Téléverser les fichiers vers "sio2/CYBER/Journald"

README.md

@@ -1,3 +0,0 @@
-# siotp
-
-Ceci est le répertoire qui servira à accueillir les travaux du BTS SIO 

sio2/AP4/Vagrantfile

@@ -0,0 +1,22 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.provision "shell", inline: <<-SHELL
+#     export http_proxy=http://10.121.38.1:8080
+#     export https_proxy=http://10.121.38.1:8080
+     timedatectl set-timezone Europe/Paris
+     apt-get -y update
+     apt-get -y upgrade 
+  SHELL
+
+  config.vm.define "glpi" do |glpi| # VM No'1
+    glpi.vm.box = "debian/bookworm64" # Type de la machine 
+    glpi.vm.hostname = "glpi" # Nom de la machine
+    glpi.vm.network "public_network" #, ip: "192.168.0.111"# Set static IP
+    glpi.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/glpi.yml" # Lance le playbook glpi.yml
+    end
+  end
+end
+

sio2/AP4/hosts

@@ -0,0 +1,2 @@
+[web]
+glpi

sio2/AP4/provision/glpi.yml

@@ -0,0 +1,7 @@
+---
+- hosts: all
+  become: true
+  roles:
+    - web
+    - bdd
+    - glpi

sio2/AP4/provision/roles/bdd/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+  - name: restart mariadb
+    service:
+      name: mariadb.service
+      state: restarted

sio2/AP4/provision/roles/bdd/tasks/main.yml

@@ -0,0 +1,29 @@
+- name: 1. Installer mariadb
+  apt:
+    name:
+      - mariadb-server 
+      - python3-pymysql
+    state: present
+
+- name: 2. s'assurer que mariadb est en fonctionnement
+  service:
+    name: mariadb
+    state: started
+
+- name: 3. Creer un utilisateur et  lui attribuer tous les droits
+  community.mysql.mysql_user:
+    name: glpi
+    password: glpi
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify:
+    - restart mariadb
+
+- name: 4. Creation de la base de donnee  'db_glpi'
+  community.mysql.mysql_db:
+    name: db_glpi
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify:
+    - restart mariadb

sio2/AP4/provision/roles/glpi/tasks/main.yml

@@ -0,0 +1,21 @@
+--- 
+- name: 1. Telechargement de l'archive de glpi 10.0.10
+  get_url:
+    url: http://depl.sio.lan/store/glpi-10.0.10.tgz
+    dest: /tmp
+
+- name: 2.  Extraire glpi 10.0.10.tgz vers /tmp/
+  ansible.builtin.unarchive:
+    src: /tmp/glpi-10.0.10.tgz
+    dest: /var/www/html/
+    remote_src: true 
+
+- name: 3.  Changer propritaire group et permissions
+  file:
+    path: /var/www/html/glpi
+    owner: www-data
+    group: www-data
+    mode: '0755'
+    recurse: yes
+
+

sio2/AP4/provision/roles/web/handlers/main.yml

@@ -0,0 +1,6 @@
+--- 
+- name: restart apache2
+  service: 
+    name: apache2
+    state: restarted
+

sio2/AP4/provision/roles/web/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: 1. Installer apache php 
+  apt:
+    name:
+      - apache2 
+      - php
+      - curl 
+    state: present
+
+      #notify: 2. redémarrer apache et activer adminer 
+- name: 2. Installation des extensions php de GLPI
+  apt:
+    name:
+      - php-xml 
+      - php-common
+      - php-json
+      - php-mysql
+      - php-mbstring
+      - php-curl
+      - php-gd
+      - php-intl
+      - php-imap
+      - php-apcu
+      - php-zip
+      - php-xmlrpc
+      - php-bz2
+      - php-ldap
+    state: present
+  notify:
+    - restart apache2

sio2/CYBER/Journald/journal-upload.conf

@@ -0,0 +1,19 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it under the
+#  terms of the GNU Lesser General Public License as published by the Free
+#  Software Foundation; either version 2.1 of the License, or (at your option)
+#  any later version.
+#
+# Entries in this file show the compile time defaults. Local configuration
+# should be created by either modifying this file, or by creating "drop-ins" in
+# the journal-upload.conf.d/ subdirectory. The latter is generally recommended.
+# Defaults can be restored by simply deleting this file and all drop-ins.
+#
+# See journal-upload.conf(5) for details.
+
+[Upload]
+URL=http://192.168.1.42:19532
+# ServerKeyFile=/etc/ssl/private/journal-upload.pem
+# ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
+# TrustedCertificateFile=/etc/ssl/ca/trusted.pem

sio2/CYBER/Journald/journald-rcv.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+sudo timedatectl set-timezone Europe/Paris
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+sudo systemctl enable --now systemd-journal-remote.socket
+sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
+sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
+[[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
+sudo chown systemd-journal-remote /var/log/journal/remote
+sudo systemctl daemon-reload

sio2/CYBER/Journald/journald-snd.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# usage : ./journald-snd.sh 192.168.1.100
+sudo timedatectl set-timezone Europe/Paris
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+rpl="s/^# URL=/URL=http:\/\/${1}:19532/"  # $1 represente l'adresse du recepteur
+sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
+sudo systemctl enable --now systemd-journal-upload.service
+sudo systemctl restart systemd-journal-upload.service

sio2/CYBER/Journald/systemd-journal-remote.service

@@ -0,0 +1,46 @@
+#  SPDX-License-Identifier: LGPL-2.1-or-later
+#
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Journal Remote Sink Service
+Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
+Requires=systemd-journal-remote.socket
+
+[Service]
+ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/
+LockPersonality=yes
+LogsDirectory=journal/remote
+MemoryDenyWriteExecute=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateNetwork=yes
+PrivateTmp=yes
+ProtectProc=invisible
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=strict
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+SystemCallArchitectures=native
+User=systemd-journal-remote
+WatchdogSec=3min
+
+# If there are many split up journal files we need a lot of fds to access them
+# all in parallel.
+LimitNOFILE=524288
+
+[Install]
+Also=systemd-journal-remote.socket