projet AP4 ansible glpi

maj
ajout fichier config wireguard
2023-12-07 14:10:44 +01:00 · 2023-12-07 11:25:50 +01:00 · 2023-12-04 09:25:21 +01:00 · 2023-12-04 09:20:51 +01:00 · 2023-11-30 09:23:20 +01:00 · 2023-11-30 08:42:38 +01:00
16 changed files with 395 additions and 26 deletions
--- a/sio2/AP/apbase.yml
+++ b/sio2/AP/apbase.yml
@ -0,0 +1,25 @@
+---
+- name: apbase
+  hosts: web
+  become: yes
+  tasks:
+  - name: 1. Installer les paquets apache2 php et adminer
+    apt:
+      name:
+        - apache2 
+        - php
+        - adminer
+        - php-mbstring
+      state: present
+        #notify: 2. redémarrer apache et activer adminer
+  
+  - name: 2. redémarrer apache et activer adminer
+    shell: sudo a2enconf adminer
+
+  - name: 3. redémarrer apache et activer adminer
+    shell: sudo systemctl reload apache2    
+
+
+
+
+
--- a/sio2/AP/apdb.yml
+++ b/sio2/AP/apdb.yml
@ -0,0 +1,52 @@
+---
+- name: apdb
+  hosts: web
+  become: yes
+  tasks:
+
+    - name: 1. Installer mariadb
+      apt:
+        name:
+          - mariadb-server
+          - python3-pymysql
+        state: present
+
+    - name: 2. s'assurer que mariadb est en fonctionnement
+      service:
+        name: mariadb
+        state: started
+
+    - name: 3. Creer un utilisateur et  lui attribuer tous les droits
+      community.mysql.mysql_user:
+        name: admin
+        password: admin
+        priv: '*.*:ALL,GRANT'
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: 4. Creation de la base de donnee  'sdis2023'
+      community.mysql.mysql_db:
+        name: sdis2023
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: 5. copier la base de donnée sur l'hôte distant
+      copy:
+        src: sdis2023.sql
+        dest: /tmp/sdis2023.sql
+
+    - name: 6. Restore la base de donnée
+      community.mysql.mysql_db:
+        name: sdis2023
+        state: import
+        target: /tmp/sdis2023.sql
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+          # - name: 5. Dump multiple databases
+          #community.mysql.mysql_db:
+          #state: dump
+          #name:
+          #- sdis2023
+          #target: sdis2023.sql
+          #login_unix_socket: /var/run/mysqld/mysqld.sock
+
--- a/sio2/AP/apdbdump.yml
+++ b/sio2/AP/apdbdump.yml
@ -0,0 +1,20 @@
+---
+- name: apdbdump
+  hosts: web
+  become: yes
+  tasks:
+
+    
+  - name: 1. Dump multiple databases
+    community.mysql.mysql_db:
+      state: dump
+      name: sdis2023
+      target: /tmp/sdis2023.sql
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: 2. recuperation de sdis2023.sql avec fetch
+    ansible.builtin.fetch:
+      src: /tmp/sdis2023.sql
+      dest: sdis2023-dump.sql
+      flat: yes
+
--- a/sio2/AP/drop.yml
+++ b/sio2/AP/drop.yml
@ -0,0 +1,12 @@
+---
+- name: apdb
+  hosts: web
+  become: yes
+  tasks:
+    - name: 1. Suppression de la base de donnee  'sdis2023'
+      community.mysql.mysql_db:
+        name: sdis2023
+        state: absent
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+
--- a/sio2/AP/hosts
+++ b/sio2/AP/hosts
@ -0,0 +1,2 @@
+[web]
+ap33prod
--- a/sio2/AP4/Vagrantfile
+++ b/sio2/AP4/Vagrantfile
@ -0,0 +1,22 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.provision "shell", inline: <<-SHELL
+#     export http_proxy=http://10.121.38.1:8080
+#     export https_proxy=http://10.121.38.1:8080
+     timedatectl set-timezone Europe/Paris
+     apt-get -y update
+     apt-get -y upgrade 
+  SHELL
+
+  config.vm.define "glpi" do |glpi| # VM No'1
+    glpi.vm.box = "debian/bookworm64" # Type de la machine 
+    glpi.vm.hostname = "glpi" # Nom de la machine
+    glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
+    glpi.vm.provision "ansible" do |ansible|
+      ansible.playbook = "glpi.yml" # Lance le playbook glpi.yml
+    end
+  end
+end
+
--- a/sio2/AP4/glpi.yml
+++ b/sio2/AP4/glpi.yml
@ -0,0 +1,44 @@
+---
+- name: glpi.yml
+  hosts: glpi
+  become: yes
+  tasks:
+  - name: 1. Installer apache php 
+    apt:
+      name:
+        - apache2 
+        - php
+      state: present
+        #notify: 2. redémarrer apache et activer adminer
+ 
+  - name: 2. Installation des extensions php de GLPI
+    apt:
+      name:
+        - php-xml 
+        - php-common
+        - php-mysql
+        - php-mbstring
+        - php-curl
+        - php-imap
+        - php-zip
+        - php-int1
+        - php-ldap
+        - php-xmlrpc
+        - php-imap
+        - php-bz2
+      state: present
+    notify: 3. redemarrer php
+  - name: 4. redémarrer apache et activer adminer
+    shell: sudo systemctl reload apache2
+
+  handlers:
+    - name: 3. redemarrer php
+      service:
+        name: php
+        state: restarted
+
+
+
+
+
+
--- a/sio2/AP4/glpidb.yml
+++ b/sio2/AP4/glpidb.yml
@ -0,0 +1,30 @@
+---
+- name: glpidb.yml
+  hosts: glpi
+  become: yes
+  tasks:
+  - name: 1. Installer mariadb
+    apt:
+      name:
+        - mariadb-server 
+        - python3-pymysql
+      state: present
+
+  - name: 2. s'assurer que mariadb est en fonctionnement
+    service:
+      name: mariadb
+      state: started
+
+  - name: 3. Creer un utilisateur et  lui attribuer tous les droits
+    community.mysql.mysql_user:
+      name: glpi
+      password: glpi
+      priv: '*.*:ALL,GRANT'
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: 4. Creation de la base de donnee  'db_glpi'
+    community.mysql.mysql_db:
+      name: db_glpi
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
--- a/sio2/AP4/install.yml
+++ b/sio2/AP4/install.yml
@ -0,0 +1,31 @@
+---
+- name: install.yml
+  hosts: glpi
+  become: yes
+  tasks:
+  - name: 1. Telechargement de l'archive de glpi 10.0.10
+    get_url:
+      url: http://depl.sio.lan/store/glpi-10.0.10.tgz
+      dest: /tmp
+
+  - name: 2.  Extraire glpi 10.0.10.tgz vers /tmp/
+    ansible.builtin.unarchive:
+      src: /tmp/glpi-10.0.10.tgz
+      dest: /var/www/html/
+
+  - name: 3. Changer propritaire group et permissions
+    file:
+      path: /var/www/html/doku
+      owner: www-data
+      group: www-data
+      mode: '0755'
+      recurse: yes
+    notify: 4. redemarrer apache2
+
+    handlers: 
+    - name: 4. redemarrer apache2
+      service:
+        name: apache2
+        state: restarted
+
+
--- a/sio2/AP4/role/bdd/tasks/main.yml
+++ b/sio2/AP4/role/bdd/tasks/main.yml
@ -0,0 +1,30 @@
+---
+- name: glpidb.yml
+  hosts: glpi
+  become: yes
+  tasks:
+  - name: 1. Installer mariadb
+    apt:
+      name:
+        - mariadb-server 
+        - python3-pymysql
+      state: present
+
+  - name: 2. s'assurer que mariadb est en fonctionnement
+    service:
+      name: mariadb
+      state: started
+
+  - name: 3. Creer un utilisateur et  lui attribuer tous les droits
+    community.mysql.mysql_user:
+      name: glpi
+      password: glpi
+      priv: '*.*:ALL,GRANT'
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: 4. Creation de la base de donnee  'db_glpi'
+    community.mysql.mysql_db:
+      name: db_glpi
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
--- a/sio2/AP4/role/web/tasks/main.yml
+++ b/sio2/AP4/role/web/tasks/main.yml
@ -0,0 +1,44 @@
+---
+- name: glpi.yml
+  hosts: glpi
+  become: yes
+  tasks:
+  - name: 1. Installer apache php 
+    apt:
+      name:
+        - apache2 
+        - php
+      state: present
+        #notify: 2. redémarrer apache et activer adminer
+ 
+  - name: 2. Installation des extensions php de GLPI
+    apt:
+      name:
+        - php-xml 
+        - php-common
+        - php-mysql
+        - php-mbstring
+        - php-curl
+        - php-imap
+        - php-zip
+        - php-int1
+        - php-ldap
+        - php-xmlrpc
+        - php-imap
+        - php-bz2
+      state: present
+    notify: 3. redemarrer php
+  - name: 4. redémarrer apache et activer adminer
+    shell: sudo systemctl reload apache2
+
+  handlers:
+    - name: 3. redemarrer php
+      service:
+        name: php
+        state: restarted
+
+
+
+
+
+
--- a/sio2/AP4/rp
+++ b/sio2/AP4/rp
@ -0,0 +1,44 @@
+---
+- name: glpi.yml
+  hosts: glpi
+  become: yes
+  tasks:
+  - name: 1. Installer apache php 
+    apt:
+      name:
+        - apache2 
+        - php
+      state: present
+        #notify: 2. redémarrer apache et activer adminer
+ 
+  - name: 2. Installation des extensions php de GLPI
+    apt:
+      name:
+        - php-xml 
+        - php-common
+        - php-mysql
+        - php-mbstring
+        - php-curl
+        - php-imap
+        - php-zip
+        - php-int1
+        - php-ldap
+        - php-xmlrpc
+        - php-imap
+        - php-bz2
+      state: present
+    notify: 3. redemarrer php
+  - name: 4. redémarrer apache et activer adminer
+    shell: sudo systemctl reload apache2
+
+  handlers:
+    - name: 3. redemarrer php
+      service:
+        name: php
+        state: restarted
+
+
+
+
+
+
--- a/sio2/CYBER/Cryptage/crypt.sh
+++ b/sio2/CYBER/Cryptage/crypt.sh
@ -0,0 +1,23 @@
+#!/bin/bash
+unn=$1
+utilisateurmdp=$2
+action=$3
+ficcle=$4
+user=$(echo $utilisateurmdp| cut -f1 -d/ )
+mdp=$(echo $utilisateurmdp| cut -f2 -d/ )
+echo $user
+echo $mdp
+[ -e /tmp/share ] ||  mkdir /tmp/share
+mount.cifs -o "username=${user},password=${mdp}" //${unn}  /tmp/share
+if [[ $? == 0 ]] ;then
+	echo "le montage fonctionne cryptage en cours"
+	ccrypt ${action} -r -k ${ficcle} /tmp/share/*
+	umount /tmp/share
+	rm -r /tmp/share
+else
+	echo "erreur montage $?"
+	exit 1
+fi
+exit 0
+
+
--- a/sio2/CYBER/Wireguard/wg0-a.conf
+++ b/sio2/CYBER/Wireguard/wg0-a.conf
@ -1,15 +1,10 @@
-# local settings for Endpoint A
 [Interface]
-PrivateKey = aLihTWpe3bt3XwNPGOVS0mB9vfr4JqeZPyzhlgQ052k=
-Address = 10.0.0.1/32
-ListenPort = 51820
+PrivateKey = iGPtDYyKYCoQVPofdo7KQXfC4OGCGOBXonF44nKUSFw=
+Address = 10.0.0.2/32 # Adresses autorisées dans le VPN
+Listenport = 51820

-# IP forwarding
-PreUp = sysctl -w net.ipv4.ip_forward=1
-
-# remote settings for Endpoint B
 [Peer]
-PublicKey = 8bEwgf4jUaIvZslBNwQSP3sNrJPZg1YDiFqyMCvJszo=
-Endpoint = 192.168.3.2:51820
-AllowedIPs = 10.0.0.2/32, 192.168.2.0/24
+PublicKey = sAJc6fITMHs9Entb5upqGMN+4M+fnhIIpcWbQiqW50g= # de machine B
+AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
+Endpoint = 192.168.0.45:51820

--- a/sio2/CYBER/Wireguard/wg0-b.conf
+++ b/sio2/CYBER/Wireguard/wg0-b.conf
@ -0,0 +1,10 @@
+[Interface]
+Address = 10.0.0.1/32 # Adresses autorisées dans le VPN
+Listenport = 51820
+PrivateKey = YH3oUGyt8hXlqRINQIANWsqf7Bd+SJcyLhMLGPwbvHk=
+
+[Peer]
+PublicKey = k2Yzmoz+7e1TT+n2+zK9AHjssgQLp7DW0T3Zi+AtPV0= # de machine B
+AllowedIPs = 10.0.0.0/24 # le peer peut acceder au serveur
+Endpoint = 192.168.0.26:51820
+
--- a/sio2/CYBER/wg0-b.conf
+++ b/sio2/CYBER/wg0-b.conf
@ -1,15 +0,0 @@
-# local settings for Endpoint B
-[Interface]
-PrivateKey = eLqg4jQCId97MOdcP5k0FIlxnaMBArlPPEaTVmRPWFk=
-Address = 10.0.0.2/32
-ListenPort = 51820
-
-# IP forwarding
-PreUp = sysctl -w net.ipv4.ip_forward=1
-
-# remote settings for Endpoint A
-[Peer]
-PublicKey = 5UQzcels7MqDXWdt2oDvfbjykISpYl4i8uYFytHijUc=
-Endpoint = 192.168.3.2:51820
-AllowedIPs = 10.0.0.1/32, 192.168.1.0/24
-
Author	SHA1	Message	Date
Alhassane Kone	fc7d4de480	projet AP4 ansible glpi	2023-12-07 14:10:44 +01:00
Alhassane Kone	4f6469cd98	maj	2023-12-07 11:25:50 +01:00
root	d78881a752	ajout fichier config wireguard	2023-12-04 09:25:21 +01:00
root	777067579f	mise a jour wireguard	2023-12-04 09:20:51 +01:00
alhassane.kone	5ac3c137f6	Supprimer sio2/AP/sdis2023.sql	2023-11-30 09:23:20 +01:00
Alhassane Kone	9e35ca41c6	maj	2023-11-30 08:42:38 +01:00
Alhassane Kone	a2e4e13f0e	encore une maj	2023-11-24 15:34:30 +01:00
Alhassane Kone	c4f16ca274	maj	2023-11-24 15:05:57 +01:00
Alhassane Kone	e8cf17309b	mise à jour	2023-11-23 11:57:30 +01:00
root	9a9122c181	correction playbook	2023-11-22 13:04:40 +01:00
Alhassane Kone	9bdbe30539	maj AP	2023-11-21 11:27:27 +01:00
ak	fa3a3a8731	maj	2023-11-10 08:33:18 +01:00