fog maj

README.md

@@ -1,6 +1,6 @@
 # gsb2023
 
-2023-01-30 ps 
+2023-02-01 ps 
 
 Environnement et playbooks ansible pour le projet GSB 2023
 
@@ -13,7 +13,6 @@ Prérequis :
     * **debian-buster-gsb-2023a.ova**
 
 
-
   * **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid 
   * **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad**
   * **r-int** : routage, DHCP 
@@ -42,15 +41,28 @@ Prérequis :
 
 ## Installation
 
-On utilisera l'image de machine virtuelle suivante : 
+On utilisera les images de machines virtuelle suivantes : 
   * **debian-bullseye-2023a.ova** (2023-01-06)
     * Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go
 
+et pour **s-fog** : 
+  * **debian-buster-2023a.ova** (2023-01-06)
+    * Debian Buster 10 - 2 cartes - 1 Go - stockage 20 Go
+
+On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer une VM
+
+```shell
+gsb2023>
+cd pre
+$ mkvm -r s-adm
+
+```
 
 ### Machine s-adm
-  * créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut
-  * renommer la machine puis redémarrer
-  * taper :
+  * créer la machine virtuelle **s-adm** avec **mkvm * comme décrit plus haut.
+  * utiliser le script de renommage comme suit --> bash chname [nouveau_nom_de_machine] puis redémarrer
+  * utiliser le script s-adm-start --> bash s-adm-start, redémarrer
+  * ou sinon :
 ```shell
     mkdir -p tools/ansible ; cd tools/ansible
     git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git
@@ -66,12 +78,11 @@ On utilisera l'image de machine virtuelle suivante :
   
 ### Pour chaque machine
 
-  - importer la machine à partir du fichier **.ova**
-  - définir les cartes réseau en accord avec le plan d'adressage et le schéma
-  - donner le nom adapté (avec sed -i …)
+  - créer la machine avec **mkvm -r**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications 
+  - utiliser le script de renommage comme suit --> bash chname [nouveau_nom_de_machine]
   - redémarrer
-  - mettre à jour les paquets : apt update && apt upgrade
-  - cloner le dépot : 
+  - utiliser le script gsb-start --> bash gsb-start
+  - ou sinon:
 ```shell
 mkdir -p tools/ansible ; cd tools/ansible
 git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git
@@ -81,6 +92,5 @@ bash gsbboot
 cd ../..
 bash pull-config
 ```
+  - redémarrer
   - **Remarque** : une machine doit avoir été redémarrée pour prendre en charge la nouvelle configuration
-
-

pre/gsbboot

@@ -34,7 +34,7 @@ if [[ $? != 0 ]]; then
 	${APT} install -y git-core
 fi
 ${APT} update
-${APT} upgrade -y
+#${APT} upgrade -y
 
 which ansible >> /dev/null
 if [[ $? != 0 ]]; then

pre/inst-depl

@@ -1,12 +1,13 @@
 #!/bin/bash
-## aa : 2023-04-18 15:25
+## aa : 2023-01-18 15:25
+## ps : 2023-02-01 15:25
 
 set -o errexit
 set -o pipefail
 GITUSR=gitgsb
 GITPRJ=gsb2023
-apt update && apt upgrade
-apt install -y apache2 git 
+apt-get update 
+apt-get install -y apache2 git 
 STOREREP="/var/www/html/gsbstore" 
 
 GLPIREL=10.0.6

roles/base/templates/hosts.j2

@@ -27,6 +27,8 @@
 192.168.99.102	s-lb-web2.gsb.adm
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
+192.168.99.102  r-vp2.gsb.adm
+
 
 192.168.99.8	syslog.gsb.adm
 

roles/base/templates/hosts.s-proxy.j2

@@ -26,6 +26,7 @@
 192.168.99.102	s-lb-web2.gsb.adm
 192.168.99.103	s-lb-web3.gsb.adm
 192.168.99.112  r-vp1.gsb.adm
+192.168.99.102  r-vp2.gsb.adm
 
 192.168.99.8	syslog.gsb.adm
 

roles/elk/README.md

@@ -1,8 +1,9 @@
 ## Principe du rôle elk
-  
-Ce rôle permet de créer un serveur ELK pour centraliser les logs et d'avoir des métriques pour simplifier la gestion du parc informatique GSB. 
-Le principe de se rôle est d'installer docker, les différentes tâches de se rôle est de :  
-Vérifier si ELK est déjà installé,  
-Installer ELK sur github,  
-Changer la configuration  
-Lancer ELK avec docker-compose   
+ELK 8.5.3
+
+Ce rôle permet de créer un serveur ELK pour centraliser les logs et de des métriques pour simplifier la gestion du parc informatique GSB. 
+Le principe de ce rôle est d'installer docker, les différentes tâches de ce rôle sont de :
+- Vérifier si ELK est déjà installé,
+- Importation un docker-compose depuis github,
+- Changement la configuration pour passer en version 'basic'
+- Lancement d'ELK avec docker-compose

roles/elk/files/get_docker.sh

@@ -1,502 +0,0 @@
-#!/bin/sh
-set -e
-# Docker CE for Linux installation script
-#
-# See https://docs.docker.com/install/ for the installation steps.
-#
-# This script is meant for quick & easy install via:
-#   $ curl -fsSL https://get.docker.com -o get-docker.sh
-#   $ sh get-docker.sh
-#
-# For test builds (ie. release candidates):
-#   $ curl -fsSL https://test.docker.com -o test-docker.sh
-#   $ sh test-docker.sh
-#
-# NOTE: Make sure to verify the contents of the script
-#       you downloaded matches the contents of install.sh
-#       located at https://github.com/docker/docker-install
-#       before executing.
-#
-# Git commit from https://github.com/docker/docker-install when
-# the script was uploaded (Should only be modified by upload job):
-SCRIPT_COMMIT_SHA="3d8fe77c2c46c5b7571f94b42793905e5b3e42e4"
-
-
-# The channel to install from:
-#   * nightly
-#   * test
-#   * stable
-#   * edge (deprecated)
-DEFAULT_CHANNEL_VALUE="stable"
-if [ -z "$CHANNEL" ]; then
-	CHANNEL=$DEFAULT_CHANNEL_VALUE
-fi
-
-DEFAULT_DOWNLOAD_URL="https://download.docker.com"
-if [ -z "$DOWNLOAD_URL" ]; then
-	DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
-fi
-
-DEFAULT_REPO_FILE="docker-ce.repo"
-if [ -z "$REPO_FILE" ]; then
-	REPO_FILE="$DEFAULT_REPO_FILE"
-fi
-
-mirror=''
-DRY_RUN=${DRY_RUN:-}
-while [ $# -gt 0 ]; do
-	case "$1" in
-		--mirror)
-			mirror="$2"
-			shift
-			;;
-		--dry-run)
-			DRY_RUN=1
-			;;
-		--*)
-			echo "Illegal option $1"
-			;;
-	esac
-	shift $(( $# > 0 ? 1 : 0 ))
-done
-
-case "$mirror" in
-	Aliyun)
-		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
-		;;
-	AzureChinaCloud)
-		DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
-		;;
-esac
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-is_dry_run() {
-	if [ -z "$DRY_RUN" ]; then
-		return 1
-	else
-		return 0
-	fi
-}
-
-is_wsl() {
-	case "$(uname -r)" in
-	*microsoft* ) true ;; # WSL 2
-	*Microsoft* ) true ;; # WSL 1
-	* ) false;;
-	esac
-}
-
-is_darwin() {
-	case "$(uname -s)" in
-	*darwin* ) true ;;
-	*Darwin* ) true ;;
-	* ) false;;
-	esac
-}
-
-deprecation_notice() {
-	distro=$1
-	date=$2
-	echo
-	echo "DEPRECATION WARNING:"
-	echo "    The distribution, $distro, will no longer be supported in this script as of $date."
-	echo "    If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
-	echo
-	sleep 10
-}
-
-get_distribution() {
-	lsb_dist=""
-	# Every system that we officially support has /etc/os-release
-	if [ -r /etc/os-release ]; then
-		lsb_dist="$(. /etc/os-release && echo "$ID")"
-	fi
-	# Returning an empty string here should be alright since the
-	# case statements don't act unless you provide an actual value
-	echo "$lsb_dist"
-}
-
-add_debian_backport_repo() {
-	debian_version="$1"
-	backports="deb http://ftp.debian.org/debian $debian_version-backports main"
-	if ! grep -Fxq "$backports" /etc/apt/sources.list; then
-		(set -x; $sh_c "echo \"$backports\" >> /etc/apt/sources.list")
-	fi
-}
-
-echo_docker_as_nonroot() {
-	if is_dry_run; then
-		return
-	fi
-	if command_exists docker && [ -e /var/run/docker.sock ]; then
-		(
-			set -x
-			$sh_c 'docker version'
-		) || true
-	fi
-	your_user=your-user
-	[ "$user" != 'root' ] && your_user="$user"
-	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
-	echo "If you would like to use Docker as a non-root user, you should now consider"
-	echo "adding your user to the \"docker\" group with something like:"
-	echo
-	echo "  sudo usermod -aG docker $your_user"
-	echo
-	echo "Remember that you will have to log out and back in for this to take effect!"
-	echo
-	echo "WARNING: Adding a user to the \"docker\" group will grant the ability to run"
-	echo "         containers which can be used to obtain root privileges on the"
-	echo "         docker host."
-	echo "         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
-	echo "         for more information."
-
-}
-
-# Check if this is a forked Linux distro
-check_forked() {
-
-	# Check for lsb_release command existence, it usually exists in forked distros
-	if command_exists lsb_release; then
-		# Check if the `-u` option is supported
-		set +e
-		lsb_release -a -u > /dev/null 2>&1
-		lsb_release_exit_code=$?
-		set -e
-
-		# Check if the command has exited successfully, it means we're in a forked distro
-		if [ "$lsb_release_exit_code" = "0" ]; then
-			# Print info about current distro
-			cat <<-EOF
-			You're using '$lsb_dist' version '$dist_version'.
-			EOF
-
-			# Get the upstream release info
-			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
-			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
-
-			# Print info about upstream distro
-			cat <<-EOF
-			Upstream release is '$lsb_dist' version '$dist_version'.
-			EOF
-		else
-			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
-				if [ "$lsb_dist" = "osmc" ]; then
-					# OSMC runs Raspbian
-					lsb_dist=raspbian
-				else
-					# We're Debian and don't even know it!
-					lsb_dist=debian
-				fi
-				dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
-				case "$dist_version" in
-					10)
-						dist_version="buster"
-					;;
-					9)
-						dist_version="stretch"
-					;;
-					8|'Kali Linux 2')
-						dist_version="jessie"
-					;;
-				esac
-			fi
-		fi
-	fi
-}
-
-semverParse() {
-	major="${1%%.*}"
-	minor="${1#$major.}"
-	minor="${minor%%.*}"
-	patch="${1#$major.$minor.}"
-	patch="${patch%%[-.]*}"
-}
-
-do_install() {
-	echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
-
-	if command_exists docker; then
-		docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
-		MAJOR_W=1
-		MINOR_W=10
-
-		semverParse "$docker_version"
-
-		shouldWarn=0
-		if [ "$major" -lt "$MAJOR_W" ]; then
-			shouldWarn=1
-		fi
-
-		if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
-			shouldWarn=1
-		fi
-
-		cat >&2 <<-'EOF'
-			Warning: the "docker" command appears to already exist on this system.
-
-			If you already have Docker installed, this script can cause trouble, which is
-			why we're displaying this warning and provide the opportunity to cancel the
-			installation.
-
-			If you installed the current Docker package using this script and are using it
-		EOF
-
-		if [ $shouldWarn -eq 1 ]; then
-			cat >&2 <<-'EOF'
-			again to update Docker, we urge you to migrate your image store before upgrading
-			to v1.10+.
-
-			You can find instructions for this here:
-			https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
-			EOF
-		else
-			cat >&2 <<-'EOF'
-			again to update Docker, you can safely ignore this message.
-			EOF
-		fi
-
-		cat >&2 <<-'EOF'
-
-			You may press Ctrl+C now to abort this script.
-		EOF
-		( set -x; sleep 20 )
-	fi
-
-	user="$(id -un 2>/dev/null || true)"
-
-	sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo; then
-			sh_c='sudo -E sh -c'
-		elif command_exists su; then
-			sh_c='su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit 1
-		fi
-	fi
-
-	if is_dry_run; then
-		sh_c="echo"
-	fi
-
-	# perform some very rudimentary platform detection
-	lsb_dist=$( get_distribution )
-	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
-
-	if is_wsl; then
-		echo
-		echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
-		echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
-		echo
-		cat >&2 <<-'EOF'
-
-			You may press Ctrl+C now to abort this script.
-		EOF
-		( set -x; sleep 20 )
-	fi
-
-	case "$lsb_dist" in
-
-		ubuntu)
-			if command_exists lsb_release; then
-				dist_version="$(lsb_release --codename | cut -f2)"
-			fi
-			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
-				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
-			fi
-		;;
-
-		debian|raspbian)
-			dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
-			case "$dist_version" in
-				10)
-					dist_version="buster"
-				;;
-				9)
-					dist_version="stretch"
-				;;
-				8)
-					dist_version="jessie"
-				;;
-			esac
-		;;
-
-		centos|rhel)
-			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
-				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
-			fi
-		;;
-
-		*)
-			if command_exists lsb_release; then
-				dist_version="$(lsb_release --release | cut -f2)"
-			fi
-			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
-				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
-			fi
-		;;
-
-	esac
-
-	# Check if this is a forked Linux distro
-	check_forked
-
-	# Run setup for each distro accordingly
-	case "$lsb_dist" in
-		ubuntu|debian|raspbian)
-			pre_reqs="apt-transport-https ca-certificates curl"
-			if [ "$lsb_dist" = "debian" ]; then
-				# libseccomp2 does not exist for debian jessie main repos for aarch64
-				if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
-					add_debian_backport_repo "$dist_version"
-				fi
-			fi
-
-			if ! command -v gpg > /dev/null; then
-				pre_reqs="$pre_reqs gnupg"
-			fi
-			apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				$sh_c 'apt-get update -qq >/dev/null'
-				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
-				$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | apt-key add -qq - >/dev/null"
-				$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
-				$sh_c 'apt-get update -qq >/dev/null'
-			)
-			pkg_version=""
-			if [ -n "$VERSION" ]; then
-				if is_dry_run; then
-					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
-				else
-					# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
-					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
-					search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
-					pkg_version="$($sh_c "$search_command")"
-					echo "INFO: Searching repository for VERSION '$VERSION'"
-					echo "INFO: $search_command"
-					if [ -z "$pkg_version" ]; then
-						echo
-						echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
-						echo
-						exit 1
-					fi
-					search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
-					# Don't insert an = for cli_pkg_version, we'll just include it later
-					cli_pkg_version="$($sh_c "$search_command")"
-					pkg_version="=$pkg_version"
-				fi
-			fi
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				if [ -n "$cli_pkg_version" ]; then
-					$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
-				fi
-				$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
-			)
-			echo_docker_as_nonroot
-			exit 0
-			;;
-		centos|fedora|rhel)
-			yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
-			if ! curl -Ifs "$yum_repo" > /dev/null; then
-				echo "Error: Unable to curl repository file $yum_repo, is it valid?"
-				exit 1
-			fi
-			if [ "$lsb_dist" = "fedora" ]; then
-				pkg_manager="dnf"
-				config_manager="dnf config-manager"
-				enable_channel_flag="--set-enabled"
-				disable_channel_flag="--set-disabled"
-				pre_reqs="dnf-plugins-core"
-				pkg_suffix="fc$dist_version"
-			else
-				pkg_manager="yum"
-				config_manager="yum-config-manager"
-				enable_channel_flag="--enable"
-				disable_channel_flag="--disable"
-				pre_reqs="yum-utils"
-				pkg_suffix="el"
-			fi
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				$sh_c "$pkg_manager install -y -q $pre_reqs"
-				$sh_c "$config_manager --add-repo $yum_repo"
-
-				if [ "$CHANNEL" != "stable" ]; then
-					$sh_c "$config_manager $disable_channel_flag docker-ce-*"
-					$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
-				fi
-				$sh_c "$pkg_manager makecache"
-			)
-			pkg_version=""
-			if [ -n "$VERSION" ]; then
-				if is_dry_run; then
-					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
-				else
-					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
-					search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
-					pkg_version="$($sh_c "$search_command")"
-					echo "INFO: Searching repository for VERSION '$VERSION'"
-					echo "INFO: $search_command"
-					if [ -z "$pkg_version" ]; then
-						echo
-						echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
-						echo
-						exit 1
-					fi
-					search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
-					# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
-					cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
-					# Cut out the epoch and prefix with a '-'
-					pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
-				fi
-			fi
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				# install the correct cli version first
-				if [ -n "$cli_pkg_version" ]; then
-					$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
-				fi
-				$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
-			)
-			echo_docker_as_nonroot
-			exit 0
-			;;
-		*)
-			if [ -z "$lsb_dist" ]; then
-				if is_darwin; then
-					echo
-					echo "ERROR: Unsupported operating system 'macOS'"
-					echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
-					echo
-					exit 1
-				fi
-			fi
-			echo
-			echo "ERROR: Unsupported distribution '$lsb_dist'"
-			echo
-			exit 1
-			;;
-	esac
-	exit 1
-}
-
-# wrapped up in a function so that we have some protection against only getting
-# half the file during "curl | sh"
-do_install

roles/elk/tasks/main.yml

@@ -22,6 +22,6 @@
       replace: 'xpack.license.self_generated.type: basic'
      
   - name: Execution du fichier docker-compose.yml
-    shell: docker-compose up -d
+    shell: docker compose up -d
     args:
       chdir: /root/elk

roles/fog/README.md

@@ -0,0 +1,11 @@
+# Fog
+Ce rôle permet l'installation et la modification de Fog.
+
+## Fog, c'est quoi ?
+
+Fog permet le déploiement d'images disque tel que Windows ou bien Linux en utilisant PXE (Preboot Execution Environment).
+
+## Comment l'installer ?
+
+Avant toute chose, lancer le fichier goss de s-fog ( présent dans gsb2023/goss/s-fog.yaml ) pour vérifier que la configuration réseau est correct et opérationel. Une fois l'installation principal effectué, il faut lancé le playbook ansible s-fog.yaml.
+Il faudra se rendre dans le dossier **fog** pour lancer le script **installfog.sh** ( fog/bin/ ). La configuration sera déjà établi via le fichier **.fogsettings**

roles/fog/files/fogsettings

@@ -0,0 +1,46 @@
+## Start of FOG Settings
+## Created by the FOG Installer
+## Find more information about this file in the FOG Project wiki:
+##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
+## Version: 1.5.9
+## Install time: jeu. 26 janv. 2023 11:41:05
+ipaddress='172.16.64.16'
+copybackold='0'
+interface='enp0s9'
+submask='255.255.255.0'
+hostname='s-fog.gsb.lan'
+routeraddress='192.168.99.99'
+plainrouter='192.168.99.99'
+dnsaddress='172.16.0.1'
+username='fogproject'
+password='/7ElC1OHrP47EN2w59xl'
+osid='2'
+osname='Debian'
+dodhcp='y'
+bldhcp='1'
+dhcpd='isc-dhcp-server'
+blexports='1'
+installtype='N'
+snmysqluser='fogmaster'
+snmysqlpass='HHO5vSGqFiHE_9d2lja3'
+snmysqlhost='localhost'
+mysqldbname='fog'
+installlang='0'
+storageLocation='/images'
+fogupdateloaded=1
+docroot='/var/www/html/'
+webroot='/fog/'
+caCreated='yes'
+httpproto='http'
+startrange='172.16.64.10'
+endrange='172.16.64.254'
+bootfilename='undionly.kpxe'
+packages='apache2 bc build-essential cpp curl g++ gawk gcc genisoimage git gzip htmldoc isc-dhcp-server isolinux lftp libapache2-mod-php7.4 libc6 libcurl4 li>
+noTftpBuild=''
+sslpath='/opt/fog/snapins/ssl/'
+backupPath='/home/'
+armsupport='0'
+php_ver='7.4'
+php_verAdds='-7.4'
+sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
+## End of FOG Settings

roles/fog/tasks/main.yml

@@ -1,11 +1,15 @@
 ---
+- name: creation d'un repertoire fog
+  file:
+    path: /root/tools/fog
+    state: directory
+
 - name: recuperation de l'archive d'installation fog sur git
   git:
     repo: https://gitea.lyc-lecastel.fr/gadmin/fog.git
     dest: /root/tools/fog/
     clone: yes
     update: yes
-    force: yes
 
 - name: Modification fichier bash (desac UDPCast)
   ansible.builtin.lineinfile:
@@ -13,3 +17,10 @@
     regexp: '^configureUDPCast\(\).*'
     line: "configureUDPCast() {\nreturn"
     backup: yes
+
+- name: fichier config fogsettings
+  command: "cp /root/tools/ansible/roles/fog/files/fogsettings /opt/fog/"
+
+- name: fichier fogsettings en .fogsettings
+command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
+

roles/fw-ferm/README.md

@@ -1,11 +1,11 @@
-[Ferm]:http://ferm.foo-projects.org/ 
+# [Ferm](http://ferm.foo-projects.org/)
 
-Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables
+Modifier l'execution d'iptables [plus d'info ici](https://wiki.debian.org/iptables)
 ```shell
 update-alternatives --set iptables /usr/sbin/iptables-legacy
 ```
 
-Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html
+Pour tester utiliser [Nmap](https://nmap.org/man/fr/man-briefoptions.html)
 ### r-vp1
 ```shell
 sudo nmap -p51820  192.168.0.51

roles/goss/defaults/main.yml

@@ -1,3 +1,2 @@
 depl_url: "http://s-adm.gsb.adm/gsbstore"
 depl_goss: "goss"
-

roles/goss/tasks/main.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: goss binary exists
   stat: path=/usr/local/bin/goss
   register: gossbin
@@ -18,4 +17,3 @@
     mode: 0755
     remote_src: yes
   when: gossbin.stat.exists == false and ansible_hostname == "s-adm"
-

roles/lb-bd/files/.my.cnf

@@ -1,3 +0,0 @@
-[client]
-user=root
-password=root

roles/lb-bd/files/installmysql.sh

@@ -1,16 +0,0 @@
-# Download and Install the Latest Updates for the OS
-apt-get update && apt-get upgrade -y
-
-# Install MySQL Server in a Non-Interactive mode. Default root password will be "root"
-echo "mysql-server mysql-server/root_password password root" | debconf-set-selections
-echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
-apt-get -y install mysql-server
-
-
-# Run the MySQL Secure Installation wizard
-mysql_secure_installation
-
-sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /etc/mysql/my.cnf
-mysql -uroot -p -e 'USE mysql; UPDATE `user` SET `Host`="%" WHERE `User`="root" AND `Host`="localhost"; DELETE FROM `user` WHERE `Host` != "%" AND `User`="root"; FLUSH PRIVILEGES;'
-
-service mysql restart

roles/lb-bd/files/my.cnf

@@ -1,128 +0,0 @@
-#
-# The MySQL database server configuration file.
-#
-# You can copy this to one of:
-# - "/etc/mysql/my.cnf" to set global options,
-# - "~/.my.cnf" to set user-specific options.
-# 
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-#
-# For explanations see
-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
-
-# This will be passed to all mysql clients
-# It has been reported that passwords should be enclosed with ticks/quotes
-# escpecially if they contain "#" chars...
-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
-[client]
-port		= 3306
-socket		= /var/run/mysqld/mysqld.sock
-
-# Here is entries for some specific programs
-# The following values assume you have at least 32M ram
-
-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
-[mysqld_safe]
-socket		= /var/run/mysqld/mysqld.sock
-nice		= 0
-
-[mysqld]
-#
-# * Basic Settings
-#
-user		= mysql
-pid-file	= /var/run/mysqld/mysqld.pid
-socket		= /var/run/mysqld/mysqld.sock
-port		= 3306
-basedir		= /usr
-datadir		= /var/lib/mysql
-tmpdir		= /tmp
-lc-messages-dir	= /usr/share/mysql
-skip-external-locking
-#
-# Instead of skip-networking the default is now to listen only on
-# localhost which is more compatible and is not less secure.
-#bind-address		= 127.0.0.1
-#
-# * Fine Tuning
-#
-key_buffer		= 16M
-max_allowed_packet	= 16M
-thread_stack		= 192K
-thread_cache_size       = 8
-# This replaces the startup script and checks MyISAM tables if needed
-# the first time they are touched
-myisam-recover         = BACKUP
-#max_connections        = 100
-#table_cache            = 64
-#thread_concurrency     = 10
-#
-# * Query Cache Configuration
-#
-query_cache_limit	= 1M
-query_cache_size        = 16M
-#
-# * Logging and Replication
-#
-# Both location gets rotated by the cronjob.
-# Be aware that this log type is a performance killer.
-# As of 5.1 you can enable the log at runtime!
-#general_log_file        = /var/log/mysql/mysql.log
-#general_log             = 1
-#
-# Error log - should be very few entries.
-#
-log_error = /var/log/mysql/error.log
-#
-# Here you can see queries with especially long duration
-#slow_query_log_file = /var/log/mysql/mysql-slow.log
-#slow_query_log      = 1
-#long_query_time = 2
-#log_queries_not_using_indexes
-#
-# The following can be used as easy to replay backup logs or for replication.
-# note: if you are setting up a replication slave, see README.Debian about
-#       other settings you may need to change.
-#server-id		= 1
-#log_bin			= /var/log/mysql/mysql-bin.log
-expire_logs_days	= 10
-max_binlog_size         = 100M
-#binlog_do_db		= include_database_name
-#binlog_ignore_db	= include_database_name
-#
-# * InnoDB
-#
-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
-# Read the manual for more InnoDB related options. There are many!
-#
-# * Security Features
-#
-# Read the manual, too, if you want chroot!
-# chroot = /var/lib/mysql/
-#
-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
-#
-# ssl-ca=/etc/mysql/cacert.pem
-# ssl-cert=/etc/mysql/server-cert.pem
-# ssl-key=/etc/mysql/server-key.pem
-
-
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet	= 16M
-
-[mysql]
-#no-auto-rehash	# faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer		= 16M
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-#   The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/

roles/lb-bd/handlers/main.yml

@@ -1,3 +1,4 @@
 ---
- - name: restart mysql-server
-   service: name=mysql-server state=restarted
+- name: restart mariadb
+  ansible.builtin.service:
+    name: mariadb

roles/lb-bd/tasks/main.yml

@@ -1,4 +1,35 @@
 ---
-- name: Install paquets
-  apt: name=mysql-server state=present force=yes
+
+- name: modules python pour
+  apt:
+    name: python3-pymysql
+    state: present
+
+- name: install mariadb-server
+  apt:
+    name: mariadb-server
+    state: present
+
+- name: Cree Bd wordpress
+  mysql_db:
+    db: wordpressdb
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    state: present
+
+- name: Ouvre port 3306 mariadb-server
+  replace:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    regexp: '^bind-address.*'
+    replace: '#bind-adress = 127.0.0.1'
+    backup: yes
+  notify: restart mariadb
+
+- name: Create MySQL user for wordpress
+  mysql_user:
+    name: wordpressuser
+    password: wordpresspasswd
+    priv: "wordpressdb.*:ALL"
+    host: '%'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
 

roles/nxc-traefik/files/docker-compose.yml

@@ -0,0 +1,80 @@
+version: '3'
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+  
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+    ports:
+      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - ./nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+#      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`s-nxc.gsb.lan`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+        #      - "traefik.http.routers.app.entrypoints=websecure"
+        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db

roles/nxc-traefik/files/nextcloud.yml

@@ -1,58 +0,0 @@
-version: '2'
-
-volumes:
-  #  nextcloud:
-  db:
-
-services:
-  db:
-    image: mariadb
-    container_name: db
-    restart: always
-    #command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    command: --innodb-read-only-compressed=OFF
-    volumes:
-      - db:/var/lib/mysql
-    networks:
-      - nxc-db
-    environment:
-      - MYSQL_ROOT_PASSWORD=blabla
-      - MYSQL_PASSWORD=blabla
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  nxc:
-    image: nextcloud
-    restart: always
-    container_name: nxc
-#    ports:
-#      - 8080:80
-#    links:
-    depends_on:
-      - db
-    volumes:
-      - ./nextcloud:/var/www/html
-    environment:
-      - MYSQL_PASSWORD=blabla
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db
-    labels:
-      # Enable this container to be mapped by traefik
-      # For more information, see: https://docs.traefik.io/providers/docker/#exposedbydefault
-      - "traefik.enable=true"
-      # URL to reach this container
-      - "traefik.http.routers.nxc.rule=Host(`s-nxc.gsb.lan`)"
-      # Activation of TLS
-      - "traefik.http.routers.nxc.tls=true"
-      # If port is different than 80, use the following service:
-      #-  "traefik.http.services.<service_name>.loadbalancer.server.port=<port>"
-      #      -  "traefik.http.services.app.loadbalancer.server.port=8080"
-    networks:
-      - proxy
-      - nxc-db
-networks:
-  proxy:
-    external: true
-  nxc-db:
-    external: false

roles/nxc-traefik/files/nxc-debug.sh

@@ -1,6 +1,4 @@
 #!/bin/bash
-docker-compose -f nextcloud.yml down
-docker-compose -f traefik.yml down
+docker compose down -v
 sleep 1
-docker-compose -f traefik.yml up -d --remove-orphans
-docker-compose -f nextcloud.yml up -d
+docker compose up -d

roles/nxc-traefik/files/nxc-prune.sh

@@ -1,4 +1,6 @@
 #!/bin/bash
-docker volume prune -f
-docker container prune -f
-docker image prune -f
+
+docker compose down -v
+#docker volume prune -f
+#docker container prune -f
+#docker image prune -f

roles/nxc-traefik/files/nxc-start.sh

@@ -1,3 +1,2 @@
 #!/bin/bash
-docker-compose -f traefik.yml up -d  
-docker-compose -f nextcloud.yml up -d 
+docker compose up -d 

roles/nxc-traefik/files/nxc-stop.sh

@@ -1,3 +1,2 @@
 #!/bin/bash
-docker-compose -f nextcloud.yml down
-docker-compose -f traefik.yml down
+docker compose down

roles/nxc-traefik/files/traefik.yml

@@ -1,28 +0,0 @@
-version: '3'
-
-services:
-  reverse-proxy:
-    #image: traefik:v2.5
-    image: traefik
-    container_name: traefik
-    restart: always
-    security_opt:
-      - no-new-privileges:true
-    ports:
-      # Web
-      - 80:80
-      - 443:443
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      # Map the static configuration into the container
-      - ./config/static.yml:/etc/traefik/traefik.yml:ro
-      # Map the dynamic configuration into the container
-      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
-      # Map the certificats into the container
-      - ./certs:/etc/certs:ro
-    networks:
-      - proxy
-
-networks:
-  proxy:
-    external: true

roles/nxc-traefik/tasks/main.yml

@@ -24,14 +24,9 @@
     src: dynamic.yml   
     dest: /root/nxc/config
 
-- name: Copie de nextcloud.yml
+- name: Copie de docker-compose.yml
   copy: 
-    src: nextcloud.yml
-    dest: /root/nxc
-
-- name: Copie de traefik.yml
-  copy:
-    src: traefik.yml
+    src: docker-compose.yml
     dest: /root/nxc
 
 - name: Copie de nxc-stop.sh
@@ -76,3 +71,8 @@
 
 - name: Creation reseau docker proxy
   command: docker network create proxy
+
+    #- name: Démarrage du docker-compose...
+    #command: /bin/bash docker-compose up -d
+    #args:
+    #chdir: /root/nxc

roles/wireguard-r/README.md

@@ -1,13 +1,19 @@
-Procédure d'installation de r-vp1 et de copie du fichier wg0-b.conf.
+Procédure d'installation de **r-vp1** et de copie du fichier wg0-b.conf.
 ***
 
-Depuis r-vp1 se deplacer dans le repertoire **/tools/ansible/gsb2023** pour executer le playbook:
-**"ansible-playbook -i localhost, -c local r-vp1.yml"** puis reboot r-vp1.
 
-Attendre la fin de l'installation. Ensuite faire une copie distante du fichier
-wg0-b.conf sur r-vp2 **"scp /confwg/wg0-b.conf root@'ip r-vp2':/etc/wireguard/"**.
- 
-Renommer les fichiers en **wg0.conf**
+Depuis **r-vp1** se deplacer dans le repertoire **/tools/ansible/gsb2023** pour executer le playbook:
+**"ansible-playbook -i localhost, -c local r-vp1.yml"** puis reboot **r-vp1**.
+
+
+Sur **r-vp1**:
+
+Attendre la fin de l'installation. Ensuite lancer un serveur http avec python3 pour récuperer le fichier
+wg0-b.conf sur **r-vp2** . Lancer le script **r-vp1-post.sh** dans **/tools/ansible/gsb2023/Scripts**.
+
+
+Sur **r-vp2**:
+
+Lancer le script r-vp2-post.sh dans **/tools/ansible/gsb2023/Scripts** pour recuperer wg0-b.conf
+et qui renomme le fichier en **wg0.conf** . Il redémarre et active le service **wg-quick@wg0**.
 
-Executer **"systemctl enable wg-quick@wg0"** puis **"systemctl start wg-quick@wg0"** sur r-vp1 et r-vp2.
-Entrer la commande **"wg"** pour voir si l'interface wg0 est correctement montée. 

s-adm.yml

@@ -4,7 +4,6 @@
 
   roles:
     - base
-    - goss
     - s-ssh
     - dnsmasq
     - squid
@@ -12,3 +11,4 @@
     - snmp-agent
     - syslog-cli
     - post
+    - goss

s-lb-bd.yml

@@ -3,47 +3,11 @@
   become: true
   tasks:
 
-  - name: modules python pour
-    apt:
-      name: python3-pymysql
-      state: present
-
-  - name: install mariadb-server
-    apt:
-      name: mariadb-server
-      state: present
-
-  - name: Cree Bd wordpress
-    mysql_db:
-      db: wordpressdb
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-      state: present
-
-  - name: Ouvre port 3306 mariadb-server
-    replace:
-      path: /etc/mysql/mariadb.conf.d/50-server.cnf
-      regexp: '^bind-address.*'
-      replace: '#bind-adress = 127.0.0.1'
-      backup: yes
-    notify: restart mariadb
-
-  - name: Create MySQL user for wordpress
-    mysql_user:
-      name: wordpressuser
-      password: wordpresspasswd
-      priv: "wordpressdb.*:ALL"
-      host: '%'
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  handlers:
-    - name: restart mariadb
-      ansible.builtin.service:
-        name: mariadb
-        state: restarted
 
   roles:
     - base
     - goss
+    - lb-bd
     - post
     - snmp-agent
+    - ssh-cli

s-lb-web1.yml

@@ -7,3 +7,5 @@
     - post
     - lb-web
     - snmp-agent
+    - ssh-cli
+

s-lb-web2.yml

@@ -7,3 +7,4 @@
     - post
     - lb-web
     - snmp-agent
+    - ssh-cli

s-lb.yml

@@ -7,5 +7,6 @@
      - goss
      - lb-front
      - snmp-agent
+     - ssh-cli
      - post
 

scripts/debian11/chname

@@ -0,0 +1,14 @@
+#!/bin/bash
+if [[ $# != 1 ]] ; then
+	echo "$0 - renomme une VM"  
+	echo "usage : $0 <nouveaunom> "
+	exit 1
+fi
+if [[ $1 == "version" ]] ; then
+	echo 'chname v1.1 pour debian 11'
+	exit 0
+fi
+oldname=$(hostname)
+sed -i "s/${oldname}/$1/g" /etc/host{s,name}
+echo 'redemarrer pour finaliser le changement du nom'
+exit 0

scripts/debian11/gsb-start

@@ -0,0 +1,11 @@
+#!/bin/bash
+apt-get  update
+#upgrade -y
+mkdir -p /root/tools/ansible
+cd /root/tools/ansible
+git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git
+cd gsb2023/pre
+export DEPL=192.168.99.99
+bash gsbboot
+cd ../..
+bash pull-config

scripts/debian11/s-adm-start

@@ -0,0 +1,15 @@
+#!/bin/bash
+apt-get  update
+#apt upgrade -y;
+mkdir -p tools/ansible
+cd tools/ansible
+git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git;
+cd gsb2023/pre
+bash inst-depl
+cd /var/www/html/gsbstore
+bash getall
+cd /root/tools/ansible/gsb2023/pre
+bash gsbboot
+cd ..
+bash pull-config
+

scripts/mkvm

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-mkvmrelease="v1.2"
+mkvmrelease="v1.2.2"
 
-ovarelease="2023a"
-ovafogrelease="2023a"
+ovarelease="2023b"
+ovafogrelease="2023b"
 ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova"
 ovafilefog="$HOME/Téléchargements/debian-buster-gsb-${ovafogrelease}.ova"
 deletemode=0
@@ -66,8 +66,8 @@ vm="$1"
 
 create_vm "${vm}"
 if [[ "${vm}" == "s-adm" ]] ; then
-	bash addint-s.adm
-if [[ "${vm}" == "s-infra" ]] ; then
+	bash addint.s-adm
+elif [[ "${vm}" == "s-infra" ]] ; then
 	create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-proxy" ]] ; then
 	create_if "${vm}" "n-adm" "n-infra"
@@ -96,6 +96,8 @@ elif [[ "${vm}" == "s-web-ext" ]] ; then
         create_if "${vm}" "n-adm" "n-dmz"
 elif [[ "${vm}" == "s-nxc" ]] ; then
         create_if "${vm}" "n-adm" "n-infra"
+elif [[ "${vm}" == "s-elk" ]] ; then
+        create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-lb" ]] ; then
         create_if "${vm}" "n-adm" "n-dmz" "n-dmz-lb"
 elif [[ "${vm}" == "s-lb-web1" ]] ; then

scripts/mkvm.ps1

@@ -3,9 +3,9 @@
 
 #mkvm pour toutes les vms
 
-$mkvmrelease="v1.2"
-$ovarelease="2023a"
-$ovafogrelease="2023a"
+$mkvmrelease="v1.2.2"
+$ovarelease="2023b"
+$ovafogrelease="2023b"
 $ovafile="$HOME\Downloads\debian-bullseye-gsb-${ovarelease}.ova"
 $ovafilefog="$HOME\Downloads\debian-buster-gsb-${ovafogrelease}.ova"
 $vboxmanage="C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"
@@ -22,11 +22,10 @@ function create_vm{ param([string]$nomvm)
 function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$reseau)
 	#Création d'une interface
 	if ($nomvm -and $nic -and $rang -and $reseau) {
-	#if ("1" -eq "1") {
 		if ($nic -eq "bridge") {
 			#Création d'une interface en pont
 			& "$vboxmanage" modifyvm  "$nomvm" --nic"$rang" bridged
-			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" 82540EM
+			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" virtio
 			& "$vboxmanage" modifyvm  "$nomvm" --cableconnected"$rang" on
 			& "$vboxmanage" modifyvm  "$nomvm" --nicpromisc"$rang" allow-all
 			Write-Host "$nomvm : IF$rang $nic"
@@ -35,7 +34,7 @@ function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$res
 			#Création d'une interface en reseau interne
 			& "$vboxmanage" modifyvm  "$nomvm" --nic"$rang" intnet
 			& "$vboxmanage" modifyvm  "$nomvm" --intnet"$rang" "$reseau"
-			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" 82540EM
+			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" virtio
 			& "$vboxmanage" modifyvm  "$nomvm" --cableconnected"$rang" on
 			& "$vboxmanage" modifyvm  "$nomvm" --nicpromisc"$rang" allow-all
 			Write-Host "$nomvm : IF$rang $nic $reseau"
@@ -43,6 +42,9 @@ function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$res
 	}
 }
 
+function usage{
+	Write-Host "usage : mkvm ${myInvocation.ScriptName} <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-agence|s-appli|s-backup|s-itil|s-ncx|s-fog|s-dns-ext|s-web-ext|s-lb|s-lb-bd|s-lb-web1|s-lb-web2|s-lb-web3>"
+}
 
 if ($args[0] -eq "s-adm") {
 
@@ -52,107 +54,108 @@ if ($args[0] -eq "s-adm") {
 	
 }
 
-elseif ($args[0] -eq "s-infra") {
+elseif ($args[0] -eq "r-int") {
 
 	create_vm $args[0]
 	create_if $args[0] "int" 1 "n-adm"
-	create_if $args[0] "int" 2 "n-infra"
-
-#création de la première interface
-& "$vboxmanage" modifyvm  "s-infra" --nic1 intnet
-& "$vboxmanage" modifyvm  "s-infra" --intnet1 "n-adm"
-& "$vboxmanage" modifyvm  "s-infra" --nictype1 82540EM
-& "$vboxmanage" modifyvm  "s-infra" --cableconnected1 on
-& "$vboxmanage" modifyvm  "s-infra" --nicpromisc1 allow-all
-
-#création de la deuxième interface
-& "$vboxmanage" modifyvm  "s-infra" --nic2 intnet
-& "$vboxmanage" modifyvm  "s-infra" --intnet2 "n-infra"
-& "$vboxmanage" modifyvm  "s-infra" --nictype2 82540EM
-& "$vboxmanage" modifyvm  "s-infra" --cableconnected2 on
-& "$vboxmanage" modifyvm  "s-infra" --nicpromisc2 allow-all
-}
-
-elseif ($args[0] -eq "r-int") {
-
-	create_vm($args[0])
-
-#interface 1
-& "$vboxmanage" modifyvm  "r-int" --nic1 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet1 "n-adm"
-& "$vboxmanage" modifyvm  "r-int" --nictype1 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected1 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc1 allow-all
-
-#interface 2
-& "$vboxmanage" modifyvm  "r-int" --nic2 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet2 "n-link"
-& "$vboxmanage" modifyvm  "r-int" --nictype2 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected2 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc2 allow-all
-
-#interface 3
-& "$vboxmanage" modifyvm  "r-int" --nic3 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet3 "n-wifi"
-& "$vboxmanage" modifyvm  "r-int" --nictype3 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected3 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc3 allow-all
-
-#interface 4
-& "$vboxmanage" modifyvm  "r-int" --nic4 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet4 "n-user"
-& "$vboxmanage" modifyvm  "r-int" --nictype4 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected4 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc4 allow-all
-
-#interface 5
-& "$vboxmanage" modifyvm  "r-int" --nic5 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet5 "n-infra"
-& "$vboxmanage" modifyvm  "r-int" --nictype5 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected5 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc5 allow-all
+	create_if $args[0] "int" 2 "n-link"
+	create_if $args[0] "int" 3 "n-wifi"
+	create_if $args[0] "int" 4 "n-user"
+	create_if $args[0] "int" 5 "n-infra"
 }
 
 elseif ($args[0] -eq "r-ext") {
 
-	create_vm($args[0])
-
-#interface 1
-& "$vboxmanage" modifyvm  "r-ext" --nic1 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet1 "n-adm"
-& "$vboxmanage" modifyvm  "r-ext" --nictype1 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected1 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc1 allow-all
-
-#interface 2
-& "$vboxmanage" modifyvm  "r-ext" --nic2 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet2 "n-dmz"
-& "$vboxmanage" modifyvm  "r-ext" --nictype2 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected2 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc2 allow-all
-
-#interface 3
-& "$vboxmanage" modifyvm  "r-ext" --nic3 bridged
-& "$vboxmanage" modifyvm  "r-ext" --nictype3 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected3 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc3 allow-all
-
-#interface 4
-& "$vboxmanage" modifyvm  "r-ext" --nic4 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet4 "n-linkv"
-& "$vboxmanage" modifyvm  "r-ext" --nictype4 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected4 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc4 allow-all
-
-#interface 5
-& "$vboxmanage" modifyvm  "r-ext" --nic5 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet5 "n-link"
-& "$vboxmanage" modifyvm  "r-ext" --nictype5 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected5 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc5 allow-all
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz"
+	create_if $args[0] "bridge" 3 "null"
+	create_if $args[0] "int" 4 "n-linkv"
+	create_if $args[0] "int" 5 "n-link"
 }
 
-elseif ($args[0] -eq "test") {
+elseif (((((((($args[0] -eq "s-elk") `
+-or ($args[0] -eq "s-mon") `
+-or ($args[0] -eq "s-backup") `
+-or ($args[0] -eq "s-appli") `
+-or ($args[0] -eq "s-infra") `
+-or ($args[0] -eq "s-proxy") `
+-or ($args[0] -eq "s-itil") `
+-or ($args[0] -eq "s-nxc") `
+))))))) {
 
-fonction1 $args[0] $args[1]
-}
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	if ($args[0] -eq "s-elk") {
+
+		& "$vboxmanage" modifyvm "$args[0]" --memory 4096
+		Write-Host "$args[0] : 4096 RAM OK"
+	}
+}
+
+elseif ($args[0] -eq "s-fog") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	create_if $args[0] "int" 3 "n-user"
+}
+
+elseif ($args[0] -eq "s-agence") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-agence"
+}
+
+elseif ($args[0] -eq "s-lb") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz"
+	create_if $args[0] "int" 3 "n-dmz-lb"
+}
+
+elseif (($args[0] -eq "s-lb-db") -or ($args[0] -eq "s-nas")) {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz-db"
+}
+
+elseif ((($args[0] -eq "s-lb-web1") -or ($args[0] -eq "s-lb-web2") -or ($args[0] -eq "s-lb-web3"))) {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz-lb"
+	create_if $args[0] "int" 3 "n-dmz-db"
+}
+
+elseif (($args[0] -eq "s-dns-ext") -or ($args[0] -eq "s-web-ext")) {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	create_if $args[0] "int" 3 "n-user"
+}
+
+elseif ($args[0] -eq "r-vp1") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-linkv"
+	create_if $args[0] "bridge" 3 "null"
+}
+
+elseif ($args[0] -eq "r-vp2") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-agence"
+	create_if $args[0] "bridge" 3 "null"
+}
+
+else {
+	usage
+}

scripts/r-vp1-post.sh

@@ -1,2 +1,5 @@
 #!/bin/bash
+#stoper le fw
+systemctl stop ferm
+#ouverture du service web pour copie distante
 cd /root/confwg/ && python3 -m http.server 8000 &

scripts/r-vp2-post.sh

@@ -1,3 +1,7 @@
 #!/bin/bash
-
-wget http://r-vp1.gsb.adm:8000/wg0-b.qconf
+#recuperation du fichier de config
+wget http://r-vp1.gsb.adm:8800/wg0-b.conf
+#renomage fichier et mv
+mv ./wg0-b.conf /etc/wireguard/wg0.conf
+#activation interface wg0
+systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0