ajout mariadb-server

roles/apache2/tasks/main.yml

@@ -6,9 +6,9 @@
   apt: name={{ item }} state=present
   with_items:
     - apache2
-    - mysql-server
+    - mariadb-server
     - php-mysql
     - php
     - libapache2-mod-php
-    - php-mcrypt
+#    - php-mcrypt
     - python-mysqldb

roles/goss/defaults/main.yml

@@ -1,3 +1,3 @@
-depl_url: "http://s-mon.gsb.lan/gsbstore/"
+depl_url: "http://s-adm.gsb.adm/gsbstore"
 depl_goss: "goss"
 

roles/icinga/tasks/main.yml

@@ -6,7 +6,7 @@
     - snmp
     - icinga 
     - nagios-snmp-plugins
-    - python-passlib
+    - python3-passlib
     state: present
 
 - name: Copie de fichier icinga.conf pour apache  
@@ -32,6 +32,13 @@
     backup : yes
   notify:
     - restart icinga
+
+- name: python3 par defaut
+  alternatives:
+    link: /usr/bin/python
+    name: python
+    path: /usr/bin/python3
+    priority: 10
     
 - name: Changement de mot de passe de icingaadmin
   htpasswd:
@@ -50,39 +57,50 @@
   notify:
     - restart icinga
 
-
-- name: attribution des droits dossier icinga rw 
-  file:
-    path: /var/lib/icinga/rw
-    owner: nagios
-    mode: 2710
-    recurse: yes 
-  notify:
-    - restart icinga 
-
 - name: attribution des droits dossier icinga
   file:
     path: /var/lib/icinga
     owner: nagios
     mode: 751
-    recurse: yes 
+    recurse: yes
   notify:
-    - restart icinga 
+    - restart icinga
 
-
+- name: attribution des droits dossier icinga rw
-#- name: attribution des droits dossier var lib icinga
-#  shell: chmod 2770 /var/lib/icinga/rw 
-#  notify:
-#    - stop icinga
-
-- name: attribution des droits dossier var lib icinga
   file:
     path: /var/lib/icinga/rw
-#    owner: www-data
+    owner: nagios
     mode: 2710
-#    recurse: yes
+    recurse: yes
   notify:
-    - restart icinga 
+    - restart icinga
+
+- name: activation des commandes externes
+  replace:
+    dest: /etc/icinga/icinga.cfg
+    regexp: 'check_external_commands=0'
+    replace: 'check_external_commands=1'
+  notify:
+    - restart icinga
+
+- name: reconfiguration des droits avec dpkg statoverride
+  shell: dpkg-statoverride --update --force-all --add nagios www-data 2710 /var/lib/icinga/rw
+
+- name: reconfiguration des droits avec dpkg statoverride
+  shell: dpkg-statoverride --update --force-all --add nagios nagios 751 /var/lib/icinga
+
+- name: suppression de checkresults
+  file:
+    path: /var/lib/icinga/spool/checkresults
+    state: absent
+
+- name: creation du dossier checkresults avec droits de lecture
+  file:
+    path: /var/lib/icinga/spool/checkresults
+    state: directory
+    owner: nagios     
+    group: root
+    mode: '755'
 
       #- name: Changement droit notif
       #  shell: chmod 644 /var/log/icinga/icinga.log
@@ -103,4 +121,4 @@
 - name: redemarrage apache 
   service:
     name: apache2
-    status: restarted
+    state: restarted

roles/itil/defaults/main.yml

@@ -0,0 +1,5 @@
+depl_url: "http://s-adm.gsb.adm/gsbstore/"
+depl_glpi: "glpi-9.5.3.tgz"
+depl_fusioninventory: "fusioninventory-9.5.0+1.0.tar.bz2"
+depl_fusioninventory_agentx64: "fusioninventory-agent_windows-x64_2.6.exe"
+depl_fusioninventory_agentx86: "fusioninventory-agent_windows-x86_2.6.exe"

roles/itil/tasks/main.yml

@@ -17,6 +17,8 @@
       - php-cas
       - python-mysqldb
       - mariadb-server
+      - python3-pymysql
+      - php-intl
 
   - name: Changement listen dans le fichier conf de php7.3
     replace:
@@ -29,7 +31,9 @@
     file: path=/etc/nginx/sites-enabled/default state=absent
 
   - name: Creation fichier block nginx
-    template: src=block.j2 dest=/etc/nginx/sites-enabled/glpi
+    template: 
+      src: block.j2 
+      dest: /etc/nginx/sites-enabled/glpi
 
   - name: Remplacement dans le fichier de conf php du timeout
     replace:
@@ -42,20 +46,32 @@
       - restart nginx
 
   - name: Creation de la base de donnee mysql
-    mysql_db: name={{ glpi_dbname }} state=present
+    mysql_db:
+      name: "{{ glpi_dbname }}"
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
 
   - name: Creation de l'utilisateur mysql avec tous les privileges
     mysql_user:
-           name={{ glpi_dbuser }}
+      name: "{{ glpi_dbuser }}"
-           password={{ glpi_dbpasswd }}
+      password: "{{ glpi_dbpasswd }}"
-           priv=*.*:ALL
+      priv: "*.*:ALL,GRANT"
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+    with_items:
+      - 127.0.0.1
+#      - ::1
+#      - localhost  
 
   - name: Creation du repertoire {{ glpi_dir }}
-    file: path={{ glpi_dir }} state=directory owner=www-data group=www-data
+    file: 
+      path: "{{ glpi_dir }}"
+      state: directory
+      owner: www-data
+      group: www-data
 
   - name: Installation de GLPI
     unarchive:
-      src: http://depl/gsbstore/glpi-{{ glpi_version }}.tgz
+      src: "{{ depl_url }}/{{ depl_glpi }}"
       dest: /var/www/html
       remote_src: yes
       owner: www-data
@@ -68,6 +84,8 @@
     file:
       path: "{{ glpi_dir }}/plugins"
       mode: 0777
+      owner: www-data
+      group: www-data
       recurse: yes
 
   - name: Attribution des permissions
@@ -78,7 +96,8 @@
 
   - name: Installation de Fusioninventory pour Linux
     unarchive:
-      src: http://depl/gsbstore/fusioninventory-{{ fd_version }}.tar.bz2
+      src: "{{ depl_url }}/{{ depl_fusioninventory }}"
+      #src: http://depl/gsbstore/fusioninventory-{{ fd_version }}.tar.bz2
       dest: /var/www/html/glpi/plugins
       remote_src: yes
 
@@ -99,14 +118,22 @@
 
   - name: Installation de FusionInventory windows x64
     get_url:
-      url: http://depl/gsbstore/fusioninventory-agent_windows-{{ fd_version64 }}.exe
+      url: "{{ depl_url }}/{{ depl_fusioninventory_agentx64 }}"
       dest: "/var/www/html/ficlients"
 
   - name: Installation de FusionInventory windows x86
     get_url:
-      url: http://depl/gsbstore/fusioninventory-agent_windows-{{ fd_version86 }}.exe
+      url: "{{ depl_url }}/{{ depl_fusioninventory_agentx86 }}"
       dest: "/var/www/html/ficlients"
 
+  - name: Attribution des permissions sur repertoire /plugins/fusioninventory
+    file:
+      path: /var/www/html/glpi/plugins/fusioninventory
+      owner: www-data
+      group: www-data
+      recurse: yes
+      state: directory
+
   - name: Copie du script dbdump
     copy: src=dbdump dest=/root/
 

roles/local-store/files/getall-2021

@@ -7,7 +7,7 @@ FIREL=9.5+1.0
 #https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
 wget -nc https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
 
-FIAGREL=2.5.2 
+FIAGREL=2.6 
 wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x64_${FIAGREL}.exe
  
 wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x86_${FIAGREL}.exe

roles/local-store/files/getall-latest

@@ -7,7 +7,7 @@ FIREL=9.5+1.0
 #https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
 wget -nc https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5.0%2B1.0/fusioninventory-9.5.0+1.0.tar.bz2
 
-FIAGREL=2.5.2 
+FIAGREL=2.6 
 wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x64_${FIAGREL}.exe
  
 wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x86_${FIAGREL}.exe

roles/post/tasks/main.yml

@@ -6,11 +6,7 @@
 
 - name: Copie resolv.conf
   copy: src=resolv.conf dest=/etc/
-  when: ansible_hostname != "s-adm"
+  when: ansible_hostname != "s-adm" and ansible_hostname != "s-proxy"
-
-- name: Copie resolv.conf
-  copy: src=resolv.conf dest=/etc/
-  when: ansible_hostname != "s-proxy"
 
 - name: Copie resolv.conf pour s-proxy
   copy: src=resolv.conf.s-proxy dest=/etc/resolv.conf

roles/postfix/tasks/main.yml

@@ -24,7 +24,7 @@
   shell: chmod 400 /etc/postfix/sasl_passwd
 
 - name: postmap
-  shell: postmap /etc/postfix/sasl_passwd
+  shell: /usr/sbin/postmap /etc/postfix/sasl_passwd
 
 - name: Copie thawte_Premium_Server_CA.pem
   copy: src=thawte_Premium_Server_CA.pem dest=/etc/ssl/certs/
@@ -34,3 +34,8 @@
   notify:
     - restart postfix
 
+- name: Changement des droits icinga.log
+  file:
+    path: /var/log/icinga/icinga.log
+    state: touch
+    mode: u=rw,g=w

roles/s-backup/files/backup.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+BDIR=/home/backup
+SWIN=/tmp/s-win
+
+[ -d "${BDIR}" ] || mkdir "${BDIR}"
+[ -d "${BDIR}" ] || mkdir "${BDIR}/s-win"
+[ -d "${SWIN}" ] || mkdir "${SWIN}"
+
+mount -t cifs -o ro,vers=3.0,username=u-backup,password=Azerty1+ //s-win/commun "${SWIN}"
+if [ $? != 0 ] ; then
+	echo "$0 : erreur montage ${SWIN}"
+	exit 1
+fi
+rsync -av "${SWIN}/" "${BDIR}/s-win/commun"
+umount "${SWIN}"
+
+
+mount -t cifs -o ro,vers=3.0,username=u-backup,password=Azerty1+ //s-win/public "${SWIN}"
+if [ $? != 0 ] ; then
+	echo "$0 : erreur montage"
+	exit 2
+fi
+rsync -av "${SWIN}/" "${BDIR}/s-win/public"
+umount "${SWIN}"
+
+exit 0
+

roles/s-backup/files/delgsb.cmd

@@ -0,0 +1,4 @@
+rem azazazaz
+rmdir C:\gsb.lan /s /q
+net group g-compta /del
+net group g-prod /del

roles/s-backup/files/mkgsb.cmd

@@ -0,0 +1,11 @@
+rem regereger
+mkdir C:\gsb.lan\commun
+mkdir C:\gsb.lan\public
+net share commun=C:\gsb.lan\commun /grant:"utilisateurs DHCP",full
+net share public=C:\gsb.lan\public /grant:"utilisateurs DHCP",full
+net group g-compta /add
+net group g-prod /add
+icacls C:\gsb.lan\commun /grant Administrateurs:F
+icacls C:\gsb.lan\commun /grant g-compta:M
+icacls C:\gsb.lan\public /grant Administrateurs:F
+icacls C:\gsb.lan\public /grant g-prod:M

roles/s-backup/tasks/main.yml

@@ -0,0 +1,9 @@
+---
+- name: installation rsync et smbclient
+  apt:
+    name:
+    - rsync
+    - smbclient
+    - cifs-utils
+    state: present
+

s-backup.yml

@@ -9,3 +9,4 @@
 #   - ssh-cli
     - syslog-cli
     - post
+    - s-backup

s-lb-web1.yml

@@ -3,6 +3,9 @@
   connection: local
 
   roles:
+    - apache2
+    - php-fpm
+    - mysql
     - base
     - s-lb-web-ab
     - snmp-agent

s-lb-web2.yml

@@ -3,6 +3,9 @@
   connection: local
 
   roles:
+    - apache2
+    - php-fpm
+    - mysql
     - base
     - s-lb-web-ab
     - snmp-agent

s-mon.yml

@@ -5,8 +5,8 @@
   roles:
     - base
     - goss
-    - icinga-fk
+    - icinga
-#   - postfix-fk
+    - postfix
     - ssh-cli
     - syslog
     - post