diff --git a/README.md b/README.md index 375bebd..1575876 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # gsb2023 -2023-01-06 +2023-01-18 ps Environnement et playbooks ansible pour le projet GSB 2023 @@ -8,15 +8,28 @@ Environnement et playbooks ansible pour le projet GSB 2023 prérequis : * une machine Debian Bullseye * VirtualBox + * fichier machines viruelles ova : + * debian-bullseye-gsb-2023a.ova + * debian-buster-gsb-2023a.ova ## Les machines - * s-adm - * s-infra - * r-int - * r-ext - * s-proxy + * s-adm : routeur adm, DHCP + NAT, deploiement, proxy squid + * s-infra : DNS maitre + * r-int : routaage, DHCP + * r-ext : routage, NAT + * s-proxy : squid + * s-itil : serveur GLPI + * s-backup : DNS esclave + sauvegarde s-win + * s-mon : supervision avec **Nagios4** et syslog + * s-fog : deploiement postes de travail avec **FOG** + * s-win : Windows Server 2019, AD, DNS, DHCP, partage fichiers + * s-nxc : NextCloud avec **docker** + * s-elk : pile ELK dockerisée + * s-lb : Load Balancer **HaProxy** pour application Wordpress + * r-vp1 : Routeur VPN Wireguard coté siège + * r-vp2 : Routeur VPN Wireguard coté agence, DHCP ## Les playbooks diff --git a/confwireguard/r-ext/r-ext.ip b/confwireguard/r-ext/r-ext.ip deleted file mode 100644 index 82ed3a5..0000000 --- a/confwireguard/r-ext/r-ext.ip +++ /dev/null @@ -1,36 +0,0 @@ -1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 - link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 - inet 127.0.0.1/8 scope host lo - valid_lft forever preferred_lft forever - inet6 ::1/128 scope host - valid_lft forever preferred_lft forever -2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:03:d3:28 brd ff:ff:ff:ff:ff:ff - inet 192.168.99.13/24 brd 192.168.99.255 scope global enp0s3 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe03:d328/64 scope link - valid_lft forever preferred_lft forever -3: enp0s8: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:63:40:ea brd ff:ff:ff:ff:ff:ff - inet 192.168.100.254/24 brd 192.168.100.255 scope global enp0s8 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe63:40ea/64 scope link - valid_lft forever preferred_lft forever -4: enp0s9: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:4f:29:27 brd ff:ff:ff:ff:ff:ff - inet 192.168.0.20/24 brd 192.168.0.255 scope global dynamic enp0s9 - valid_lft 77233sec preferred_lft 77233sec - inet6 fe80::a00:27ff:fe4f:2927/64 scope link - valid_lft forever preferred_lft forever -5: enp0s10: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:9d:16:f8 brd ff:ff:ff:ff:ff:ff - inet 192.168.1.1/24 brd 192.168.1.255 scope global enp0s10 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe9d:16f8/64 scope link - valid_lft forever preferred_lft forever -6: enp0s16: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:07:c1:0f brd ff:ff:ff:ff:ff:ff - inet 192.168.200.253/24 brd 192.168.200.255 scope global enp0s16 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe07:c10f/64 scope link - valid_lft forever preferred_lft forever diff --git a/confwireguard/r-ext/r-ext.routes b/confwireguard/r-ext/r-ext.routes deleted file mode 100644 index b9b7d78..0000000 --- a/confwireguard/r-ext/r-ext.routes +++ /dev/null @@ -1,9 +0,0 @@ -default via 192.168.0.1 dev enp0s9 -169.254.0.0/16 dev enp0s3 scope link metric 1000 -172.16.0.0/24 via 192.168.200.254 dev enp0s16 -172.16.128.0/24 via 192.168.1.2 dev enp0s10 -192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.20 -192.168.1.0/24 dev enp0s10 proto kernel scope link src 192.168.1.1 -192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.13 -192.168.100.0/24 dev enp0s8 proto kernel scope link src 192.168.100.254 -192.168.200.0/24 dev enp0s16 proto kernel scope link src 192.168.200.253 diff --git a/confwireguard/r-int/r-int.ip b/confwireguard/r-int/r-int.ip deleted file mode 100644 index 737fbc5..0000000 --- a/confwireguard/r-int/r-int.ip +++ /dev/null @@ -1,36 +0,0 @@ -1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 - link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 - inet 127.0.0.1/8 scope host lo - valid_lft forever preferred_lft forever - inet6 ::1/128 scope host - valid_lft forever preferred_lft forever -2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:c9:4e:0b brd ff:ff:ff:ff:ff:ff - inet 192.168.99.12/24 brd 192.168.99.255 scope global enp0s3 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fec9:4e0b/64 scope link - valid_lft forever preferred_lft forever -3: enp0s8: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:34:ef:8f brd ff:ff:ff:ff:ff:ff - inet 192.168.200.254/24 brd 192.168.200.255 scope global enp0s8 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe34:ef8f/64 scope link - valid_lft forever preferred_lft forever -4: enp0s9: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:56:72:01 brd ff:ff:ff:ff:ff:ff - inet 172.16.65.254/24 brd 172.16.65.255 scope global enp0s9 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe56:7201/64 scope link - valid_lft forever preferred_lft forever -5: enp0s10: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:7c:d7:5b brd ff:ff:ff:ff:ff:ff - inet 172.16.64.254/24 brd 172.16.64.255 scope global enp0s10 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fe7c:d75b/64 scope link - valid_lft forever preferred_lft forever -6: enp0s16: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:e6:59:3d brd ff:ff:ff:ff:ff:ff - inet 172.16.0.254/24 brd 172.16.0.255 scope global enp0s16 - valid_lft forever preferred_lft forever - inet6 fe80::a00:27ff:fee6:593d/64 scope link - valid_lft forever preferred_lft forever diff --git a/confwireguard/r-int/r-int.routes b/confwireguard/r-int/r-int.routes deleted file mode 100644 index 720ce08..0000000 --- a/confwireguard/r-int/r-int.routes +++ /dev/null @@ -1,7 +0,0 @@ -default via 192.168.200.253 dev enp0s8 onlink -169.254.0.0/16 dev enp0s9 scope link metric 1000 -172.16.0.0/24 dev enp0s16 proto kernel scope link src 172.16.0.254 -172.16.64.0/24 dev enp0s10 proto kernel scope link src 172.16.64.254 -172.16.65.0/24 dev enp0s9 proto kernel scope link src 172.16.65.254 -192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.12 -192.168.200.0/24 dev enp0s8 proto kernel scope link src 192.168.200.254 diff --git a/confwireguard/r-vp1/r-vp1.ip b/confwireguard/r-vp1/r-vp1.ip deleted file mode 100644 index 1e76fe4..0000000 --- a/confwireguard/r-vp1/r-vp1.ip +++ /dev/null @@ -1,20 +0,0 @@ -1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 - link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 - inet 127.0.0.1/8 scope host lo - valid_lft forever preferred_lft forever -2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:53:62:8c brd ff:ff:ff:ff:ff:ff - inet 192.168.99.112/24 brd 192.168.99.255 scope global enp0s3 - valid_lft forever preferred_lft forever -3: enp0s8: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:b0:5e:11 brd ff:ff:ff:ff:ff:ff - inet 192.168.1.2/24 brd 192.168.1.255 scope global enp0s8 - valid_lft forever preferred_lft forever -4: enp0s9: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:28:10:4c brd ff:ff:ff:ff:ff:ff - inet 192.168.0.51/24 brd 192.168.0.255 scope global enp0s9 - valid_lft forever preferred_lft forever -12: wg0: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 - link/none - inet 10.0.0.1/32 scope global wg0 - valid_lft forever preferred_lft forever diff --git a/confwireguard/r-vp1/r-vp1.routes b/confwireguard/r-vp1/r-vp1.routes deleted file mode 100644 index dc7cff3..0000000 --- a/confwireguard/r-vp1/r-vp1.routes +++ /dev/null @@ -1,8 +0,0 @@ -10.0.0.2 dev wg0 scope link -169.254.0.0/16 dev enp0s3 scope link metric 1000 -172.16.0.0/24 via 192.168.1.1 dev enp0s8 -172.16.128.0/24 dev wg0 scope link -192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.51 -192.168.1.0/24 dev enp0s8 proto kernel scope link src 192.168.1.2 -192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.112 -192.168.200.0/24 via 192.168.1.1 dev enp0s8 diff --git a/confwireguard/r-vp2/r-vp2.ip b/confwireguard/r-vp2/r-vp2.ip deleted file mode 100644 index 90ee303..0000000 --- a/confwireguard/r-vp2/r-vp2.ip +++ /dev/null @@ -1,18 +0,0 @@ -1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 - link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 - inet 127.0.0.1/8 scope host lo - valid_lft forever preferred_lft forever -2: enp0s3: mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 - link/ether 08:00:27:46:2b:0a brd ff:ff:ff:ff:ff:ff -3: enp0s8: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:99:b7:7f brd ff:ff:ff:ff:ff:ff - inet 172.16.128.254/24 brd 172.16.128.255 scope global enp0s8 - valid_lft forever preferred_lft forever -4: enp0s9: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:34:71:77 brd ff:ff:ff:ff:ff:ff - inet 192.168.0.52/24 brd 192.168.0.255 scope global enp0s9 - valid_lft forever preferred_lft forever -7: wg0: mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000 - link/none - inet 10.0.0.2/32 scope global wg0 - valid_lft forever preferred_lft forever diff --git a/confwireguard/r-vp2/r-vp2.routes b/confwireguard/r-vp2/r-vp2.routes deleted file mode 100644 index 80afa3f..0000000 --- a/confwireguard/r-vp2/r-vp2.routes +++ /dev/null @@ -1,7 +0,0 @@ -10.0.0.1 dev wg0 scope link -169.254.0.0/16 dev enp0s9 scope link metric 1000 -172.16.0.0/24 dev wg0 scope link -172.16.128.0/24 dev enp0s8 proto kernel scope link src 172.16.128.254 -192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.52 -192.168.1.0/24 dev wg0 scope link -192.168.200.0/24 dev wg0 scope link diff --git a/confwireguard/s-infra/s-infra.ip b/confwireguard/s-infra/s-infra.ip deleted file mode 100644 index 4e7304a..0000000 --- a/confwireguard/s-infra/s-infra.ip +++ /dev/null @@ -1,12 +0,0 @@ -1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 - link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 - inet 127.0.0.1/8 scope host lo - valid_lft forever preferred_lft forever -2: enp0s3: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:4a:25:54 brd ff:ff:ff:ff:ff:ff - inet 192.168.99.1/24 brd 192.168.99.255 scope global enp0s3 - valid_lft forever preferred_lft forever -3: enp0s8: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 - link/ether 08:00:27:ee:b4:01 brd ff:ff:ff:ff:ff:ff - inet 172.16.0.1/24 brd 172.16.0.255 scope global enp0s8 - valid_lft forever preferred_lft forever diff --git a/confwireguard/s-infra/s-infra.routes b/confwireguard/s-infra/s-infra.routes deleted file mode 100644 index eccc16d..0000000 --- a/confwireguard/s-infra/s-infra.routes +++ /dev/null @@ -1,7 +0,0 @@ -default via 192.168.99.99 dev enp0s3 onlink -169.254.0.0/16 dev enp0s3 scope link metric 1000 -172.16.0.0/24 dev enp0s8 proto kernel scope link src 172.16.0.1 -172.16.64.0/24 via 172.16.0.254 dev enp0s8 -172.16.128.0/24 via 172.16.0.254 dev enp0s8 -192.168.0.0/16 via 172.16.0.254 dev enp0s8 -192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.1 diff --git a/graylog-pont.yml b/graylog-pont.yml deleted file mode 100644 index 901115d..0000000 --- a/graylog-pont.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- hosts: localhost - connection: local - - roles: - - goss - - docker-graylog-pont - - post \ No newline at end of file diff --git a/ping-agence.sh b/ping-agence.sh deleted file mode 100644 index d675295..0000000 --- a/ping-agence.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -ping -c3 172.16.128.254 - -ping -c3 192.168.1.2 - -ping -c3 192.168.1.1 - -ping -c3 192.168.200.253 - -ping -c3 192.168.200.254 - -ping -c3 172.16.0.254 - -ping -c3 172.16.0.1 diff --git a/ping-rext.sh b/ping-rext.sh deleted file mode 100755 index e42f779..0000000 --- a/ping-rext.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -ping -c3 172.16.0.1 - -ping -c3 172.16.0.254 - -ping -c3 192.168.200.254 - -ping -c3 192.168.1.1 - -ping -c3 192.168.1.2 - -ping -c3 172.16.128.254 - -ping -c3 172.16.128.10 diff --git a/ping-rint.sh b/ping-rint.sh deleted file mode 100644 index 99e92aa..0000000 --- a/ping-rint.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash -ping -c3 172.16.0.1 - -ping -c3 192.168.200.253 - -ping -c3 192.168.1.1 - -ping -c3 192.168.1.2 - -ping -c3 172.16.128.254 - -ping -c3 172.16.128.10 diff --git a/ping-sinfra.sh b/ping-sinfra.sh deleted file mode 100644 index 8a9c1d3..0000000 --- a/ping-sinfra.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -ping -c3 172.16.0.254 - -ping -c3 192.168.200.254 - -ping -c3 192.168.200.253 - -ping -c3 192.168.1.1 - -ping -c3 192.168.1.2 - -ping -c3 172.16.125.254 - -ping -c3 172.16.128.10 diff --git a/pre/inst-depl b/pre/inst-depl index aa42e1c..7421be7 100644 --- a/pre/inst-depl +++ b/pre/inst-depl @@ -1,5 +1,5 @@ #!/bin/bash -## ps : 2021-04-01 15:25 +## aa : 2023-04-18 15:25 set -o errexit set -o pipefail diff --git a/pre/pull-config b/pre/pull-config index 59c15b6..88959fe 100644 --- a/pre/pull-config +++ b/pre/pull-config @@ -1,5 +1,9 @@ #!/bin/bash +dir=/root/tools/ansible +prj=gsb2023 +opt="" + if [ -z ${UREP+x} ]; then UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git fi @@ -11,6 +15,14 @@ dir=/root/tools/ansible cd "${dir}" || exit 1 hostname > hosts -ansible-pull -i "${dir}/hosts" -C main -U "${UREP}" +if [[ $# == 1 ]] ; then + opt=$1 +fi +if [[ "${opt}" == '-l' ]] ; then + cd "${dir}/${prj}" || exit 2 + ansible-playbook -i localhost, -c local "$(hostname).yml" +else + ansible-pull -i "${dir}/hosts" -C main -U "${UREP}" +fi exit 0 diff --git a/proxy b/proxy deleted file mode 120000 index 3f32243..0000000 --- a/proxy +++ /dev/null @@ -1 +0,0 @@ -/etc/nginx/sites-availables/proxy \ No newline at end of file diff --git a/pull-config b/pull-config index 093387b..59c15b6 100644 --- a/pull-config +++ b/pull-config @@ -1,6 +1,6 @@ #!/bin/bash -if [ -z ${UREP+x} ]; then +if [ -z ${UREP+x} ]; then UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git fi @@ -11,6 +11,6 @@ dir=/root/tools/ansible cd "${dir}" || exit 1 hostname > hosts -ansible-pull -i "${dir}/hosts" -U "${UREP}" +ansible-pull -i "${dir}/hosts" -C main -U "${UREP}" exit 0 diff --git a/s-graylog.yml b/s-graylog.yml deleted file mode 100644 index 0127d98..0000000 --- a/s-graylog.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- hosts: localhost - connection: local - - roles: - - base - - goss - - docker-graylog - - ssh-cli - - syslog - - post - diff --git a/snmp.yml b/snmp.yml deleted file mode 100644 index dea70ef..0000000 --- a/snmp.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: localhost - connection: local - - roles: - - snmp-agent -