anthony.arnoux/gsb2023
1
0
Fork 0
forked from gadmin/gsb2023
Code Pull Requests Activity

reorg. + doc

Browse Source
This commit is contained in:
phil 2023-02-01 23:25:37 +01:00
parent dbe75506e3
commit 87e0e17eec
14 changed files with 59 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -1,6 +1,6 @@
# gsb2023 # gsb2023
2023-01-30 ps 2023-02-01 ps
Environnement et playbooks ansible pour le projet GSB 2023 Environnement et playbooks ansible pour le projet GSB 2023
@ -13,7 +13,6 @@ Prérequis :
* **debian-buster-gsb-2023a.ova** * **debian-buster-gsb-2023a.ova**
* **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid * **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid
* **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad** * **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad**
* **r-int** : routage, DHCP * **r-int** : routage, DHCP
@ -42,13 +41,25 @@ Prérequis :
## Installation ## Installation
On utilisera l'image de machine virtuelle suivante : On utilisera les images de machines virtuelle suivantes :
* **debian-bullseye-2023a.ova** (2023-01-06) * **debian-bullseye-2023a.ova** (2023-01-06)
* Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go * Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go
et pour **s-fog** :
* **debian-buster-2023a.ova** (2023-01-06)
* Debian Buster 10 - 2 cartes - 1 Go - stockage 20 Go
On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer une VM
```shell
gsb2023>
cd pre
$ mkvm s-adm
```
### Machine s-adm ### Machine s-adm
* créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut * créer la machine virtuelle **s-adm** avec **mkvm * comme décrit plus haut.
* renommer la machine puis redémarrer * renommer la machine puis redémarrer
* taper : * taper :
```shell ```shell
@ -66,11 +77,10 @@ On utilisera l'image de machine virtuelle suivante :
### Pour chaque machine ### Pour chaque machine
- importer la machine à partir du fichier **.ova** - créer la machine avec **mkvm**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications
- définir les cartes réseau en accord avec le plan d'adressage et le schéma
- donner le nom adapté (avec sed -i …) - donner le nom adapté (avec sed -i …)
- redémarrer - redémarrer
- mettre à jour les paquets : apt update && apt upgrade - mettre à jour les paquets : apt update
- cloner le dépot : - cloner le dépot :
```shell ```shell
mkdir -p tools/ansible ; cd tools/ansible mkdir -p tools/ansible ; cd tools/ansible

0
s-web.yml → old/s-web.yml
View File

0
s-web1.yml → old/s-web1.yml
View File

0
s-web2.yml → old/s-web2.yml
View File

0
s-web3.yml → old/s-web3.yml
View File

3
roles/lb-bd/files/.my.cnf
View File

@ -1,3 +0,0 @@
[client]
user=root
password=root

16
roles/lb-bd/files/installmysql.sh
View File

@ -1,16 +0,0 @@
# Download and Install the Latest Updates for the OS
apt-get update && apt-get upgrade -y
# Install MySQL Server in a Non-Interactive mode. Default root password will be "root"
echo "mysql-server mysql-server/root_password password root" | debconf-set-selections
echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
apt-get -y install mysql-server
# Run the MySQL Secure Installation wizard
mysql_secure_installation
sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /etc/mysql/my.cnf
mysql -uroot -p -e 'USE mysql; UPDATE `user` SET `Host`="%" WHERE `User`="root" AND `Host`="localhost"; DELETE FROM `user` WHERE `Host` != "%" AND `User`="root"; FLUSH PRIVILEGES;'
service mysql restart

128
roles/lb-bd/files/my.cnf
View File

@ -1,128 +0,0 @@
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#slow_query_log_file = /var/log/mysql/mysql-slow.log
#slow_query_log = 1
#long_query_time = 2
#log_queries_not_using_indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

5
roles/lb-bd/handlers/main.yml
View File

@ -1,3 +1,4 @@
--- ---
- name: restart mysql-server - name: restart mariadb
service: name=mysql-server state=restarted ansible.builtin.service:
name: mariadb

35
roles/lb-bd/tasks/main.yml
View File

@ -1,4 +1,35 @@
--- ---
- name: Install paquets
apt: name=mysql-server state=present force=yes - name: modules python pour
apt:
name: python3-pymysql
state: present
- name: install mariadb-server
apt:
name: mariadb-server
state: present
- name: Cree Bd wordpress
mysql_db:
db: wordpressdb
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
- name: Ouvre port 3306 mariadb-server
replace:
path: /etc/mysql/mariadb.conf.d/50-server.cnf
regexp: '^bind-address.*'
replace: '#bind-adress = 127.0.0.1'
backup: yes
notify: restart mariadb
- name: Create MySQL user for wordpress
mysql_user:
name: wordpressuser
password: wordpresspasswd
priv: "wordpressdb.*:ALL"
host: '%'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock

40
s-lb-bd.yml
View File

@ -3,47 +3,11 @@
become: true become: true
tasks: tasks:
- name: modules python pour
apt:
name: python3-pymysql
state: present
- name: install mariadb-server
apt:
name: mariadb-server
state: present
- name: Cree Bd wordpress
mysql_db:
db: wordpressdb
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
- name: Ouvre port 3306 mariadb-server
replace:
path: /etc/mysql/mariadb.conf.d/50-server.cnf
regexp: '^bind-address.*'
replace: '#bind-adress = 127.0.0.1'
backup: yes
notify: restart mariadb
- name: Create MySQL user for wordpress
mysql_user:
name: wordpressuser
password: wordpresspasswd
priv: "wordpressdb.*:ALL"
host: '%'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
handlers:
- name: restart mariadb
ansible.builtin.service:
name: mariadb
state: restarted
roles: roles:
- base - base
- goss - goss
- lb-bd
- post - post
- snmp-agent - snmp-agent
- ssh-cli

2
s-lb-web1.yml
View File

@ -7,3 +7,5 @@
- post - post
- lb-web - lb-web
- snmp-agent - snmp-agent
- ssh-cli

1
s-lb-web2.yml
View File

@ -7,3 +7,4 @@
- post - post
- lb-web - lb-web
- snmp-agent - snmp-agent
- ssh-cli

1
s-lb.yml
View File

@ -7,5 +7,6 @@
- goss - goss
- lb-front - lb-front
- snmp-agent - snmp-agent
- ssh-cli
- post - post