crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 're2o' into 'newinfra' 

Install re2o on new infra

See merge request nounous/ansible!36
certbot_on_virtu
_pollion 2020-08-10 02:28:39 +02:00
parent 22ae971903 aacd9e1e31
commit 859324c63e
7 changed files with 66 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
group_vars/all/vars.yaml
View File

@ -1,4 +1,5 @@
--- ---
# Custom header # Custom header
dirty: "{{lookup('pipe', 'git diff --quiet || echo dirty')}}" dirty: "{{lookup('pipe', 'git diff --quiet || echo dirty')}}"
ansible_header: | ansible_header: |
@ -40,7 +41,8 @@ adm_subnet: 10.231.136.0/24
# #
# #
# # global server definitions # # global server definitions
# mail_server: smtp.adm.crans.org glob_smtp: smtp.adm.crans.org
glob_ldap: glob_ldap:
servers: servers:
- 172.16.10.1 - 172.16.10.1

17
group_vars/re2o.yml 100644
View File

@ -0,0 +1,17 @@
---
glob_re2o:
django_secret_key: "{{ vault_re2o_django_secret_key }}"
aes_key: "{{ vault_re2o_aes_key }}"
admins:
- ('Root', 'root@crans.org')
allowed_hosts:
- 're2o.adm.crans.org'
- 'intranet.adm.crans.org'
from_email: "root@crans.org"
ldap:
master_password: "{{ vault_ldap_master_password }}"
uri: "ldap://re2o-ldap.adm.crans.org/"
dn: "cn=admin,dc=crans,dc=org"
database:
password: "{{ vault_re2o_db_password }}"
uri: "tealc.adm.crans.org"

12
host_vars/re2o-newinfra.adm.crans.org.yml 100644
View File

@ -0,0 +1,12 @@
---
interfaces:
adm: eth0
srv-nat: eth1
loc_re2o:
owner: root
group: nounou
version: master
settings_local_owner: root
settings_local_group: nounou

4
hosts
View File

@ -25,6 +25,9 @@
# [test_vm] # [test_vm]
# re2o-test.adm.crans.org # re2o-test.adm.crans.org
[re2o]
re2o-newinfra.adm.crans.org
[bdd] [bdd]
tealc.adm.crans.org tealc.adm.crans.org
@ -62,6 +65,7 @@ jack.adm.crans.org
routeur-sam.adm.crans.org routeur-sam.adm.crans.org
routeur-daniel.adm.crans.org routeur-daniel.adm.crans.org
belenios # on changera plus tard belenios # on changera plus tard
re2o-ldap.adm.crans.org
[ovh_physical] [ovh_physical]
sputnik.adm.crans.org sputnik.adm.crans.org

7
plays/re2o.yml 100755
View File

@ -0,0 +1,7 @@
#!/usr/bin/env ansible-playbook
---
- hosts: re2o
vars:
re2o: "{{ glob_re2o | combine(loc_re2o) }}"
roles:
- re2o

5
roles/re2o/tasks/main.yml
View File

@ -14,7 +14,9 @@
- python3-dateutil - python3-dateutil
- python3-djangorestframework - python3-djangorestframework
- python3-django-reversion - python3-django-reversion
- python3-django-ldapdb
- python3-pip - python3-pip
- python3-pil
- python3-crypto - python3-crypto
- python3-git - python3-git
- python3-psycopg2 - python3-psycopg2
@ -32,7 +34,7 @@
executable: pip2 executable: pip2
name: name:
- django-bootstrap3 - django-bootstrap3
- django-ldapdb==0.9.0 - django-ldapdb==1.3.0
- django-macaddress - django-macaddress
- name: Install re2o pip3 dependancies - name: Install re2o pip3 dependancies
@ -40,7 +42,6 @@
executable: pip3 executable: pip3
name: name:
- django-bootstrap3 - django-bootstrap3
- django-ldapdb==0.9.0
- django-macaddress - django-macaddress
- name: Create re2o directory - name: Create re2o directory

35
roles/re2o/templates/re2o/settings_local.py.j2
View File

@ -7,7 +7,7 @@ from __future__ import unicode_literals
SECRET_KEY = '{{ re2o.django_secret_key }}' SECRET_KEY = '{{ re2o.django_secret_key }}'
# The password to access the project database # The password to access the project database
DB_PASSWORD = '{{ re2o.db_password }}' DB_PASSWORD = '{{ re2o.database.password }}'
# AES key for secret key encryption. # AES key for secret key encryption.
# The length must be a multiple of 16 # The length must be a multiple of 16
@ -18,10 +18,10 @@ AES_KEY = '{{ re2o.aes_key }}'
DEBUG = False DEBUG = False
# A list of admins of the services. Receive mails when an error occurs # A list of admins of the services. Receive mails when an error occurs
ADMINS = [('Root', 'root@crans.org')] ADMINS = [{% for admin in re2o.admins %}{{ admin }}, {% endfor %}]
# The list of hostname the server will respond to. # The list of hostname the server will respond to.
ALLOWED_HOSTS = ['re2o.crans.org', 're2o.adm.crans.org', 'intranet.crans.org', 'intranet.adm.crans.org', 're2o-srv.crans.org', 're2o-srv.adm.crans.org', 'intranet.switches.crans.org', 're2o.switches.crans.org', 're2o-srv.switches.crans.org'] ALLOWED_HOSTS = [{% for host in re2o.allowed_hosts %}'{{ host }}', {% endfor %}]
# The time zone the server is runned in # The time zone the server is runned in
TIME_ZONE = 'Europe/Paris' TIME_ZONE = 'Europe/Paris'
@ -33,7 +33,7 @@ DATABASES = {
'NAME': 're2o', 'NAME': 're2o',
'USER': 're2o', 'USER': 're2o',
'PASSWORD': DB_PASSWORD, 'PASSWORD': DB_PASSWORD,
'HOST': 'pgsql.adm.crans.org', 'HOST': '{{ re2o.database.uri }}',
'TEST': { 'TEST': {
'CHARSET': 'utf8', 'CHARSET': 'utf8',
'COLLATION': 'utf8_general_ci' 'COLLATION': 'utf8_general_ci'
@ -41,10 +41,10 @@ DATABASES = {
}, },
'ldap': { # The LDAP 'ldap': { # The LDAP
'ENGINE': 'ldapdb.backends.ldap', 'ENGINE': 'ldapdb.backends.ldap',
'NAME': 'ldap://re2o-ldap.adm.crans.org/', 'NAME': '{{ re2o.ldap.uri }}',
'USER': 'cn=admin,dc=crans,dc=org', 'USER': 'cn=admin,{{ glob_ldap.base }}',
'TLS': False, 'TLS': False,
'PASSWORD': '{{ ldap.master_password }}', 'PASSWORD': '{{ re2o.ldap.master_password }}',
} }
} }
@ -62,17 +62,17 @@ SESSION_COOKIE_AGE = 60 * 60 * 3
LOGO_PATH = "static_files/logo.png" LOGO_PATH = "static_files/logo.png"
# The mail configuration for Re2o to send mails # The mail configuration for Re2o to send mails
SERVER_EMAIL = 'root@crans.org' # The mail address to use SERVER_EMAIL = '{{ re2o.from_email }}' # The mail address to use
EMAIL_HOST = 'smtp.adm.crans.org' # The host to use EMAIL_HOST = '{{ glob_smtp }}' # The host to use
EMAIL_PORT = 25 # The port to use EMAIL_PORT = 25 # The port to use
# Settings of the LDAP structure # Settings of the LDAP structure
LDAP = { LDAP = {
'base_user_dn' : u'cn=Utilisateurs,dc=crans,dc=org', 'base_user_dn': u'cn=Utilisateurs,{{ glob_ldap.base }}',
'base_userservice_dn' : u'ou=service-users,dc=crans,dc=org', 'base_userservice_dn': u'ou=service-users,{{ glob_ldap.base }}',
'base_usergroup_dn' : u'ou=posix,ou=groups,dc=crans,dc=org', 'base_usergroup_dn': u'ou=posix,ou=groups,{{ glob_ldap.base }}',
'base_userservicegroup_dn' : u'ou=services,ou=groups,dc=crans,dc=org', 'base_userservicegroup_dn': u'ou=services,ou=groups,{{ glob_ldap.base }}',
'base_dn' : 'dc=crans,dc=org', 'base_dn': '{{ glob_ldap.base }}',
'user_gid': 500, 'user_gid': 500,
} }
@ -87,7 +87,10 @@ GID_RANGES = {
'posix': [501, 600], 'posix': [501, 600],
} }
CAPTIVE_IP_RANGE = "10.51.0.0/16" # CAPTIVE_IP_RANGE = "10.51.0.0/16"
# Some optionnal Re2o Apps
OPTIONNAL_APPS_RE2O = ()
# Some Django apps you want to add in you local project # Some Django apps you want to add in you local project
OPTIONNAL_APPS = ('api',) OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + ('api',)