modif de l'ordre des droits rw

README.md

@@ -1,3 +1,15 @@
 # gsb2021
 
-Environnement et playbooks ansible pour le projet GSB 2021
+Environnement et playbooks ansible pour le projet GSB 2021
+
+## Quickstart
+prérequis : une machine Debian buster
+
+
+## Les machines
+  * s-adm
+  * s-infra
+  * r-int
+  * r-ext
+  * s-proxy
+## Les playbooks

goss/s-proxy.yaml

@@ -2,7 +2,7 @@ package:
   squid:
     installed: true
 addr:
-  tcp://192.168.99.99:8080: 
+  tcp://192.168.99.99:8080:
     reachable: true
     timeout: 500
 port:
@@ -10,6 +10,7 @@ port:
     listening: true
     ip:
     - '::'
+service:
   squid:
     enabled: true
     running: true
@@ -24,19 +25,17 @@ interface:
   enp0s3:
     exists: true
     addrs:
-    - 192.168.99.1/24
+    - 192.168.99.2/24
-  enp0s8
+    mtu: 1500
-    exists:  true
-    addrs:
-    - 192.168.99.1/24
   enp0s8:
-    exists:  true
+    exists: true
     addrs:
-    - 172.16.0.1/24
+    - 172.16.0.2/24
+    mtu: 1500
 http:
   http://localhost/wpad.dat:
     status: 200
     allow-insecure: false
     no-follow-redirects: false
     timeout: 5000
-    body:  []	
+    body: []

pre/Vagrantfile-s-adm

@@ -0,0 +1,77 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/buster64"
+  config.vm.hostname = "s-adm"
+  config.vm.define "s-adm"
+  config.vm.provider :virtualbox do |vb|
+     vb.name = "s-adm"
+  end
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+   config.vm.network "public_network", ip: "192.168.1.91"
+   config.vm.network "private_network", ip: "192.168.99.99"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt-get upgrade
+     apt-get install -y vim wget curl
+    # apt-get install -y apache2
+   SHELL
+end

pull-config

@@ -1,24 +1,21 @@
 #!/bin/bash
 
+if [ -z ${UREP+x} ]; then 
+	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2021.git 
+fi
+REPO=$(basename ${UREP})
+
 dir=/root/tools/ansible
 host=depl
 hostf=$host.sio.lan
-repo=gsb
 
-[ -e $dir ] || mkdir -p $dir
+[ -e ${dir} ] || mkdir -p ${dir}
 
-grep $hostf /etc/hosts > /dev/null || echo "10.121.38.10 $hostf $host" >> /etc/hosts
+#grep $hostf /etc/hosts > /dev/null || echo "10.121.38.10 $hostf $host" >> /etc/hosts
 
-cd  $dir
+cd  ${dir}
 
 hostname  > hosts
-
+ansible-pull -i ${dir}/hosts  -U "${UREP}"
-#git clone http://$host/$repo.git
-
-cd $repo
-git pull
-
-ansible-playbook -c local -i 'localhost,' $(hostname).yml
-#ansible-pull -i $dir/hosts -d $repo -U http://$host/$repo.git
 
 exit 0

roles/goss/defaults/main.yml

@@ -0,0 +1,3 @@
+depl_url: "http://s-adm.gsb.adm/gsbstore"
+depl_goss: "goss"
+

roles/goss/tasks/main.yml

@@ -5,6 +5,9 @@
   register: gossbin
  
 - name: install goss
-  shell: export https_proxy=http://10.121.38.1:8080  && curl -fsSL https://goss.rocks/install | sh
+  get_url: 
+    url: "{{ depl_url }}/{{ depl_goss }}"
+    dest: /usr/local/bin/{{ depl_goss }}
+    mode: 0755
   when: gossbin.stat.exists == False
 

roles/icinga-fk/tasks/main.yml

@@ -50,16 +50,6 @@
   notify:
     - restart icinga
 
-
-- name: attribution des droits dossier icinga rw 
-  file:
-    path: /var/lib/icinga/rw
-    owner: nagios
-    mode: 2710
-    recurse: yes 
-  notify:
-    - restart icinga 
-
 - name: attribution des droits dossier icinga
   file:
     path: /var/lib/icinga
@@ -70,20 +60,16 @@
     - restart icinga 
 
 
-- name: attribution des droits dossier var lib icinga
+- name: attribution des droits dossier icinga rw 
-  shell: chmod 2770 /var/lib/icinga/rw 
-  notify:
-    - stop icinga
-
-- name: attribution des droits dossier var lib icinga
   file:
     path: /var/lib/icinga/rw
-    owner: www-data
+    owner: nagios
     mode: 2710
-    recurse: yes
+    recurse: yes 
   notify:
     - restart icinga 
 
+
       #- name: Changement droit notif
       #  shell: chmod 644 /var/log/icinga/icinga.log
 
@@ -101,4 +87,6 @@
   debug: msg="Pour superviser le Windows, il faut installer NSClient++"
 
 - name: redemarrage apache 
-  shell: service apache2 restart
+  service:
+    name: apache2
+    state: restarted

roles/itil/defaults/main.yml

@@ -0,0 +1,4 @@
+depl_url: "http://s-adm.gsb.adm/gsbstorefusioninventory"
+depl_glpi: "glpi-9.5.3.tgz"
+depl_fusioninventory: "fusioninventory-9.5.0+1.0.tar.bz2"
+

roles/itil/tasks/main.yml

@@ -51,11 +51,15 @@
            priv=*.*:ALL
 
   - name: Creation du repertoire {{ glpi_dir }}
-    file: path={{ glpi_dir }} state=directory owner=www-data group=www-data
+    file: 
+      path: "{{ glpi_dir }}"
+      state: directory
+      owner: www-data
+      group: www-data
 
   - name: Installation de GLPI
     unarchive:
-      src: http://depl/gsbstore/glpi-{{ glpi_version }}.tgz
+      src: "{{ depl_url }}/{{ depl_glpi }}"
       dest: /var/www/html
       remote_src: yes
       owner: www-data
@@ -78,7 +82,8 @@
 
   - name: Installation de Fusioninventory pour Linux
     unarchive:
-      src: http://depl/gsbstore/fusioninventory-{{ fd_version }}.tar.bz2
+      src: "{{ depl_url }}/{{ depl_fusioninventory }}"
+      #src: http://depl/gsbstore/fusioninventory-{{ fd_version }}.tar.bz2
       dest: /var/www/html/glpi/plugins
       remote_src: yes
 

roles/local-store/files/getall-2021

@@ -0,0 +1,25 @@
+#!/bin/bash
+GLPIREL=9.5.3
+wget -nc https://github.com/glpi-project/glpi/releases/download/${GLPIREL}/glpi-${GLPIREL}.tgz
+ 
+FIREL=9.5+1.0
+#wget -nc https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi${FIREL}/fusioninventory-${FIREL}.tar.gz
+#https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
+wget -nc https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
+
+FIAGREL=2.5.2 
+wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x64_${FIAGREL}.exe
+ 
+wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x86_${FIAGREL}.exe
+ 
+FOGREL=1.5.9
+wget -nc https://github.com/FOGProject/fogproject/archive/${FOGREL}.tar.gz -O fogproject-${FOGREL}.tar.gz
+#https://github.com/FOGProject/fogproject/archive/1.5.9.tar.gz
+
+#wget -nc https://fr.wordpress.org/wordpress-5.3.2-fr_FR.tar.gz
+wget -nc https://fr.wordpress.org/wordpress-5.6-fr_FR.tar.gz
+
+GOSSVER=v0.3.16
+curl -L https://github.com/aelsabbahy/goss/releases/download/${GOSSVER}/goss-linux-amd64 -o goss
+chmod +x goss 
+

roles/local-store/files/getall-latest

@@ -0,0 +1,25 @@
+#!/bin/bash
+GLPIREL=9.5.3
+wget -nc https://github.com/glpi-project/glpi/releases/download/${GLPIREL}/glpi-${GLPIREL}.tgz
+ 
+FIREL=9.5+1.0
+#wget -nc https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi${FIREL}/fusioninventory-${FIREL}.tar.gz
+#https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
+wget -nc https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
+
+FIAGREL=2.5.2 
+wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x64_${FIAGREL}.exe
+ 
+wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x86_${FIAGREL}.exe
+ 
+FOGREL=1.5.9
+wget -nc https://github.com/FOGProject/fogproject/archive/${FOGREL}.tar.gz -O fogproject-${FOGREL}.tar.gz
+#https://github.com/FOGProject/fogproject/archive/1.5.9.tar.gz
+
+#wget -nc https://fr.wordpress.org/wordpress-5.3.2-fr_FR.tar.gz
+wget -nc https://fr.wordpress.org/wordpress-5.6-fr_FR.tar.gz
+
+GOSSVER=v0.3.16
+curl -L https://github.com/aelsabbahy/goss/releases/download/${GOSSVER}/goss-linux-amd64 -o goss
+chmod +x goss 
+

roles/local-store/tasks/main.yml

@@ -0,0 +1,18 @@
+---
+
+- name: Installation bind9
+  file:  
+    path: /var/www/html/gsbstore/
+    state: directory
+    mode: '0755'
+
+- name: Copie getall-latest
+  copy:
+    src: getall-latest
+    dest: /var/www/html/gsbstore
+
+- name: Copie getall-2021
+  copy:
+    src: getall-2021
+    dest: /var/www/html/gsbstore
+

roles/s-backup/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: installation rsync et smbclient
+  apt:
+    name:
+    - rsync
+    - smbclient
+    state: present
+

s-adm.yml

@@ -8,7 +8,7 @@
     - s-ssh
     - dnsmasq
     - squid
- #  - webautoconf
+    - local-store
     - snmp-agent
     - syslog-cli
     - post

s-backup.yml

@@ -9,3 +9,4 @@
 #   - ssh-cli
     - syslog-cli
     - post
+    - s-backup

s-mon.yml

@@ -6,7 +6,7 @@
     - base
     - goss
     - icinga-fk
-    - postfix-fk
+#   - postfix-fk
     - ssh-cli
     - syslog
     - post