From acb5492b45878a542e8028ddfb23077af1543967 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CAlbert?= Date: Fri, 6 Jan 2023 09:23:55 +0100 Subject: [PATCH 01/12] correction diverss pull-config ... --- README.md | 11 ++++++++--- pull-config | 4 ++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4a9ef50..688e587 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,14 @@ # gsb2023 +2023-01-06 + Environnement et playbooks ansible pour le projet GSB 2023 ## Quickstart -prérequis : une machine Debian Bullseye +prérequis : + * une machine Debian Bullseye + * VirtualBox + ## Les machines @@ -20,7 +25,7 @@ prérequis : une machine Debian Bullseye ## Installation On utilisera l'image de machine virtuelle suivante : - * **debian-bullseye-2023a.ova** (2022-05-07) + * **debian-bullseye-2023a.ova** (2023-01-06) * Debian Bullseye 11 - 2 cartes - 1 Go - stockage 20 Go @@ -35,7 +40,7 @@ On utilisera l'image de machine virtuelle suivante : bash inst-depl cd /var/www/html/gsbstore bash getall - cd /root/tools/ansible/gsb022/pre + cd /root/tools/ansible/gsb023/pre bash gsbboot cd .. ; bash pull-config ``` diff --git a/pull-config b/pull-config index 4566973..093387b 100644 --- a/pull-config +++ b/pull-config @@ -1,7 +1,7 @@ #!/bin/bash -if [ -z ${UREP+x} ]; then - UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git +if [ -z ${UREP+x} ]; then + UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git fi dir=/root/tools/ansible From 17b049942f9ba28e8247b5231a6730cc2bfe2f92 Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Fri, 6 Jan 2023 09:29:41 +0100 Subject: [PATCH 02/12] caractere unicode dans goss/tasks --- roles/goss/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/goss/tasks/main.yml b/roles/goss/tasks/main.yml index a82feb1..cd1373d 100644 --- a/roles/goss/tasks/main.yml +++ b/roles/goss/tasks/main.yml @@ -5,7 +5,7 @@ register: gossbin - name: install goss sur machine standard - get_url: + get_url: url: "{{ depl_url }}/{{ depl_goss }}" dest: /usr/local/bin/{{ depl_goss }} mode: 0755 From 75bc513445a5faa6ae6dfbb6542d4e39fb263c34 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 6 Jan 2023 09:46:12 +0100 Subject: [PATCH 03/12] seconde modif de goss/tasks --- roles/goss/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/goss/tasks/main.yml b/roles/goss/tasks/main.yml index cd1373d..0f6e3dc 100644 --- a/roles/goss/tasks/main.yml +++ b/roles/goss/tasks/main.yml @@ -9,7 +9,7 @@ url: "{{ depl_url }}/{{ depl_goss }}" dest: /usr/local/bin/{{ depl_goss }} mode: 0755 - when: gossbin.stat.exists == False and ansible_hostname != "s-adm" + when: gossbin.stat.exists == false and ansible_hostname != "s-adm" - name: install goss sur s-adm copy: @@ -17,5 +17,5 @@ dest: /usr/local/bin/{{ depl_goss }} mode: 0755 remote_src: yes - when: gossbin.stat.exists == False and ansible_hostname == "s-adm" + when: gossbin.stat.exists == false and ansible_hostname == "s-adm" From 945bae351db22f131449ecea8c8b50d16b6bcffa Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Fri, 6 Jan 2023 09:50:40 +0100 Subject: [PATCH 04/12] chut --- roles/goss/tasks/main.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/goss/tasks/main.yml b/roles/goss/tasks/main.yml index cd1373d..0cbb78a 100644 --- a/roles/goss/tasks/main.yml +++ b/roles/goss/tasks/main.yml @@ -3,19 +3,19 @@ - name: goss binary exists stat: path=/usr/local/bin/goss register: gossbin - + - name: install goss sur machine standard get_url: - url: "{{ depl_url }}/{{ depl_goss }}" + url: "{{ depl_url }}/{{ depl_goss }}" dest: /usr/local/bin/{{ depl_goss }} mode: 0755 - when: gossbin.stat.exists == False and ansible_hostname != "s-adm" + when: gossbin.stat.exists == false and ansible_hostname != "s-adm" - name: install goss sur s-adm - copy: + copy: src: "/var/www/html/gsbstore/{{ depl_goss }}" dest: /usr/local/bin/{{ depl_goss }} mode: 0755 remote_src: yes - when: gossbin.stat.exists == False and ansible_hostname == "s-adm" + when: gossbin.stat.exists == false and ansible_hostname == "s-adm" From 9655c226b16537695e04fc422dc5620ae6fadcd1 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 08:45:44 +0100 Subject: [PATCH 05/12] maj goss s-mon --- goss/s-mon.yaml | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/goss/s-mon.yaml b/goss/s-mon.yaml index 10c5be1..d42f96a 100644 --- a/goss/s-mon.yaml +++ b/goss/s-mon.yaml @@ -1,26 +1,27 @@ file: - /etc/icinga/htpasswd.users: + /etc/nagios4/htdigest.users: exists: true - mode: "0644" - size: 26 - owner: root - group: root + mode: "0640" + owner: nagios + group: www-data filetype: file - contains: [] + contains: [nagiosadmin] package: apache2: installed: true nagios-snmp-plugins: installed: true - icinga: + nagios4: installed: true snmp: installed: true + python3-passlib: + installed: true port: - tcp6:80: + tcp:80: listening: true ip: - - '::' + - 0.0.0.0 udp:514: listening: true ip: @@ -29,7 +30,7 @@ service: apache2: enabled: true running: true - icinga: + nagios4: enabled: true running: true command: @@ -42,19 +43,19 @@ command: process: apache2: running: true - icinga: + nagios4: running: true interface: enp0s3: exists: true addrs: - - 192.168.99.8/24 + - 192.168.99.104/24 enp0s8: exists: true addrs: - 172.16.0.8/24 http: - http://localhost/icinga: + http://localhost/nagios4: status: 401 allow-insecure: false no-follow-redirects: false From 031984aa2b843e8db8940bf2b05f6b27c8f6388c Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Tue, 10 Jan 2023 09:04:56 +0100 Subject: [PATCH 06/12] modif sur README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 688e587..375bebd 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ On utilisera l'image de machine virtuelle suivante : - cloner le dépot : ```shell mkdir -p tools/ansible ; cd tools/ansible -git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git +git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git cd gsb2023/pre export DEPL=192.168.99.99 bash gsbboot From b4e7f7e0674ae70ef6bfb05584b5a712a90bd3a4 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 09:19:23 +0100 Subject: [PATCH 07/12] mise a jour s-adm goss --- goss/s-adm.yaml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/goss/s-adm.yaml b/goss/s-adm.yaml index a675b76..3d32d62 100644 --- a/goss/s-adm.yaml +++ b/goss/s-adm.yaml @@ -16,10 +16,6 @@ port: listening: true ip: - '::' - tcp6:8080: - listening: true - ip: - - '::' udp:53: listening: true ip: @@ -45,7 +41,6 @@ service: user: dnsmasq: exists: true - uid: 109 gid: 65534 groups: - nogroup @@ -54,7 +49,6 @@ user: group: ssh: exists: true - gid: 111 command: /sbin/sysctl net.ipv4.ip_forward: exit-status: 0 @@ -65,8 +59,6 @@ command: dns: depl.sio.lan: resolveable: true - addrs: - - 10.121.38.10 timeout: 500 process: dnsmasq: From b0170717261aa2bbd0c706938d6f433113cf7e85 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 09:41:08 +0100 Subject: [PATCH 08/12] correction interfaces sources ignore --- roles/post/files/interfaces.s-mon | 6 +++--- roles/post/files/interfaces.s-nas | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/post/files/interfaces.s-mon b/roles/post/files/interfaces.s-mon index 09035d9..5ff598c 100644 --- a/roles/post/files/interfaces.s-mon +++ b/roles/post/files/interfaces.s-mon @@ -1,7 +1,7 @@ # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). -source /etc/network/interfaces.d/* +#source /etc/network/interfaces.d/* # The loopback network interface auto lo @@ -10,7 +10,7 @@ iface lo inet loopback # cote n-adm allow-hotplug enp0s3 iface enp0s3 inet static - address 192.168.99.104/24 + address 192.168.99.8/24 gateway 192.168.99.99 # Cote n-infra @@ -20,4 +20,4 @@ iface enp0s8 inet static up ip route add 172.16.64.0/24 via 172.16.0.254 up ip route add 172.16.128.0/24 via 172.16.0.254 up ip route add 192.168.0.0/16 via 172.16.0.254 - up ip route add 192.168.200.0/24 via 172.16.0.254 \ No newline at end of file + up ip route add 192.168.200.0/24 via 172.16.0.254 diff --git a/roles/post/files/interfaces.s-nas b/roles/post/files/interfaces.s-nas index 94c3eaf..242414a 100644 --- a/roles/post/files/interfaces.s-nas +++ b/roles/post/files/interfaces.s-nas @@ -1,4 +1,4 @@ -source /etc/network/interfaces.d/* +#source /etc/network/interfaces.d/* # The loopback network interface auto lo @@ -14,4 +14,4 @@ iface enp0s3 inet static allow-hotplug enp0s8 iface enp0s8 inet static address 192.168.102.253 - netmask 255.255.255.0 \ No newline at end of file + netmask 255.255.255.0 From 2ab19a6497d8454de2f7f6fb2c945412143a8ce0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 10 Jan 2023 09:41:14 +0100 Subject: [PATCH 09/12] modif goss r-ext --- goss/r-ext.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/goss/r-ext.yaml b/goss/r-ext.yaml index 3bacf0c..ab2f03b 100644 --- a/goss/r-ext.yaml +++ b/goss/r-ext.yaml @@ -34,8 +34,6 @@ interface: - 192.168.100.254/24 enp0s9: exists: true - addrs: - - 192.168.0.38/24 enp0s16: exists: true addrs: From 7f4588c279a555787ce77bcd5d03815450d67957 Mon Sep 17 00:00:00 2001 From: Corentin Hurtret Date: Thu, 12 Jan 2023 08:45:54 +0100 Subject: [PATCH 10/12] Modification mkvm pour s-fog --- scripts/mkvm | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) diff --git a/scripts/mkvm b/scripts/mkvm index 64e41cb..30174d3 100755 --- a/scripts/mkvm +++ b/scripts/mkvm @@ -1,7 +1,9 @@ #!/bin/bash ovarelease="2023a" +ovafogrelease="2023a" ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova" +ovafilefog="$HOME/Téléchargements/debian-buster-${ovafogrelease}.ova" usage () { @@ -12,27 +14,31 @@ usage () { } create_vm () { - nom=$1 - if [[ ! -r "${ovafile}" ]]; then - echo "$0 : erreur ouverture fichier ${ovafile} ..." + nom="$1" + nomova=${ovafile} + if [[ "${nom}" == "s-fog" ]] ; then + nomova="${ovafilefog}" + fi + if [[ ! -r "${nomova}" ]]; then + echo "$0 : erreur ouverture fichier ${nomova} ..." exit 3 fi - vboxmanage import "${ovafile}" --vsys 0 --vmname "${nom}" + vboxmanage import "${nomova}" --vsys 0 --vmname "${nom}" } setif () { - VBoxManage modifyvm $1 --nic${2} intnet - VBoxManage modifyvm $1 --intnet${2} $3 - VBoxManage modifyvm $1 --nictype${2} 82540EM - VBoxManage modifyvm $1 --cableconnected${2} on - VBoxManage modifyvm $1 --nicpromisc${2} allow-all + VBoxManage modifyvm "$1" --nic"${2}" intnet + VBoxManage modifyvm "$1" --intnet"${2}" "$3" + VBoxManage modifyvm "$1" --nictype"${2}" 82540EM + VBoxManage modifyvm "$1" --cableconnected"${2}" on + VBoxManage modifyvm "$1" --nicpromisc"${2}" allow-all } create_if () { # enp0s3 - setif $1 1 $2 - setif $1 2 $3 + setif "$1" 1 "$2" + setif "$1" 2 "$3" #(enp0s8) } @@ -41,7 +47,7 @@ if [[ $# != 1 ]] ; then usage fi -vm=$1 +vm="$1" create_vm "${vm}" if [[ "${vm}" == "s-infra" ]] ; then From dd73c48e28df7cc60395ebc972d468b473d2375c Mon Sep 17 00:00:00 2001 From: Andgel Sassignol Date: Thu, 12 Jan 2023 08:55:46 +0100 Subject: [PATCH 11/12] modif mkvm ajout s-nxc --- scripts/mkvm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/mkvm b/scripts/mkvm index 30174d3..0b35907 100755 --- a/scripts/mkvm +++ b/scripts/mkvm @@ -80,6 +80,8 @@ elif [[ "${vm}" == "s-DNS-ext" ]] ; then create_if "${vm}" "n-adm" "n-dmz" elif [[ "${vm}" == "s-web-ext" ]] ; then create_if "${vm}" "n-adm" "n-dmz" +elif [[ "${vm}" == "s-nxc" ]] ; then + create_if "${vm}" "n-adm" "n-infra" elif [[ "${vm}" == "s-lb" ]] ; then create_if "${vm}" "n-adm" "n-dmz" "n-dmz-lb" elif [[ "${vm}" == "s-web1" ]] ; then From cd9c94ec5c9d69b3b3b3c2b78190f2dac66a802f Mon Sep 17 00:00:00 2001 From: Corentin Hurtret Date: Thu, 12 Jan 2023 09:04:03 +0100 Subject: [PATCH 12/12] Modification mkvm pour s-fog --- scripts/mkvm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mkvm b/scripts/mkvm index 30174d3..903da36 100755 --- a/scripts/mkvm +++ b/scripts/mkvm @@ -3,7 +3,7 @@ ovarelease="2023a" ovafogrelease="2023a" ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova" -ovafilefog="$HOME/Téléchargements/debian-buster-${ovafogrelease}.ova" +ovafilefog="$HOME/Téléchargements/debian-buster-gsb-${ovafogrelease}.ova" usage () {