Mise à jour du playbook Nextcloud

pre/inst-depl

@@ -1,12 +1,13 @@
 #!/bin/bash
-## aa : 2023-04-18 15:25
+## aa : 2023-01-18 15:25
+## ps : 2023-02-01 15:25
 
 set -o errexit
 set -o pipefail
 GITUSR=gitgsb
 GITPRJ=gsb2023
-apt update && apt upgrade
+apt-get update 
-apt install -y apache2 git 
+apt-get install -y apache2 git 
 STOREREP="/var/www/html/gsbstore" 
 
 GLPIREL=10.0.6

roles/base/templates/hosts.j2

@@ -27,6 +27,8 @@
 192.168.99.102	s-lb-web2.gsb.adm
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
+192.168.99.102  r-vp2.gsb.adm
+
 
 192.168.99.8	syslog.gsb.adm
 

roles/base/templates/hosts.s-proxy.j2

@@ -26,6 +26,7 @@
 192.168.99.102	s-lb-web2.gsb.adm
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
+192.168.99.102  r-vp2.gsb.adm
 
 192.168.99.8	syslog.gsb.adm
 

roles/nxc-traefik/files/docker-compose.yml

@@ -0,0 +1,80 @@
+version: '3'
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+  
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+    ports:
+      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - ./nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+#      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`s-nxc.gsb.lan`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+        #      - "traefik.http.routers.app.entrypoints=websecure"
+        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db

roles/nxc-traefik/files/nextcloud.yml

@@ -1,58 +0,0 @@
-version: '2'
-
-volumes:
-  #  nextcloud:
-  db:
-
-services:
-  db:
-    image: mariadb
-    container_name: db
-    restart: always
-    #command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    command: --innodb-read-only-compressed=OFF
-    volumes:
-      - db:/var/lib/mysql
-    networks:
-      - nxc-db
-    environment:
-      - MYSQL_ROOT_PASSWORD=blabla
-      - MYSQL_PASSWORD=blabla
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  nxc:
-    image: nextcloud
-    restart: always
-    container_name: nxc
-#    ports:
-#      - 8080:80
-#    links:
-    depends_on:
-      - db
-    volumes:
-      - ./nextcloud:/var/www/html
-    environment:
-      - MYSQL_PASSWORD=blabla
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db
-    labels:
-      # Enable this container to be mapped by traefik
-      # For more information, see: https://docs.traefik.io/providers/docker/#exposedbydefault
-      - "traefik.enable=true"
-      # URL to reach this container
-      - "traefik.http.routers.nxc.rule=Host(`s-nxc.gsb.lan`)"
-      # Activation of TLS
-      - "traefik.http.routers.nxc.tls=true"
-      # If port is different than 80, use the following service:
-      #-  "traefik.http.services.<service_name>.loadbalancer.server.port=<port>"
-      #      -  "traefik.http.services.app.loadbalancer.server.port=8080"
-    networks:
-      - proxy
-      - nxc-db
-networks:
-  proxy:
-    external: true
-  nxc-db:
-    external: false

roles/nxc-traefik/files/nxc-debug.sh

@@ -1,6 +1,4 @@
 #!/bin/bash
-docker-compose -f nextcloud.yml down
+docker compose down -v
-docker-compose -f traefik.yml down
 sleep 1
-docker-compose -f traefik.yml up -d --remove-orphans
+docker compose up -d
-docker-compose -f nextcloud.yml up -d

roles/nxc-traefik/files/nxc-prune.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
-docker volume prune -f
+
-docker container prune -f
+docker compose down -v
-docker image prune -f
+#docker volume prune -f
+#docker container prune -f
+#docker image prune -f

roles/nxc-traefik/files/nxc-start.sh

@@ -1,3 +1,2 @@
 #!/bin/bash
-docker-compose -f traefik.yml up -d  
+docker compose up -d 
-docker-compose -f nextcloud.yml up -d 

roles/nxc-traefik/files/nxc-stop.sh

@@ -1,3 +1,2 @@
 #!/bin/bash
-docker-compose -f nextcloud.yml down
+docker compose down
-docker-compose -f traefik.yml down

roles/nxc-traefik/files/traefik.yml

@@ -1,28 +0,0 @@
-version: '3'
-
-services:
-  reverse-proxy:
-    #image: traefik:v2.5
-    image: traefik
-    container_name: traefik
-    restart: always
-    security_opt:
-      - no-new-privileges:true
-    ports:
-      # Web
-      - 80:80
-      - 443:443
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      # Map the static configuration into the container
-      - ./config/static.yml:/etc/traefik/traefik.yml:ro
-      # Map the dynamic configuration into the container
-      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
-      # Map the certificats into the container
-      - ./certs:/etc/certs:ro
-    networks:
-      - proxy
-
-networks:
-  proxy:
-    external: true

roles/nxc-traefik/tasks/main.yml

@@ -24,14 +24,9 @@
     src: dynamic.yml   
     dest: /root/nxc/config
 
-- name: Copie de nextcloud.yml
+- name: Copie de docker-compose.yml
   copy: 
-    src: nextcloud.yml
+    src: docker-compose.yml
-    dest: /root/nxc
-
-- name: Copie de traefik.yml
-  copy:
-    src: traefik.yml
     dest: /root/nxc
 
 - name: Copie de nxc-stop.sh
@@ -76,3 +71,8 @@
 
 - name: Creation reseau docker proxy
   command: docker network create proxy
+
+- name: Démarrage du docker-compose...
+  command: /bin/bash docker-compose up -d
+  args:
+    chdir: /root/nxc

scripts/mkvm

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-mkvmrelease="v1.2"
+mkvmrelease="v1.2.1"
 
 ovarelease="2023a"
 ovafogrelease="2023a"
@@ -66,8 +66,8 @@ vm="$1"
 
 create_vm "${vm}"
 if [[ "${vm}" == "s-adm" ]] ; then
-	bash addint-s.adm
+	bash addint.s-adm
-if [[ "${vm}" == "s-infra" ]] ; then
+elif [[ "${vm}" == "s-infra" ]] ; then
 	create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-proxy" ]] ; then
 	create_if "${vm}" "n-adm" "n-infra"

scripts/r-vp1-post.sh

@@ -1,2 +1,5 @@
 #!/bin/bash
+#stoper le fw
+systemctl stop ferm
+#ouverture du service web pour copie distante
 cd /root/confwg/ && python3 -m http.server 8000 &

scripts/r-vp2-post.sh

@@ -1,3 +1,5 @@
 #!/bin/bash
-
+#recuperation du fichier de config
 wget http://r-vp1.gsb.adm:8000/wg0-b.qconf
+#renomage fichier et mv
+mv ./wg0-b.conf /etc/wireguard/wg0.conf