nettoyage, maj doc, README

2023-01-19 00:02:58 +01:00 · 2023-01-19 00:02:58 +01:00 · da5011466b
commit da5011466b
parent e395c14752
22 changed files with 35 additions and 252 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # gsb2023

-2023-01-06 
+2023-01-18 ps 

 Environnement et playbooks ansible pour le projet GSB 2023

@ -8,15 +8,28 @@ Environnement et playbooks ansible pour le projet GSB 2023
 prérequis : 
  * une machine Debian Bullseye
  * VirtualBox
+  * fichier machines viruelles ova :
+    * debian-bullseye-gsb-2023a.ova
+    * debian-buster-gsb-2023a.ova



 ## Les machines
-  * s-adm
-  * s-infra
-  * r-int
-  * r-ext
-  * s-proxy
+  * s-adm : routeur adm, DHCP + NAT, deploiement, proxy squid 
+  * s-infra : DNS maitre
+  * r-int : routaage, DHCP 
+  * r-ext : routage, NAT
+  * s-proxy : squid
+  * s-itil : serveur GLPI
+  * s-backup : DNS esclave + sauvegarde s-win 
+  * s-mon : supervision avec **Nagios4** et syslog
+  * s-fog : deploiement postes de travail avec **FOG**
+  * s-win : Windows Server 2019, AD, DNS, DHCP, partage fichiers
+  * s-nxc : NextCloud avec **docker** 
+  * s-elk : pile ELK dockerisée
+  * s-lb  : Load Balancer **HaProxy** pour application Wordpress 
+  * r-vp1 : Routeur VPN Wireguard coté siège
+  * r-vp2 : Routeur VPN Wireguard coté agence, DHCP


 ## Les playbooks
--- a/confwireguard/r-ext/r-ext.ip
+++ b/confwireguard/r-ext/r-ext.ip
@ -1,36 +0,0 @@
-1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-    inet 127.0.0.1/8 scope host lo
-       valid_lft forever preferred_lft forever
-    inet6 ::1/128 scope host 
-       valid_lft forever preferred_lft forever
-2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:03:d3:28 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.99.13/24 brd 192.168.99.255 scope global enp0s3
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe03:d328/64 scope link 
-       valid_lft forever preferred_lft forever
-3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:63:40:ea brd ff:ff:ff:ff:ff:ff
-    inet 192.168.100.254/24 brd 192.168.100.255 scope global enp0s8
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe63:40ea/64 scope link 
-       valid_lft forever preferred_lft forever
-4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:4f:29:27 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.0.20/24 brd 192.168.0.255 scope global dynamic enp0s9
-       valid_lft 77233sec preferred_lft 77233sec
-    inet6 fe80::a00:27ff:fe4f:2927/64 scope link 
-       valid_lft forever preferred_lft forever
-5: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:9d:16:f8 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.1.1/24 brd 192.168.1.255 scope global enp0s10
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe9d:16f8/64 scope link 
-       valid_lft forever preferred_lft forever
-6: enp0s16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:07:c1:0f brd ff:ff:ff:ff:ff:ff
-    inet 192.168.200.253/24 brd 192.168.200.255 scope global enp0s16
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe07:c10f/64 scope link 
-       valid_lft forever preferred_lft forever
--- a/confwireguard/r-ext/r-ext.routes
+++ b/confwireguard/r-ext/r-ext.routes
@ -1,9 +0,0 @@
-default via 192.168.0.1 dev enp0s9 
-169.254.0.0/16 dev enp0s3 scope link metric 1000 
-172.16.0.0/24 via 192.168.200.254 dev enp0s16 
-172.16.128.0/24 via 192.168.1.2 dev enp0s10 
-192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.20 
-192.168.1.0/24 dev enp0s10 proto kernel scope link src 192.168.1.1 
-192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.13 
-192.168.100.0/24 dev enp0s8 proto kernel scope link src 192.168.100.254 
-192.168.200.0/24 dev enp0s16 proto kernel scope link src 192.168.200.253 
--- a/confwireguard/r-int/r-int.ip
+++ b/confwireguard/r-int/r-int.ip
@ -1,36 +0,0 @@
-1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-    inet 127.0.0.1/8 scope host lo
-       valid_lft forever preferred_lft forever
-    inet6 ::1/128 scope host 
-       valid_lft forever preferred_lft forever
-2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:c9:4e:0b brd ff:ff:ff:ff:ff:ff
-    inet 192.168.99.12/24 brd 192.168.99.255 scope global enp0s3
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fec9:4e0b/64 scope link 
-       valid_lft forever preferred_lft forever
-3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:34:ef:8f brd ff:ff:ff:ff:ff:ff
-    inet 192.168.200.254/24 brd 192.168.200.255 scope global enp0s8
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe34:ef8f/64 scope link 
-       valid_lft forever preferred_lft forever
-4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:56:72:01 brd ff:ff:ff:ff:ff:ff
-    inet 172.16.65.254/24 brd 172.16.65.255 scope global enp0s9
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe56:7201/64 scope link 
-       valid_lft forever preferred_lft forever
-5: enp0s10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:7c:d7:5b brd ff:ff:ff:ff:ff:ff
-    inet 172.16.64.254/24 brd 172.16.64.255 scope global enp0s10
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fe7c:d75b/64 scope link 
-       valid_lft forever preferred_lft forever
-6: enp0s16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:e6:59:3d brd ff:ff:ff:ff:ff:ff
-    inet 172.16.0.254/24 brd 172.16.0.255 scope global enp0s16
-       valid_lft forever preferred_lft forever
-    inet6 fe80::a00:27ff:fee6:593d/64 scope link 
-       valid_lft forever preferred_lft forever
--- a/confwireguard/r-int/r-int.routes
+++ b/confwireguard/r-int/r-int.routes
@ -1,7 +0,0 @@
-default via 192.168.200.253 dev enp0s8 onlink 
-169.254.0.0/16 dev enp0s9 scope link metric 1000 
-172.16.0.0/24 dev enp0s16 proto kernel scope link src 172.16.0.254 
-172.16.64.0/24 dev enp0s10 proto kernel scope link src 172.16.64.254 
-172.16.65.0/24 dev enp0s9 proto kernel scope link src 172.16.65.254 
-192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.12 
-192.168.200.0/24 dev enp0s8 proto kernel scope link src 192.168.200.254 
--- a/confwireguard/r-vp1/r-vp1.ip
+++ b/confwireguard/r-vp1/r-vp1.ip
@ -1,20 +0,0 @@
-1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-    inet 127.0.0.1/8 scope host lo
-       valid_lft forever preferred_lft forever
-2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:53:62:8c brd ff:ff:ff:ff:ff:ff
-    inet 192.168.99.112/24 brd 192.168.99.255 scope global enp0s3
-       valid_lft forever preferred_lft forever
-3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:b0:5e:11 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.1.2/24 brd 192.168.1.255 scope global enp0s8
-       valid_lft forever preferred_lft forever
-4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:28:10:4c brd ff:ff:ff:ff:ff:ff
-    inet 192.168.0.51/24 brd 192.168.0.255 scope global enp0s9
-       valid_lft forever preferred_lft forever
-12: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/none 
-    inet 10.0.0.1/32 scope global wg0
-       valid_lft forever preferred_lft forever
--- a/confwireguard/r-vp1/r-vp1.routes
+++ b/confwireguard/r-vp1/r-vp1.routes
@ -1,8 +0,0 @@
-10.0.0.2 dev wg0 scope link 
-169.254.0.0/16 dev enp0s3 scope link metric 1000 
-172.16.0.0/24 via 192.168.1.1 dev enp0s8 
-172.16.128.0/24 dev wg0 scope link 
-192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.51 
-192.168.1.0/24 dev enp0s8 proto kernel scope link src 192.168.1.2 
-192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.112 
-192.168.200.0/24 via 192.168.1.1 dev enp0s8 
--- a/confwireguard/r-vp2/r-vp2.ip
+++ b/confwireguard/r-vp2/r-vp2.ip
@ -1,18 +0,0 @@
-1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-    inet 127.0.0.1/8 scope host lo
-       valid_lft forever preferred_lft forever
-2: enp0s3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
-    link/ether 08:00:27:46:2b:0a brd ff:ff:ff:ff:ff:ff
-3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:99:b7:7f brd ff:ff:ff:ff:ff:ff
-    inet 172.16.128.254/24 brd 172.16.128.255 scope global enp0s8
-       valid_lft forever preferred_lft forever
-4: enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:34:71:77 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.0.52/24 brd 192.168.0.255 scope global enp0s9
-       valid_lft forever preferred_lft forever
-7: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/none 
-    inet 10.0.0.2/32 scope global wg0
-       valid_lft forever preferred_lft forever
--- a/confwireguard/r-vp2/r-vp2.routes
+++ b/confwireguard/r-vp2/r-vp2.routes
@ -1,7 +0,0 @@
-10.0.0.1 dev wg0 scope link 
-169.254.0.0/16 dev enp0s9 scope link metric 1000 
-172.16.0.0/24 dev wg0 scope link 
-172.16.128.0/24 dev enp0s8 proto kernel scope link src 172.16.128.254 
-192.168.0.0/24 dev enp0s9 proto kernel scope link src 192.168.0.52 
-192.168.1.0/24 dev wg0 scope link 
-192.168.200.0/24 dev wg0 scope link 
--- a/confwireguard/s-infra/s-infra.ip
+++ b/confwireguard/s-infra/s-infra.ip
@ -1,12 +0,0 @@
-1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
-    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
-    inet 127.0.0.1/8 scope host lo
-       valid_lft forever preferred_lft forever
-2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:4a:25:54 brd ff:ff:ff:ff:ff:ff
-    inet 192.168.99.1/24 brd 192.168.99.255 scope global enp0s3
-       valid_lft forever preferred_lft forever
-3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
-    link/ether 08:00:27:ee:b4:01 brd ff:ff:ff:ff:ff:ff
-    inet 172.16.0.1/24 brd 172.16.0.255 scope global enp0s8
-       valid_lft forever preferred_lft forever
--- a/confwireguard/s-infra/s-infra.routes
+++ b/confwireguard/s-infra/s-infra.routes
@ -1,7 +0,0 @@
-default via 192.168.99.99 dev enp0s3 onlink 
-169.254.0.0/16 dev enp0s3 scope link metric 1000 
-172.16.0.0/24 dev enp0s8 proto kernel scope link src 172.16.0.1 
-172.16.64.0/24 via 172.16.0.254 dev enp0s8 
-172.16.128.0/24 via 172.16.0.254 dev enp0s8 
-192.168.0.0/16 via 172.16.0.254 dev enp0s8 
-192.168.99.0/24 dev enp0s3 proto kernel scope link src 192.168.99.1 
--- a/graylog-pont.yml
+++ b/graylog-pont.yml
@ -1,8 +0,0 @@
---
- hosts: localhost
-  connection: local
-
-  roles:
-    - goss
-    - docker-graylog-pont
-    - post
--- a/ping-agence.sh
+++ b/ping-agence.sh
@ -1,14 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.128.254
-
-ping -c3 192.168.1.2
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.200.253
-
-ping -c3 192.168.200.254
-
-ping -c3 172.16.0.254
-
-ping -c3 172.16.0.1
--- a/ping-rext.sh
+++ b/ping-rext.sh
@ -1,14 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.0.1
-
-ping -c3 172.16.0.254
-
-ping -c3 192.168.200.254
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.1.2
-
-ping -c3 172.16.128.254
-
-ping -c3 172.16.128.10
--- a/ping-rint.sh
+++ b/ping-rint.sh
@ -1,12 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.0.1
-
-ping -c3 192.168.200.253
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.1.2
-
-ping -c3 172.16.128.254
-
-ping -c3 172.16.128.10
--- a/ping-sinfra.sh
+++ b/ping-sinfra.sh
@ -1,14 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.0.254
-
-ping -c3 192.168.200.254
-
-ping -c3 192.168.200.253
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.1.2
-
-ping -c3 172.16.125.254
-
-ping -c3 172.16.128.10
--- a/pre/inst-depl
+++ b/pre/inst-depl
@ -1,5 +1,5 @@
 #!/bin/bash
-## ps : 2021-04-01 15:25
+## aa : 2023-04-18 15:25

 set -o errexit
 set -o pipefail
--- a/pre/pull-config
+++ b/pre/pull-config
@ -1,5 +1,9 @@
 #!/bin/bash

+dir=/root/tools/ansible
+prj=gsb2023
+opt=""
+
 if [ -z ${UREP+x} ]; then 
 	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git 
 fi
@ -11,6 +15,14 @@ dir=/root/tools/ansible
 cd  "${dir}" || exit 1

 hostname  > hosts
-ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
+if [[ $# == 1 ]] ; then
+	opt=$1
+fi
+if [[ "${opt}" == '-l'  ]] ; then
+   cd "${dir}/${prj}" || exit 2	
+   ansible-playbook -i localhost, -c local  "$(hostname).yml"
+else
+   ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
+fi

 exit 0
--- a/1
+++ b/1
@ -1 +0,0 @@
-/etc/nginx/sites-availables/proxy
--- a/2
+++ b/2
@ -11,6 +11,6 @@ dir=/root/tools/ansible
 cd  "${dir}" || exit 1

 hostname  > hosts
-ansible-pull -i "${dir}/hosts"  -U "${UREP}"
+ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"

 exit 0
--- a/s-graylog.yml
+++ b/s-graylog.yml
@ -1,12 +0,0 @@
---
- hosts: localhost
-  connection: local
-
-  roles:
-    - base
-    - goss
-    - docker-graylog
-    - ssh-cli
-    - syslog
-    - post
-
--- a/snmp.yml
+++ b/snmp.yml
@ -1,7 +0,0 @@
---
- hosts: localhost
-  connection: local
-
-  roles:
-    - snmp-agent
-