From 8c15a54cf2adbe1600de86d6e97ef4d36d7d2796 Mon Sep 17 00:00:00 2001 From: korenstin Date: Wed, 30 Oct 2024 20:44:15 +0100 Subject: [PATCH] Suppression (vielles) machines (constellation-dev, fluxx, hedgedoc, horde, zbee) et renommage ldap-adm en wall-e --- all.yml | 1 - group_vars/constellation.yml | 47 ------ group_vars/constellation_front.yml | 30 ---- group_vars/reverseproxy.yml | 4 +- host_vars/constellation-dev.adm.crans.org.yml | 38 ----- host_vars/tealc.adm.crans.org.yml | 4 +- hosts | 13 +- plays/constellation.yml | 16 -- roles/constellation-doc/tasks/main.yml | 23 --- roles/constellation-front/handlers/main.yml | 5 - roles/constellation-front/tasks/main.yml | 110 -------------- .../uwsgi/apps-available/constellation.ini.j2 | 23 --- roles/constellation/tasks/main.yml | 143 ------------------ .../sources.list.d/bullseye-backports.list.j2 | 3 - .../constellation/settings_local.py.j2 | 75 --------- .../templates/cron.d/constellation.j2 | 4 - .../templates/update-motd.d/05-service.j2 | 3 - 17 files changed, 3 insertions(+), 539 deletions(-) delete mode 100644 group_vars/constellation.yml delete mode 100644 group_vars/constellation_front.yml delete mode 100644 host_vars/constellation-dev.adm.crans.org.yml delete mode 100755 plays/constellation.yml delete mode 100644 roles/constellation-doc/tasks/main.yml delete mode 100644 roles/constellation-front/handlers/main.yml delete mode 100644 roles/constellation-front/tasks/main.yml delete mode 100644 roles/constellation-front/templates/uwsgi/apps-available/constellation.ini.j2 delete mode 100644 roles/constellation/tasks/main.yml delete mode 100644 roles/constellation/templates/apt/sources.list.d/bullseye-backports.list.j2 delete mode 100644 roles/constellation/templates/constellation/settings_local.py.j2 delete mode 100644 roles/constellation/templates/cron.d/constellation.j2 delete mode 100755 roles/constellation/templates/update-motd.d/05-service.j2 diff --git a/all.yml b/all.yml index c7bc795f..0a8fa5ae 100755 --- a/all.yml +++ b/all.yml @@ -12,7 +12,6 @@ - import_playbook: plays/borgbackup_client.yml - import_playbook: plays/cas.yml - import_playbook: plays/certbot.yml -- import_playbook: plays/constellation.yml - import_playbook: plays/dhcp.yml - import_playbook: plays/dns-authoritative.yml - import_playbook: plays/dovecot.yml diff --git a/group_vars/constellation.yml b/group_vars/constellation.yml deleted file mode 100644 index 33937957..00000000 --- a/group_vars/constellation.yml +++ /dev/null @@ -1,47 +0,0 @@ ---- -glob_constellation: - django_secret_key: "{{ vault.constellation.django_secret_key }}" - admins: - - ('Root', 'root@crans.org') - allowed_hosts: - - 'constellation.crans.org' - - 'intranet.crans.org' - email: - ssl: false - host: "{{ lookup('ldap', 'ip4', 'redisdead', 'adm') }}" - port: 25 - user: '' - password: '' - from: "root@crans.org" - from_full: "Crans " - database: - host: "{{ lookup('ldap', 'ip4', 'tealc', 'adm') }}" - port: 5432 - user: 'constellation' - password: "{{ vault.constellation.django_db_password }}" - name: 'constellation' - front: true - crontab: true - applications: - - 'access' - - 'billing' - - 'dnsmanager' - - 'firewall' - - 'layers' - - 'management' - - 'member' - - 'topography' - - 'unix' - stripe: - private_key: '{{ vault.constellation.stripe.live.private_key }}' - public_key: '{{ vault.constellation.stripe.live.public_key }}' - note: - url: 'https://note.crans.org/' - client_id: '{{ vault.constellation.note.client_id }}' - client_secret: '{{ vault.constellation.note.client_secret }}' - debug: false - owner: root - group: _nounou - version: main - settings_local_owner: www-data - settings_local_group: _nounou diff --git a/group_vars/constellation_front.yml b/group_vars/constellation_front.yml deleted file mode 100644 index f0be3b70..00000000 --- a/group_vars/constellation_front.yml +++ /dev/null @@ -1,30 +0,0 @@ ---- -loc_nginx: - service_name: constellation - ssl: [] - servers: - - ssl: false - default: true - server_name: - - "constellation.crans.org" - - "intranet.crans.org" - locations: - - filter: "/static" - params: - - "alias {% if constellation.version == 'main' %}/var/lib/constellation/static/{% else %}/var/local/constellation/static/{% endif %}" - - - filter: "/media" - params: - - "alias {% if constellation.version == 'main' %}/var/lib/constellation/media/{% else %}/var/local/constellation/media/{% endif %}" - - - filter: "/doc" - params: - - "alias /var/www/constellation-doc/" - - - filter: "/" - params: - - "uwsgi_pass constellation" - - "include /etc/nginx/uwsgi_params" - upstreams: - - name: 'constellation' - server: 'unix:///var/run/uwsgi/app/constellation/constellation.sock' diff --git a/group_vars/reverseproxy.yml b/group_vars/reverseproxy.yml index 198658ec..6df8d2ee 100644 --- a/group_vars/reverseproxy.yml +++ b/group_vars/reverseproxy.yml @@ -49,15 +49,14 @@ glob_reverseproxy: # Services web Crans - {from: belenios.crans.org, to: 172.16.10.111} - {from: cas.crans.org, to: 172.16.10.120} - - {from: constellation-dev.crans.org, to: 172.16.10.167} - {from: eclats.crans.org, to: 172.16.10.104} - {from: ethercalc.crans.org, to: "172.16.10.133:8000"} - {from: framadate.crans.org, to: 172.16.10.109} - {from: ftps.crans.org, to: 172.16.10.113} - {from: galene-token.crans.org, to: "172.16.10.115:3000"} - {from: grafana.crans.org, to: "172.16.10.121:3000"} - - {from: hedgedoc.crans.org, to: "172.16.10.128:3000"} - {from: helloworld.crans.org, to: 172.16.10.131} + - {from: hosts.crans.org, to: 172.16.10.114} - {from: imprimante.crans.org, to: 172.16.10.131} - {from: intranet.crans.org, to: 172.16.10.156} - {from: linx.crans.org, to: "172.16.10.119:8080"} @@ -76,7 +75,6 @@ glob_reverseproxy: - {from: webmail.crans.org, to: 172.16.10.107} - {from: wiki.crans.org, to: 172.16.10.161} - {from: zero.crans.org, to: 172.16.10.130} - - {from: hosts.crans.org, to: 172.16.10.114} # Zamok - {from: amap.crans.org, to: 172.16.10.31} diff --git a/host_vars/constellation-dev.adm.crans.org.yml b/host_vars/constellation-dev.adm.crans.org.yml deleted file mode 100644 index 2e929d94..00000000 --- a/host_vars/constellation-dev.adm.crans.org.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -interfaces: - adm: eth0 - srv_nat: eth1 - -loc_unattended: - reboot: true - -loc_needrestart: - override: [] - -loc_constellation: - allowed_hosts: - - 'constellation-dev.crans.org' - database: - host: '127.0.0.1' - user: 'constellation-dev' - name: 'constellation-dev' - applications: - - 'access' - - 'billing' - - 'debug' - - 'dnsmanager' - - 'firewall' - - 'layers' - - 'management' - - 'member' - - 'topography' - - 'unix' - stripe: - private_key: '{{ vault.constellation.stripe.test.private_key }}' - public_key: '{{ vault.constellation.stripe.test.public_key }}' - note: - url: 'https://note-dev.crans.org/' - client_id: '{{ vault.constellation.note.client_id }}' - client_secret: '{{ vault.constellation.note.client_secret }}' - debug: true - version: dev diff --git a/host_vars/tealc.adm.crans.org.yml b/host_vars/tealc.adm.crans.org.yml index 8618f5ad..52ff43b1 100644 --- a/host_vars/tealc.adm.crans.org.yml +++ b/host_vars/tealc.adm.crans.org.yml @@ -21,13 +21,11 @@ loc_postgres: - db: roundcube user: roundcube map: {name: webmail, system: www-data, pg: roundcube} - - {db: owncloud, user: owncloud} - {db: cas, user: cas} - - {db: hedgedoc, user: hedgedoc} + - {db: owncloud, user: owncloud} - {db: sqlgrey, user: sqlgrey, method: ident} - {db: re2o, user: re2o} - {db: re2o_test, user: re2o} - - {db: constellation-dev, user: constellation-dev} - {db: mailman3, user: mailman3} - {db: mailman3web, user: mailman3web} - {db: all, user: all, subnets: ['127.0.0.1/32', '::1/128'], local: true} diff --git a/hosts b/hosts index cd315b28..6edfe8fb 100644 --- a/hosts +++ b/hosts @@ -44,12 +44,6 @@ reverseproxy virtu vsftpd_mirror -[constellation:children] -constellation_front - -[constellation_front] -constellation-dev.adm.crans.org - [dhcp:children] routeurs_vm @@ -140,7 +134,6 @@ irc.adm.crans.org ptf.adm.crans.org [nginx:children] -constellation_front django_cas galene jitsi @@ -277,7 +270,6 @@ routeurs_vm [crans_physical] zamok.adm.crans.org -#zbee.adm.crans.org [crans_physical:children] aurore_physical @@ -291,24 +283,20 @@ belenios.adm.crans.org boeing.adm.crans.org cas.adm.crans.org chene.adm.crans.org -constellation-dev.adm.crans.org eclaircie.adm.crans.org eclat.adm.crans.org ethercalc.adm.crans.org en7.adm.crans.org flirt.adm.crans.org -fluxx.adm.crans.org fyre.adm.crans.org gitlab-ci.adm.crans.org gitzly.adm.crans.org helloworld.adm.crans.org hodaur.adm.crans.org -horde.adm.crans.org irc.adm.crans.org jitsi.adm.crans.org kenobi.adm.crans.org kiwi.adm.crans.org -ldap-adm.adm.crans.org linx.adm.crans.org mailman.adm.crans.org neree.adm.crans.org @@ -326,6 +314,7 @@ routeur-2754.adm.crans.org silice.adm.crans.org trinity.adm.crans.org voyager.adm.crans.org +wall-e.adm.crans.org yson-partou.adm.crans.org [viarezo_physical] diff --git a/plays/constellation.yml b/plays/constellation.yml deleted file mode 100755 index 68bfa737..00000000 --- a/plays/constellation.yml +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/env ansible-playbook ---- -- hosts: constellation - vars: - constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}" - roles: - - constellation - -- hosts: constellation_front - vars: - constellation: "{{ glob_constellation | combine(loc_constellation | default({}), recursive=True) }}" - nginx: "{{ glob_nginx | combine(loc_nginx | default({})) }}" - roles: - - nginx - - constellation-front - - constellation-doc diff --git a/roles/constellation-doc/tasks/main.yml b/roles/constellation-doc/tasks/main.yml deleted file mode 100644 index 31253733..00000000 --- a/roles/constellation-doc/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- name: Install Sphinx and RTD theme - apt: - update_cache: true - install_recommends: false - name: - - python3-sphinx - - python3-sphinx-rtd-theme - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Create documentation directory with good permissions - file: - path: /var/www/constellation-doc - state: directory - owner: www-data - group: www-data - mode: u=rwx,g=rwxs,o=rx - -- name: Build HTML documentation - command: sphinx-build -b dirhtml {{ project_path }}/docs/ /var/www/constellation-doc/ - become_user: www-data diff --git a/roles/constellation-front/handlers/main.yml b/roles/constellation-front/handlers/main.yml deleted file mode 100644 index 73c9606a..00000000 --- a/roles/constellation-front/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: Restart uWSGI - systemd: - name: uwsgi - state: restarted diff --git a/roles/constellation-front/tasks/main.yml b/roles/constellation-front/tasks/main.yml deleted file mode 100644 index 73d966b5..00000000 --- a/roles/constellation-front/tasks/main.yml +++ /dev/null @@ -1,110 +0,0 @@ ---- -- name: Install some front APT packages - apt: - install_recommends: false - update_cache: true - name: - - python3-django-crispy-forms - - python3-django-filters - - python3-djangorestframework - - python3-django-tables2 - - python3-docutils - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Install some front pip packages - pip: - name: - - git+https://gitlab.adm.crans.org/nounous/crispy-bootstrap5.git - -- name: Set data directories in development mode - when: constellation.version != "master" - set_fact: - project_path: /var/local/constellation - module_path: /var/local/constellation/constellation - -- name: Set data directories in production mode - when: constellation.version == "master" - set_fact: - project_path: /usr/local/lib/python3.9/dist-packages/constellation - module_path: /usr/local/lib/python3.9/dist-packages/constellation - -- name: Check front dependencies (production) - when: constellation.version == "master" - pip: - name: - - git+https://gitlab.adm.crans.org/nounous/constellation.git[front] - state: latest - -- name: Install uWSGI - apt: - install_recommends: false - update_cache: true - name: - - uwsgi - - uwsgi-plugin-python3 - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Copy constellation uWSGI app - template: - src: uwsgi/apps-available/constellation.ini.j2 - dest: /etc/uwsgi/apps-available/constellation.ini - owner: root - group: root - mode: 0644 - notify: Restart uWSGI - -- name: Activate constellation uWSGI app - file: - src: ../apps-available/constellation.ini - dest: /etc/uwsgi/apps-enabled/constellation.ini - owner: root - group: root - state: link - ignore_errors: "{{ ansible_check_mode }}" - notify: Restart uWSGI - -# In the future, migrations will be included in the repository. -- name: Make Django migrations - django_manage: - command: makemigrations - project_path: "{{ project_path }}" - notify: Restart uWSGI - -- name: Migrate database - django_manage: - command: migrate - project_path: "{{ project_path }}" - notify: Restart uWSGI - -- name: Create static files directory - file: - path: /var/lib/constellation/{{ item }} - state: directory - mode: "2775" - owner: www-data - group: "{{ constellation.group }}" - recurse: true - loop: - - static - - media - -- name: Symlink static and media directories (dev) - file: - src: /var/lib/constellation/{{ item }} - dest: /var/local/constellation/{{ item }} - state: link - owner: www-data - group: "{{ constellation.group }}" - loop: - - static - - media - -- name: Collect static files - django_manage: - command: collectstatic - project_path: "{{ project_path }}" - notify: Restart uWSGI diff --git a/roles/constellation-front/templates/uwsgi/apps-available/constellation.ini.j2 b/roles/constellation-front/templates/uwsgi/apps-available/constellation.ini.j2 deleted file mode 100644 index bf2bbeda..00000000 --- a/roles/constellation-front/templates/uwsgi/apps-available/constellation.ini.j2 +++ /dev/null @@ -1,23 +0,0 @@ -{{ ansible_header | comment }} - -[uwsgi] -uid = www-data -gid = www-data -# Django-related settings -# the base directory (full path) -chdir = {{ project_path }} -wsgi-file = {{ module_path }}/wsgi.py -plugin = python3 -# process-related settings -# master -master = true -# maximum number of worker processes -processes = 10 -# the socket (use the full path to be safe -socket = /var/run/uwsgi/app/constellation/constellation.sock -# ... with appropriate permissions - may be needed -chmod-socket = 664 -# clear environment on exit -vacuum = true -# Touch reload -touch-reload = {{ module_path }}/settings.py diff --git a/roles/constellation/tasks/main.yml b/roles/constellation/tasks/main.yml deleted file mode 100644 index c8ac9a4c..00000000 --- a/roles/constellation/tasks/main.yml +++ /dev/null @@ -1,143 +0,0 @@ ---- -- name: Pin Django from Debian bullseye-backports - template: - src: apt/sources.list.d/bullseye-backports.list.j2 - dest: /etc/apt/sources.list.d/bullseye-backports.list - -- name: Install constellation dependencies - apt: - update_cache: true - install_recommends: false - name: - - gettext - - python3-django - - python3-django-extensions - - python3-django-polymorphic - - python3-ipython - - python3-pip - - python3-psycopg2 - - python3-requests - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Install constellation pip dependencies - pip: - name: - - git+https://gitlab.adm.crans.org/nounous/django-dnsmanager.git - -- name: Set configuration directories in development mode - when: constellation.version != "main" - set_fact: - module_path: /var/local/constellation/constellation - project_path: /var/local/constellation - -- name: Set configuration directories in production mode - when: constellation.version == "main" - set_fact: - module_path: /usr/local/lib/python3.9/dist-packages/constellation - project_path: /usr/local/lib/python3.9/dist-packages/constellation - -- name: Create constellation directory - file: - path: /etc/constellation - state: directory - mode: "2775" - owner: "{{ constellation.owner }}" - group: "{{ constellation.group }}" - -- name: Set ACL for constellation directory - acl: - path: /etc/constellation - default: true - entity: nounou - etype: group - permissions: rwx - state: query - ignore_errors: "{{ ansible_check_mode }}" - -- name: Clone constellation repository (development) - when: constellation.version != "main" - git: - repo: https://gitlab.adm.crans.org/nounous/constellation.git - dest: "{{ project_path }}" - umask: "002" - version: "{{ constellation.version }}" - recursive: true - -- name: Install pip module with editable flag (development) - when: constellation.version != "main" - pip: - name: - - "{{ project_path }}" - editable: true - state: latest - -- name: Install and upgrade constellation (production) - when: constellation.version == "main" - pip: - name: - - git+https://gitlab.adm.crans.org/nounous/constellation.git - state: latest - -- name: Set owner of cloned project - when: constellation.version != "main" - file: - path: "{{ project_path }}" - owner: "{{ constellation.owner }}" - group: "{{ constellation.group }}" - recurse: true - -- name: Deploy Constellation settings_local.py - template: - src: constellation/settings_local.py.j2 - dest: /etc/constellation/settings_local.py - mode: 0660 - owner: "{{ constellation.settings_local_owner }}" - group: "{{ constellation.settings_local_group }}" - -- name: Symlink configuration file - file: - src: /etc/constellation/settings_local.py - dest: "{{ module_path }}/settings_local.py" - state: link - -- name: Deploy crontab - when: constellation.crontab - template: - src: cron.d/constellation.j2 - dest: /etc/cron.d/constellation - owner: root - group: root - mode: 0644 - -- name: Compile messages - when: not constellation.front - django_manage: - command: compilemessages - project_path: "{{ project_path }}" - -# In the future, migrations will be included in the repository. -- name: Make Django migrations (non-front app) - when: not constellation.front - django_manage: - command: makemigrations - project_path: "{{ project_path }}" - -- name: Migrate database (non-front app) - when: not constellation.front - django_manage: - command: migrate - project_path: "{{ project_path }}" - -- name: Load initial data (non-front app) - when: not constellation.front - django_manage: - command: loaddata initial - project_path: "{{ project_path }}" - -- name: Indicate constellation in motd - template: - src: update-motd.d/05-service.j2 - dest: /etc/update-motd.d/05-constellation - mode: 0755 diff --git a/roles/constellation/templates/apt/sources.list.d/bullseye-backports.list.j2 b/roles/constellation/templates/apt/sources.list.d/bullseye-backports.list.j2 deleted file mode 100644 index e231539d..00000000 --- a/roles/constellation/templates/apt/sources.list.d/bullseye-backports.list.j2 +++ /dev/null @@ -1,3 +0,0 @@ -{{ ansible_header | comment }} - -deb {{ debian_mirror }} bullseye-backports main diff --git a/roles/constellation/templates/constellation/settings_local.py.j2 b/roles/constellation/templates/constellation/settings_local.py.j2 deleted file mode 100644 index 913a2541..00000000 --- a/roles/constellation/templates/constellation/settings_local.py.j2 +++ /dev/null @@ -1,75 +0,0 @@ -{{ ansible_header | comment }} - -# A secret key used by the server. -SECRET_KEY = "{{ constellation.django_secret_key }}" - -# Should the server run in debug mode ? -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = {{ constellation.debug }} - -# A list of admins of the services. Receive mails when an error occurs -ADMINS = [{% for admin in constellation.admins %}{{ admin }}, {% endfor %}] - -# The list of hostname the server will respond to. -ALLOWED_HOSTS = [{% for host in constellation.allowed_hosts %}'{{ host }}', {% endfor %}] - -# Installed applications -LOCAL_APPS = [ -{% for app in constellation.applications %} - '{{ app }}', -{% endfor %} -] - -# Activate this option if a web front is needed -USE_FRONT = {{ constellation.front }} - -# The time zone the server is runned in -TIME_ZONE = 'Europe/Paris' - -# The storage systems parameters to use -DATABASES = { - 'default': { # The DB - 'ENGINE': 'django.db.backends.postgresql', - 'NAME': '{{ constellation.database.name }}', - 'USER': '{{ constellation.database.user }}', - 'PASSWORD': "{{ constellation.database.password }}", - 'HOST': '{{ constellation.database.host }}', - 'PORT': '{{ constellation.database.port }}', - }, -} - -{% if constellation.version == "main" %} -{% if constellation.front %} -STATIC_ROOT = "/var/lib/constellation/static/" - -{% endif %} -MEDIA_ROOT = "/var/lib/constellation/media/" -{% endif %} - -# The mail configuration for Constellation to send mails -EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' -EMAIL_USE_SSL = {{ constellation.email.ssl }} -EMAIL_HOST = '{{ constellation.email.host }}' -EMAIL_PORT = {{ constellation.email.port }} -EMAIL_HOST_USER = '{{ constellation.email.user }}' -EMAIL_HOST_PASSWORD = '{{ constellation.email.password }}' -SERVER_EMAIL = '{{ constellation.email.from }}' -DEFAULT_FROM_EMAIL = '{{ constellation.email.from_full }}' -{% if constellation.front %} -{% if constellation.comnpay is defined %} - -COMNPAY_ID_TPE = '{{ constellation.comnpay.tpe }}' -COMNPAY_SECRET_KEY = '{{ constellation.comnpay.secret }}' -{% endif %} -{% if constellation.stripe is defined %} - -STRIPE_PRIVATE_KEY = "{{ constellation.stripe.private_key }}" -STRIPE_PUBLIC_KEY = "{{ constellation.stripe.public_key }}" -{% endif %} -{% if constellation.note is defined %} - -NOTE_KFET_URL = "{{ constellation.note.url }}" -NOTE_KFET_CLIENT_ID = "{{ constellation.note.client_id }}" -NOTE_KFET_CLIENT_SECRET = "{{ constellation.note.client_secret }}" -{% endif %} -{% endif %} diff --git a/roles/constellation/templates/cron.d/constellation.j2 b/roles/constellation/templates/cron.d/constellation.j2 deleted file mode 100644 index c87dbea9..00000000 --- a/roles/constellation/templates/cron.d/constellation.j2 +++ /dev/null @@ -1,4 +0,0 @@ -{{ ansible_header }} - -# m h dom mon dow user command -24 4 * * * root constellation check_consistency diff --git a/roles/constellation/templates/update-motd.d/05-service.j2 b/roles/constellation/templates/update-motd.d/05-service.j2 deleted file mode 100755 index dee40fbe..00000000 --- a/roles/constellation/templates/update-motd.d/05-service.j2 +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/tail +14 -{{ ansible_header | comment }} -> Constellation a été déployé sur cette machine. Voir {{ project_path }}/.