[re2o] install dependancies and settings_local.py

2019-12-17 10:05:15 +01:00 · 2019-12-17 10:05:15 +01:00 · a349437217
parent bd4c72e974
commit a349437217
3 changed files with 155 additions and 3 deletions
--- a/network.yml
+++ b/network.yml
@ -39,5 +39,13 @@
  vars:
    re2o:
      owner: root
+      group: nounou
+      settings_local_owner: root
+      settings_local_group: root
+      db_password: "{{ vault_re2o_db_password }}"
+      django_secret_key: "{{ vault_re2o_django_secret_key }}"
+      aes_key: "{{ vault_re2o_aes_key }}"
+    ldap:
+      master_password: "{{ vault_ldap_master_password }}"
  roles:
    - re2o
--- a/roles/re2o/tasks/main.yml
+++ b/roles/re2o/tasks/main.yml
@ -1,16 +1,61 @@
 ---
+- name: Install re2o dependancies
+  apt:
+    update_cache: true
+    name:
+      - python-django
+      - python-dateutil
+      - python-djangorestframework
+      - python-django-reversion
+      - python-pip
+      - python-psycopg2
+      - ipython
+      - python3-django
+      - python3-dateutil
+      - python3-djangorestframework
+      - python3-django-reversion
+      - python3-pip
+      - python3-crypto
+      - python3-git
+      - python3-psycopg2
+      - ipython3
+      - libsasl2-dev
+      - libldap2-dev
+      - libssl-dev
+      - javascript-common
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Install re2o pip dependancies
+  pip:
+    executable: pip2
+    name:
+      - django-bootstrap3
+      - django-ldapdb==0.9.0
+      - django-macaddress
+
+- name: Install re2o pip3 dependancies
+  pip:
+    executable: pip3
+    name:
+      - django-bootstrap3
+      - django-ldapdb==0.9.0
+      - django-macaddress
+
 - name: Create re2o directory
  file:
    path: /var/www/re2o
    state: directory
    mode: '2775'
    owner: "{{ re2o.owner }}"
-    group: nounou
+    group: "{{ re2o.group }}"

 - name: Set ACL for re2o project
  command: setfacl -d -m 'g::rwx' /var/www/re2o

- git:
+- name: Clone re2o repository
+  git:
    repo: 'http://gitlab.adm.crans.org/nounous/re2o.git'
    dest: /var/www/re2o
    umask: '002'
@ -28,4 +73,10 @@
    dest: /etc/update-motd.d/05-re2o
    mode: 0755

-#TODO: deploy settings_local.py
+- name: Deploy Re2o settings_local.py
+  template:
+    src: re2o/settings_local.py.j2
+    dest: /var/www/re2o/re2o/settings_local.py
+    mode: 0660
+    owner: "{{ re2o.settings_local_owner }}"
+    group: "{{ re2o.settings_local_group }}"
--- a/roles/re2o/templates/re2o/settings_local.py.j2
+++ b/roles/re2o/templates/re2o/settings_local.py.j2
@ -0,0 +1,93 @@
+# -*- mode: python; coding: utf-8 -*-
+# {{ ansible_managed }}
+
+from __future__ import unicode_literals
+
+# A secret key used by the server.
+SECRET_KEY = '{{ re2o.django_secret_key }}'
+
+# The password to access the project database
+DB_PASSWORD = '{{ re2o.db_password }}'
+
+# AES key for secret key encryption.
+# The length must be a multiple of 16
+AES_KEY = '{{ re2o.aes_key }}'
+
+# Should the server run in debug mode ?
+# SECURITY WARNING: don't run with debug turned on in production!
+DEBUG = False
+
+# A list of admins of the services. Receive mails when an error occurs
+ADMINS = [('Root', 'root@crans.org')]
+
+# The list of hostname the server will respond to.
+ALLOWED_HOSTS = ['re2o.crans.org', 're2o.adm.crans.org', 'intranet.crans.org', 'intranet.adm.crans.org', 're2o-srv.crans.org', 're2o-srv.adm.crans.org', 'intranet.switches.crans.org', 're2o.switches.crans.org', 're2o-srv.switches.crans.org']
+
+# The time zone the server is runned in
+TIME_ZONE = 'Europe/Paris'
+
+# The storage systems parameters to use
+DATABASES = {
+    'default': {  # The DB
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        'NAME': 're2o',
+        'USER': 're2o',
+        'PASSWORD': DB_PASSWORD,
+        'HOST': 'pgsql.adm.crans.org',
+        'TEST': {
+            'CHARSET': 'utf8',
+            'COLLATION': 'utf8_general_ci'
+        }
+    },
+    'ldap': {  # The LDAP
+        'ENGINE': 'ldapdb.backends.ldap',
+        'NAME': 'ldap://re2o-ldap.adm.crans.org/',
+        'USER': 'cn=admin,dc=crans,dc=org',
+        'TLS': False,
+        'PASSWORD': '{{ ldap.master_password }}',
+    }
+}
+
+# Security settings for secure https
+# Activate once https is correctly configured
+SECURE_CONTENT_TYPE_NOSNIFF = False
+SECURE_BROWSER_XSS_FILTER = False
+SESSION_COOKIE_SECURE = False
+CSRF_COOKIE_SECURE = False
+CSRF_COOKIE_HTTPONLY = False
+X_FRAME_OPTIONS = 'DENY'
+SESSION_COOKIE_AGE = 60 * 60 * 3
+
+# The path where your organization logo is stored
+LOGO_PATH = "static_files/logo.png"
+
+# The mail configuration for Re2o to send mails
+SERVER_EMAIL = 'root@crans.org'  # The mail address to use
+EMAIL_HOST = 'smtp.adm.crans.org'           # The host to use
+EMAIL_PORT = 25             # The port to use
+
+# Settings of the LDAP structure
+LDAP = {
+    'base_user_dn' : u'cn=Utilisateurs,dc=crans,dc=org',
+    'base_userservice_dn' : u'ou=service-users,dc=crans,dc=org',
+    'base_usergroup_dn' : u'ou=posix,ou=groups,dc=crans,dc=org',
+    'base_userservicegroup_dn' : u'ou=services,ou=groups,dc=crans,dc=org',
+    'base_dn' : 'dc=crans,dc=org',
+    'user_gid': 500,
+    }
+
+# A range of UID to use. Used in linux environement
+UID_RANGES = {
+    'users': [11001, 20000],
+    'service-users': [30000, 31000],
+}
+
+# A range of GID to use. Used in linux environement
+GID_RANGES = {
+    'posix': [501, 600],
+}
+
+CAPTIVE_IP_RANGE = "10.51.0.0/16"
+
+# Some Django apps you want to add in you local project
+OPTIONNAL_APPS = ('api',)