Ajout de README.md pour superviser s-win

roles/apache2/tasks/main.yml

@@ -6,7 +6,7 @@
   apt: name={{ item }} state=present
   with_items:
     - apache2
-    - mysql-server
+    - mariadb-server
     - php-mysql
     - php
     - libapache2-mod-php

roles/icinga/README.md

@@ -0,0 +1,117 @@
+# Instalation de NSClient++ sur la machine s-win
+
+En premier lieu, installer Mozilla Firefox via Internet Explorer.
+
+Une fois Mozilla intallé, installer NSClient++ avec ce lien: [NSClient++](https://nsclient.org/download/) 
+
+Puis choisir la version Windows
+
+# Etapes de l'installation 
+
+Sur l'étape **Select monitoring tool**, sélectionner **Generic**.
+
+Sur l'étape **Choose setup type**, sélectionner **Typical**.
+
+Sur l'étape **NSClient++ Configuration: 
+
+```
+
+Allowed hosts: 172.16.0.8
+
+Password: root
+
+```
+
+Activer **check plugins, check_nt et check_nrpe**.
+
+**Laisser NSCA client et web server désactivé**
+
+Cocher la case **Insecure legacy mode**
+
+
+Terminer l'installation.
+
+# Modification des fichiers
+
+Rendez vous dans le répertoire **C:\Programmes\NSClient++** puis ouvrez le fichier **nsclient** (celui avec un rouage).
+
+Une fois ouvert, modifier tout le fichier avec ceci:
+
+```
+
+#If you want to fill this file with all available options run the following command:
+#nscp settings --generate --add-defaults --load-all
+#If you want to activate a module and bring in all its options use:
+#nscp settings --activate-module <MODULE NAME> --add-defaults
+#For details run: nscp settings --help
+
+
+; in flight - TODO
+[/settings/default]
+
+; Undocumented key
+password = root
+
+; Undocumented key
+allowed hosts = 172.16.0.8
+
+
+; in flight - TODO
+[/settings/NRPE/server]
+
+; Undocumented key
+verify mode = none
+
+; Undocumented key
+insecure = true
+
+
+; in flight - TODO
+[/modules]
+
+; Undocumented key
+CheckExternalScripts = enabled
+
+; Undocumented key
+CheckHelpers = enabled
+
+; Undocumented key
+CheckEventLog = enabled
+
+; Undocumented key
+CheckNSCP = enabled
+
+; Undocumented key
+CheckDisk = enabled
+
+; Undocumented key
+CheckSystem = enabled
+
+; Undocumented key
+NSClientServer = enabled
+
+; Undocumented key
+NRPEServer = enabled
+
+``` 
+
+Redémarrez le service NSClient++:
+
+```
+
+services.msc
+
+```
+
+Puis clique droit sur le service **NCLient++ Monitoring Agent** et appuyer sur **Redémarrer**
+
+
+Retourner sur le serveur nagios puis écrire:
+
+```
+
+systemctl restart icinga
+
+```
+
+Les services de la machine **srv-2012** apparaissent en **UP**.

roles/icinga/files/cfg/hostgroups_icinga.cfg

@@ -15,13 +15,13 @@ define hostgroup {
 define hostgroup { 
 	hostgroup_name debian-servers 
 	alias		Serveurs distant
-	members        s-infra, s-proxy, r-int, r-ext, s-adm, s-test
+	members        s-infra, s-proxy, r-int, r-ext, s-adm, s-test, s-itil
 } 
 
 define hostgroup { 
 	hostgroup_name ssh-servers 
 	alias 		acces SSH 
-	members		s-adm, s-infra, s-proxy, r-int, r-ext, localhost, s-test, gwsio2	 
+	members		s-adm, s-infra, s-proxy, r-int, r-ext, localhost, s-test, gwsio2, s-itil	 
 }
 
 define hostgroup { 
@@ -39,7 +39,7 @@ define hostgroup {
 define hostgroup {
         hostgroup_name  http-servers
 		alias           serveurs-web
-		members         localhost 
+		members         localhost, s-itil 
         }
 
 #define hostgroup {
@@ -69,6 +69,6 @@ define hostgroup{
 define hostgroup{
 	hostgroup_name	uptimegrp
 	alias		uptimegrp
-	members		s-infra, s-proxy, r-int, r-ext, s-adm, s-test
+	members		s-infra, s-proxy, r-int, r-ext, s-adm, s-test, s-itil
 }
 

roles/icinga/files/cfg/s-itil.cfg

@@ -0,0 +1,14 @@
+# A simple configuration file for monitoring the local host
+# This can serve as an example for configuring other servers;
+# Custom services specific to this host are added here, but services
+# defined in nagios2-common_services.cfg may also apply.
+# 
+
+define host{
+        use                     generic-host            ; Name of host template to use
+        host_name               s-itil
+        alias                   debian-servers
+        address                 172.16.0.9
+	parents			r-int
+        }
+

roles/icinga/tasks/main.yml

@@ -32,6 +32,13 @@
     backup : yes
   notify:
     - restart icinga
+
+- name: python3 par defaut
+  alternatives:
+    link: /usr/bin/python
+    name: python
+    path: /usr/bin/python3
+    priority: 10
     
 - name: Changement de mot de passe de icingaadmin
   htpasswd:
@@ -77,10 +84,10 @@
     - restart icinga
 
 - name: reconfiguration des droits avec dpkg statoverride
-  shell: dpkg-statoverride --update --add nagios www-data 2710 /var/lib/icinga/rw
+  shell: dpkg-statoverride --update --force-all --add nagios www-data 2710 /var/lib/icinga/rw
 
 - name: reconfiguration des droits avec dpkg statoverride
-  shell: dpkg-statoverride --update --add nagios nagios 751 /var/lib/icinga
+  shell: dpkg-statoverride --update --force-all --add nagios nagios 751 /var/lib/icinga
 
 - name: suppression de checkresults
   file:
@@ -89,7 +96,7 @@
 
 - name: creation du dossier checkresults avec droits de lecture
   file:
-    path:/var/lib/icinga/spool/checkresults
+    path: /var/lib/icinga/spool/checkresults
     state: directory
     owner: nagios     
     group: root

roles/itil/defaults/main.yml

@@ -1,4 +1,4 @@
-depl_url: "http://s-adm.gsb.adm/gsbstore"
+depl_url: "http://s-adm.gsb.adm/gsbstore/"
 depl_glpi: "glpi-9.5.3.tgz"
 depl_fusioninventory: "fusioninventory-9.5.0+1.0.tar.bz2"
 depl_fusioninventory_agentx64: "fusioninventory-agent_windows-x64_2.6.exe"

roles/itil/tasks/main.yml

@@ -84,6 +84,8 @@
     file:
       path: "{{ glpi_dir }}/plugins"
       mode: 0777
+      owner: www-data
+      group: www-data
       recurse: yes
 
   - name: Attribution des permissions
@@ -124,6 +126,14 @@
       url: "{{ depl_url }}/{{ depl_fusioninventory_agentx86 }}"
       dest: "/var/www/html/ficlients"
 
+  - name: Attribution des permissions sur repertoire /plugins/fusioninventory
+    file:
+      path: /var/www/html/glpi/plugins/fusioninventory
+      owner: www-data
+      group: www-data
+      recurse: yes
+      state: directory
+
   - name: Copie du script dbdump
     copy: src=dbdump dest=/root/
 

roles/post/tasks/main.yml

@@ -8,6 +8,10 @@
   copy: src=resolv.conf dest=/etc/
   when: ansible_hostname != "s-adm" and ansible_hostname != "s-proxy"
 
+- name: pas de chgt resolv.conf pour r-vp2
+  meta: end_play
+  when: ansible_hostname == "r-vp2"
+
 - name: Copie resolv.conf pour s-proxy
   copy: src=resolv.conf.s-proxy dest=/etc/resolv.conf
   when: ansible_hostname == "s-proxy"

roles/postfix/README.md

@@ -0,0 +1,40 @@
+# Post-installation de Postfix
+
+Entrer votre adresse mail et votre mot de passe dans le fichier /etc/postfix/sasl_passwd
+
+``` 
+
+nano /etc/postfix/sasl_passwd
+
+[smpt.gmail.com]:587 votreadresse@domaine.fr:motdepasse
+
+``` 
+
+Entrer votre addresse mail dans le fichier /etc/icinga/objects/contacts_icinga.cfg
+
+``` 
+
+nano /etc/icinga/objects/contacts_icinga.cfg
+
+define contact...
+
+email 			votreadresse@domaine.fr
+
+``` 
+Lancer la commande suivante pour prendre en compte la modification:
+
+```
+
+/usr/sbin/postmap /etc/postfix/sasl_passwd
+
+```
+
+Activer l'**Accès moins sécurisé des applications** depuis son compte google
+
+Désactiver un service puis vérifier ses mails (attendre 5 minutes entre chaque test)
+
+```
+
+tail -f /var/log/icinga/icinga.log pour vérifier l'envoi de l'email
+
+```

roles/postfix/tasks/main.yml

@@ -24,7 +24,7 @@
   shell: chmod 400 /etc/postfix/sasl_passwd
 
 - name: postmap
-  shell: postmap /etc/postfix/sasl_passwd
+  shell: /usr/sbin/postmap /etc/postfix/sasl_passwd
 
 - name: Copie thawte_Premium_Server_CA.pem
   copy: src=thawte_Premium_Server_CA.pem dest=/etc/ssl/certs/
@@ -34,3 +34,8 @@
   notify:
     - restart postfix
 
+- name: Changement des droits icinga.log
+  file:
+    path: /var/log/icinga/icinga.log
+    state: touch
+    mode: u=rw,g=w

roles/s-backup/files/backup.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+BDIR=/home/backup
+SWIN=/tmp/s-win
+
+[ -d "${BDIR}" ] || mkdir "${BDIR}"
+[ -d "${BDIR}" ] || mkdir "${BDIR}/s-win"
+[ -d "${SWIN}" ] || mkdir "${SWIN}"
+
+mount -t cifs -o ro,vers=3.0,username=u-backup,password=Azerty1+ //s-win/commun "${SWIN}"
+if [ $? != 0 ] ; then
+	echo "$0 : erreur montage ${SWIN}"
+	exit 1
+fi
+rsync -av "${SWIN}/" "${BDIR}/s-win/commun"
+umount "${SWIN}"
+
+
+mount -t cifs -o ro,vers=3.0,username=u-backup,password=Azerty1+ //s-win/public "${SWIN}"
+if [ $? != 0 ] ; then
+	echo "$0 : erreur montage"
+	exit 2
+fi
+rsync -av "${SWIN}/" "${BDIR}/s-win/public"
+umount "${SWIN}"
+
+exit 0
+

roles/s-backup/files/delgsb.cmd

@@ -0,0 +1,4 @@
+rem azazazaz
+rmdir C:\gsb.lan /s /q
+net group g-compta /del
+net group g-prod /del

roles/s-backup/tasks/main.yml

@@ -4,5 +4,6 @@
     name:
     - rsync
     - smbclient
+    - cifs-utils
     state: present
 

roles/s-lb-wordpress/tasks/main.yml

@@ -5,7 +5,7 @@
     state: directory
  - name: download and extract wordpress
    unarchive: 
-    src: http://depl/gsbstore/wordpress-5.3.2-fr_FR.tar.gz
+    src: http://depl/gsbstore/wordpress-5.6-fr_FR.tar.gz
     dest: /home/
     remote_src: yes
 

s-mon.retry

@@ -0,0 +1 @@
+localhost

s-mon.yml

@@ -5,8 +5,8 @@
   roles:
     - base
     - goss
-    - icinga-fk
-#   - postfix-fk
+    - icinga
+    - postfix
     - ssh-cli
     - syslog
     - post