Premier commit

2021-01-04 22:49:46 +01:00
parent da1100578d
commit 65b2a3eaf3
538 changed files with 52570 additions and 0 deletions
--- a/10
+++ b/10
@@ -0,0 +1,10 @@
 #!/bin/bash
 HOST=$(hostname)
 FHOST=$(pwd)/goss/$HOST
 if [ -r "$FHOST".yaml ] ; then
 	goss -gossfile "$FHOST".yaml v --no-color
 else
 	echo $0 : erreur lecture fichier "$FHOST".yaml 
 	exit 1 
 fi
--- a/7
+++ b/7
@@ -0,0 +1,7 @@
 v5.0.2.j : 2019-01-25 -kb
  ejout role s-nas-cliet et s-nas-server
 v5.0.1 : 2019-01-24 - ps
  reorganisation : anciens playbooks et roles deplaces dans repertoire old
 v3.2.0 : 2017-11-16 - ps 
  ajout changelog
--- a/doc/Docker-openvas.txt
+++ b/doc/Docker-openvas.txt
@@ -0,0 +1,38 @@
 Fichier de documentation fait par Adnan Baljic, le 31/01/2019
 Configuration machine:
 Système: Carte Mère: Mémoire Vive: 2048
 Stockage: Contrôleur SATA: Ajouter un disque dur VDI de 8Go
 Réseau 1: n-adm
 Réseau 2: n-infra
 USB: Décocher "Activer le contrôleur USB"
 Important: Avant exécution du playbook, veillez à ne pas oublier de créer une partition sur /dev/sdb:
 -fdisk /dev/sdb
 -o
 -n
 -p
 -1
 -w
 La configuration de docker se fait automatiquement via le playbook s-docker.yml
 De base, s-docker.yml installera seulement docker-openvas-ab. Cependant, vous pouvez aussi installer docker-iredmail-ab en décommentant sa ligne et en
 commentant la ligne docker-openvas-ab. (Tous les 2 sont accessible depuis le port 443, si les 2 sont installés en même temps, il pourrait y avoir conflit.
 Manipulation à faire pour la mise en place d'Openvas via Docker:
 Après exécution de gsbboot et du pull-config, il faudra redémarrer la machine (prise en compte des modifications telles que
 les interfaces...) et exécuter la commande ci-dessous:
 docker run -d -p 443:443 -e PUBLIC_HOSTNAME=172.16.0.19 --name openvas mikesplain/openvas
 Manipulation à faire pour la mise en place d'Openvas via Docker:
 Après exécution de gsbboot et du pull-config, il faudra redémarrer la machine (prise en compte des modifications telles que
 les interfaces...) et exécuter la commande ci-dessous:
 docker run -d -p 443:443 -e PUBLIC_HOSTNAME=172.16.0.19 --name openvas lejmr/iredmail
 Ensuite, il faudra faire: "docker start nom_du_container" pour le démarrer.
 L'accès au container se fait via une machine virtuelle windows 7 avec Mozilla Firefox à jour, via https://172.16.0.19:443.
 Le changement du système de fichier de /dev/sdb1 et le montage sur /var/lib/docker se fera automatiquement via le playbook.
 Les tests effectués:
 Jeudi 31 janvier 2019, 15:38 par Adnan Baljic= TEST OpenVAS OK
--- a/doc/icinga.txt
+++ b/doc/icinga.txt
@@ -0,0 +1,3 @@
 Roles fait par Adnan Baljic, le 17/01/2019
 Installation de icinga, nagios3-plugins, copie des fichiers de configuration vers /etc/icinga/ (=commands.cfg, hostgroups.cfg) 
 et /etc/icinga/objects/ (=namevm.cfg, services_icinga.cfg, contacts_icinga.cfg)
--- a/doc/pics/e4-SAN-V2.dia
+++ b/doc/pics/e4-SAN-V2.dia
--- a/doc/pics/e4-adm.dia
+++ b/doc/pics/e4-adm.dia
--- a/doc/pics/e4-adm.png
+++ b/doc/pics/e4-adm.png
--- a/doc/pics/e4-agence.dia
+++ b/doc/pics/e4-agence.dia
--- a/doc/pics/e4-agence.png
+++ b/doc/pics/e4-agence.png
--- a/doc/pics/e4-dmz-ab.png
+++ b/doc/pics/e4-dmz-ab.png
--- a/doc/pics/e4-dmz-ha.dia
+++ b/doc/pics/e4-dmz-ha.dia
--- a/doc/pics/e4-dmz-ha.png
+++ b/doc/pics/e4-dmz-ha.png
--- a/doc/pics/e4-dmz-old.png
+++ b/doc/pics/e4-dmz-old.png
--- a/doc/pics/e4-dmz.dia
+++ b/doc/pics/e4-dmz.dia
--- a/doc/pics/e4-dmz.png
+++ b/doc/pics/e4-dmz.png
--- a/doc/pics/e4-v2.3.dia
+++ b/doc/pics/e4-v2.3.dia
--- a/doc/pics/e4-v2.3.png
+++ b/doc/pics/e4-v2.3.png
--- a/doc/pics/e4-v2.3x.dia
+++ b/doc/pics/e4-v2.3x.dia
--- a/doc/pics/e4-v2.dia
+++ b/doc/pics/e4-v2.dia
--- a/doc/pics/e4-vpn-infra-v1.2.dia
+++ b/doc/pics/e4-vpn-infra-v1.2.dia
--- a/doc/pics/e4-vpn-infra-v1.2.png
+++ b/doc/pics/e4-vpn-infra-v1.2.png
--- a/doc/pics/e4-vpn-infra.dia
+++ b/doc/pics/e4-vpn-infra.dia
--- a/doc/pics/e4.dia
+++ b/doc/pics/e4.dia
--- a/doc/pics/e4.png
+++ b/doc/pics/e4.png
--- a/doc/r-vp.txt
+++ b/doc/r-vp.txt
@@ -0,0 +1,23 @@
 Fichier de documentation fait par Adnan Baljic, le 24/01/2019
 Manipulation à faire pour la mise en place de r-vp1 et r-vp2:
 Après exécution de gsbboot et du pull-config, il faudra désactiver l'interface 
 de n-adm pour éviter une boucle. Pour cela, il suffit de faire "ifdown enp0sx"
 Pour ce qui est des tests pour vérifier que l'agence passe bien par le tunnel 
 chiffré, vous pouvez stopper le service ipsec ou strongswan ("service 
 strongswan stop" ou "service ipsec stop", cela revient à faire la même chose)
 Important: sur r-vp2, si la route par défaut est celui de s-adm, veuillez 
 supprimer cette route en faisant "route del default" sinon l'agence ne passera
 pas par le tunnel chiffré mais vers s-adm 
 cf. Schéma GSB/E4 - VPN/Infra - Version 1.2 - 2019-01-23
 La mise en place de strongswan via les certificats se fait via le playbook
 r-vpx-x509.yml. La manipulation ci-dessus n'est pas à faire pour les vpn avec
 certificat si r-vp2-x509 et r-vp1-x509 n'ont pas de route par défaut. Si ils ont
 une route par défaut, veuillez effectuer la même manipulation que pour r-vp2.
 Il faudra tout de même désactiver l'interface de n-adm sur les 2 r-vpx-x509.
 Les tests effectués:
 Jeudi 24 janvier 2019, 14:45 par Adnan Baljic= TEST OK
--- a/doc/s-fog.txt
+++ b/doc/s-fog.txt
@@ -0,0 +1,11 @@
 fichier de documentation réalier par Olivier Soares et Gaetan Maillard, le 25/01/2019
 Pour mettre en oeuvre le serveur fog, il faut déployer une machine virtuel debian (une ova), de la mettre à jour, de la renommer (s-fog), puis de récupérer gsbboot et faire un bash pull-config.
 Après avoir avoir fait l'installation de base, il suffit d'éxécuter le playbook "s-fog.yml" avec la commande ansible-playbooks -i hosts s-fog.yml". Ce playbook va récupérer le fichier d'installation de fog, le décompacter et configurer les différentes cartes réseaux de s-fog sachant qu'il y en a trois:
 L'interface enp0s3 permet d'avoir accès internet via le réseau "n-adm"
 L'interface enp0s8 permet de communiquer avec le réseau "n-infra"
 L'interface enp0s9 permet d'avoir accès et deployer des postes sur le réseau "n-user"
 Maintenant le serveur fog est prêt à être installer, avant de commencer l'installation il faut tout d'abord vérifier que l'accès à tous les réseaux soit correcte. Pour ça il suffit d'éxécuter le fichier de test goss
--- a/goss/r-ext.yaml
+++ b/goss/r-ext.yaml
@@ -0,0 +1,42 @@
 command:
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
  ping -c 4 172.16.0.1:
    exit-status: 0
    stdout:
    - 0% packet loss
    stderr: []
    timeout: 10000
  ping -c 4 172.16.0.254:
    exit-status: 0
    stdout:
    - 0% packet loss
    stderr: []
    timeout: 10000
  ping -c 4 192.168.200.254:
    exit-status: 0
    stdout:
    - 0% packet loss
    stderr: []
    timeout: 10000
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.13/24
  enp0s8:
    exists: true
    addrs:
    - 192.168.100.254/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.0.36/24
  enp0s16:
    exists: true
    addrs:
    - 192.168.200.253/24
--- a/goss/r-int.yaml
+++ b/goss/r-int.yaml
@@ -0,0 +1,35 @@
 package:
  isc-dhcp-server:
    installed: true
 service:
  isc-dhcp-server:
    enabled: true
    running: true
 command:
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.12/24
  enp0s8:
    exists: true
    addrs:
    - 192.168.200.254/24
  enp0s9:
    exists: true
    addrs:
    - 172.16.65.254/24
  enp0s10:
    exists: true
    addrs:
    - 172.16.64.254/24
  enp0s16:
    exists: true
    addrs:
    - 172.16.0.254/24
--- a/goss/r-vp1-cs.yaml
+++ b/goss/r-vp1-cs.yaml
@@ -0,0 +1,106 @@
 file:
  /etc/ipsec.d/cacerts/strongswanCert.pem:
    exists: true
    mode: "0644"
    size: 1834
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp1Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp2Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp1Key.pem:
    exists: true
    mode: "0600"
    size: 1675
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp2Key.pem:
    exists: true
    mode: "0600"
    size: 1679
    owner: root
    group: root
    filetype: file
    contains: []
 package:
  strongswan:
    installed: true
    versions:
    - 5.2.1-6+deb8u2
 service:
  strongswan:
    enabled: true
    running: true
 user:
  strongswan:
    exists: true
    uid: 112
    gid: 65534
    groups:
    - nogroup
    home: /var/lib/strongswan
    shell: /usr/sbin/nologin
 command:
  Associations:
    exit-status: 127
    stdout: []
    stderr:
    - 'sh: 1: Associations: not found'
    timeout: 10000
  ip r|grep default:
    exit-status: 0
    stdout:
    - default via 192.168.1.1 dev enp0s9
    stderr: []
    timeout: 10000
  ipsec  listcacerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=Root CA"'
    stderr: []
    timeout: 10000
  ipsec  listcerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=r-vp1"'
    - 'subject:  "C=CH, O=GSB, CN=r-vp2"'
    stderr: []
    timeout: 10000
  ipsec statusall|grep Security:
    exit-status: 0
    stdout:
    - 'Security Associations (1 up, 0 connecting):'
    stderr: []
    timeout: 10000
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 interface:
  enp0s8:
    exists: true
    addrs:
    - 192.168.0.51/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.1.2/24
--- a/goss/r-vp1-old.yaml
+++ b/goss/r-vp1-old.yaml
@@ -0,0 +1,106 @@
 file:
  /etc/ipsec.d/cacerts/strongswanCert.pem:
    exists: true
    mode: "0644"
    size: 1834
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp1Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp2Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp1Key.pem:
    exists: true
    mode: "0600"
    size: 1675
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp2Key.pem:
    exists: true
    mode: "0600"
    size: 1679
    owner: root
    group: root
    filetype: file
    contains: []
 package:
  strongswan:
    installed: true
    versions:
    - 5.2.1-6+deb8u2
 service:
  strongswan:
    enabled: true
    running: true
 user:
  strongswan:
    exists: true
    uid: 112
    gid: 65534
    groups:
    - nogroup
    home: /var/lib/strongswan
    shell: /usr/sbin/nologin
 command:
  Associations:
    exit-status: 127
    stdout: []
    stderr:
    - 'sh: 1: Associations: not found'
    timeout: 10000
  ip r|grep default:
    exit-status: 0
    stdout:
    - default via 192.168.1.1 dev enp0s9
    stderr: []
    timeout: 10000
  ipsec  listcacerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=Root CA"'
    stderr: []
    timeout: 10000
  ipsec  listcerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=r-vp1"'
    - 'subject:  "C=CH, O=GSB, CN=r-vp2"'
    stderr: []
    timeout: 10000
  ipsec statusall|grep Security:
    exit-status: 0
    stdout:
    - 'Security Associations (1 up, 0 connecting):'
    stderr: []
    timeout: 10000
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 interface:
  enp0s8:
    exists: true
    addrs:
    - 192.168.0.51/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.1.2/24
--- a/goss/r-vp1.yaml
+++ b/goss/r-vp1.yaml
@@ -0,0 +1,67 @@
 package:
 #  ferm:
 #    installed: true
  strongswan:
    installed: true
 port:
  udp:68:
    listening: true
 service:
 #  dnsmasq:
 #    enabled: true
 #    running: true
  strongswan:
    enabled: true
    running: true
  ssh:
    enabled: true
    running: true
 command:
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 command:  
  ping -c 4 192.168.0.52:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
 command:
  ping -c 4 192.168.1.1:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
 command:
  ping -c 4 192.168.200.254:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
 command:
  ping -c 4 172.16.0.1:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
 #process:
 #  dnsmasq:
 #    running: true
 #  squid:
 #    running: true
 interface:
  enp0s8:
    exists: true
    addrs:
    - 192.168.0.51/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.1.2/24
--- a/goss/r-vp2-cs.yaml
+++ b/goss/r-vp2-cs.yaml
@@ -0,0 +1,105 @@
 file:
  /etc/ipsec.d/cacerts/strongswanCert.pem:
    exists: true
    mode: "0644"
    size: 1834
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp1Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp2Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp1Key.pem:
    exists: true
    mode: "0600"
    size: 1675
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp2Key.pem:
    exists: true
    mode: "0600"
    size: 1679
    owner: root
    group: root
    filetype: file
    contains: []
 package:
  strongswan:
    installed: true
    versions:
    - 5.2.1-6+deb8u2
 service:
  strongswan:
    enabled: true
    running: true
 user:
  strongswan:
    exists: true
    gid: 65534
    groups:
    - nogroup
    home: /var/lib/strongswan
    shell: /usr/sbin/nologin
 command:
  Associations:
    exit-status: 127
    stdout: []
    stderr:
    - 'sh: 1: Associations: not found'
    timeout: 10000
  ip r|grep default:
    exit-status: 0
    stdout:
    - default via 192.168.99.99 dev enp0s3
    stderr: []
    timeout: 10000
  ipsec  listcacerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=Root CA"'
    stderr: []
    timeout: 10000
  ipsec  listcerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=r-vp2"'
    - 'subject:  "C=CH, O=GSB, CN=r-vp1"'
    stderr: []
    timeout: 10000
  ipsec statusall|grep Security:
    exit-status: 0
    stdout:
    - 'Security Associations (1 up, 0 connecting):'
    stderr: []
    timeout: 10000
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 interface:
  enp0s8:
    exists: true
    addrs:
    - 172.16.128.254/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.0.52/24
--- a/goss/r-vp2-old.yaml
+++ b/goss/r-vp2-old.yaml
@@ -0,0 +1,105 @@
 file:
  /etc/ipsec.d/cacerts/strongswanCert.pem:
    exists: true
    mode: "0644"
    size: 1834
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp1Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/certs/r-vp2Cert.pem:
    exists: true
    mode: "0644"
    size: 1509
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp1Key.pem:
    exists: true
    mode: "0600"
    size: 1675
    owner: root
    group: root
    filetype: file
    contains: []
  /etc/ipsec.d/private/r-vp2Key.pem:
    exists: true
    mode: "0600"
    size: 1679
    owner: root
    group: root
    filetype: file
    contains: []
 package:
  strongswan:
    installed: true
    versions:
    - 5.2.1-6+deb8u2
 service:
  strongswan:
    enabled: true
    running: true
 user:
  strongswan:
    exists: true
    gid: 65534
    groups:
    - nogroup
    home: /var/lib/strongswan
    shell: /usr/sbin/nologin
 command:
  Associations:
    exit-status: 127
    stdout: []
    stderr:
    - 'sh: 1: Associations: not found'
    timeout: 10000
  ip r|grep default:
    exit-status: 0
    stdout:
    - default via 192.168.99.99 dev enp0s3
    stderr: []
    timeout: 10000
  ipsec  listcacerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=Root CA"'
    stderr: []
    timeout: 10000
  ipsec  listcerts|grep subject:
    exit-status: 0
    stdout:
    - 'subject:  "C=CH, O=GSB, CN=r-vp2"'
    - 'subject:  "C=CH, O=GSB, CN=r-vp1"'
    stderr: []
    timeout: 10000
  ipsec statusall|grep Security:
    exit-status: 0
    stdout:
    - 'Security Associations (1 up, 0 connecting):'
    stderr: []
    timeout: 10000
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 interface:
  enp0s8:
    exists: true
    addrs:
    - 172.16.128.254/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.0.52/24
--- a/goss/r-vp2goss.yaml
+++ b/goss/r-vp2goss.yaml
@@ -0,0 +1,67 @@
 package:
  ferm:
    installed: true
  ipsec:
    installed: true
 port:
  tcp:53: 
    listening: true
  udp:67:
    listening: true
  udp:68:
    listening: true
 service:
  dnsmasq:
    enabled: true
    running: true
  ferm:
    enabled: true
    running: true
  ssh:
    enabled: true
    running: true
 command:
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
  sysctl ping -c 4 192.168.0.51:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
  sysctl ping -c 4 192.168.1.1:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
  sysctl ping -c 4 192.168.200.254:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
  sysctl ping -c 4 172.16.0.1:
    exit-status: 0
    stdout:
    - 4 received = 1
    stderr: []
    timeout: 10000
 process:
  dnsmasq:
    running: true
  squid3:
    running: true
 interface:
  enp0s8:
    exists: true
    addrs:
    - 172.16.128.254/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.0.52/24
--- a/goss/s-adm.yaml
+++ b/goss/s-adm.yaml
@@ -0,0 +1,80 @@
 package:
  dnsmasq:
    installed: true
  squid:
    installed: true
 addr:
  tcp://depl.sio.lan:80:
    reachable: true
    timeout: 500
 port:
  tcp:53:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:53:
    listening: true
    ip:
    - '::'
  tcp6:8080:
    listening: true
    ip:
    - '::'
  udp:53:
    listening: true
    ip:
    - 0.0.0.0
  udp:67:
    listening: true
    ip:
    - 0.0.0.0
  udp6:53:
    listening: true
    ip:
    - '::'
 service:
  dnsmasq:
    enabled: true
    running: true
  squid:
    enabled: true
    running: true
  ssh:
    enabled: true
    running: true
 user:
  dnsmasq:
    exists: true
    uid: 107
    gid: 65534
    groups:
    - nogroup
    home: /var/lib/misc
    shell: /usr/sbin/nologin
 group:
  ssh:
    exists: true
    gid: 111
 command:
  /sbin/sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 1
    stderr: []
    timeout: 10000
 dns:
  depl.sio.lan:
    resolveable: true
    addrs:
    - 10.121.38.10
    timeout: 500
 process:
  dnsmasq:
    running: true
  squid:
    running: true
 interface:
  enp0s8:
    exists: true
    addrs:
    - 192.168.99.99/24
--- a/goss/s-appli.yaml
+++ b/goss/s-appli.yaml
@@ -0,0 +1,35 @@
 service:
  mariadb:
    enabled: true
    running: true
  apache2:
    enabled: true
    running: true
 file:
  /var/www/html/wordpress:
    exists: true
    owner: www-data
    group: www-data
    filetype: directory
  /var/www/html/wordpress-5.3.2-fr_FR.tar.gz:
    exists: true
  /var/www/html/wordpress/wp-config-sample.php:
    exists: true
  /etc/apache2/sites-enabled/000-default.conf:
    exists: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.3/24
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.3/24
--- a/goss/s-fog.yaml
+++ b/goss/s-fog.yaml
@@ -0,0 +1,28 @@
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.16/24
 interface:
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.16/24
 interface:
  enp0s9:
    exists: true
    addrs:
    - 172.16.64.16/24
 command:
  ping -c 4 192.168.99.99:
    exit-status: 0
    stdout:
    - 0% packet loss
    stderr: []
    timeout: 10000
  ping -c 4 google.fr:
    exit-status: 0
    stdout:
    - 0% packet loss
    stderr: []
    timeout: 10000
--- a/goss/s-infra.yaml
+++ b/goss/s-infra.yaml
@@ -0,0 +1,90 @@
 package:
  bind9:
    installed: true
  lighttpd:
    installed: true
 addr:
  tcp://192.168.99.99:8080:
    reachable: true
    timeout: 500
 port:
  tcp:80:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:80:
    listening: true
    ip:
    - '::'
 service:
  bind9:
    enabled: true
    running: true
  lighttpd:
    enabled: true
    running: true
 command:
  host 172.16.0.2:
    exit-status: 0
    stdout:
    - 2.0.16.172.in-addr.arpa domain name pointer s-proxy.gsb.lan.
    stderr: []
    timeout: 10000
  host 172.16.0.9:
    exit-status: 0
    stdout:
    - 9.0.16.172.in-addr.arpa domain name pointer s-itil.gsb.lan.
    stderr: []
    timeout: 10000
  host free.fr:
    exit-status: 0
    stdout:
    - free.fr has address 212.27.48.10
    - free.fr has IPv6 address 2a01:e0c:1::1
    - free.fr mail is handled by 10 mx1.free.fr.
    - free.fr mail is handled by 20 mx2.free.fr.
    stderr: []
    timeout: 10000
  host s-infra:
    exit-status: 0
    stdout:
    - s-infra.gsb.lan has address 172.16.0.1
    stderr: []
    timeout: 10000
  host s-infra.gsb.lan:
    exit-status: 0
    stdout:
    - s-infra.gsb.lan has address 172.16.0.1
    stderr: []
    timeout: 10000
  host s-mon:
    exit-status: 0
    stdout:
    - s-mon.gsb.lan has address 172.16.0.8
    stderr: []
    timeout: 10000
  host s-mon.gsb.lan:
    exit-status: 0
    stdout:
    - s-mon.gsb.lan has address 172.16.0.8
    stderr: []
    timeout: 10000
 process:
  lighttpd:
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.1/24
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.1/24
 http:
  http://localhost/wpad.dat:
    status: 200
    allow-insecure: false
    no-follow-redirects: false
    timeout: 5000
    body: []
--- a/goss/s-itil.yaml
+++ b/goss/s-itil.yaml
@@ -0,0 +1,36 @@
 file:
  /var/www/html/glpi:
    exists: true
    mode: "0755"
    owner: www-data
    group: www-data
    filetype: directory
  /var/www/html/ficlients:
    exists: true
    mode: "0775"
    owner: www-data
    group: www-data
    filetype: directory
  /var/www/html/glpi/plugins:
    exists: true
    mode: "0777"
    filetype: directory
  /var/www/html/index.nginx-debian.html:
    exists: true
    mode: "0775"
    owner: www-data
    group: www-data
    filetype: file
 service:
  mariadb:
    enabled: true
    running: true
  nginx:
    enabled: true
    running: true
--- a/goss/s-lb-bd.yaml
+++ b/goss/s-lb-bd.yaml
@@ -0,0 +1,21 @@
 package:
  mysql-server:
    installed: true
    versions:
    - 5.5.54-0+deb8u1
 command:
  egrep "#bind-address" /etc/mysql/my.cnf:
    exit-status: 0
    stdout:
    - "#bind-address\t\t= 127.0.0.1"
    stderr: []
    timeout: 10000
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.13/24
  enp0s8:
    exists: true
    addrs:
    - 192.168.102.50/24
--- a/goss/s-lb-web1.yaml
+++ b/goss/s-lb-web1.yaml
@@ -0,0 +1,63 @@
 package:
  apache2:
    installed: true
    versions:
    - 2.4.10-10+deb8u7
  php5:
    installed: true
    versions:
    - 5.6.29+dfsg-0+deb8u1
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:22:
    listening: true
    ip:
    - '::'
  tcp6:80:
    listening: true
    ip:
    - '::'
 service:
  apache2:
    enabled: true
    running: true
  sshd:
    enabled: true
    running: true
 user:
  sshd:
    exists: true
    uid: 105
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
 command:
  egrep 192.168.102.14:/export/www /etc/fstab:
    exit-status: 0
    stdout:
    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
    stderr: []
    timeout: 10000
 process:
  apache2:
    running: true
  sshd:
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.11/24
  enp0s8:
    exists: true
    addrs:
    - 192.168.101.1/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.102.1/24
--- a/goss/s-lb-web2.yaml
+++ b/goss/s-lb-web2.yaml
@@ -0,0 +1,63 @@
 package:
  apache2:
    installed: true
    versions:
    - 2.4.10-10+deb8u7
  php5:
    installed: true
    versions:
    - 5.6.29+dfsg-0+deb8u1
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:22:
    listening: true
    ip:
    - '::'
  tcp6:80:
    listening: true
    ip:
    - '::'
 service:
  apache2:
    enabled: true
    running: true
  sshd:
    enabled: true
    running: true
 user:
  sshd:
    exists: true
    uid: 105
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
 command:
  egrep 192.168.102.14:/export/www /etc/fstab:
    exit-status: 0
    stdout:
    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
    stderr: []
    timeout: 10000
 process:
  apache2:
    running: true
  sshd:
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.12/24
  enp0s8:
    exists: true
    addrs:
    - 192.168.101.2/24
  enp0s9:
    exists: true
    addrs:
    - 192.168.102.2/24
--- a/goss/s-lb.yaml
+++ b/goss/s-lb.yaml
@@ -0,0 +1,28 @@
 port:
  tcp:80:
    listening: true
    ip:
    - 192.168.100.11
 service:
  haproxy:
    enabled: true
    running: true
  sshd:
    enabled: true
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.100/24
    mtu: 1500
  enp0s8:
    exists: true
    addrs:
    - 192.168.100.11/24
    mtu: 1500
  enp0s9:
    exists: true
    addrs:
    - 192.168.101.254/24
    mtu: 1500
--- a/goss/s-lb.yaml.old
+++ b/goss/s-lb.yaml.old
@@ -0,0 +1,65 @@
 file:
  /etc/haproxy/haproxy.cfg:
    exists: true
    mode: "0644"
    size: 1518
    owner: root
    group: root
    filetype: file
    contains: []
 package:
  haproxy:
    installed: true
 port:
  tcp:80:
    listening: true
    ip:
    - 192.168.100.10
 service:
  haproxy:
    enabled: true
    running: true
 user:
  haproxy:
    exists: true
    uid: 111
    gid: 117
    groups:
    - haproxy
    home: /var/lib/haproxy
    shell: /bin/false
 group:
  haproxy:
    exists: true
    gid: 117
 command:
  egrep "balance\s+roundrobin" /etc/haproxy/haproxy.cfg:
    exit-status: 0
    stdout:
    - balance roundrobin
    stderr: []
    timeout: 10000
  egrep "bind\s+192.168.100.10:80" /etc/haproxy/haproxy.cfg:
    exit-status: 0
    stdout:
    - bind 192.168.100.10:80
    stderr: []
    timeout: 10000
  egrep "mode\s+http" /etc/haproxy/haproxy.cfg:
    exit-status: 0
    stdout:
    - "mode\thttp"
    stderr: []
    timeout: 10000
 process:
  haproxy:
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.10/24
  enp0s8:
    exists: true
    addrs:
    - 192.168.100.10/24
--- a/goss/s-mon.yaml
+++ b/goss/s-mon.yaml
@@ -0,0 +1,62 @@
 file:
  /etc/icinga/htpasswd.users:
    exists: true
    mode: "0644"
    size: 26
    owner: root
    group: root
    filetype: file
    contains: []
 package:
  apache2:
    installed: true
  nagios-snmp-plugins:
    installed: true
  icinga:
    installed: true
  snmp:
    installed: true
 port:
  tcp6:80:
    listening: true
    ip:
    - '::'
  udp:514:
    listening: true
    ip:
    - 0.0.0.0
 service:
  apache2:
    enabled: true
    running: true
  icinga:
    enabled: true
    running: true
 command:
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 0
    stderr: []
    timeout: 10000
 process:
  apache2:
    running: true
  icinga:
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.8/24
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.8/24
 http:
  http://localhost/icinga:
    status: 401
    allow-insecure: false
    no-follow-redirects: false
    timeout: 5000
    body: []
--- a/goss/s-proxy.yaml
+++ b/goss/s-proxy.yaml
@@ -0,0 +1,42 @@
 package:
  squid:
    installed: true
 addr:
  tcp://192.168.99.99:8080: 
    reachable: true
    timeout: 500
 port:
  tcp6:8080:
    listening: true
    ip:
    - '::'
  squid:
    enabled: true
    running: true
 command:
  host 172.16.0.2:
    exit-status: 0
    stdout:
    - 2.0.16.172.in-addr.arpa domaine name pointer s-proxy.gsb.lan
    stderr: []
    timeout: 10000
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.1/24
  enp0s8
    exists:  true
    addrs:
    - 192.168.99.1/24
  enp0s8:
    exists:  true
    addrs:
    - 172.16.0.1/24
 http:
  http://localhost/wpad.dat:
    status: 200
    allow-insecure: false
    no-follow-redirects: false
    timeout: 5000
    body:  []	
--- a/graylog-pont.yml
+++ b/graylog-pont.yml
@@ -0,0 +1,8 @@
 ---
 - hosts: localhost
  connection: local
  roles:
    - goss
    - docker-graylog-pont
    - post
--- a/14
+++ b/14
@@ -0,0 +1,14 @@
 #!/bin/bash
 filename=/root/tools/ansible/gsb/goss/$HOSTNAME.yaml
 if ! [ -e $filename ] ; then
 	echo gsbchk : erreur ouverture $filename
 	exit 1
 fi
 if [ $# == 1] ; then
 	goss -g $filename v
 else
 	goss $*
 fi
--- a/179
+++ b/179
@@ -0,0 +1,179 @@
 #!/usr/bin/perl
 #use strict;
 #use warnings;
 #SCRIPT PERMETTANT DE METTRE LES INTERFACES APPROPRIEES POUR LA MACHINE ENTREE EN PARAMETRE ET DE LA DEMARRER
 my %machines = (
             's-infra' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-proxy' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-spec' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-mon' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-mess' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-itil' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-proxy' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-backup' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             's-appli' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-infra'
             },
             'r-int' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-link',
 		    netif3 => 'n-wifi',
 		    netif4 => 'n-user',
 		    netif5 => 'n-infra'
             },
             'r-ext' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-dmz',
 		    netif3 => 'enp0s3',
                    netif4 => 'n-linkv',
                    netif5 => 'n-link'
             },
             'r-vp2' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-agence',
                    netif3 => 'enp0s3'
             },
             'r-vp1' => {
                    netif1 => 'n-adm',
                    netif2 => 'enp0s3',
                    netif3 => 'n-linkv' 
             },
             's-lb' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-dmz',
                    netif3 => 'n-dmz-lb'
             },
             's-lb-bd' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-dmz-db'
             },
             's-lb-web1' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-dmz-lb',
                    netif3 => 'n-dmz-db'
             },
             's-lb-web2' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-dmz-lb',
                    netif3 => 'n-dmz-db'
             },
  	     's-nas' => {
                    netif1 => 'n-adm',
                    netif2 => 'n-dmz-db',
             }
 );
 my ($net1, $net2, $net3, $net4, $net5);
 my $machine = shift;
 die "usage : gsbstart <machine>" unless ( $machine);
 #print $machines { $machine }  "\n";
 if (%{$machines{$machine}}) { 
 #	print $machines { $machine } {netif1}, "\n";
        $net1   =  $machines { $machine } {netif1};
        $net2   =  $machines { $machine } {netif2};
 	$net3   =  $machines { $machine } {netif3};
        $net4   =  $machines { $machine } {netif4};
        $net5   =  $machines { $machine } {netif5};
 } else {
 	print "machine $machine inconnue\n";
 }
 #
 my $ninfra = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\""; 
 my $rint = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\nVBoxManage modifyvm ".$machine. " --nic3 intnet\nVBoxManage modifyvm ".$machine. " --intnet3 \"". $net3."\"\nVBoxManage modifyvm ".$machine. " --nic4 intnet\nVBoxManage modifyvm ".$machine. " --intnet4 \"". $net4."\"\nVBoxManage modifyvm ".$machine. " --nic5 intnet\nVBoxManage modifyvm ".$machine. " --intnet5 \"". $net5."\"";
 my $rext = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\nVBoxManage modifyvm ".$machine. " --nic3 bridged\nVBoxManage modifyvm ".$machine. " --bridgeadapter1 ". $net3."\nVBoxManage modifyvm ".$machine. " --nic4 intnet\nVBoxManage modifyvm ".$machine. " --intnet4 \"". $net4."\"\nVBoxManage modifyvm ".$machine. " --nic5 intnet\nVBoxManage modifyvm ".$machine. " --intnet5 \"". $net5."\"";
 my $rvp2 = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\nVBoxManage modifyvm ".$machine. " --nic3 bridged\nVBoxManage modifyvm ".$machine. " --bridgeadapter1 ". $net3."\n";
 my $rvp1 = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 bridged\nVBoxManage modifyvm ".$machine. " --bridgeadapter1 ". $net2 ."\nVBoxManage modifyvm ".$machine. " --nic3 intnet\nVBoxManage modifyvm ".$machine. " --intnet3 \"". $net3."\"\n";
 my $lb = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\nVBoxManage modifyvm ".$machine. " --nic3 intnet\nVBoxManage modifyvm ".$machine. " --intnet3 ". $net3."\n";
 my $lbbd ="VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\n";
 my $lbweb = "VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\nVBoxManage modifyvm ".$machine. " --nic3 intnet\nVBoxManage modifyvm ".$machine. " --intnet3 \"". $net3."\"\n"; 
 my $snas ="VBoxManage modifyvm ".$machine. " --nic1 intnet\nVBoxManage modifyvm ".$machine. " --intnet1 \"". $net1."\"\nVBoxManage modifyvm ".$machine. " --nic2 intnet\nVBoxManage modifyvm ".$machine. " --intnet2 \"". $net2."\"\n";
 #print $routeur;
 if ($machine eq "r-int") {
 		qx($rint);
 		print "la création des interfaces du routeur $machine a fonctionné!\n";
 }else{
 	if ($machine eq "r-ext") {
 		qx($rext);
 	}else{
 		qx($ninfra);
 		print "la création des interfaces de $machine a fonctionné!\n";
 	}	
 }
 if ($machine eq "r-vp2") {
 	qx($rvp2);
 }
 if ($machine eq "r-vp1") {
        qx($rvp1);
 }
 if ($machine eq "s-lb"){
 	qx($lb);
 }
 if ($machine eq "s-lb-web1"){
 	qx($lbweb);
 }
 if ($machine eq "s-lb-web2"){
        qx($lbweb);
 }
 if ($machine eq "s-lb-bd"){
        qx($lbbd);
 }
 if ($machine eq "s-nas"){
        qx($snas);
 }
 qx(VBoxManage startvm $machine);	
--- a/28
+++ b/28
@@ -0,0 +1,28 @@
 #!/usr/bin/perl
 use strict;
 use warnings;
 while ($_ = shift @ARGV) {
 	if ($_ eq "-a"){
 		qx(./gsbstart s-infra);
 		qx(./gsbstart s-spec);
 		qx(./gsbstart s-proxy);
                qx(./gsbstart s-mon);
                qx(./gsbstart s-mess);
                qx(./gsbstart s-itil);
                qx(./gsbstart s-backup);
                qx(./gsbstart s-appli);
                qx(./gsbstart r-vp1);
                qx(./gsbstart r-vp2);
                qx(./gsbstart r-int);
                qx(./gsbstart r-ext);
                qx(./gsbstart s-lb);
                qx(./gsbstart s-lb-web-1);
                qx(./gsbstart s-lb-web-2);
                qx(./gsbstart s-lb-bd);
 	}else{
                qx(./gsbstart $_);
 	}	
 }
--- a/lisezmoi.txt
+++ b/lisezmoi.txt
@@ -0,0 +1,14 @@
 lisezmoi.txt
 ------------
 Ce document décrit les divers élements du projet GSB du BTS SIO utilisé pour l'Epreuve E4
 Le projet GSB décrit les diférents playbooks permttant d'installer les
 machines du projet GSB
 Les répertoires :
 - roles : les roles
 - goss : les outils de test
--- a/pre/inst-depl
+++ b/pre/inst-depl
@@ -0,0 +1,48 @@
 #!/bin/bash
 set -o errexit
 set -o pipefail
 GITUSR=gitgsb
 GITPRJ=gsb
 apt update && apt upgrade
 apt install -y apache2 git 
 getent passwd "${GITUSR}" >> /dev/null
 if [[ $? != 0 ]]; then
  echo "creation utilisateur "${GITUSR}" ..."
  /sbin/useradd -m -d /home/"${GITUSR}" -s /bin/bash "${GITUSR}" 
  echo "${GITUSR}:${GITUSR}" | /sbin/chpasswd 
 else
  echo "utilisateur "${GITUSR}" existant..."
 fi
 su -c "git init --share --bare /home/${GITUSR}/${GITPRJ}.git" "${GITUSR}"
 su -c "cd ${GITPRJ}.git/.git/hooks && mv post-update.sample post-update" "${GITUSR}"
 [[ -h /var/www/html/"${GITPRJ}".git ]]|| ln -s /home/"${GITUSR}"/"${GITPRJ}".git /var/www/html/"${GITPRJ}".git
 [[ -d /var/www/html/gsbstore ]]|| mkdir /var/www/html/gsbstore
 (cat <<EOT > /var/www/html/gsbstore/getall
 #!/bin/bash
 set -o errexit
 set -o pipefail
 GLPIREL=9.4.5
 wget -nc https://github.com/glpi-project/glpi/releases/download/\${GLPIREL}/glpi-\${GLPIREL}.tgz
 FIREL=9.4+2.4
 wget -nc -O fusioninventory-glpi\${FIREL}.tag.gz https://github.com/fusioninventory/fusioninventory-for-glpi/archive/glpi\${FIREL}.tar.gz 
 #https://github.com/fusioninventory/fusioninventory-for-glpi/archive/glpi9.4+2.4.tar.g 
 FIAGREL=2.5.2 
 wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/\${FIAGREL}/fusioninventory-agent_windows-x64_\${FIAGREL}.exe
 wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/\$FIAGREL/fusioninventory-agent_windows-x86_\${FIAGREL}.exe
 FOGREL=1.5.7
 wget -nc https://github.com/FOGProject/fogproject/archive/\${FOGREL}.tar.gz -O fogproject-\${FOGREL}.tar.gz
 wget -nc https://fr.wordpress.org/wordpress-5.3.2-fr_FR.tar.gz
 EOT
 )
 cat /var/www/html/gsbstore/getall
--- a/pre/pull-config
+++ b/pre/pull-config
@@ -0,0 +1,24 @@
 #!/bin/bash
 dir=/root/tools/ansible
 host=depl
 hostf=$host.sio.lan
 repo=gsb
 [ -e $dir ] || mkdir -p $dir
 grep $hostf /etc/hosts > /dev/null || echo "10.121.38.10 $hostf $host" >> /etc/hosts
 cd  $dir
 hostname  > hosts
 #git clone http://$host/$repo.git
 cd $repo
 git pull
 ansible-playbook -c local -i 'localhost,' $(hostname).yml
 #ansible-pull -i $dir/hosts -d $repo -U http://$host/$repo.git
 exit 0
--- a/24
+++ b/24
@@ -0,0 +1,24 @@
 #!/bin/bash
 dir=/root/tools/ansible
 host=depl
 hostf=$host.sio.lan
 repo=gsb
 [ -e $dir ] || mkdir -p $dir
 grep $hostf /etc/hosts > /dev/null || echo "10.121.38.10 $hostf $host" >> /etc/hosts
 cd  $dir
 hostname  > hosts
 #git clone http://$host/$repo.git
 cd $repo
 git pull
 ansible-playbook -c local -i 'localhost,' $(hostname).yml
 #ansible-pull -i $dir/hosts -d $repo -U http://$host/$repo.git
 exit 0
--- a/r-ext.yml
+++ b/r-ext.yml
@@ -0,0 +1,12 @@
 ---
 - hosts: localhost
  connection: local
  roles:
   - base
   - goss
   - r-ext
   - snmp-agent
   - ssh-cli
   - syslog-cli
   - post
--- a/r-int.yml
+++ b/r-int.yml
@@ -0,0 +1,13 @@
 ---
 - hosts: localhost
  connection: local
  roles:
   - base
   - goss
   - r-int
   - ssh-cli
   - syslog-cli
   - dhcp
   - snmp-agent
   - post
--- a/r-vp1.yml
+++ b/r-vp1.yml
@@ -0,0 +1,20 @@
 ---
 - hosts: localhost
  connection: local
  vars:
   - ip1: 192.168.0.51
   - remip: 192.168.0.52
   - mynet: 192.168.1.0
   - remnet: 172.16.128.0
  roles:
   - base
   - goss
   - snmp-agent
   - vpn-stg-r
 #   - x509-r
 #   - firewall-vpn-r
   - ssh-cli
   - syslog-cli
   - post
--- a/r-vp2.yml
+++ b/r-vp2.yml
@@ -0,0 +1,22 @@
 ---
 - hosts: localhost
  connection: local
  vars:
   - ip1: 192.168.0.52
   - remip: 192.168.0.51
   - mynet: 172.16.128.0
   - remnet: 192.168.1.0
  roles:
   - base
   - goss
   - dhcp-ag
   - dns-agence
   - snmp-agent
   - vpn-stg-l
 #   - x509-l
 #   - firewall-vpn-l
   - ssh-cli
   - syslog-cli
   - post
--- a/roles/apache2/handlers/main.yml
+++ b/roles/apache2/handlers/main.yml
@@ -0,0 +1,6 @@
 ---
 - name: restart apache2
   service: name=apache2 state=restarted
 - name: restart mysql-server
   service: name=mysql-server state=restarted
--- a/roles/apache2/tasks/main.yml
+++ b/roles/apache2/tasks/main.yml
@@ -0,0 +1,14 @@
 ---
 - name: Update apt cache
  apt: update_cache=yes cache_valid_time=3600
 - name: Install required software
  apt: name={{ item }} state=present
  with_items:
    - apache2
    - mysql-server
    - php-mysql
    - php
    - libapache2-mod-php
    - php-mcrypt
    - python-mysqldb
--- a/roles/appli/handlers/main.yml
+++ b/roles/appli/handlers/main.yml
@@ -0,0 +1,4 @@
 ---
 - name: restart apache
  service: name=apache2 state=restarted
  become: yes
--- a/roles/appli/tasks/main.yml
+++ b/roles/appli/tasks/main.yml
@@ -0,0 +1,73 @@
 ---
 - name: Installation des packets
  apt:
    name: "{{ item }}"
    state: latest
  with_items:
    - php
    - php-fpm
    - php-mbstring
    - php-ssh2
    - php-gd
    - php-mysql
    - python-mysqldb
    - libapache2-mod-php
    - mariadb-server
    - apache2
    - python
 - name: Création du répertoire pour wordpress
  file:
    path: /var/www/html/wordpress
    state: directory
 - name: Téléchargement de wordpress
  get_url:
    url: http://depl/gsbstore/wordpress-5.3.2-fr_FR.tar.gz
    dest: /var/www/html
 - name: Extraction du fichier wordpress
  unarchive:
    src: /var/www/html/wordpress-5.3.2-fr_FR.tar.gz
    dest: /var/www/html
 - name: Fix permissions owner
  shell: chown -R www-data /var/www/html/wordpress
 - name: Fix permissions groups
  shell: chgrp -R www-data /var/www/html/wordpress
 - name: Mettre à jour le site Apache par défaut
  lineinfile:
    dest: /etc/apache2/sites-enabled/000-default.conf
    regexp: "(.)+DocumentRoot /var/www/html"
    line: "DocumentRoot /var/www/html/wordpress"
 - name: restart apache2
  service:
    name: apache2
    state: restarted
 - name: Mettre à jour le fichier de configuration WordPress
  lineinfile:
    dest: /var/www/html/wordpress/wp-config-sample.php
    backup: yes
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  with_items:
    - {'regexp': "define\\('DB_NAME', '(.)+'\\);", 'line': "define('DB_NAME', 'wordpress');"}
    - {'regexp': "define\\('DB_HOST', '(.)+'\\);", 'line': "define('DB_HOST', 'localhost');"}
    - {'regexp': "define\\('DB_USER', '(.)+'\\);", 'line': "define('DB_USER', 'wp');"}
    - {'regexp': "define\\('DB_PASSWORD', '(.)+'\\);", 'line': "define('DB_PASSWORD', 'wp');"}
 - name: Création de la base de donnée mysql
  mysql_db:
    name: wordpress
    state: present
 - name: Création de l'utilisateur mysql
  mysql_user:
    name: wordpress
    password: wp
    priv: "*.*:ALL"
--- a/roles/base/files/apt.conf
+++ b/roles/base/files/apt.conf
@@ -0,0 +1 @@
 Acquire::http::Proxy "http://192.168.99.99:8080";
--- a/roles/base/files/resolv.conf
+++ b/roles/base/files/resolv.conf
@@ -0,0 +1,4 @@
 domain gsb.lan
 search gsb.lan
 nameserver 192.168.99.99
--- a/roles/base/files/sources.list
+++ b/roles/base/files/sources.list
@@ -0,0 +1,10 @@
 # 
 deb http://ftp.fr.debian.org/debian/ wheezy main contrib non-free
 deb http://security.debian.org/ wheezy/updates main
 deb http://ftp.fr.debian.org/debian/ wheezy-updates main
 deb http://http.debian.net/debian wheezy-backports main
--- a/roles/base/files/sources.list.Debian
+++ b/roles/base/files/sources.list.Debian
@@ -0,0 +1,9 @@
 #deb http://ftp.fr.debian.org/debian/ stretch main contrib non-free
 #deb http://security.debian.org/ stretch/updates main
 #deb http://ftp.fr.debian.org/debian/ stretch-updates main
 deb http://deb.debian.org/debian/ buster main contrib non-free
 deb http://security.debian.org/debian-security buster/updates main contrib non-free
 deb http://deb.debian.org/debian/ buster-updates main contrib non-free
--- a/roles/base/files/sources.list.Ubuntu
+++ b/roles/base/files/sources.list.Ubuntu
@@ -0,0 +1,13 @@
 #------------------------------------------------------------------------------#
 #                            OFFICIAL UBUNTU REPOS                             #
 #------------------------------------------------------------------------------#
 ###### Ubuntu Main Repos
 deb http://fr.archive.ubuntu.com/ubuntu/ wily main restricted universe 
 ###### Ubuntu Update Repos
 deb http://fr.archive.ubuntu.com/ubuntu/ wily-security main restricted universe 
 deb http://fr.archive.ubuntu.com/ubuntu/ wily-updates main restricted universe 
--- a/roles/base/files/sources.list.jessie
+++ b/roles/base/files/sources.list.jessie
@@ -0,0 +1,22 @@
 # 
 # deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official i386 NETINST Binary-1 20110205-14:34]/ jessie main
 #deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official i386 NETINST Binary-1 20110205-14:34]/ jessie main
 deb http://ftp.fr.debian.org/debian/ jessie main contrib non-free
 #deb-src http://ftp.fr.debian.org/debian/ jessie main
 deb http://security.debian.org/ jessie/updates main
 #deb-src http://security.debian.org/ jessie/updates main
 deb http://ftp.fr.debian.org/debian/ jessie-updates main
 #deb-src http://ftp.fr.debian.org/debian/ jessie-updates main
 #deb http://backports.debian.org/debian-backports jessie-backports main
 #deb http://packages.steve.org.uk/slaughter/jessie/ ./
 #deb https://rex.linux-files.org/debian/ jessie rex
 #deb http://http.debian.net/debian jessie-backports main
--- a/roles/base/files/sources.list.wheezy
+++ b/roles/base/files/sources.list.wheezy
@@ -0,0 +1,22 @@
 # 
 # deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official i386 NETINST Binary-1 20110205-14:34]/ wheezy main
 #deb cdrom:[Debian GNU/Linux 6.0.0 _Squeeze_ - Official i386 NETINST Binary-1 20110205-14:34]/ wheezy main
 deb http://ftp.fr.debian.org/debian/ wheezy main contrib non-free
 #deb-src http://ftp.fr.debian.org/debian/ wheezy main
 deb http://security.debian.org/ wheezy/updates main
 #deb-src http://security.debian.org/ wheezy/updates main
 deb http://ftp.fr.debian.org/debian/ wheezy-updates main
 #deb-src http://ftp.fr.debian.org/debian/ wheezy-updates main
 #deb http://backports.debian.org/debian-backports wheezy-backports main
 #deb http://packages.steve.org.uk/slaughter/wheezy/ ./
 #deb https://rex.linux-files.org/debian/ wheezy rex
 deb http://http.debian.net/debian wheezy-backports main
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,49 @@
 ---
 - name: Copie sources.list
  copy: src=sources.list.{{ ansible_distribution }} dest=/etc/apt/sources.list
 - name: Copie apt.conf pour proxy 
  copy: src=apt.conf dest=/etc/apt/apt.conf
  when: ansible_hostname != "s-adm"    
 - name: Update + Upgrade
  apt:
    upgrade: yes
    update_cache: yes
    cache_valid_time: 86400 #One day
 - name: Install paquets
  apt: 
    state: present
    name: 
    - vim 
    - ntp 
    - mc
    - tcpdump
    - curl
    - net-tools
    - rsync
    - sudo
 - name: Desinstall paquets
  apt: 
    state: absent
    name: 
    - nfs-common 
    - rpcbind 
    - bluetooth
 - name: Configure Vim
  alternatives: name=editor path=/usr/bin/vim
 #- name:  copie fichier
 #  copy: src=mesg.txt dest=/root/tools/mesg.txt
 - name:  Generation /etc/hosts
  template: src=hosts.j2 dest=/etc/hosts
  when: ansible_hostname != "s-proxy"
 - name:  Generation /etc/hosts pour s-proxy
  template: src=hosts.s-proxy.j2 dest=/etc/hosts
  when: ansible_hostname == "s-proxy"
--- a/roles/base/templates/hosts.j2
+++ b/roles/base/templates/hosts.j2
@@ -0,0 +1,27 @@
 127.0.0.1       localhost
 127.0.1.1       {{ ansible_nodename }} {{ ansible_hostname }}
 127.0.0.1       localhost ip6-localhost ip6-loopback
 10.121.38.10	depl.sio.lan depl
 192.168.99.99	s-adm.gsb.adm
 192.168.99.1	s-infra.gsb.adm
 192.168.99.2	s-proxy.gsb.adm
 192.168.99.3	s-appli.gsb.adm
 192.168.99.4	s-backup.gsb.adm
 192.168.99.5	s-puppet.gsb.adm
 192.168.99.6 	s-win.gsb.adm 
 192.168.99.7	s-mess.gsb.adm
 192.168.99.8	s-mon.gsb.adm
 192.168.99.9	s-itil.gsb.adm
 192.168.99.10	s-sspec.gsb.adm
 192.168.99.11	s-web-ext.gsb.adm
 192.168.99.10	s-dns.gsb.adm
 192.168.99.12	r-int.gsb.adm
 192.168.99.13	r-ext.gsb.adm
 192.168.99.14	s-nas.gsb.adm
 192.168.99.15	s-san.gsb.adm
 192.168.99.16	s-fog.gsb.adm
 192.168.99.8	syslog.gsb.adm
--- a/roles/base/templates/hosts.s-proxy.j2
+++ b/roles/base/templates/hosts.s-proxy.j2
@@ -0,0 +1,26 @@
 127.0.0.1       localhost
 127.0.1.1       {{ ansible_nodename }} {{ ansible_hostname }}
 127.0.0.1       localhost ip6-localhost ip6-loopback
 172.16.0.2	s-proxy.gsb.lan s-proxy
 10.121.38.10	depl
 192.168.99.99	s-adm.gsb.adm
 192.168.99.1	s-infra.gsb.adm
 192.168.99.2	s-proxy.gsb.adm
 192.168.99.3	s-appli.gsb.adm
 192.168.99.4	s-backup.gsb.adm
 192.168.99.5	s-puppet.gsb.adm
 192.168.99.6 	s-win.gsb.adm 
 192.168.99.7	s-mess.gsb.adm
 192.168.99.8	s-mon.gsb.adm
 192.168.99.9	s-itil.gsb.adm
 192.168.99.10	s-sspec.gsb.adm
 192.168.99.11	s-web-ext.gsb.adm
 192.168.99.10	s-dns.gsb.adm
 192.168.99.12	r-int.gsb.adm
 192.168.99.13	r-ext.gsb.adm
 192.168.99.14	s-nas.gsb.adm
 192.168.99.8	syslog.gsb.adm
--- a/roles/db-user/tasks/main.yml
+++ b/roles/db-user/tasks/main.yml
@@ -0,0 +1,7 @@
 ---
 - name: Create mysql user
  mysql_user: 
    host: "{{ cli_ip }}"
    name: "{{ maria_dbuser }}"
    password: "{{ maria_dbpasswd }}"
    priv: "*.*:ALL"
--- a/roles/dhcp-ag/files/dhcpd.conf
+++ b/roles/dhcp-ag/files/dhcpd.conf
@@ -0,0 +1,152 @@
 #
 # Sample configuration file for ISC dhcpd for Debian
 #
 #
 # The ddns-updates-style parameter controls whether or not the server will
 # attempt to do a DNS update when a lease is confirmed. We default to the
 # behavior of the version 2 packages ('none', since DHCP v2 didn't
 # have support for DDNS.)
 ddns-update-style none;
 # option definitions common to all supported networks...
 option domain-name "gsb.lan";
 option domain-name-servers 172.16.0.1;
 default-lease-time 86400;
 max-lease-time 86400;
 # If this DHCP server is the official DHCP server for the local
 # network, the authoritative directive should be uncommented.
 #authoritative;
 # Use this to send dhcp log messages to a different log file (you also
 # have to hack syslog.conf to complete the redirection).
 log-facility local7;
 # No service will be given on this subnet, but declaring it helps the 
 # DHCP server to understand the network topology.
 #subnet 10.152.187.0 netmask 255.255.255.0 {
 #}
 # This is a very basic subnet declaration.
 #subnet 10.254.239.0 netmask 255.255.255.224 {
 #  range 10.254.239.10 10.254.239.20;
 #  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
 #}
 # This declaration allows BOOTP clients to get dynamic addresses,
 # which we don't really recommend.
 #subnet 10.254.239.32 netmask 255.255.255.224 {
 #  range dynamic-bootp 10.254.239.40 10.254.239.60;
 #  option broadcast-address 10.254.239.31;
 #  option routers rtr-239-32-1.example.org;
 #}
 # A slightly different configuration for an internal subnet.
 #subnet 10.5.5.0 netmask 255.255.255.224 {
 #  range 10.5.5.26 10.5.5.30;
 #  option domain-name-servers ns1.internal.example.org;
 #  option domain-name "internal.example.org";
 #  option routers 10.5.5.1;
 #  option broadcast-address 10.5.5.31;
 #  default-lease-time 600;
 #  max-lease-time 7200;
 #}
 # Hosts which require special configuration options can be listed in
 # host statements.   If no address is specified, the address will be
 # allocated dynamically (if possible), but the host-specific information
 # will still come from the host declaration.
 #host passacaglia {
 #  hardware ethernet 0:0:c0:5d:bd:95;
 #  filename "vmunix.passacaglia";
 #  server-name "toccata.fugue.com";
 #}
 # Fixed IP addresses can also be specified for hosts.   These addresses
 # should not also be listed as being available for dynamic assignment.
 # Hosts for which fixed IP addresses have been specified can boot using
 # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
 # be booted with DHCP, unless there is an address range on the subnet
 # to which a BOOTP client is connected which has the dynamic-bootp flag
 # set.
 #host fantasia {
 #  hardware ethernet 08:00:07:26:c0:a5;
 #  fixed-address fantasia.fugue.com;
 #}
 # You can declare a class of clients and then do address allocation
 # based on that.   The example below shows a case where all clients
 # in a certain class get addresses on the 10.17.224/24 subnet, and all
 # other clients get addresses on the 10.0.29/24 subnet.
 #class "foo" {
 #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
 #}
 #shared-network 224-29 {
 #  subnet 10.17.224.0 netmask 255.255.255.0 {
 #    option routers rtr-224.example.org;
 #  }
 #  subnet 10.0.29.0 netmask 255.255.255.0 {
 #    option routers rtr-29.example.org;
 #  }
 #  pool {
 #    allow members of "foo";
 #    range 10.17.224.10 10.17.224.250;
 #  }
 #  pool {
 #    deny members of "foo";
 #    range 10.0.29.10 10.0.29.230;
 #  }
 #}
 #DHCP pour le réseau wifi
 #subnet 172.16.65.0 netmask 255.255.255.0 {
 #	range 172.16.65.1 172.16.65.100;
 #  	option domain-name-servers ns1.internal.example.org;
 #  	option domain-name "internal.example.org";
 #  	option routers 10.5.5.1;
 #  	option broadcast-address 10.5.5.31;
 #  	default-lease-time 600;
 #  	max-lease-time 7200;
 #}
 #DHCP pour le réseau USER
 #subnet 172.16.64.0 netmask 255.255.255.0 {
 #        range 172.16.64.20 172.16.64.120;
 #        option domain-name-servers 172.16.0.6, 172.16.0.1 ;
 #        option routers 172.16.64.254;
 #        option broadcast-address 172.16.64.255;
 #       default-lease-time 600;
 #       max-lease-time 7200;
 #}
 #DHCP pour le réseau INFRA
 #subnet 172.16.0.0 netmask 255.255.255.0 {
 #        range 172.16.0.1 172.16.0.100;
 #       option domain-name-servers ns1.internal.example.org;
 #       option domain-name "internal.example.org";
 #       option routers 10.5.5.1;
 #       option broadcast-address 10.5.5.31;
 #       default-lease-time 600;
 #       max-lease-time 7200;
 #}
 #DHCP pour le réseau AGENCE
 subnet 172.16.128.0 netmask 255.255.255.0 {
 	range 172.16.128.10 172.16.128.50;
 	option domain-name-servers 172.16.0.1;
 	option routers 172.16.128.254;
 	option broadcast-address 172.16.128.255;
 	default-lease-time 86400;
 	max-lease-time 86400;
 }
--- a/roles/dhcp-ag/files/isc-dhcp-server
+++ b/roles/dhcp-ag/files/isc-dhcp-server
@@ -0,0 +1,18 @@
 # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
 # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
 DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
 #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
 # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
 DHCPDv4_PID=/var/run/dhcpd.pid
 #DHCPDv6_PID=/var/run/dhcpd6.pid
 # Additional options to start dhcpd with.
 #	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 #OPTIONS=""
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 INTERFACESv4="enp0s8"
 INTERFACESv6=""
--- a/roles/dhcp-ag/handlers/main.yml
+++ b/roles/dhcp-ag/handlers/main.yml
@@ -0,0 +1,3 @@
 ---
  - name: restart dhcp 
    service: name=isc-dhcp-server state=restarted
--- a/roles/dhcp-ag/tasks/main.yml
+++ b/roles/dhcp-ag/tasks/main.yml
@@ -0,0 +1,11 @@
 ---
  - name: Installation serveur dhcp
    apt: name=isc-dhcp-server state=present update_cache=yes
  - name: copie dhcpd.conf
    copy: src=dhcpd.conf dest=/etc/dhcp
   # notify: restart dhcp
  - name: copie conf isc-dhcp-server
    copy: src=isc-dhcp-server dest=/etc/default/isc-dhcp-server
   # notify: restart dhcp
--- a/roles/dhcp-fog/files/dhcpd.conf
+++ b/roles/dhcp-fog/files/dhcpd.conf
@@ -0,0 +1,142 @@
 #
 # Sample configuration file for ISC dhcpd for Debian
 #
 #
 # The ddns-updates-style parameter controls whether or not the server will
 # attempt to do a DNS update when a lease is confirmed. We default to the
 # behavior of the version 2 packages ('none', since DHCP v2 didn't
 # have support for DDNS.)
 ddns-update-style none;
 # option definitions common to all supported networks...
 option domain-name "gsb.lan";
 option domain-name-servers 172.16.0.1;
 default-lease-time 86400;
 max-lease-time 86400;
 # If this DHCP server is the official DHCP server for the local
 # network, the authoritative directive should be uncommented.
 #authoritative;
 # Use this to send dhcp log messages to a different log file (you also
 # have to hack syslog.conf to complete the redirection).
 log-facility local7;
 # No service will be given on this subnet, but declaring it helps the 
 # DHCP server to understand the network topology.
 #subnet 10.152.187.0 netmask 255.255.255.0 {
 #}
 # This is a very basic subnet declaration.
 #subnet 10.254.239.0 netmask 255.255.255.224 {
 #  range 10.254.239.10 10.254.239.20;
 #  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
 #}
 # This declaration allows BOOTP clients to get dynamic addresses,
 # which we don't really recommend.
 #subnet 10.254.239.32 netmask 255.255.255.224 {
 #  range dynamic-bootp 10.254.239.40 10.254.239.60;
 #  option broadcast-address 10.254.239.31;
 #  option routers rtr-239-32-1.example.org;
 #}
 # A slightly different configuration for an internal subnet.
 #subnet 10.5.5.0 netmask 255.255.255.224 {
 #  range 10.5.5.26 10.5.5.30;
 #  option domain-name-servers ns1.internal.example.org;
 #  option domain-name "internal.example.org";
 #  option routers 10.5.5.1;
 #  option broadcast-address 10.5.5.31;
 #  default-lease-time 600;
 #  max-lease-time 7200;
 #}
 # Hosts which require special configuration options can be listed in
 # host statements.   If no address is specified, the address will be
 # allocated dynamically (if possible), but the host-specific information
 # will still come from the host declaration.
 #host passacaglia {
 #  hardware ethernet 0:0:c0:5d:bd:95;
 #  filename "vmunix.passacaglia";
 #  server-name "toccata.fugue.com";
 #}
 # Fixed IP addresses can also be specified for hosts.   These addresses
 # should not also be listed as being available for dynamic assignment.
 # Hosts for which fixed IP addresses have been specified can boot using
 # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
 # be booted with DHCP, unless there is an address range on the subnet
 # to which a BOOTP client is connected which has the dynamic-bootp flag
 # set.
 #host fantasia {
 #  hardware ethernet 08:00:07:26:c0:a5;
 #  fixed-address fantasia.fugue.com;
 #}
 # You can declare a class of clients and then do address allocation
 # based on that.   The example below shows a case where all clients
 # in a certain class get addresses on the 10.17.224/24 subnet, and all
 # other clients get addresses on the 10.0.29/24 subnet.
 #class "foo" {
 #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
 #}
 #shared-network 224-29 {
 #  subnet 10.17.224.0 netmask 255.255.255.0 {
 #    option routers rtr-224.example.org;
 #  }
 #  subnet 10.0.29.0 netmask 255.255.255.0 {
 #    option routers rtr-29.example.org;
 #  }
 #  pool {
 #    allow members of "foo";
 #    range 10.17.224.10 10.17.224.250;
 #  }
 #  pool {
 #    deny members of "foo";
 #    range 10.0.29.10 10.0.29.230;
 #  }
 #}
 #DHCP pour le réseau wifi
 #subnet 172.16.65.0 netmask 255.255.255.0 {
 #	range 172.16.65.1 172.16.65.100;
 #  	option domain-name-servers ns1.internal.example.org;
 #  	option domain-name "internal.example.org";
 #  	option routers 10.5.5.1;
 #  	option broadcast-address 10.5.5.31;
 #  	default-lease-time 600;
 #  	max-lease-time 7200;
 #}
 #DHCP pour le réseau USER
 subnet 172.16.64.0 netmask 255.255.255.0 {
        range 172.16.64.20 172.16.64.120;
        option domain-name-servers 172.16.0.1 ;
        option routers 172.16.64.254;
        option broadcast-address 172.16.64.255;
 #       default-lease-time 600;
 #       max-lease-time 7200;
 }
 #DHCP pour le réseau INFRA
 #subnet 172.16.0.0 netmask 255.255.255.0 {
 #        range 172.16.0.1 172.16.0.100;
 #       option domain-name-servers ns1.internal.example.org;
 #       option domain-name "internal.example.org";
 #       option routers 10.5.5.1;
 #       option broadcast-address 10.5.5.31;
 #       default-lease-time 600;
 #       max-lease-time 7200;
 #}
--- a/roles/dhcp-fog/files/isc-dhcp-server
+++ b/roles/dhcp-fog/files/isc-dhcp-server
@@ -0,0 +1,18 @@
 # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
 # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
 DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
 #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
 # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
 DHCPDv4_PID=/var/run/dhcpd.pid
 #DHCPDv6_PID=/var/run/dhcpd6.pid
 # Additional options to start dhcpd with.
 #	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 #OPTIONS=""
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 INTERFACESv4="enp0s9"
 INTERFACESv6=""
--- a/roles/dhcp-fog/handlers/main.yml
+++ b/roles/dhcp-fog/handlers/main.yml
@@ -0,0 +1,3 @@
 ---
  - name: restart isc-dhcp-server
    service: name=isc-dhcp-server state=restarted
--- a/roles/dhcp-fog/tasks/main.yml
+++ b/roles/dhcp-fog/tasks/main.yml
@@ -0,0 +1,14 @@
 ---
 - name: Installation du dhcp
  apt:  name=isc-dhcp-server state=present
 - name: Copie du fichier isc-dhcp-server
  copy: src=isc-dhcp-server dest=/etc/default/  
 - name: Copie du fichier dhcpd.conf
  copy: src=dhcpd.conf dest=/etc/dhcp/
  notify:
    - restart isc-dhcp-server
--- a/roles/dhcp/files/dhcpd.conf
+++ b/roles/dhcp/files/dhcpd.conf
@@ -0,0 +1,142 @@
 #
 # Sample configuration file for ISC dhcpd for Debian
 #
 #
 # The ddns-updates-style parameter controls whether or not the server will
 # attempt to do a DNS update when a lease is confirmed. We default to the
 # behavior of the version 2 packages ('none', since DHCP v2 didn't
 # have support for DDNS.)
 ddns-update-style none;
 # option definitions common to all supported networks...
 option domain-name "gsb.lan";
 option domain-name-servers 172.16.0.1;
 default-lease-time 86400;
 max-lease-time 86400;
 # If this DHCP server is the official DHCP server for the local
 # network, the authoritative directive should be uncommented.
 #authoritative;
 # Use this to send dhcp log messages to a different log file (you also
 # have to hack syslog.conf to complete the redirection).
 log-facility local7;
 # No service will be given on this subnet, but declaring it helps the 
 # DHCP server to understand the network topology.
 #subnet 10.152.187.0 netmask 255.255.255.0 {
 #}
 # This is a very basic subnet declaration.
 #subnet 10.254.239.0 netmask 255.255.255.224 {
 #  range 10.254.239.10 10.254.239.20;
 #  option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
 #}
 # This declaration allows BOOTP clients to get dynamic addresses,
 # which we don't really recommend.
 #subnet 10.254.239.32 netmask 255.255.255.224 {
 #  range dynamic-bootp 10.254.239.40 10.254.239.60;
 #  option broadcast-address 10.254.239.31;
 #  option routers rtr-239-32-1.example.org;
 #}
 # A slightly different configuration for an internal subnet.
 #subnet 10.5.5.0 netmask 255.255.255.224 {
 #  range 10.5.5.26 10.5.5.30;
 #  option domain-name-servers ns1.internal.example.org;
 #  option domain-name "internal.example.org";
 #  option routers 10.5.5.1;
 #  option broadcast-address 10.5.5.31;
 #  default-lease-time 600;
 #  max-lease-time 7200;
 #}
 # Hosts which require special configuration options can be listed in
 # host statements.   If no address is specified, the address will be
 # allocated dynamically (if possible), but the host-specific information
 # will still come from the host declaration.
 #host passacaglia {
 #  hardware ethernet 0:0:c0:5d:bd:95;
 #  filename "vmunix.passacaglia";
 #  server-name "toccata.fugue.com";
 #}
 # Fixed IP addresses can also be specified for hosts.   These addresses
 # should not also be listed as being available for dynamic assignment.
 # Hosts for which fixed IP addresses have been specified can boot using
 # BOOTP or DHCP.   Hosts for which no fixed address is specified can only
 # be booted with DHCP, unless there is an address range on the subnet
 # to which a BOOTP client is connected which has the dynamic-bootp flag
 # set.
 #host fantasia {
 #  hardware ethernet 08:00:07:26:c0:a5;
 #  fixed-address fantasia.fugue.com;
 #}
 # You can declare a class of clients and then do address allocation
 # based on that.   The example below shows a case where all clients
 # in a certain class get addresses on the 10.17.224/24 subnet, and all
 # other clients get addresses on the 10.0.29/24 subnet.
 #class "foo" {
 #  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
 #}
 #shared-network 224-29 {
 #  subnet 10.17.224.0 netmask 255.255.255.0 {
 #    option routers rtr-224.example.org;
 #  }
 #  subnet 10.0.29.0 netmask 255.255.255.0 {
 #    option routers rtr-29.example.org;
 #  }
 #  pool {
 #    allow members of "foo";
 #    range 10.17.224.10 10.17.224.250;
 #  }
 #  pool {
 #    deny members of "foo";
 #    range 10.0.29.10 10.0.29.230;
 #  }
 #}
 #DHCP pour le réseau wifi
 subnet 172.16.65.0 netmask 255.255.255.0 {
 	range 172.16.65.1 172.16.65.100;
 #  	option domain-name-servers ns1.internal.example.org;
 #  	option domain-name "internal.example.org";
 #  	option routers 10.5.5.1;
 #  	option broadcast-address 10.5.5.31;
 #  	default-lease-time 600;
 #  	max-lease-time 7200;
 }
 #DHCP pour le réseau USER
 subnet 172.16.64.0 netmask 255.255.255.0 {
        range 172.16.64.20 172.16.64.120;
        option domain-name-servers 172.16.0.1 ;
        option routers 172.16.64.254;
        option broadcast-address 172.16.64.255;
 #       default-lease-time 600;
 #       max-lease-time 7200;
 }
 #DHCP pour le réseau INFRA
 subnet 172.16.0.0 netmask 255.255.255.0 {
 #        range 172.16.0.1 172.16.0.100;
 #       option domain-name-servers ns1.internal.example.org;
 #       option domain-name "internal.example.org";
 #       option routers 10.5.5.1;
 #       option broadcast-address 10.5.5.31;
 #       default-lease-time 600;
 #       max-lease-time 7200;
 }
--- a/roles/dhcp/files/isc-dhcp-server
+++ b/roles/dhcp/files/isc-dhcp-server
@@ -0,0 +1,18 @@
 # Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
 # Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
 DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
 #DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
 # Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
 DHCPDv4_PID=/var/run/dhcpd.pid
 #DHCPDv6_PID=/var/run/dhcpd6.pid
 # Additional options to start dhcpd with.
 #	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
 #OPTIONS=""
 # On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
 #	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
 INTERFACESv4="enp0s9 enp0s10"
 INTERFACESv6=""
--- a/roles/dhcp/handlers/main.yml
+++ b/roles/dhcp/handlers/main.yml
@@ -0,0 +1,3 @@
 ---
  - name: restart isc-dhcp-server
    service: name=isc-dhcp-server state=restarted
--- a/roles/dhcp/tasks/main.yml
+++ b/roles/dhcp/tasks/main.yml
@@ -0,0 +1,14 @@
 ---
 - name: Installation du dhcp
  apt:  name=isc-dhcp-server state=present
 - name: Copie du fichier isc-dhcp-server
  copy: src=isc-dhcp-server dest=/etc/default/  
 - name: Copie du fichier dhcpd.conf
  copy: src=dhcpd.conf dest=/etc/dhcp/
  notify:
    - restart isc-dhcp-server
--- a/roles/dns-ag-cs/files/named.conf.options
+++ b/roles/dns-ag-cs/files/named.conf.options
@@ -0,0 +1,23 @@
 // 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 options {
        directory "/var/cache/bind";
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        forwarders {
                172.16.0.1;
         };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
 };
--- a/roles/dns-ag-cs/handlers/main.yml
+++ b/roles/dns-ag-cs/handlers/main.yml
@@ -0,0 +1,4 @@
 ---
  - name: restart bind9
    service: name=bind9 state=restarted
--- a/roles/dns-ag-cs/tasks/main.yml
+++ b/roles/dns-ag-cs/tasks/main.yml
@@ -0,0 +1,11 @@
 ---
 - name: Installation bind9
  apt:  name=bind9 state=present update_cache=yes
 - name: Copie named.conf.options
  copy: src=named.conf.options dest=/etc/bind
  notify:
    - restart bind9
--- a/roles/dns-agence/files/named.conf.options
+++ b/roles/dns-agence/files/named.conf.options
@@ -0,0 +1,23 @@
 // 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 options {
        directory "/var/cache/bind";
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        forwarders {
                172.16.0.1;
         };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
 };
--- a/roles/dns-agence/handlers/main.yml
+++ b/roles/dns-agence/handlers/main.yml
@@ -0,0 +1,4 @@
 ---
  - name: restart bind9
    service: name=bind9 state=restarted
--- a/roles/dns-agence/tasks/main.yml
+++ b/roles/dns-agence/tasks/main.yml
@@ -0,0 +1,11 @@
 ---
 - name: Installation bind9
  apt:  name=bind9 state=present update_cache=yes
 - name: Copie named.conf.options
  copy: src=named.conf.options dest=/etc/bind
  notify:
    - restart bind9
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@@ -0,0 +1,30 @@
 ; 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 ;
 ; BIND data file for local loopback interface
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
                        2016011401      ; Serial
                        7200	        ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
                        604800 )        ; Negative Cache TTL
 ;
@       	IN      NS      s-infra.gsb.lan.
@		IN      NS      s-backup.gsb.lan.
@      	        IN      A       127.0.0.1
@       	IN      AAAA    ::1
 s-infra  	IN      A       172.16.0.1
 s-backup        IN      A	172.16.0.4
 s-proxy         IN      A       172.16.0.2
 s-appli    	IN      A       172.16.0.3
 s-win    	IN      A       172.16.0.6
 s-mess   	IN      A       172.16.0.7
 s-mon    	IN      A       172.16.0.8
 s-itil		IN	A	172.16.0.9
 r-int    	IN      A       172.16.0.254
 r-int-lnk    	IN      A       192.168.200.254
 r-ext  		IN      A       192.168.200.253
 ns   	        IN      CNAME   s-infra.gsb.lan.
 wpad		IN	CNAME	s-infra.gsb.lan.	
--- a/roles/dns-master/files/db.gsb.lan.rev
+++ b/roles/dns-master/files/db.gsb.lan.rev
@@ -0,0 +1,24 @@
 ; 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 ;
 ; BIND data file for local loopback interface
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
                        2015121701      ; Serial
                        7200            ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
                        604800 )        ; Negative Cache TTL
 ;
@         IN      NS      s-infra.gsb.lan.
@         IN      NS      s-backup.gsb.lan.
 1.0       IN      PTR     s-infra.gsb.lan.
 4.0       IN      PTR     s-backup.gsb.lan.
 2.0       IN      PTR     s-proxy.gsb.lan.
 3.0       IN      PTR     s-appli.gsb.lan.
 6.0       IN      PTR     s-win.gsb.lan.
 7.0       IN      PTR     s-mess.gsb.lan.
 8.0       IN      PTR     s-mon.gsb.lan.
 9.0	  IN	  PTR 	  s-itil.gsb.lan.
 254.0     IN      PTR     r-int.gsb.lan.
--- a/roles/dns-master/files/forbidden.html
+++ b/roles/dns-master/files/forbidden.html
@@ -0,0 +1,2 @@
 <center><img src="http://sio.lyc-lecastel.fr/~nicolas.denizot/warning.jpg" alt="Bloque"></img></center>
 <center><h1>Vous n'avez pas les droits requis pour acceder a cette page, veuillez contacter votre Administrateur.</h1></center>
--- a/roles/dns-master/files/hosts
+++ b/roles/dns-master/files/hosts
@@ -0,0 +1,7 @@
 127.0.0.1	localhost
 127.0.1.1	s-infra
 # The following lines are desirable for IPv6 capable hosts
 ::1     localhost ip6-localhost ip6-loopback
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
--- a/roles/dns-master/files/named.conf.local
+++ b/roles/dns-master/files/named.conf.local
@@ -0,0 +1,20 @@
 // 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 //
 // Do any local configuration here
 //
 // Consider adding the 1918 zones here, if they are not used in your
 // organization
 //include "/etc/bind/zones.rfc1918";
 zone "gsb.lan" {
        type master;
        file "/etc/bind/db.gsb.lan";
 };
 zone "16.172.in-addr.arpa"{
        type master;
        notify no;
        file "/etc/bind/db.gsb.lan.rev";
 };
--- a/roles/dns-master/files/named.conf.options
+++ b/roles/dns-master/files/named.conf.options
@@ -0,0 +1,25 @@
 // 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
 options {
        directory "/var/cache/bind";
        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.
        forwarders {
                192.168.99.99;
         };
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
 	allow-query { 172.16.0.0/16; } ;
 	allow-recursion { 172.16.0.0/16; } ;
 };
--- a/roles/dns-master/files/resolv.conf
+++ b/roles/dns-master/files/resolv.conf
@@ -0,0 +1,4 @@
 domain gsb.lan
 search gsb.lan
 nameserver 127.0.0.1
--- a/roles/dns-master/handlers/main.yml
+++ b/roles/dns-master/handlers/main.yml
@@ -0,0 +1,4 @@
 ---
  - name: restart bind9
    service: name=bind9 state=restarted
--- a/roles/dns-master/tasks/main.yml
+++ b/roles/dns-master/tasks/main.yml
@@ -0,0 +1,33 @@
 ---
 - name: Installation bind9
  apt:  name=bind9 state=present update_cache=yes
 - name: Copie named.conf.options
  copy: src=named.conf.options dest=/etc/bind
  notify:
    - restart bind9
 - name: Copie named.conf.local
  copy: src=named.conf.local dest=/etc/bind
  notify:
    - restart bind9
 - name: Copie db.gsb.lan
  copy: src=db.gsb.lan dest=/etc/bind
  notify:
    - restart bind9
 - name: Copie db.gsb.lan.rev
  copy: src=db.gsb.lan.rev dest=/etc/bind
  notify:
    - restart bind9
 - name: Copie resolv.conf
  copy: src=resolv.conf dest=/etc
  notify:
    - restart bind9
 - name: Copie page squidguard
  copy: src=forbidden.html dest=/var/www/
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`Acquire::http::Proxy "http://192.168.99.99:8080";`
		`@@ -0,0 +1,2 @@`
							`<center><img src="http://sio.lyc-lecastel.fr/~nicolas.denizot/warning.jpg" alt="Bloque"></img></center>`
							`<center><h1>Vous n'avez pas les droits requis pour acceder a cette page, veuillez contacter votre Administrateur.</h1></center>`