Suppression (vielles) machines (constellation-dev, fluxx, hedgedoc, horde, zbee) et renommage ldap-adm en wall-e

2024-10-30 20:44:15 +01:00 · 2024-10-30 20:44:15 +01:00 · 8c15a54cf2
parent 85268a8f70
commit 8c15a54cf2
17 changed files with 3 additions and 539 deletions
--- a/all.yml
+++ b/all.yml
@ -12,7 +12,6 @@
 - import_playbook: plays/borgbackup_client.yml
 - import_playbook: plays/cas.yml
 - import_playbook: plays/certbot.yml
- import_playbook: plays/constellation.yml
 - import_playbook: plays/dhcp.yml
 - import_playbook: plays/dns-authoritative.yml
 - import_playbook: plays/dovecot.yml
--- a/group_vars/constellation.yml
+++ b/group_vars/constellation.yml
@ -1,47 +0,0 @@
---
-glob_constellation:
-  django_secret_key: "{{ vault.constellation.django_secret_key }}"
-  admins:
-    - ('Root', 'root@crans.org')
-  allowed_hosts:
-    - 'constellation.crans.org'
-    - 'intranet.crans.org'
-  email:
-    ssl: false
-    host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}"
-    port: 25
-    user: ''
-    password: ''
-    from: "root@crans.org"
-    from_full: "Crans <root@crans.org>"
-  database:
-    host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}"
-    port: 5432
-    user: 'constellation'
-    password: "{{ vault.constellation.django_db_password }}"
-    name: 'constellation'
-  front: true
-  crontab: true
-  applications:
-    - 'access'
-    - 'billing'
-    - 'dnsmanager'
-    - 'firewall'
-    - 'layers'
-    - 'management'
-    - 'member'
-    - 'topography'
-    - 'unix'
-  stripe:
-    private_key: '{{ vault.constellation.stripe.live.private_key }}'
-    public_key: '{{ vault.constellation.stripe.live.public_key }}'
-  note:
-    url: 'https://note.crans.org/'
-    client_id: '{{ vault.constellation.note.client_id }}'
-    client_secret: '{{ vault.constellation.note.client_secret }}'
-  debug: false
-  owner: root
-  group: _nounou
-  version: main
-  settings_local_owner: www-data
-  settings_local_group: _nounou
--- a/group_vars/constellation_front.yml
+++ b/group_vars/constellation_front.yml
@ -1,30 +0,0 @@
---
-loc_nginx:
-  service_name: constellation
-  ssl: []
-  servers:
-    - ssl: false
-      default: true
-      server_name:
-        - "constellation.crans.org"
-        - "intranet.crans.org"
-      locations:
-        - filter: "/static"
-          params:
-            - "alias {% if constellation.version == 'main' %}/var/lib/constellation/static/{% else %}/var/local/constellation/static/{% endif %}"
-
-        - filter: "/media"
-          params:
-            - "alias {% if constellation.version == 'main' %}/var/lib/constellation/media/{% else %}/var/local/constellation/media/{% endif %}"
-
-        - filter: "/doc"
-          params:
-            - "alias /var/www/constellation-doc/"
-
-        - filter: "/"
-          params:
-            - "uwsgi_pass constellation"
-            - "include /etc/nginx/uwsgi_params"
-  upstreams:
-    - name: 'constellation'
-      server: 'unix:///var/run/uwsgi/app/constellation/constellation.sock'
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@ -49,15 +49,14 @@ glob_reverseproxy:
    # Services web Crans
    - {from: belenios.crans.org, to: 172.16.10.111}
    - {from: cas.crans.org, to: 172.16.10.120}
-    - {from: constellation-dev.crans.org, to: 172.16.10.167}
    - {from: eclats.crans.org, to: 172.16.10.104}
    - {from: ethercalc.crans.org, to: "172.16.10.133:8000"}
    - {from: framadate.crans.org, to: 172.16.10.109}
    - {from: ftps.crans.org, to: 172.16.10.113}
    - {from: galene-token.crans.org, to: "172.16.10.115:3000"}
    - {from: grafana.crans.org, to: "172.16.10.121:3000"}
-    - {from: hedgedoc.crans.org, to: "172.16.10.128:3000"}
    - {from: helloworld.crans.org, to: 172.16.10.131}
+    - {from: hosts.crans.org, to: 172.16.10.114}
    - {from: imprimante.crans.org, to: 172.16.10.131}
    - {from: intranet.crans.org, to: 172.16.10.156}
    - {from: linx.crans.org, to: "172.16.10.119:8080"}
@ -76,7 +75,6 @@ glob_reverseproxy:
    - {from: webmail.crans.org, to: 172.16.10.107}
    - {from: wiki.crans.org, to: 172.16.10.161}
    - {from: zero.crans.org, to: 172.16.10.130}
-    - {from: hosts.crans.org, to: 172.16.10.114}

    # Zamok
    - {from: amap.crans.org, to: 172.16.10.31}
--- a/host_vars/constellation-dev.adm.crans.org.yml
+++ b/host_vars/constellation-dev.adm.crans.org.yml
@ -1,38 +0,0 @@
---
-interfaces:
-  adm: eth0
-  srv_nat: eth1
-
-loc_unattended:
-  reboot: true
-
-loc_needrestart:
-  override: []
-
-loc_constellation:
-  allowed_hosts:
-    - 'constellation-dev.crans.org'
-  database:
-    host: '127.0.0.1'
-    user: 'constellation-dev'
-    name: 'constellation-dev'
-  applications:
-    - 'access'
-    - 'billing'
-    - 'debug'
-    - 'dnsmanager'
-    - 'firewall'
-    - 'layers'
-    - 'management'
-    - 'member'
-    - 'topography'
-    - 'unix'
-  stripe:
-    private_key: '{{ vault.constellation.stripe.test.private_key }}'
-    public_key: '{{ vault.constellation.stripe.test.public_key }}'
-  note:
-    url: 'https://note-dev.crans.org/'
-    client_id: '{{ vault.constellation.note.client_id }}'
-    client_secret: '{{ vault.constellation.note.client_secret }}'
-  debug: true
-  version: dev
--- a/host_vars/tealc.adm.crans.org.yml
+++ b/host_vars/tealc.adm.crans.org.yml
@ -21,13 +21,11 @@ loc_postgres:
    - db: roundcube
      user: roundcube
      map: {name: webmail, system: www-data, pg: roundcube}
-    - {db: owncloud, user: owncloud}
    - {db: cas, user: cas}
-    - {db: hedgedoc, user: hedgedoc}
+    - {db: owncloud, user: owncloud}
    - {db: sqlgrey, user: sqlgrey, method: ident}
    - {db: re2o, user: re2o}
    - {db: re2o_test, user: re2o}
-    - {db: constellation-dev, user: constellation-dev}
    - {db: mailman3, user: mailman3}
    - {db: mailman3web, user: mailman3web}
    - {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true}
--- a/13
+++ b/13
@ -44,12 +44,6 @@ reverseproxy
 virtu
 vsftpd_mirror

-[constellation:children]
-constellation_front
-
-[constellation_front]
-constellation-dev.adm.crans.org
-
 [dhcp:children]
 routeurs_vm

@ -140,7 +134,6 @@ irc.adm.crans.org
 ptf.adm.crans.org

 [nginx:children]
-constellation_front
 django_cas
 galene
 jitsi
@ -277,7 +270,6 @@ routeurs_vm

 [crans_physical]
 zamok.adm.crans.org
-#zbee.adm.crans.org

 [crans_physical:children]
 aurore_physical
@ -291,24 +283,20 @@ belenios.adm.crans.org
 boeing.adm.crans.org
 cas.adm.crans.org
 chene.adm.crans.org
-constellation-dev.adm.crans.org
 eclaircie.adm.crans.org
 eclat.adm.crans.org
 ethercalc.adm.crans.org
 en7.adm.crans.org
 flirt.adm.crans.org
-fluxx.adm.crans.org
 fyre.adm.crans.org
 gitlab-ci.adm.crans.org
 gitzly.adm.crans.org
 helloworld.adm.crans.org
 hodaur.adm.crans.org
-horde.adm.crans.org
 irc.adm.crans.org
 jitsi.adm.crans.org
 kenobi.adm.crans.org
 kiwi.adm.crans.org
-ldap-adm.adm.crans.org
 linx.adm.crans.org
 mailman.adm.crans.org
 neree.adm.crans.org
@ -326,6 +314,7 @@ routeur-2754.adm.crans.org
 silice.adm.crans.org
 trinity.adm.crans.org
 voyager.adm.crans.org
+wall-e.adm.crans.org
 yson-partou.adm.crans.org

 [viarezo_physical]
--- a/plays/constellation.yml
+++ b/plays/constellation.yml
@ -1,16 +0,0 @@
-#!/usr/bin/env ansible-playbook
---
- hosts: constellation
-  vars:
-    constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}"
-  roles:
-    - constellation
-
- hosts: constellation_front
-  vars:
-    constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}"
-    nginx: "{{ glob_nginx | combine(loc_nginx | default({})) }}"
-  roles:
-    - nginx
-    - constellation-front
-    - constellation-doc
--- a/roles/constellation-doc/tasks/main.yml
+++ b/roles/constellation-doc/tasks/main.yml
@ -1,23 +0,0 @@
---
- name: Install Sphinx and RTD theme
-  apt:
-    update_cache: true
-    install_recommends: false
-    name:
-      - python3-sphinx
-      - python3-sphinx-rtd-theme
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
- name: Create documentation directory with good permissions
-  file:
-    path: /var/www/constellation-doc
-    state: directory
-    owner: www-data
-    group: www-data
-    mode: u=rwx,g=rwxs,o=rx
-
- name: Build HTML documentation
-  command: sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/
-  become_user: www-data
--- a/roles/constellation-front/handlers/main.yml
+++ b/roles/constellation-front/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: Restart uWSGI
-  systemd:
-    name: uwsgi
-    state: restarted
--- a/roles/constellation-front/tasks/main.yml
+++ b/roles/constellation-front/tasks/main.yml
@ -1,110 +0,0 @@
---
- name: Install some front APT packages
-  apt:
-    install_recommends: false
-    update_cache: true
-    name:
-      - python3-django-crispy-forms
-      - python3-django-filters
-      - python3-djangorestframework
-      - python3-django-tables2
-      - python3-docutils
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
- name: Install some front pip packages
-  pip:
-    name:
-      - git+https://gitlab.adm.crans.org/nounous/crispy-bootstrap5.git
-
- name: Set data directories in development mode
-  when: constellation.version != "master"
-  set_fact:
-    project_path: /var/local/constellation
-    module_path: /var/local/constellation/constellation
-
- name: Set data directories in production mode
-  when: constellation.version == "master"
-  set_fact:
-    project_path: /usr/local/lib/python3.9/dist-packages/constellation
-    module_path: /usr/local/lib/python3.9/dist-packages/constellation
-
- name: Check front dependencies (production)
-  when: constellation.version == "master"
-  pip:
-    name:
-      - git+https://gitlab.adm.crans.org/nounous/constellation.git[front]
-    state: latest
-
- name: Install uWSGI
-  apt:
-    install_recommends: false
-    update_cache: true
-    name:
-      - uwsgi
-      - uwsgi-plugin-python3
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
- name: Copy constellation uWSGI app
-  template:
-    src: uwsgi/apps-available/constellation.ini.j2
-    dest: /etc/uwsgi/apps-available/constellation.ini
-    owner: root
-    group: root
-    mode: 0644
-  notify: Restart uWSGI
-
- name: Activate constellation uWSGI app
-  file:
-    src: ../apps-available/constellation.ini
-    dest: /etc/uwsgi/apps-enabled/constellation.ini
-    owner: root
-    group: root
-    state: link
-  ignore_errors: "{{ ansible_check_mode }}"
-  notify: Restart uWSGI
-
-# In the future, migrations will be included in the repository.
- name: Make Django migrations
-  django_manage:
-    command: makemigrations
-    project_path: "{{ project_path }}"
-  notify: Restart uWSGI
-
- name: Migrate database
-  django_manage:
-    command: migrate
-    project_path: "{{ project_path }}"
-  notify: Restart uWSGI
-
- name: Create static files directory
-  file:
-    path: /var/lib/constellation/{{ item }}
-    state: directory
-    mode: "2775"
-    owner: www-data
-    group: "{{ constellation.group }}"
-    recurse: true
-  loop:
-    - static
-    - media
-
- name: Symlink static and media directories (dev)
-  file:
-    src: /var/lib/constellation/{{ item }}
-    dest: /var/local/constellation/{{ item }}
-    state: link
-    owner: www-data
-    group: "{{ constellation.group }}"
-  loop:
-    - static
-    - media
-
- name: Collect static files
-  django_manage:
-    command: collectstatic
-    project_path: "{{ project_path }}"
-  notify: Restart uWSGI
--- a/roles/constellation-front/templates/uwsgi/apps-available/constellation.ini.j2
+++ b/roles/constellation-front/templates/uwsgi/apps-available/constellation.ini.j2
@ -1,23 +0,0 @@
-{{ ansible_header | comment }}
-
-[uwsgi]
-uid             = www-data
-gid             = www-data
-# Django-related settings
-# the base directory (full path)
-chdir           = {{ project_path }}
-wsgi-file       = {{ module_path }}/wsgi.py
-plugin          = python3
-# process-related settings
-# master
-master          = true
-# maximum number of worker processes
-processes       = 10
-# the socket (use the full path to be safe
-socket          = /var/run/uwsgi/app/constellation/constellation.sock
-# ... with appropriate permissions - may be needed
-chmod-socket    = 664
-# clear environment on exit
-vacuum          = true
-# Touch reload
-touch-reload = {{ module_path }}/settings.py
--- a/roles/constellation/tasks/main.yml
+++ b/roles/constellation/tasks/main.yml
@ -1,143 +0,0 @@
---
- name: Pin Django from Debian bullseye-backports
-  template:
-    src: apt/sources.list.d/bullseye-backports.list.j2
-    dest: /etc/apt/sources.list.d/bullseye-backports.list
-
- name: Install constellation dependencies
-  apt:
-    update_cache: true
-    install_recommends: false
-    name:
-      - gettext
-      - python3-django
-      - python3-django-extensions
-      - python3-django-polymorphic
-      - python3-ipython
-      - python3-pip
-      - python3-psycopg2
-      - python3-requests
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
- name: Install constellation pip dependencies
-  pip:
-    name:
-      - git+https://gitlab.adm.crans.org/nounous/django-dnsmanager.git
-
- name: Set configuration directories in development mode
-  when: constellation.version != "main"
-  set_fact:
-    module_path: /var/local/constellation/constellation
-    project_path: /var/local/constellation
-
- name: Set configuration directories in production mode
-  when: constellation.version == "main"
-  set_fact:
-    module_path: /usr/local/lib/python3.9/dist-packages/constellation
-    project_path: /usr/local/lib/python3.9/dist-packages/constellation
-
- name: Create constellation directory
-  file:
-    path: /etc/constellation
-    state: directory
-    mode: "2775"
-    owner: "{{ constellation.owner }}"
-    group: "{{ constellation.group }}"
-
- name: Set ACL for constellation directory
-  acl:
-    path: /etc/constellation
-    default: true
-    entity: nounou
-    etype: group
-    permissions: rwx
-    state: query
-  ignore_errors: "{{ ansible_check_mode }}"
-
- name: Clone constellation repository (development)
-  when: constellation.version != "main"
-  git:
-    repo: https://gitlab.adm.crans.org/nounous/constellation.git
-    dest: "{{ project_path }}"
-    umask: "002"
-    version: "{{ constellation.version }}"
-    recursive: true
-
- name: Install pip module with editable flag (development)
-  when: constellation.version != "main"
-  pip:
-    name:
-      - "{{ project_path }}"
-    editable: true
-    state: latest
-
- name: Install and upgrade constellation (production)
-  when: constellation.version == "main"
-  pip:
-    name:
-      - git+https://gitlab.adm.crans.org/nounous/constellation.git
-    state: latest
-
- name: Set owner of cloned project
-  when: constellation.version != "main"
-  file:
-    path: "{{ project_path }}"
-    owner: "{{ constellation.owner }}"
-    group: "{{ constellation.group }}"
-    recurse: true
-
- name: Deploy Constellation settings_local.py
-  template:
-    src: constellation/settings_local.py.j2
-    dest: /etc/constellation/settings_local.py
-    mode: 0660
-    owner: "{{ constellation.settings_local_owner }}"
-    group: "{{ constellation.settings_local_group }}"
-
- name: Symlink configuration file
-  file:
-    src: /etc/constellation/settings_local.py
-    dest: "{{ module_path }}/settings_local.py"
-    state: link
-
- name: Deploy crontab
-  when: constellation.crontab
-  template:
-    src: cron.d/constellation.j2
-    dest: /etc/cron.d/constellation
-    owner: root
-    group: root
-    mode: 0644
-
- name: Compile messages
-  when: not constellation.front
-  django_manage:
-    command: compilemessages
-    project_path: "{{ project_path }}"
-
-# In the future, migrations will be included in the repository.
- name: Make Django migrations (non-front app)
-  when: not constellation.front
-  django_manage:
-    command: makemigrations
-    project_path: "{{ project_path }}"
-
- name: Migrate database (non-front app)
-  when: not constellation.front
-  django_manage:
-    command: migrate
-    project_path: "{{ project_path }}"
-
- name: Load initial data (non-front app)
-  when: not constellation.front
-  django_manage:
-    command: loaddata initial
-    project_path: "{{ project_path }}"
-
- name: Indicate constellation in motd
-  template:
-    src: update-motd.d/05-service.j2
-    dest: /etc/update-motd.d/05-constellation
-    mode: 0755
--- a/roles/constellation/templates/apt/sources.list.d/bullseye-backports.list.j2
+++ b/roles/constellation/templates/apt/sources.list.d/bullseye-backports.list.j2
@ -1,3 +0,0 @@
-{{ ansible_header | comment }}
-
-deb {{ debian_mirror }} bullseye-backports main
--- a/roles/constellation/templates/constellation/settings_local.py.j2
+++ b/roles/constellation/templates/constellation/settings_local.py.j2
@ -1,75 +0,0 @@
-{{ ansible_header | comment }}
-
-# A secret key used by the server.
-SECRET_KEY = "{{ constellation.django_secret_key }}"
-
-# Should the server run in debug mode ?
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = {{ constellation.debug }}
-
-# A list of admins of the services. Receive mails when an error occurs
-ADMINS = [{% for admin in constellation.admins %}{{ admin }}, {% endfor %}]
-
-# The list of hostname the server will respond to.
-ALLOWED_HOSTS = [{% for host in constellation.allowed_hosts %}'{{ host }}', {% endfor %}]
-
-# Installed applications
-LOCAL_APPS = [
-{% for app in constellation.applications %}
-    '{{ app }}',
-{% endfor %}
-]
-
-# Activate this option if a web front is needed
-USE_FRONT = {{ constellation.front }}
-
-# The time zone the server is runned in
-TIME_ZONE = 'Europe/Paris'
-
-# The storage systems parameters to use
-DATABASES = {
-    'default': {  # The DB
-        'ENGINE': 'django.db.backends.postgresql',
-        'NAME': '{{ constellation.database.name }}',
-        'USER': '{{ constellation.database.user }}',
-        'PASSWORD': "{{ constellation.database.password }}",
-        'HOST': '{{ constellation.database.host }}',
-        'PORT': '{{ constellation.database.port }}',
-    },
-}
-
-{% if constellation.version == "main" %}
-{% if constellation.front %}
-STATIC_ROOT = "/var/lib/constellation/static/"
-
-{% endif %}
-MEDIA_ROOT = "/var/lib/constellation/media/"
-{% endif %}
-
-# The mail configuration for Constellation to send mails
-EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-EMAIL_USE_SSL = {{ constellation.email.ssl }}
-EMAIL_HOST = '{{ constellation.email.host }}'
-EMAIL_PORT = {{ constellation.email.port }}
-EMAIL_HOST_USER = '{{ constellation.email.user }}'
-EMAIL_HOST_PASSWORD = '{{ constellation.email.password }}'
-SERVER_EMAIL = '{{ constellation.email.from }}'
-DEFAULT_FROM_EMAIL = '{{ constellation.email.from_full }}'
-{% if constellation.front %}
-{% if constellation.comnpay is defined %}
-
-COMNPAY_ID_TPE = '{{ constellation.comnpay.tpe }}'
-COMNPAY_SECRET_KEY = '{{ constellation.comnpay.secret }}'
-{% endif %}
-{% if constellation.stripe is defined %}
-
-STRIPE_PRIVATE_KEY = "{{ constellation.stripe.private_key }}"
-STRIPE_PUBLIC_KEY = "{{ constellation.stripe.public_key }}"
-{% endif %}
-{% if constellation.note is defined %}
-
-NOTE_KFET_URL = "{{ constellation.note.url }}"
-NOTE_KFET_CLIENT_ID = "{{ constellation.note.client_id }}"
-NOTE_KFET_CLIENT_SECRET = "{{ constellation.note.client_secret }}"
-{% endif %}
-{% endif %}
--- a/roles/constellation/templates/cron.d/constellation.j2
+++ b/roles/constellation/templates/cron.d/constellation.j2
@ -1,4 +0,0 @@
-{{ ansible_header }}
-
-# m  h   dom mon dow     user   command
-24  4   *   *   *        root   constellation check_consistency
--- a/roles/constellation/templates/update-motd.d/05-service.j2
+++ b/roles/constellation/templates/update-motd.d/05-service.j2
@ -1,3 +0,0 @@
-#!/usr/bin/tail +14
-{{ ansible_header | comment }}
-[0m> [38;5;82mConstellation[0m a été déployé sur cette machine. Voir [38;5;6m{{ project_path }}/[0m.