From 6844d059742757fce848332c859b860b16efa644 Mon Sep 17 00:00:00 2001 From: bb Date: Wed, 27 Jan 2021 08:50:13 +0100 Subject: [PATCH 1/8] chemin absolu + interface dhcp agence --- roles/post/files/interfaces.r-vp1 | 6 +++--- roles/post/files/interfaces.r-vp2 | 4 ++-- roles/post/files/interfaces.s-agence | 3 +++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/roles/post/files/interfaces.r-vp1 b/roles/post/files/interfaces.r-vp1 index ce75e55..b2345c5 100644 --- a/roles/post/files/interfaces.r-vp1 +++ b/roles/post/files/interfaces.r-vp1 @@ -21,9 +21,9 @@ allow-hotplug enp0s9 iface enp0s9 inet static address 192.168.1.2 netmask 255.255.255.0 - post-up ip route add 172.16.128.0/24 via 192.168.1.2 - post-up ip route add 172.16.0.0/24 via 192.168.1.1 - post-up ip route add 192.168.200.0/24 via 192.168.1.1 + post-up /usr/sbin/ip route add 172.16.128.0/24 via 192.168.1.2 + post-up /usr/sbin/ip route add 172.16.0.0/24 via 192.168.1.1 + post-up /usr/sbin/ip route add 192.168.200.0/24 via 192.168.1.1 # up route add -net 172.16.128.0/24 gw 192.168.0.52 # up route add default gw 192.168.1.1 diff --git a/roles/post/files/interfaces.r-vp2 b/roles/post/files/interfaces.r-vp2 index 233bf5b..2790d47 100644 --- a/roles/post/files/interfaces.r-vp2 +++ b/roles/post/files/interfaces.r-vp2 @@ -21,8 +21,8 @@ allow-hotplug enp0s9 iface enp0s9 inet static address 192.168.0.52 netmask 255.255.255.0 - post-up ip route add 192.168.1.0/24 via 172.16.128.254/24 - post-up ip route add 172.16.0.0/24 via 172.16.128.254/24 + post-up /usr/sbin/ip route add 192.168.1.0/24 via 172.16.128.254/24 + post-up /usr/sbin/ip route add 172.16.0.0/24 via 172.16.128.254/24 # up route add -net 192.168.1.0/24 gw 192.168.0.52 # post-up /bin/bash /root/iptables-vpn diff --git a/roles/post/files/interfaces.s-agence b/roles/post/files/interfaces.s-agence index 98a4301..be903f4 100644 --- a/roles/post/files/interfaces.s-agence +++ b/roles/post/files/interfaces.s-agence @@ -9,3 +9,6 @@ iface lo inet loopback allow-hotplug enp0s3 iface enp0s3 inet dhcp +allow-hotplug enp0s8 +iface enp0s8 inet dhcp + From 575eaea4224a8625fed12b7abdbf64cead406efe Mon Sep 17 00:00:00 2001 From: tl Date: Wed, 27 Jan 2021 09:13:04 +0100 Subject: [PATCH 2/8] ajout s-lb-web3 --- roles/s-lb-ab/files/haproxy.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/s-lb-ab/files/haproxy.cfg b/roles/s-lb-ab/files/haproxy.cfg index 37933e3..f58d66e 100644 --- a/roles/s-lb-ab/files/haproxy.cfg +++ b/roles/s-lb-ab/files/haproxy.cfg @@ -44,7 +44,7 @@ backend fermeweb #option httpchk HEAD / HTTP/1.0 server s-lb-web1 192.168.101.1:80 check server s-lb-web2 192.168.101.2:80 check - +# server s-lb-web3 192.168.101.2:80 check listen stats bind *:8080 From e36173b0799ae64c4bd820b30278c3d33264e12f Mon Sep 17 00:00:00 2001 From: am Date: Wed, 27 Jan 2021 11:18:18 +0100 Subject: [PATCH 3/8] modif docker compose ajout proxy --- .../docker-nextcloud/files/docker-compose.yml | 4 +- roles/docker-nextcloud/files/proxy | 100 ++++++++++++++++++ 2 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 roles/docker-nextcloud/files/proxy diff --git a/roles/docker-nextcloud/files/docker-compose.yml b/roles/docker-nextcloud/files/docker-compose.yml index 0a69ab7..dda2ca6 100755 --- a/roles/docker-nextcloud/files/docker-compose.yml +++ b/roles/docker-nextcloud/files/docker-compose.yml @@ -21,11 +21,11 @@ services: image: nextcloud restart: always ports: - - 8080:80 + - 5678:80 links: - db volumes: - - nextcloud:/var/www/html + - ./nextcloud:/var/www/html environment: - MYSQL_PASSWORD=root - MYSQL_DATABASE=nextcloud diff --git a/roles/docker-nextcloud/files/proxy b/roles/docker-nextcloud/files/proxy new file mode 100644 index 0000000..2f34477 --- /dev/null +++ b/roles/docker-nextcloud/files/proxy @@ -0,0 +1,100 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +# Default server configuration +# +server { + listen 8080 default_server; + listen [::]:8080 default_server; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://localhost:5678; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + } + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + +# root /var/www/html; + + # Add index.php to the list if you are using PHP +# index index.html index.htm index.nginx-debian.html; + +# server_name _; + +# location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. +# try_files $uri $uri/ =404; +# } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + + +# Virtual Host configuration for example.com +# +# You can move that to a different file under sites-available/ and symlink that +# to sites-enabled/ to enable it. +# +#server { +# listen 80; +# listen [::]:80; +# +# server_name example.com; +# +# root /var/www/example.com; +# index index.html; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} From 01b41a6dd7c115764509b2036f2a8f28449f3efa Mon Sep 17 00:00:00 2001 From: root Date: Wed, 27 Jan 2021 11:51:17 +0100 Subject: [PATCH 4/8] Ajout des machines s-mess et s-lb --- roles/icinga/files/hostgroups_icinga.cfg | 75 ++++++++++++++++++++++++ roles/icinga/files/s-lb.cfg | 14 +++++ roles/icinga/files/s-mess.cfg | 14 +++++ 3 files changed, 103 insertions(+) create mode 100644 roles/icinga/files/hostgroups_icinga.cfg create mode 100644 roles/icinga/files/s-lb.cfg create mode 100644 roles/icinga/files/s-mess.cfg diff --git a/roles/icinga/files/hostgroups_icinga.cfg b/roles/icinga/files/hostgroups_icinga.cfg new file mode 100644 index 0000000..c202b20 --- /dev/null +++ b/roles/icinga/files/hostgroups_icinga.cfg @@ -0,0 +1,75 @@ +# Some generic hostgroup definitions + +define hostgroup { + hostgroup_name all + alias All Servers + members * + } + +define hostgroup { + hostgroup_name localhost + alias Debian GNU/Linux Servers + members localhost + } + +define hostgroup { + hostgroup_name debian-servers + alias Serveurs distant + members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil, s-mess +} + +define hostgroup {  + hostgroup_name ssh-servers + alias acces SSH + members s-adm, s-infra, s-proxy, r-int, r-ext, localhost, gwsio2, s-itil, s-mess, s-lb +} + +define hostgroup {  + hostgroup_name dns-servers + alias serveurs-dns + members s-infra, srv-2012 +} + +define hostgroup {  + hostgroup_name dhcp-servers + alias serveurs-dhcp + members r-int, srv-2012 +} + +define hostgroup { + hostgroup_name http-servers + alias serveurs-web + members localhost, s-itil, s-adm + } + +#define hostgroup { +# hostgroup_name email-servers +# alias serveurs-email +# members s-mess +# } + +define hostgroup {  + hostgroup_name proxy-servers + alias serveurs-proxy + members s-proxy +} + +define hostgroup{ + hostgroup_name windows-servers + alias windows-servers + members srv-2012 +} + +#define hostgroup{ +# hostgroup_name switch +# alias switch +# members netgear +#} + +define hostgroup{ + hostgroup_name uptimegrp + alias uptimegrp + members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil, s-mess, s-lb +} + + diff --git a/roles/icinga/files/s-lb.cfg b/roles/icinga/files/s-lb.cfg new file mode 100644 index 0000000..5754f25 --- /dev/null +++ b/roles/icinga/files/s-lb.cfg @@ -0,0 +1,14 @@ +# A simple configuration file for monitoring the local host +# This can serve as an example for configuring other servers; +# Custom services specific to this host are added here, but services +# defined in nagios2-common_services.cfg may also apply. +# + +define host{ + use generic-host ; Name of host template$ + host_name s-lb + alias debian-servers + address 192.168.100.10 + parents r-int + } + diff --git a/roles/icinga/files/s-mess.cfg b/roles/icinga/files/s-mess.cfg new file mode 100644 index 0000000..79df415 --- /dev/null +++ b/roles/icinga/files/s-mess.cfg @@ -0,0 +1,14 @@ +# A simple configuration file for monitoring the local host +# This can serve as an example for configuring other servers; +# Custom services specific to this host are added here, but services +# defined in nagios2-common_services.cfg may also apply. +# + +define host{ + use generic-host ; Name of host template$ + host_name s-mess + alias nextcloud + address 172.16.0.7 + parents r-int + } + From e1f0910ec716657213ff012d6e70fa600983afc3 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 27 Jan 2021 11:55:29 +0100 Subject: [PATCH 5/8] Ajout des machines s-mess et s-lb --- roles/icinga/files/cfg/hostgroups_icinga.cfg | 9 +-- roles/icinga/files/{ => cfg}/s-lb.cfg | 0 roles/icinga/files/{ => cfg}/s-mess.cfg | 0 roles/icinga/files/hostgroups_icinga.cfg | 75 -------------------- 4 files changed, 5 insertions(+), 79 deletions(-) rename roles/icinga/files/{ => cfg}/s-lb.cfg (100%) rename roles/icinga/files/{ => cfg}/s-mess.cfg (100%) delete mode 100644 roles/icinga/files/hostgroups_icinga.cfg diff --git a/roles/icinga/files/cfg/hostgroups_icinga.cfg b/roles/icinga/files/cfg/hostgroups_icinga.cfg index 2603b32..c202b20 100644 --- a/roles/icinga/files/cfg/hostgroups_icinga.cfg +++ b/roles/icinga/files/cfg/hostgroups_icinga.cfg @@ -15,13 +15,13 @@ define hostgroup { define hostgroup { hostgroup_name debian-servers alias Serveurs distant - members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil + members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil, s-mess } define hostgroup {  hostgroup_name ssh-servers alias acces SSH - members s-adm, s-infra, s-proxy, r-int, r-ext, localhost, gwsio2, s-itil + members s-adm, s-infra, s-proxy, r-int, r-ext, localhost, gwsio2, s-itil, s-mess, s-lb } define hostgroup {  @@ -39,7 +39,7 @@ define hostgroup {  define hostgroup { hostgroup_name http-servers alias serveurs-web - members localhost, s-itil + members localhost, s-itil, s-adm } #define hostgroup { @@ -69,6 +69,7 @@ define hostgroup{ define hostgroup{ hostgroup_name uptimegrp alias uptimegrp - members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil + members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil, s-mess, s-lb } + diff --git a/roles/icinga/files/s-lb.cfg b/roles/icinga/files/cfg/s-lb.cfg similarity index 100% rename from roles/icinga/files/s-lb.cfg rename to roles/icinga/files/cfg/s-lb.cfg diff --git a/roles/icinga/files/s-mess.cfg b/roles/icinga/files/cfg/s-mess.cfg similarity index 100% rename from roles/icinga/files/s-mess.cfg rename to roles/icinga/files/cfg/s-mess.cfg diff --git a/roles/icinga/files/hostgroups_icinga.cfg b/roles/icinga/files/hostgroups_icinga.cfg deleted file mode 100644 index c202b20..0000000 --- a/roles/icinga/files/hostgroups_icinga.cfg +++ /dev/null @@ -1,75 +0,0 @@ -# Some generic hostgroup definitions - -define hostgroup { - hostgroup_name all - alias All Servers - members * - } - -define hostgroup { - hostgroup_name localhost - alias Debian GNU/Linux Servers - members localhost - } - -define hostgroup { - hostgroup_name debian-servers - alias Serveurs distant - members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil, s-mess -} - -define hostgroup {  - hostgroup_name ssh-servers - alias acces SSH - members s-adm, s-infra, s-proxy, r-int, r-ext, localhost, gwsio2, s-itil, s-mess, s-lb -} - -define hostgroup {  - hostgroup_name dns-servers - alias serveurs-dns - members s-infra, srv-2012 -} - -define hostgroup {  - hostgroup_name dhcp-servers - alias serveurs-dhcp - members r-int, srv-2012 -} - -define hostgroup { - hostgroup_name http-servers - alias serveurs-web - members localhost, s-itil, s-adm - } - -#define hostgroup { -# hostgroup_name email-servers -# alias serveurs-email -# members s-mess -# } - -define hostgroup {  - hostgroup_name proxy-servers - alias serveurs-proxy - members s-proxy -} - -define hostgroup{ - hostgroup_name windows-servers - alias windows-servers - members srv-2012 -} - -#define hostgroup{ -# hostgroup_name switch -# alias switch -# members netgear -#} - -define hostgroup{ - hostgroup_name uptimegrp - alias uptimegrp - members s-infra, s-proxy, r-int, r-ext, s-adm, s-itil, s-mess, s-lb -} - - From 0c0b58399fb5f4f8a09c17b9b15f599d9f86ee89 Mon Sep 17 00:00:00 2001 From: tl Date: Thu, 28 Jan 2021 14:26:42 +0100 Subject: [PATCH 6/8] correction s-lb-web3 --- roles/s-lb-ab/files/haproxy.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/s-lb-ab/files/haproxy.cfg b/roles/s-lb-ab/files/haproxy.cfg index f58d66e..2d997e0 100644 --- a/roles/s-lb-ab/files/haproxy.cfg +++ b/roles/s-lb-ab/files/haproxy.cfg @@ -44,7 +44,7 @@ backend fermeweb #option httpchk HEAD / HTTP/1.0 server s-lb-web1 192.168.101.1:80 check server s-lb-web2 192.168.101.2:80 check -# server s-lb-web3 192.168.101.2:80 check +# server s-lb-web3 192.168.101.3:80 check listen stats bind *:8080 From c448fb34578dc08ed5ccc4dd25e239cac9ef3bb0 Mon Sep 17 00:00:00 2001 From: bb Date: Thu, 28 Jan 2021 15:04:03 +0100 Subject: [PATCH 7/8] Ajout du role goss pour s-agence --- s-agence.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/s-agence.yml b/s-agence.yml index 8de8bee..4f636a8 100644 --- a/s-agence.yml +++ b/s-agence.yml @@ -7,3 +7,4 @@ - ssh-cli - syslog-cli - post + - goss From 72455386225209eb27f4d66b9c597895735af2da Mon Sep 17 00:00:00 2001 From: root Date: Thu, 28 Jan 2021 15:14:59 +0100 Subject: [PATCH 8/8] ajout variable fog --- roles/fog/defaults/main.yml | 2 ++ roles/fog/tasks/main.yml | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 roles/fog/defaults/main.yml diff --git a/roles/fog/defaults/main.yml b/roles/fog/defaults/main.yml new file mode 100644 index 0000000..788d0c1 --- /dev/null +++ b/roles/fog/defaults/main.yml @@ -0,0 +1,2 @@ +depl_url: "http://s-adm.gsb.adm/gsbstore/" +depl_fog: "fogproject-1.5.9.tar.gz" diff --git a/roles/fog/tasks/main.yml b/roles/fog/tasks/main.yml index 9f826ea..9e3a106 100644 --- a/roles/fog/tasks/main.yml +++ b/roles/fog/tasks/main.yml @@ -6,10 +6,10 @@ - name: recuperation du fichier d'installation de fog get_url: - url: http://depl/gsbstore/fogproject-1.5.7.tar.gz + url: "{{ depl_url }}/{{ depl_fog }}" dest: /root/fog - name: decompression du fichier d'installation de fog unarchive: - src: /root/fog/fogproject-1.5.7.tar.gz + src: "/root/fog/{{ depl_fog }}" dest: /root/fog