ajout yml

Ansible/confsrv.yml

@@ -0,0 +1,43 @@
+---
+- hosts: srv
+  remote_user: root
+  tasks:
+  - name: création de sioadm
+    user:
+      name: sioadm
+      state: present
+      generate_ssh_key: yes
+      password: "{{ 'sioadm' | password_hash('sha512') }}"
+      uid: 1200
+      groups: sudo
+      append: yes
+    register: mavar
+  - name: debug
+    debug:
+      msg: "{{ mavar }}"
+  - name: export clé publique
+    authorized_key:
+      user: "{{ sioadm }}"
+      key: /sioadm/.ssh/id_rsa.pub 
+      state: present 
+  - name: désinstaller paquets wpasupplicant
+    apt :
+      name : wpasupplicant
+      state: absent
+  - name: désinstaller paquets rpcbindd
+    apt :
+      name : rpcbind
+      state: absent
+  - name: copie fichier resolv.conf
+    copy:
+      src:resolv.conf
+      dest:/etc
+  - name: disable SSH access for root
+    lineinfile:
+      path: /etc/ssh/sshd_config
+      regexp: '^(.*)#PermitRootLogin prohibit-password(.*)$"
+      replace: "PermitRootLogin prohibit-password"
+  - name: copie fichier sshd_config
+    copy:
+      src:sshd_config
+      dest:/etc/ssh/

Ansible/cr-ansible.txt

@@ -0,0 +1,21 @@
+Script démarré sur 2021-11-24 09:49:54+01:00 [TERM="xterm-256color" TTY="/dev/pts/0" COLUMNS="126" LINES="45"]
+[?2004hroot@ansible:~# sed -i 's/srv/ansible/g' /etc/host{s,name};reboot
ip -br anano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot
apt install ansible -y
ip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot
poweroffapt update && apt upgrade -y
sed -i 's/bullseye/test/g' /etc/host{s,name};reboot
apt update && apt upgrade -y
poweroffsed -i 's/test/ansible/g' /etc/host{s,name};reboot
ip -br aapt install ansible -y
sed -i 's/ansible/srv/g' /etc/host{s,name};reboot
nano resolv.confip -br ased -i 's/srv/ansible/g' /etc/host{s,name};reboot
sed -i 's/srv/ansible/g' /etc/host{s,name};reboot
ip -br anano resolv.confsed -i 's/ansible/srv/g' /etc/host{s,name};reboot
apt install ansible -y
ip -br ased -i 's/test/ansible/g' /etc/host{s,name};reboot
poweroffapt update && apt upgrade -y
sed -i 's/bullseye/test/g' /etc/host{s,name};reboot
poweroffnano /etc/ssh/sshd_config
lspoweroffip rnlapoweroffapt autoremovecleaninstall vim curl mc sudo ansible-playbook -i hiosrts confsrv.yml
+[?2004l
[WARNING]: Found both group and host with same name: srv
+ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each:
+JSON: Expecting value: line 1 column 1 (char 0)
+
+Syntax Error while loading YAML.
+  found unexpected end of stream
+
+The error appears to be in '/root/confsrv.yml': line 44, column 1, but may
+be elsewhere in the file depending on the exact syntax problem.
+
+The offending line appears to be:
+
+      src:sshd_config
+      dest:/etc/ssh/
+^ here
+[?2004hroot@ansible:~# [?2004l
+exit
+
+Script terminé sur 2021-11-24 09:50:32+01:00 [COMMAND_EXIT_CODE="4"]

Ansible/hosts

@@ -0,0 +1,2 @@
+[srv]
+srv

Ansible/resolv.conf

@@ -0,0 +1,4 @@
+search sio.lan
+domain sio.lan
+nameserver 10.121.38.7
+nameserver 10.121.38.8

Ansible/sshd_config

@@ -0,0 +1,124 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
+PermitRootLogin prohibit-password

Python/Python/exotp2-exprregu

@@ -0,0 +1,11 @@
+#!/usr/bin/python3
+import sys
+import re
+
+regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)'
+for line in sys.stdin:
+    line = line.rstrip ()
+    match =re.match (regexp, line)
+    if match :
+        print (match.group(1)," ",match.group(8))
+#        for line in

Python/analog.py

@@ -0,0 +1,23 @@
+#!/usr/bin/python3
+import sys
+import re
+
+cptip = {}
+
+
+regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)'
+for line in sys.stdin:
+        line = line.rstrip ()
+        match =re.match (regexp, line)
+        if match :
+            print (match.group(1)," ",match.group(8))
+            #print {match.group(1)}
+            ip = match.group(1)
+            vol = int(match.group(8))
+            if ip in cptip :
+                cptip[ip] = cptip[ip] + vol
+            else:
+                cptip[ip] = vol
+
+for key in cptip.keys():
+    print(key, ":", cptip[key]) 

nxc/hosts

@@ -0,0 +1,2 @@
+[test]
+192.168.0.22

nxc/inst-nxc.yml

@@ -0,0 +1,11 @@
+---
+- name: Installation de Docker Nextcloud et  Traefik
+  hosts: test 
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - docker
+    - nextcloud
+    - traefik

nxc/roles/docker/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: Téléchargement get.docker
+  get_url:
+    url: http://s-adm/gsbstore/getdocker.sh
+    dest: /tmp
+    mode: '0755'
+
+- name: Execution du script get_docker
+  script: /tmp/get_docker.sh
+
+- name: Téléchargement docker-compose
+  get_url:
+    url: http://s-adm/gsbstore/docker-compose
+    dest: /usr/local/bin               
+    mode: '0755'

nxc/roles/nextcloud/tasks/main.yml

@@ -0,0 +1,32 @@
+---
+- name: Creation du repertoire nextcloud
+  file:
+    path: /root/nxc
+    state: directory
+
+- name: Download foo.conf
+  get_url:
+    url: http://example.com/path/file.conf
+    dest: /etc/foo.conf
+    mode: '0755'
+
+- name: Execution du script get_docker
+  script: /root/nextcloud/get_docker.sh
+
+- name: Installation de docker-compose
+  shell: curl -L "https://github.com/docker/compose/releases/download/1.28.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
+
+- name: Attribution des droits de docker compose
+  file:
+    path: /usr/local/bin/docker-compose
+    mode: '755'
+
+- name: Copie de docker-compose.yml
+  copy: 
+    src: /root/tools/ansible/gsb2021/roles/docker-nextcloud/files/docker-compose.yml
+    dest: /root/nextcloud
+
+- name: Execution du fichier docker-compose.yml
+  shell: docker-compose up -d
+  args:
+    chdir: /root/nextcloud

testansible/dokuw/local.yml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  roles:
+  - web
+  - doku

testansible/dokuw/roles/web/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: installation apache2
+  apt:
+    name: apache2
+    state: present
+
+- name: installation php
+  apt:
+    name: php
+    state: present
+

testansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

testansible/index.html

@@ -0,0 +1 @@
+On m'appelle l'ovni

testansible/squid.yml

@@ -0,0 +1,16 @@
+---
+- hosts: 
+
+  tasks:
+  - name: install squid
+    apt :
+      name: squid
+      state: present
+
+  - name: mise en place du fichier de conf
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify:
+      - restart squid
+      

testansible/syslog-cli.yml

@@ -0,0 +1,25 @@
+- hosts: web
+  tasks:
+  - name: on decommente l'option ForwardToSyslog=yes dans /etc/systemd/journald>
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify:
+    - restart journald
+  - name: Ajoute l'indication de serveur syslog distant
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @192.168.0.37:514'
+      create: yes
+    notify:
+    - restart rsyslog
+  handlers:
+  - name: restart journald
+    service:
+      name: systemd-journald.service
+      state: restarted
+  - name: restart rsyslog
+    service:
+      name: rsyslog
+      state: restarted

testansible/syslog.yml

@@ -0,0 +1,22 @@
+- hosts: adm
+  tasks:
+  - name: on active le module imudp dans /etc/rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify:
+    - restart rsyslog
+  - name: on decommente la ligne input type imudp port 514 dans /etc/rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify:
+    - restart rsyslog
+  handlers:
+  - name: restart rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+

testansible/web.yml

@@ -0,0 +1,27 @@
+---
+- hosts: web
+  vars:
+    http_port: 80
+    max_clients: 200
+  remote_user: root
+  tasks:
+  - name: install apache2
+    apt :
+      name: apache2
+      state: present
+  - name: install php
+    apt : 
+      name: php
+      state: present
+  - name: install php-mbstring
+    apt :
+      name: php-mbstring
+      state: present
+  - name: apache is running
+    service:
+      name: apache2
+      state: started
+  - name: copie fichier index.html
+    copy:
+      src: index.html
+      dest: /var/www/html/

tp_loadbalancing/recup

@@ -0,0 +1,4 @@
+#!/bin/sh
+while true ; do
+	curl -s http://192.168.0.151 -o /dev/null
+done

tp_pxe/dhcpd.conf

@@ -0,0 +1,114 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+option domain-name "192.168.1.1";
+option domain-name-servers 192.168.1.1;
+
+default-lease-time 600;
+max-lease-time 7200;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+subnet 192.168.1.0 netmask 255.255.255.0 {
+	range 192.168.1.10 192.168.1.30;
+	option routers 192.168.1.1;
+	option broadcast-address 192.168.1.254;
+	default-lease-time 600;
+	max-lease-time 7200;
+	filename "pxelinux.0";
+	next-server 192.168.1.1;
+}
+
+# This is a very basic subnet declaration.
+
+#subnet 10.254.239.0 netmask 255.255.255.224 {
+#  range 10.254.239.10 10.254.239.20;
+#  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
+#}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

tp_pxe/interfaces

@@ -0,0 +1,18 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug enp0s3
+iface enp0s3 inet dhcp
+
+allow-hotplug enp0s8
+iface enp0s8 inet static
+	address 192.168.1.1/24
+	up /root/nat.sh
+

tp_pxe/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+#DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+#INTERFACESv6=""

tp_pxe/nat.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+echo "1" > /proc/sys/net/ipv4/ip_forward
+iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE # eth0 est l'interface externe