s-webcom dmz

route ok r-vp1
route ok s-agence
2023-06-06 12:07:08 +02:00 · 2023-06-05 17:59:42 +02:00 · 2023-06-05 17:32:22 +02:00 · 2023-06-04 12:48:40 +02:00 · 2023-06-04 12:46:57 +02:00 · 2023-06-01 19:06:16 +02:00
15 changed files with 57 additions and 11 deletions
--- a/goss/s-webcom.yaml
+++ b/goss/s-webcom.yaml
@ -0,0 +1,24 @@
+package:
+  apache2:
+    installed: true
+addr:
+  tcp://depl.sio.lan:80:
+    reachable: true
+    timeout: 500
+port:
+  tcp:80:
+    listening: true
+service:
+  apache2:
+dns:
+  depl.sio.lan:
+    resolveable: true
+    timeout: 500
+process:
+  apache2:
+    running: true
+interface:
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.12/24
--- a/r-vp1.yml
+++ b/r-vp1.yml
@ -16,4 +16,5 @@
   - wireguard-r
   - ssh-cli
   - syslog-cli
+   - fw-ferm
   
--- a/r-vp2.yml
+++ b/r-vp2.yml
@ -19,3 +19,4 @@
   - post
   - ssh-cli
   - syslog-cli
+   - fw-ferm
--- a/roles/apache2only/handlers/main.yml
+++ b/roles/apache2only/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
--- a/roles/apache2only/tasks/main.yml
+++ b/roles/apache2only/tasks/main.yml
@ -0,0 +1,10 @@
+---
+- name: apt update
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Install apache2
+  apt:
+    pkg:
+    - apache2
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@ -34,6 +34,7 @@ s-lb		IN	A	192.168.100.10
 s-web1          IN      A       192.168.101.1
 s-web2          IN      A       192.168.101.2
 s-lb.gsb.lan    IN      A       192.168.100.10
+s-webcom.gsb.lan	IN	A	192.168.100.12
 ns   	        IN      CNAME   s-infra.gsb.lan.
 wpad		IN	CNAME	s-infra.gsb.lan.
 s-peertube	IN	A	192.168.100.20
--- a/roles/dns-master/files/db.gsb.lan.rev
+++ b/roles/dns-master/files/db.gsb.lan.rev
@ -25,6 +25,7 @@ $TTL    604800
 101.2     IN      PTR     s-web2
 100.10   IN      PTR      s-lb
 100.10   IN      PTR      s-lb.gsb.lan
+100.12	 IN	 PTR	  s-webcom.gsb.lan.
 11.0	  IN	  PTR	  s-elk.gsb.lan.
 17.0	  IN	  PTR	  s-gestsup.lan
-254.0     IN      PTR     r-int.gsb.lan.
+254.0     IN      PTR     r-int.gsb.lan.
--- a/roles/nagios/files/cfg/s-webcom.cfg
+++ b/roles/nagios/files/cfg/s-webcom.cfg
@ -8,7 +8,7 @@ define host{
        use                     linux-server            ; Name of host template to use
        host_name               s-webcom
        alias                   debian-servers, http-servers
-        address                 172.16.0.12
-		parents			r-int
+        address                 192.168.100.12
+		parents			r-ext
        }

--- a/roles/nagios/files/hostgroups.cfg
+++ b/roles/nagios/files/hostgroups.cfg
@ -2,7 +2,7 @@ define hostgroup {

    hostgroup_name          debian-servers           ; The name of the hostgroup
    alias                   Linux Servers           ; Long name of the group
-    members                 s-infra, s-proxy, s-adm, s-nxc, s-appli, s-backup, s-itil, s-fog, r-int, r-ext, s-webcom               ; Comma separated list of hosts that belong to this group
+    members                 s-infra, s-proxy, s-adm, s-nxc, s-appli, s-backup, s-itil, s-fog, r-int, r-ext               ; Comma separated list of hosts that belong to this group
 }

 define hostgroup {
--- a/roles/post/files/interfaces.r-vp1
+++ b/roles/post/files/interfaces.r-vp1
@ -15,6 +15,7 @@ allow-hotplug enp0s8
 iface enp0s8 inet static
 	address 192.168.1.2
 	netmask 255.255.255.0
+	post-up route add default gw 192.168.1.1

 # accés par pont et entre vpn
 allow-hotplug enp0s9
--- a/roles/post/files/interfaces.s-agence
+++ b/roles/post/files/interfaces.s-agence
@ -11,4 +11,4 @@ iface enp0s3 inet dhcp

 allow-hotplug enp0s8
 iface enp0s8 inet dhcp
-
+	post-up route add default gw 172.16.128.254
--- a/roles/post/files/interfaces.s-webcom
+++ b/roles/post/files/interfaces.s-webcom
@ -16,6 +16,6 @@ iface enp0s3 inet static
 # cote N-infra
 allow-hotplug enp0s8
 iface enp0s8 inet static
-	address 172.16.0.12
+	address 192.168.100.12
 	netmask 255.255.255.0
-	post-up route add -net 172.16.64.0/24 gw 172.16.0.254
+	gateway 192.168.100.254
--- a/s-webcom.yml
+++ b/s-webcom.yml
@ -7,5 +7,5 @@
    - ssh-cli
    - syslog-cli
    - snmp-agent
-    - apache2
+    - apache2only
    - post
--- a/scripts/mkvm
+++ b/scripts/mkvm
@ -1,6 +1,6 @@
 #!/bin/bash

-mkvmrelease="v1.2.2"
+mkvmrelease="v1.2.3"

 ovarelease="2023b"
 ovafogrelease="2023b"
@ -11,7 +11,7 @@ deletemode=0
 usage () {
 	echo "$0 - version ${mkvmrelease} - Ova version ${ovarelease}"
 	echo "$0 : creation VM et parametrage interfaces"
-	echo "usage : $0 [-r] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog>"
+	echo "usage : $0 [-r] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog|s-webcom>"
 	echo "       option -r : efface vm existante avant creation nouvelle"
 	exit 1
 }
@ -80,6 +80,8 @@ elif [[ "${vm}" == "r-ext" ]] ; then
 	./addint.r-ext
 elif [[ "${vm}" == "s-mon" ]] ; then
        create_if "${vm}" "n-adm" "n-infra"
+elif [[ "${vm}" == "s-webcom" ]] ; then
+        create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-appli" ]] ; then
        create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-backup" ]] ; then
--- a/scripts/mkvm.ps1
+++ b/scripts/mkvm.ps1
@ -3,7 +3,7 @@

 #mkvm pour toutes les vms

-$mkvmrelease="v1.2.2"
+$mkvmrelease="v1.2.3"
 $ovarelease="2023b"
 $ovafogrelease="2023b"
 $ovafile="$HOME\Downloads\debian-bullseye-gsb-${ovarelease}.ova"
Author	SHA1	Message	Date
unknown	ac1b14410a	s-webcom dmz	2023-06-06 12:07:08 +02:00
sio user	261c2d5fdd	route ok r-vp1	2023-06-05 17:59:42 +02:00
sio user	4ef9572db1	route ok s-agence	2023-06-05 17:32:22 +02:00
unknown	908e8431a9	fw-ferm role r-vpX ok	2023-06-04 12:48:40 +02:00
unknown	c8e333984d	mkvm linux webcom ok	2023-06-04 12:46:57 +02:00
unknown	bf53efbe7e	role apache2only pour s-webcom	2023-06-01 19:06:16 +02:00
unknown	b24ffddff7	s-webcom goss	2023-06-01 14:37:53 +02:00