nettoyage, maj doc, README

2023-01-19 00:02:58 +01:00 · 2023-01-19 00:02:58 +01:00 · da5011466b
commit da5011466b
parent e395c14752
22 changed files with 35 additions and 252 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # gsb2023
-2023-01-06 
+2023-01-18 ps 
 Environnement et playbooks ansible pour le projet GSB 2023
@ -8,15 +8,28 @@ Environnement et playbooks ansible pour le projet GSB 2023
 prérequis : 
  * une machine Debian Bullseye
  * VirtualBox
  * fichier machines viruelles ova :
    * debian-bullseye-gsb-2023a.ova
    * debian-buster-gsb-2023a.ova
 ## Les machines
-  * s-adm
+  * s-adm : routeur adm, DHCP + NAT, deploiement, proxy squid 
-  * s-infra
+  * s-infra : DNS maitre
-  * r-int
+  * r-int : routaage, DHCP 
-  * r-ext
+  * r-ext : routage, NAT
-  * s-proxy
+  * s-proxy : squid
  * s-itil : serveur GLPI
  * s-backup : DNS esclave + sauvegarde s-win 
  * s-mon : supervision avec **Nagios4** et syslog
  * s-fog : deploiement postes de travail avec **FOG**
  * s-win : Windows Server 2019, AD, DNS, DHCP, partage fichiers
  * s-nxc : NextCloud avec **docker** 
  * s-elk : pile ELK dockerisée
  * s-lb  : Load Balancer **HaProxy** pour application Wordpress 
  * r-vp1 : Routeur VPN Wireguard coté siège
  * r-vp2 : Routeur VPN Wireguard coté agence, DHCP
 ## Les playbooks
--- a/confwireguard/r-ext/r-ext.ip
+++ b/confwireguard/r-ext/r-ext.ip
@ -1,36 +0,0 @@
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:03:d3:28 brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.13/24 brd 192.168.99.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe03:d328/64 scope link 
       valid_lft forever preferred_lft forever
 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:63:40:ea brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.254/24 brd 192.168.100.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe63:40ea/64 scope link 
       valid_lft forever preferred_lft forever
 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:4f:29:27 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.20/24 brd 192.168.0.255 scope global dynamic enp0s9
       valid_lft 77233sec preferred_lft 77233sec
    inet6 fe80::a00:27ff:fe4f:2927/64 scope link 
       valid_lft forever preferred_lft forever
 5: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:9d:16:f8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global enp0s10
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe9d:16f8/64 scope link 
       valid_lft forever preferred_lft forever
 6: enp0s16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:07:c1:0f brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.253/24 brd 192.168.200.255 scope global enp0s16
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe07:c10f/64 scope link 
       valid_lft forever preferred_lft forever
--- a/confwireguard/r-ext/r-ext.routes
+++ b/confwireguard/r-ext/r-ext.routes
@ -1,9 +0,0 @@
 default via 192.168.0.1 dev enp0s9 
 169.254.0.0/16 dev enp0s3 scope link metric 1000 
 172.16.0.0/24 via 192.168.200.254 dev enp0s16 
 172.16.128.0/24 via 192.168.1.2 dev enp0s10 
 192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.20 
 192.168.1.0/24 dev enp0s10 proto kernel scope link src 192.168.1.1 
 192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.13 
 192.168.100.0/24 dev enp0s8 proto kernel scope link src 192.168.100.254 
 192.168.200.0/24 dev enp0s16 proto kernel scope link src 192.168.200.253 
--- a/confwireguard/r-int/r-int.ip
+++ b/confwireguard/r-int/r-int.ip
@ -1,36 +0,0 @@
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:c9:4e:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.12/24 brd 192.168.99.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fec9:4e0b/64 scope link 
       valid_lft forever preferred_lft forever
 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:34:ef:8f brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.254/24 brd 192.168.200.255 scope global enp0s8
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe34:ef8f/64 scope link 
       valid_lft forever preferred_lft forever
 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:56:72:01 brd ff:ff:ff:ff:ff:ff
    inet 172.16.65.254/24 brd 172.16.65.255 scope global enp0s9
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe56:7201/64 scope link 
       valid_lft forever preferred_lft forever
 5: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:7c:d7:5b brd ff:ff:ff:ff:ff:ff
    inet 172.16.64.254/24 brd 172.16.64.255 scope global enp0s10
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe7c:d75b/64 scope link 
       valid_lft forever preferred_lft forever
 6: enp0s16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:e6:59:3d brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.254/24 brd 172.16.0.255 scope global enp0s16
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fee6:593d/64 scope link 
       valid_lft forever preferred_lft forever
--- a/confwireguard/r-int/r-int.routes
+++ b/confwireguard/r-int/r-int.routes
@ -1,7 +0,0 @@
 default via 192.168.200.253 dev enp0s8 onlink 
 169.254.0.0/16 dev enp0s9 scope link metric 1000 
 172.16.0.0/24 dev enp0s16 proto kernel scope link src 172.16.0.254 
 172.16.64.0/24 dev enp0s10 proto kernel scope link src 172.16.64.254 
 172.16.65.0/24 dev enp0s9 proto kernel scope link src 172.16.65.254 
 192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.12 
 192.168.200.0/24 dev enp0s8 proto kernel scope link src 192.168.200.254 
--- a/confwireguard/r-vp1/r-vp1.ip
+++ b/confwireguard/r-vp1/r-vp1.ip
@ -1,20 +0,0 @@
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:53:62:8c brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.112/24 brd 192.168.99.255 scope global enp0s3
       valid_lft forever preferred_lft forever
 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:b0:5e:11 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global enp0s8
       valid_lft forever preferred_lft forever
 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:28:10:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.51/24 brd 192.168.0.255 scope global enp0s9
       valid_lft forever preferred_lft forever
 12: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.0.0.1/32 scope global wg0
       valid_lft forever preferred_lft forever
--- a/confwireguard/r-vp1/r-vp1.routes
+++ b/confwireguard/r-vp1/r-vp1.routes
@ -1,8 +0,0 @@
 10.0.0.2 dev wg0 scope link 
 169.254.0.0/16 dev enp0s3 scope link metric 1000 
 172.16.0.0/24 via 192.168.1.1 dev enp0s8 
 172.16.128.0/24 dev wg0 scope link 
 192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.51 
 192.168.1.0/24 dev enp0s8 proto kernel scope link src 192.168.1.2 
 192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.112 
 192.168.200.0/24 via 192.168.1.1 dev enp0s8 
--- a/confwireguard/r-vp2/r-vp2.ip
+++ b/confwireguard/r-vp2/r-vp2.ip
@ -1,18 +0,0 @@
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
 2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether 08:00:27:46:2b:0a brd ff:ff:ff:ff:ff:ff
 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:99:b7:7f brd ff:ff:ff:ff:ff:ff
    inet 172.16.128.254/24 brd 172.16.128.255 scope global enp0s8
       valid_lft forever preferred_lft forever
 4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:34:71:77 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.52/24 brd 192.168.0.255 scope global enp0s9
       valid_lft forever preferred_lft forever
 7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.0.0.2/32 scope global wg0
       valid_lft forever preferred_lft forever
--- a/confwireguard/r-vp2/r-vp2.routes
+++ b/confwireguard/r-vp2/r-vp2.routes
@ -1,7 +0,0 @@
 10.0.0.1 dev wg0 scope link 
 169.254.0.0/16 dev enp0s9 scope link metric 1000 
 172.16.0.0/24 dev wg0 scope link 
 172.16.128.0/24 dev enp0s8 proto kernel scope link src 172.16.128.254 
 192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.52 
 192.168.1.0/24 dev wg0 scope link 
 192.168.200.0/24 dev wg0 scope link 
--- a/confwireguard/s-infra/s-infra.ip
+++ b/confwireguard/s-infra/s-infra.ip
@ -1,12 +0,0 @@
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:4a:25:54 brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.1/24 brd 192.168.99.255 scope global enp0s3
       valid_lft forever preferred_lft forever
 3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 08:00:27:ee:b4:01 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 brd 172.16.0.255 scope global enp0s8
       valid_lft forever preferred_lft forever
--- a/confwireguard/s-infra/s-infra.routes
+++ b/confwireguard/s-infra/s-infra.routes
@ -1,7 +0,0 @@
 default via 192.168.99.99 dev enp0s3 onlink 
 169.254.0.0/16 dev enp0s3 scope link metric 1000 
 172.16.0.0/24 dev enp0s8 proto kernel scope link src 172.16.0.1 
 172.16.64.0/24 via 172.16.0.254 dev enp0s8 
 172.16.128.0/24 via 172.16.0.254 dev enp0s8 
 192.168.0.0/16 via 172.16.0.254 dev enp0s8 
 192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.1 
--- a/graylog-pont.yml
+++ b/graylog-pont.yml
@ -1,8 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  roles:
    - goss
    - docker-graylog-pont
    - post
--- a/ping-agence.sh
+++ b/ping-agence.sh
@ -1,14 +0,0 @@
 #!/bin/bash
 ping -c3 172.16.128.254
 ping -c3 192.168.1.2
 ping -c3 192.168.1.1
 ping -c3 192.168.200.253
 ping -c3 192.168.200.254
 ping -c3 172.16.0.254
 ping -c3 172.16.0.1
--- a/ping-rext.sh
+++ b/ping-rext.sh
@ -1,14 +0,0 @@
 #!/bin/bash
 ping -c3 172.16.0.1
 ping -c3 172.16.0.254
 ping -c3 192.168.200.254
 ping -c3 192.168.1.1
 ping -c3 192.168.1.2
 ping -c3 172.16.128.254
 ping -c3 172.16.128.10
--- a/ping-rint.sh
+++ b/ping-rint.sh
@ -1,12 +0,0 @@
 #!/bin/bash
 ping -c3 172.16.0.1
 ping -c3 192.168.200.253
 ping -c3 192.168.1.1
 ping -c3 192.168.1.2
 ping -c3 172.16.128.254
 ping -c3 172.16.128.10
--- a/ping-sinfra.sh
+++ b/ping-sinfra.sh
@ -1,14 +0,0 @@
 #!/bin/bash
 ping -c3 172.16.0.254
 ping -c3 192.168.200.254
 ping -c3 192.168.200.253
 ping -c3 192.168.1.1
 ping -c3 192.168.1.2
 ping -c3 172.16.125.254
 ping -c3 172.16.128.10
--- a/pre/inst-depl
+++ b/pre/inst-depl
@ -1,5 +1,5 @@
 #!/bin/bash
-## ps : 2021-04-01 15:25
+## aa : 2023-04-18 15:25
 set -o errexit
 set -o pipefail
--- a/pre/pull-config
+++ b/pre/pull-config
@ -1,5 +1,9 @@
 #!/bin/bash
 dir=/root/tools/ansible
 prj=gsb2023
 opt=""
 if [ -z ${UREP+x} ]; then 
 	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git 
 fi
@ -11,6 +15,14 @@ dir=/root/tools/ansible
 cd  "${dir}" || exit 1
 hostname  > hosts
-ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
+if [[ $# == 1 ]] ; then
 	opt=$1
 fi
 if [[ "${opt}" == '-l'  ]] ; then
   cd "${dir}/${prj}" || exit 2	
   ansible-playbook -i localhost, -c local  "$(hostname).yml"
 else
   ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
 fi
 exit 0
--- a/1
+++ b/1
@ -1 +0,0 @@
 /etc/nginx/sites-availables/proxy
--- a/2
+++ b/2
@ -11,6 +11,6 @@ dir=/root/tools/ansible
 cd  "${dir}" || exit 1
 hostname  > hosts
-ansible-pull -i "${dir}/hosts"  -U "${UREP}"
+ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
 exit 0
--- a/s-graylog.yml
+++ b/s-graylog.yml
@ -1,12 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  roles:
    - base
    - goss
    - docker-graylog
    - ssh-cli
    - syslog
    - post
--- a/snmp.yml
+++ b/snmp.yml
@ -1,7 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  roles:
    - snmp-agent