15 Commits
v1.6 ... v3.1

Author SHA1 Message Date
fc7d4de480 projet AP4 ansible glpi 2023-12-07 14:10:44 +01:00
4f6469cd98 maj 2023-12-07 11:25:50 +01:00
d78881a752 ajout fichier config wireguard 2023-12-04 09:25:21 +01:00
777067579f mise a jour wireguard 2023-12-04 09:20:51 +01:00
5ac3c137f6 Supprimer sio2/AP/sdis2023.sql 2023-11-30 09:23:20 +01:00
9e35ca41c6 maj 2023-11-30 08:42:38 +01:00
a2e4e13f0e encore une maj 2023-11-24 15:34:30 +01:00
c4f16ca274 maj 2023-11-24 15:05:57 +01:00
e8cf17309b mise à jour 2023-11-23 11:57:30 +01:00
9a9122c181 correction playbook 2023-11-22 13:04:40 +01:00
9bdbe30539 maj AP 2023-11-21 11:27:27 +01:00
ak
fa3a3a8731 maj 2023-11-10 08:33:18 +01:00
e88bb6e440 ajout tp doku 2023-10-20 11:01:22 +02:00
365ac0717a tp ansible 2023-10-16 17:55:25 +02:00
d86d83103d ajout playboook syslog 2023-10-15 19:24:15 +02:00
27 changed files with 620 additions and 26 deletions

25
sio2/AP/apbase.yml Normal file
View File

@ -0,0 +1,25 @@
---
- name: apbase
hosts: web
become: yes
tasks:
- name: 1. Installer les paquets apache2 php et adminer
apt:
name:
- apache2
- php
- adminer
- php-mbstring
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. redémarrer apache et activer adminer
shell: sudo a2enconf adminer
- name: 3. redémarrer apache et activer adminer
shell: sudo systemctl reload apache2

52
sio2/AP/apdb.yml Normal file
View File

@ -0,0 +1,52 @@
---
- name: apdb
hosts: web
become: yes
tasks:
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: admin
password: admin
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 4. Creation de la base de donnee 'sdis2023'
community.mysql.mysql_db:
name: sdis2023
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 5. copier la base de donnée sur l'hôte distant
copy:
src: sdis2023.sql
dest: /tmp/sdis2023.sql
- name: 6. Restore la base de donnée
community.mysql.mysql_db:
name: sdis2023
state: import
target: /tmp/sdis2023.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
# - name: 5. Dump multiple databases
#community.mysql.mysql_db:
#state: dump
#name:
#- sdis2023
#target: sdis2023.sql
#login_unix_socket: /var/run/mysqld/mysqld.sock

20
sio2/AP/apdbdump.yml Normal file
View File

@ -0,0 +1,20 @@
---
- name: apdbdump
hosts: web
become: yes
tasks:
- name: 1. Dump multiple databases
community.mysql.mysql_db:
state: dump
name: sdis2023
target: /tmp/sdis2023.sql
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 2. recuperation de sdis2023.sql avec fetch
ansible.builtin.fetch:
src: /tmp/sdis2023.sql
dest: sdis2023-dump.sql
flat: yes

12
sio2/AP/drop.yml Normal file
View File

@ -0,0 +1,12 @@
---
- name: apdb
hosts: web
become: yes
tasks:
- name: 1. Suppression de la base de donnee 'sdis2023'
community.mysql.mysql_db:
name: sdis2023
state: absent
login_unix_socket: /var/run/mysqld/mysqld.sock

2
sio2/AP/hosts Normal file
View File

@ -0,0 +1,2 @@
[web]
ap33prod

22
sio2/AP4/Vagrantfile vendored Normal file
View File

@ -0,0 +1,22 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.provision "shell", inline: <<-SHELL
# export http_proxy=http://10.121.38.1:8080
# export https_proxy=http://10.121.38.1:8080
timedatectl set-timezone Europe/Paris
apt-get -y update
apt-get -y upgrade
SHELL
config.vm.define "glpi" do |glpi| # VM No'1
glpi.vm.box = "debian/bookworm64" # Type de la machine
glpi.vm.hostname = "glpi" # Nom de la machine
glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
glpi.vm.provision "ansible" do |ansible|
ansible.playbook = "glpi.yml" # Lance le playbook glpi.yml
end
end
end

44
sio2/AP4/glpi.yml Normal file
View File

@ -0,0 +1,44 @@
---
- name: glpi.yml
hosts: glpi
become: yes
tasks:
- name: 1. Installer apache php
apt:
name:
- apache2
- php
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. Installation des extensions php de GLPI
apt:
name:
- php-xml
- php-common
- php-mysql
- php-mbstring
- php-curl
- php-imap
- php-zip
- php-int1
- php-ldap
- php-xmlrpc
- php-imap
- php-bz2
state: present
notify: 3. redemarrer php
- name: 4. redémarrer apache et activer adminer
shell: sudo systemctl reload apache2
handlers:
- name: 3. redemarrer php
service:
name: php
state: restarted

30
sio2/AP4/glpidb.yml Normal file
View File

@ -0,0 +1,30 @@
---
- name: glpidb.yml
hosts: glpi
become: yes
tasks:
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: glpi
password: glpi
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 4. Creation de la base de donnee 'db_glpi'
community.mysql.mysql_db:
name: db_glpi
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock

31
sio2/AP4/install.yml Normal file
View File

@ -0,0 +1,31 @@
---
- name: install.yml
hosts: glpi
become: yes
tasks:
- name: 1. Telechargement de l'archive de glpi 10.0.10
get_url:
url: http://depl.sio.lan/store/glpi-10.0.10.tgz
dest: /tmp
- name: 2. Extraire glpi 10.0.10.tgz vers /tmp/
ansible.builtin.unarchive:
src: /tmp/glpi-10.0.10.tgz
dest: /var/www/html/
- name: 3. Changer propritaire group et permissions
file:
path: /var/www/html/doku
owner: www-data
group: www-data
mode: '0755'
recurse: yes
notify: 4. redemarrer apache2
handlers:
- name: 4. redemarrer apache2
service:
name: apache2
state: restarted

View File

@ -0,0 +1,30 @@
---
- name: glpidb.yml
hosts: glpi
become: yes
tasks:
- name: 1. Installer mariadb
apt:
name:
- mariadb-server
- python3-pymysql
state: present
- name: 2. s'assurer que mariadb est en fonctionnement
service:
name: mariadb
state: started
- name: 3. Creer un utilisateur et lui attribuer tous les droits
community.mysql.mysql_user:
name: glpi
password: glpi
priv: '*.*:ALL,GRANT'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
- name: 4. Creation de la base de donnee 'db_glpi'
community.mysql.mysql_db:
name: db_glpi
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock

View File

@ -0,0 +1,44 @@
---
- name: glpi.yml
hosts: glpi
become: yes
tasks:
- name: 1. Installer apache php
apt:
name:
- apache2
- php
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. Installation des extensions php de GLPI
apt:
name:
- php-xml
- php-common
- php-mysql
- php-mbstring
- php-curl
- php-imap
- php-zip
- php-int1
- php-ldap
- php-xmlrpc
- php-imap
- php-bz2
state: present
notify: 3. redemarrer php
- name: 4. redémarrer apache et activer adminer
shell: sudo systemctl reload apache2
handlers:
- name: 3. redemarrer php
service:
name: php
state: restarted

44
sio2/AP4/rp Normal file
View File

@ -0,0 +1,44 @@
---
- name: glpi.yml
hosts: glpi
become: yes
tasks:
- name: 1. Installer apache php
apt:
name:
- apache2
- php
state: present
#notify: 2. redémarrer apache et activer adminer
- name: 2. Installation des extensions php de GLPI
apt:
name:
- php-xml
- php-common
- php-mysql
- php-mbstring
- php-curl
- php-imap
- php-zip
- php-int1
- php-ldap
- php-xmlrpc
- php-imap
- php-bz2
state: present
notify: 3. redemarrer php
- name: 4. redémarrer apache et activer adminer
shell: sudo systemctl reload apache2
handlers:
- name: 3. redemarrer php
service:
name: php
state: restarted

23
sio2/CYBER/Cryptage/crypt.sh Executable file
View File

@ -0,0 +1,23 @@
#!/bin/bash
unn=$1
utilisateurmdp=$2
action=$3
ficcle=$4
user=$(echo $utilisateurmdp| cut -f1 -d/ )
mdp=$(echo $utilisateurmdp| cut -f2 -d/ )
echo $user
echo $mdp
[ -e /tmp/share ] || mkdir /tmp/share
mount.cifs -o "username=${user},password=${mdp}" //${unn} /tmp/share
if [[ $? == 0 ]] ;then
echo "le montage fonctionne cryptage en cours"
ccrypt ${action} -r -k ${ficcle} /tmp/share/*
umount /tmp/share
rm -r /tmp/share
else
echo "erreur montage $?"
exit 1
fi
exit 0

View File

@ -1,15 +1,10 @@
# local settings for Endpoint A
[Interface]
PrivateKey = aLihTWpe3bt3XwNPGOVS0mB9vfr4JqeZPyzhlgQ052k=
Address = 10.0.0.1/32
ListenPort = 51820
PrivateKey = iGPtDYyKYCoQVPofdo7KQXfC4OGCGOBXonF44nKUSFw=
Address = 10.0.0.2/32 # Adresses autorisées dans le VPN
Listenport = 51820
# IP forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# remote settings for Endpoint B
[Peer]
PublicKey = 8bEwgf4jUaIvZslBNwQSP3sNrJPZg1YDiFqyMCvJszo=
Endpoint = 192.168.3.2:51820
AllowedIPs = 10.0.0.2/32, 192.168.2.0/24
PublicKey = sAJc6fITMHs9Entb5upqGMN+4M+fnhIIpcWbQiqW50g= # de machine B
AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
Endpoint = 192.168.0.45:51820

View File

@ -0,0 +1,10 @@
[Interface]
Address = 10.0.0.1/32 # Adresses autorisées dans le VPN
Listenport = 51820
PrivateKey = YH3oUGyt8hXlqRINQIANWsqf7Bd+SJcyLhMLGPwbvHk=
[Peer]
PublicKey = k2Yzmoz+7e1TT+n2+zK9AHjssgQLp7DW0T3Zi+AtPV0= # de machine B
AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
Endpoint = 192.168.0.26:51820

View File

@ -1,15 +0,0 @@
# local settings for Endpoint B
[Interface]
PrivateKey = eLqg4jQCId97MOdcP5k0FIlxnaMBArlPPEaTVmRPWFk=
Address = 10.0.0.2/32
ListenPort = 51820
# IP forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# remote settings for Endpoint A
[Peer]
PublicKey = 5UQzcels7MqDXWdt2oDvfbjykISpYl4i8uYFytHijUc=
Endpoint = 192.168.3.2:51820
AllowedIPs = 10.0.0.1/32, 192.168.1.0/24

View File

@ -0,0 +1,9 @@
[adm]
infra
[web]
web1
web2
[doc]
doku

View File

@ -0,0 +1,6 @@
- hosts: doku
roles:
- web
- doku

View File

@ -0,0 +1,18 @@
vars:
- chemin_fichier: /var/www/html/doku
- name: recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl/store/dokuwiki-stable.tgz
dest: /tmp/
- name: Extraction archive
ansible.builtin.unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
- name: changer propriétaire du fichier var/www/html/doku
file:
path: "{{ chemin_fichier }}"
owner: www-data:www-data data lib conf
become: true

View File

@ -0,0 +1,37 @@
- name: 1. recuperation dokuwiki-stable.tgz depuis machine depl
get_url:
url: http://depl/store/dokuwiki-stable.tgz
dest: /tmp
- name: 2. Extraction archive dokuwiki-stage.tgz
unarchive:
src: /tmp/dokuwiki-stable.tgz
dest: /var/www/html/
remote_src: yes
- name: 3. stat dokuwiki
stat:
path: /var/www/html/dokuwiki-2023-04-04
register: doku_stat
- name: 4. On renomme doku-v... en doku
command: mv /var/www/html/dokuwiki-2023-04-04 /var/www/html/doku
when: doku_stat.stat.exists
- name: 5. Changer propritaire group et permissions
file:
path: /var/www/html/doku
owner: root
group: root
mode: '0755'
recurse: yes
- name: 6. Changer propritaire. group et permissions
file:
path: /var/www/html/doku
owner: www-data
group: www-data
recurse: yes
# mode: '755'

View File

@ -0,0 +1,13 @@
- name: 1. installe apache2 php et ces dependances
apt:
name:
- apache2
- php
# - php-gd
- php-mbstring
state: present
- name: 2. lance Apache
service:
name: apache2
state: started

View File

@ -0,0 +1,23 @@
---
- name: squid-j2.yml
hosts: infra
vars:
- proxy_port: 8080
- proxy_mem: 512
tasks:
- name: 1. assurer que squid est installe
service:
name: squid
state: started
- name: 2. Copie du squid.conf apres generation dynamique
template:
src: squid.conf.j2
dest: /etc/squid/squid.conf
notify: restart squid
handlers:
- name: restart squid
service:
name: squid
state: restarted

View File

@ -0,0 +1,22 @@
---
- name: squid.yml
hosts: infra
vars:
proxy_port: 8080
proxy_mem: 128
tasks:
- name: 1. installation de squid
apt:
name: squid
state: latest
- name: 2. recuperation de squid.conf avec fetch
ansible.builtin.fetch:
src: /etc/squid/squid.conf
dest: ./squid.conf
flat: yes

View File

@ -0,0 +1,45 @@
---
- name: syslog.yml
hosts: web
tasks:
- name: 1. installer rsyslog
apt:
name: rsyslog
state: latest
- name: ajout du serveur syslog distant
lineinfile:
path: /etc/rsyslog.conf
line: '*.* @172.20.10.4:514'
insertbefore: EOF
create: yes
notify:
- 5. redemarrer rsyslog
# - name: 3. Ajout de la ligne ForwardToSyslog
#shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
- name: 4. Decommente la ligne ForwardToSyslog
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify: 6. redemarrer journald.service
# notify:
#- restart rsyslog
#- name: redemarrage de syslog
#- restart journald.service
#- name: redemarrage de journald.service
handlers:
- name: 5. redemarrer rsyslog
service:
name: rsyslog
state: restarted
- name: 6. redemarrer journald.service
service:
name: systemd-journald.service
state: restarted

View File

@ -0,0 +1,52 @@
---
- name: syslog.yml
hosts: infra
tasks:
- name: 1. installer rsyslog
apt:
name: rsyslog
state: latest
- name: 2. decommente le chargement du module imudp dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#module\(load="imudp"\)'
replace: 'module(load="imudp")'
notify:
- 5. redemarrer rsyslog
- name: 3. decommente le chargement du module imudp port 514 dans rsyslog.conf
replace:
path: /etc/rsyslog.conf
regexp: '^#input\(type="imudp" port="514"\)'
replace: 'input(type="imudp" port="514")'
notify:
- 5. redemarrer rsyslog
# - name: 3. Ajout de la ligne ForwardToSyslog
#shell: echo "ForwardToSyslog=yes" >> /etc/systemd/journald.conf
- name: 4. Decommente la ligne ForwardToSyslog
replace:
path: /etc/systemd/journald.conf
regexp: '^#ForwardToSyslog=yes'
replace: 'ForwardToSyslog=yes'
notify: 6. redemarrer journald.service
# notify:
#- restart rsyslog
#- name: redemarrage de syslog
#- restart journald.service
#- name: redemarrage de journald.service
handlers:
- name: 5. redemarrer rsyslog
service:
name: rsyslog
state: restarted
- name: 6. redemarrer journald.service
service:
name: systemd-journald.service
state: restarted