn': u'cn=Utilisateurs,{{ glob_ldap.base }}',
+    'base_userservice_dn': u'ou=service-users,{{ glob_ldap.base }}',
+    'base_usergroup_dn': u'ou=posix,ou=groups,{{ glob_ldap.base }}',
+    'base_userservicegroup_dn': u'ou=services,ou=groups,{{ glob_ldap.base }}',
+    'base_dn': '{{ glob_ldap.base }}',
     'user_gid': 500,
-    }
+}
 
 # A range of UID to use. Used in linux environement
 UID_RANGES = {
@@ -87,7 +87,10 @@ GID_RANGES = {
     'posix': [501, 600],
 }
 
-CAPTIVE_IP_RANGE = "10.51.0.0/16"
+# CAPTIVE_IP_RANGE = "10.51.0.0/16"
+
+# Some optionnal Re2o Apps
+OPTIONNAL_APPS_RE2O = ()
 
 # Some Django apps you want to add in you local project
-OPTIONNAL_APPS = ('api',)
+OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + ('api',)