Install re2o on new infra

2020-08-10 02:25:54 +02:00 · 2020-08-10 02:25:54 +02:00 · aacd9e1e31
parent 22ae971903
commit aacd9e1e31
7 changed files with 66 additions and 20 deletions
--- a/group_vars/all/vars.yaml
+++ b/group_vars/all/vars.yaml
@ -1,4 +1,5 @@
 ---
+
 # Custom header
 dirty: "{{lookup('pipe', 'git diff --quiet || echo dirty')}}"
 ansible_header: |
@ -40,7 +41,8 @@ adm_subnet: 10.231.136.0/24
 #
 #
 # # global server definitions
-# mail_server: smtp.adm.crans.org
+glob_smtp: smtp.adm.crans.org
+
 glob_ldap:
  servers:
    - 172.16.10.1
--- a/group_vars/re2o.yml
+++ b/group_vars/re2o.yml
@ -0,0 +1,17 @@
+---
+glob_re2o:
+  django_secret_key: "{{ vault_re2o_django_secret_key }}"
+  aes_key: "{{ vault_re2o_aes_key }}"
+  admins:
+    - ('Root', 'root@crans.org')
+  allowed_hosts:
+    - 're2o.adm.crans.org'
+    - 'intranet.adm.crans.org'
+  from_email: "root@crans.org"
+  ldap:
+    master_password: "{{ vault_ldap_master_password }}"
+    uri: "ldap://re2o-ldap.adm.crans.org/"
+    dn: "cn=admin,dc=crans,dc=org"
+  database:
+      password: "{{ vault_re2o_db_password }}"
+      uri: "tealc.adm.crans.org"
--- a/host_vars/re2o-newinfra.adm.crans.org.yml
+++ b/host_vars/re2o-newinfra.adm.crans.org.yml
@ -0,0 +1,12 @@
+---
+interfaces:
+  adm: eth0
+  srv-nat: eth1
+
+
+loc_re2o:
+  owner: root
+  group: nounou
+  version: master
+  settings_local_owner: root
+  settings_local_group: nounou
--- a/4
+++ b/4
@ -25,6 +25,9 @@
 # [test_vm]
 # re2o-test.adm.crans.org

+[re2o]
+re2o-newinfra.adm.crans.org
+
 [bdd]
 tealc.adm.crans.org

@ -62,6 +65,7 @@ jack.adm.crans.org
 routeur-sam.adm.crans.org
 routeur-daniel.adm.crans.org
 belenios # on changera plus tard
+re2o-ldap.adm.crans.org

 [ovh_physical]
 sputnik.adm.crans.org
--- a/plays/re2o.yml
+++ b/plays/re2o.yml
@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: re2o
+  vars:
+    re2o: "{{ glob_re2o | combine(loc_re2o) }}"
+  roles:
+    - re2o
--- a/roles/re2o/tasks/main.yml
+++ b/roles/re2o/tasks/main.yml
@ -14,7 +14,9 @@
      - python3-dateutil
      - python3-djangorestframework
      - python3-django-reversion
+      - python3-django-ldapdb
      - python3-pip
+      - python3-pil
      - python3-crypto
      - python3-git
      - python3-psycopg2
@ -32,7 +34,7 @@
    executable: pip2
    name:
      - django-bootstrap3
-      - django-ldapdb==0.9.0
+      - django-ldapdb==1.3.0
      - django-macaddress

 - name: Install re2o pip3 dependancies
@ -40,7 +42,6 @@
    executable: pip3
    name:
      - django-bootstrap3
-      - django-ldapdb==0.9.0
      - django-macaddress

 - name: Create re2o directory
--- a/roles/re2o/templates/re2o/settings_local.py.j2
+++ b/roles/re2o/templates/re2o/settings_local.py.j2
@ -7,7 +7,7 @@ from __future__ import unicode_literals
 SECRET_KEY = '{{ re2o.django_secret_key }}'

 # The password to access the project database
-DB_PASSWORD = '{{ re2o.db_password }}'
+DB_PASSWORD = '{{ re2o.database.password }}'

 # AES key for secret key encryption.
 # The length must be a multiple of 16
@ -18,10 +18,10 @@ AES_KEY = '{{ re2o.aes_key }}'
 DEBUG = False

 # A list of admins of the services. Receive mails when an error occurs
-ADMINS = [('Root', 'root@crans.org')]
+ADMINS = [{% for admin in re2o.admins %}{{ admin }}, {% endfor %}]

 # The list of hostname the server will respond to.
-ALLOWED_HOSTS = ['re2o.crans.org', 're2o.adm.crans.org', 'intranet.crans.org', 'intranet.adm.crans.org', 're2o-srv.crans.org', 're2o-srv.adm.crans.org', 'intranet.switches.crans.org', 're2o.switches.crans.org', 're2o-srv.switches.crans.org']
+ALLOWED_HOSTS = [{% for host in re2o.allowed_hosts %}'{{ host }}', {% endfor %}]

 # The time zone the server is runned in
 TIME_ZONE = 'Europe/Paris'
@ -33,7 +33,7 @@ DATABASES = {
        'NAME': 're2o',
        'USER': 're2o',
        'PASSWORD': DB_PASSWORD,
-        'HOST': 'pgsql.adm.crans.org',
+        'HOST': '{{ re2o.database.uri }}',
        'TEST': {
            'CHARSET': 'utf8',
            'COLLATION': 'utf8_general_ci'
@ -41,10 +41,10 @@ DATABASES = {
    },
    'ldap': {  # The LDAP
        'ENGINE': 'ldapdb.backends.ldap',
-        'NAME': 'ldap://re2o-ldap.adm.crans.org/',
-        'USER': 'cn=admin,dc=crans,dc=org',
+        'NAME': '{{ re2o.ldap.uri }}',
+        'USER': 'cn=admin,{{ glob_ldap.base }}',
        'TLS': False,
-        'PASSWORD': '{{ ldap.master_password }}',
+        'PASSWORD': '{{ re2o.ldap.master_password }}',
    }
 }

@ -62,17 +62,17 @@ SESSION_COOKIE_AGE = 60 * 60 * 3
 LOGO_PATH = "static_files/logo.png"

 # The mail configuration for Re2o to send mails
-SERVER_EMAIL = 'root@crans.org'  # The mail address to use
-EMAIL_HOST = 'smtp.adm.crans.org'           # The host to use
+SERVER_EMAIL = '{{ re2o.from_email }}'  # The mail address to use
+EMAIL_HOST = '{{ glob_smtp }}'           # The host to use
 EMAIL_PORT = 25             # The port to use

 # Settings of the LDAP structure
 LDAP = {
-    'base_user_dn' : u'cn=Utilisateurs,dc=crans,dc=org',
-    'base_userservice_dn' : u'ou=service-users,dc=crans,dc=org',
-    'base_usergroup_dn' : u'ou=posix,ou=groups,dc=crans,dc=org',
-    'base_userservicegroup_dn' : u'ou=services,ou=groups,dc=crans,dc=org',
-    'base_dn' : 'dc=crans,dc=org',
+    'base_user_dn': u'cn=Utilisateurs,{{ glob_ldap.base }}',
+    'base_userservice_dn': u'ou=service-users,{{ glob_ldap.base }}',
+    'base_usergroup_dn': u'ou=posix,ou=groups,{{ glob_ldap.base }}',
+    'base_userservicegroup_dn': u'ou=services,ou=groups,{{ glob_ldap.base }}',
+    'base_dn': '{{ glob_ldap.base }}',
    'user_gid': 500,
 }

@ -87,7 +87,10 @@ GID_RANGES = {
    'posix': [501, 600],
 }

-CAPTIVE_IP_RANGE = "10.51.0.0/16"
+# CAPTIVE_IP_RANGE = "10.51.0.0/16"
+
+# Some optionnal Re2o Apps
+OPTIONNAL_APPS_RE2O = ()

 # Some Django apps you want to add in you local project
-OPTIONNAL_APPS = ('api',)
+OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + ('api',)