fix: fixed multiple issues in the values.yaml of peertube package

Merge branch 'main' of https://gitea.lyc-lecastel.fr/gadmin/gsb2023

README.md

@@ -1,17 +1,39 @@
 # gsb2023
 
+2023-02-02 ps
+
 Environnement et playbooks ansible pour le projet GSB 2023
 
 ## Quickstart
-prérequis : une machine Debian Bullseye
+Prérequis : 
+  * une machine Debian Bullseye
+  * VirtualBox
+  * fichier machines viruelles **ova** :
+    * **debian-bullseye-gsb-2023a.ova**
+    * **debian-buster-gsb-2023a.ova**
 
 
-## Les machines
-  * s-adm
-  * s-infra
-  * r-int
-  * r-ext
-  * s-proxy
+  * **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid 
+  * **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad**
+  * **r-int** : routage, DHCP 
+  * **r-ext** : routage, NAT
+  * **s-proxy** : squid
+  * **s-itil** : serveur GLPI
+  * **s-backup** : DNS esclave + sauvegarde s-win (SMB)
+  * **s-mon** : supervision avec **Nagios4**, notifications et syslog
+  * **s-fog** : deploiement postes de travail avec **FOG**
+  * **s-win** : Windows Server 2019, AD, DNS, DHCP, partage fichiers
+  * **s-nxc** : NextCloud avec **docker** 
+  * **s-elk** : pile ELK dockerisée
+  * **s-lb**  : Load Balancer **HaProxy** pour application Wordpress (DMZ)
+  * **r-vp1** : Routeur VPN Wireguard coté siège
+  * **r-vp2** : Routeur VPN Wireguard coté agence, DHCP
+  * **s-agence** : Serveur agence
+  * **s-lb**  : Load Balancer **HaProxy** pour application Wordpress 
+  * **s-lb-web1** : Serveur Wordpress 1 Load Balancer
+  * **s-lb-web2** : Serveur Wordpress 2 Load Balancer
+  * **s-lb-db** : Serveur Mariadb pour Wordpress
+  * **s-nas** : Serveur NFS pour application Wordpress avec LB
 
 
 ## Les playbooks
@@ -19,15 +41,28 @@ prérequis : une machine Debian Bullseye
 
 ## Installation
 
-On utilisera l'image de machine virtuelle suivante : 
-  * **debian-bullseye-2023a.ova** (2022-05-07)
-    * Debian Bullseye 11 - 2 cartes - 1 Go - stockage 20 Go
+On utilisera les images de machines virtuelle suivantes : 
+  * **debian-bullseye-2023a.ova** (2023-01-06)
+    * Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go
 
+et pour **s-fog** : 
+  * **debian-buster-2023a.ova** (2023-01-06)
+    * Debian Buster 10 - 2 cartes - 1 Go - stockage 20 Go
+
+On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer une VM
+
+```shell
+gsb2023>
+cd scripts
+$ mkvm -r s-adm
+
+```
 
 ### Machine s-adm
-  * créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut
-  * renommer la machine puis redémarrer
-  * taper :
+  * créer la machine virtuelle **s-adm** avec **mkvm** comme décrit plus haut.
+  * utiliser le script de renommage comme suit --> `bash chname <nouveau_nom_de_machine>` , puis redémarrer
+  * utiliser le script **s-adm-start** : `bash s-adm-start` , puis redémarrer
+  * ou sinon :
 ```shell
     mkdir -p tools/ansible ; cd tools/ansible
     git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git
@@ -35,7 +70,7 @@ On utilisera l'image de machine virtuelle suivante :
     bash inst-depl
     cd /var/www/html/gsbstore
     bash getall
-    cd /root/tools/ansible/gsb022/pre
+    cd /root/tools/ansible/gsb023/pre
     bash gsbboot
     cd .. ; bash pull-config
 ```
@@ -43,21 +78,32 @@ On utilisera l'image de machine virtuelle suivante :
   
 ### Pour chaque machine
 
-  - importer la machine à partir du fichier **.ova**
-  - définir les cartes réseau en accord avec le plan d'adressage et le schéma
-  - donner le nom adapté (avec sed -i …)
+  - créer la machine avec **mkvm -r**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications 
+  - utiliser le script de renommage comme suit : `bash chname <nouveau_nom_de_machine>`
   - redémarrer
-  - mettre à jour les paquets : apt update && apt upgrade
-  - cloner le dépot : 
+  - utiliser le script **gsb-start** : `bash gsb-start`
+  - ou sinon:
 ```shell
 mkdir -p tools/ansible ; cd tools/ansible
-git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git
+git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git
 cd gsb2023/pre
 export DEPL=192.168.99.99
 bash gsbboot
 cd ../..
 bash pull-config
 ```
+  - redémarrer
   - **Remarque** : une machine doit avoir été redémarrée pour prendre en charge la nouvelle configuration
 
 
+## Les tests
+
+Il peuvent êtres mis en oeuvre avec **goss** de la façon suivante : chaque machine installée  dispose d'un fichier de test ad-hoc portant le nom de la machine elle-même (machine.yml).
+
+```
+cd tools/ansible/gsb2023
+bash agoss # lance le test portant le nom de la machine 
+```
+
+`bash agoss -f tap` permet de lancer le test avec le détail d'exécution
+

goss/list-goss

@@ -0,0 +1,12 @@
+cd goss/
+goss -g r-vp1.yaml v
+goss  -g r-vp1.yaml aa wireguard
+goss add interface enp0s3
+goss add interface enp0s8
+goss add interface enp0s9
+goss add interface wg0
+goss aa wireguard
+goss add package wireguard-tools
+goss add service wg-quick@wg0
+goss add command "ping -c4  10.0.0.2"
+goss add file "/etc/wireguard/wg0.conf"

goss/r-ext.yaml

@@ -34,8 +34,6 @@ interface:
     - 192.168.100.254/24
   enp0s9:
     exists: true
-    addrs:
-    - 192.168.0.38/24
   enp0s16:
     exists: true
     addrs:

goss/r-vp1.yaml

@@ -1,67 +1,56 @@
+file:
+  /etc/wireguard/wg0.conf:
+    exists: true
+    mode: "0644"
+    owner: root
+    group: root
+    filetype: file
+    contains:
+    - AllowedIPs = 10.0.0.2/32, 172.16.128.0/24
 package:
-#  ferm:
-#    installed: true
-  strongswan:
+  wireguard:
     installed: true
-port:
-  udp:68:
-    listening: true
+    versions:
+    - 1.0.20210223-1
+  wireguard-tools:
+    installed: true
+    versions:
+    - 1.0.20210223-1
 service:
-#  dnsmasq:
-#    enabled: true
-#    running: true
-  strongswan:
-    enabled: true
-    running: true
-  ssh:
+  wg-quick@wg0:
     enabled: true
     running: true
 command:
-  sysctl net.ipv4.ip_forward:
+  host 192.168.99.99:
     exit-status: 0
     stdout:
-    - net.ipv4.ip_forward = 1
+    - 99.99.168.192.in-addr.arpa domain name pointer s-adm.gsb.adm.
     stderr: []
     timeout: 10000
-command:  
-  ping -c 4 192.168.0.52:
+  ping -c4  10.0.0.2:
     exit-status: 0
     stdout:
-    - 4 received = 1
+    - 0% packet loss
     stderr: []
     timeout: 10000
-command:
-  ping -c 4 192.168.1.1:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-command:
-  ping -c 4 192.168.200.254:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-command:
-  ping -c 4 172.16.0.1:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-#process:
-#  dnsmasq:
-#    running: true
-#  squid:
-#    running: true
 interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.112/24
+    mtu: 1500
   enp0s8:
     exists: true
     addrs:
-    - 192.168.0.51/24
+    - 192.168.1.2/24
+    mtu: 1500
   enp0s9:
     exists: true
     addrs:
-    - 192.168.1.2/24
+    - 192.168.0.51/24
+    mtu: 1500
+  wg0:
+    exists: true
+    addrs:
+    - 10.0.0.1/32
+    mtu: 1420

goss/r-vp2.yaml

@@ -0,0 +1,52 @@
+file:
+  /etc/wireguard/wg0.conf:
+    exists: true
+    mode: "0644"
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+package:
+  wireguard:
+    installed: true
+    versions:
+    - 1.0.20210223-1
+  wireguard-tools:
+    installed: true
+    versions:
+    - 1.0.20210223-1
+service:
+  isc-dhcp-server:
+    enabled: true
+    running: true
+  wg-quick@wg0:
+    enabled: true
+    running: true
+command:
+  ping -c4 10.0.0.1:
+    exit-status: 0
+    stdout:
+    - 0% packet loss
+    stderr: []
+    timeout: 10000
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.102/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.128.254/24
+    mtu: 1500
+  enp0s9:
+    exists: true
+    addrs:
+    - 192.168.0.52/24
+    mtu: 1500
+  wg0:
+    exists: true
+    addrs:
+    - 10.0.0.2/32
+    mtu: 1420

goss/r-vp2goss.yaml

@@ -1,67 +0,0 @@
-package:
-  ferm:
-    installed: true
-  ipsec:
-    installed: true
-port:
-  tcp:53: 
-    listening: true
-  udp:67:
-    listening: true
-  udp:68:
-    listening: true
-service:
-  dnsmasq:
-    enabled: true
-    running: true
-  ferm:
-    enabled: true
-    running: true
-  ssh:
-    enabled: true
-    running: true
-command:
-  sysctl net.ipv4.ip_forward:
-    exit-status: 0
-    stdout:
-    - net.ipv4.ip_forward = 1
-    stderr: []
-    timeout: 10000
-  sysctl ping -c 4 192.168.0.51:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-  sysctl ping -c 4 192.168.1.1:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-  sysctl ping -c 4 192.168.200.254:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-  sysctl ping -c 4 172.16.0.1:
-    exit-status: 0
-    stdout:
-    - 4 received = 1
-    stderr: []
-    timeout: 10000
-process:
-  dnsmasq:
-    running: true
-  squid3:
-    running: true
-interface:
-  enp0s8:
-    exists: true
-    addrs:
-    - 172.16.128.254/24
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.0.52/24

goss/s-adm.yaml

@@ -16,10 +16,6 @@ port:
     listening: true
     ip:
     - '::'
-  tcp6:8080:
-    listening: true
-    ip:
-    - '::'
   udp:53:
     listening: true
     ip:
@@ -45,7 +41,6 @@ service:
 user:
   dnsmasq:
     exists: true
-    uid: 109
     gid: 65534
     groups:
     - nogroup
@@ -54,7 +49,6 @@ user:
 group:
   ssh:
     exists: true
-    gid: 111
 command:
   /sbin/sysctl net.ipv4.ip_forward:
     exit-status: 0
@@ -65,8 +59,6 @@ command:
 dns:
   depl.sio.lan:
     resolveable: true
-    addrs:
-    - 10.121.38.10
     timeout: 500
 process:
   dnsmasq:

goss/s-agence.yaml

@@ -1,39 +1,19 @@
 command:
-  ip r:
+  ip route |grep default:
     exit-status: 0
     stdout:
     - default via 172.16.128.254 dev enp0s8
-    - 172.16.128.0/24
-    - 192.168.99.0/24
     stderr: []
     timeout: 10000
-  ping -c 2 172.16.128.254:
+  ping -c4 172.16.0.1:
     exit-status: 0
     stdout:
     - 0% packet loss
     stderr: []
     timeout: 10000
-  ping -c 2 192.168.1.2:
+  ping -c4 172.16.128.254:
     exit-status: 0
     stdout:
-    - 0% packet loss
-    stderr: []
-    timeout: 10000
-  ping -c 2 192.168.1.1:
-    exit-status: 0
-    stdout:
-    - 0% packet loss
-    stderr: []
-    timeout: 10000
-  ping -c 2 192.168.200.254:
-    exit-status: 0
-    stdout:
-    - 0% packet loss
-    stderr: []
-    timeout: 10000
-  ping -c 2 172.16.0.1:
-    exit-status: 0
-    stdout:
-    - 0% packet loss
+    -  0% packet loss
     stderr: []
     timeout: 10000

goss/s-backup.yaml

@@ -0,0 +1,41 @@
+package:
+  bind9:
+    installed: true
+  cifs-utils:
+    installed: true
+  rsync:
+    installed: true
+  smbclient:
+    installed: true
+service:
+  bind9:
+    enabled: true
+    running: true
+  rsync:
+    enabled: true
+    running: false
+command:
+  ping -c4 ns.gsb.lan:
+    exit-status: 0
+    stdout:
+    - 0% packet loss
+    stderr: []
+    timeout: 10000
+#check si partage windows accesible
+  smbclient -L //s-win --user=uBackup%Azerty1+ | grep 'public':
+    exit-status: 0
+    stdout:
+    - public
+    stderr: []
+    timeout: 10000
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.4/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.4/24
+    mtu: 1500

goss/s-elk.yaml

@@ -0,0 +1,26 @@
+port:
+  tcp:5044:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:5601:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:9200:
+    listening: true
+    ip:
+    - 0.0.0.0
+service:
+  docker:
+    enabled: true
+    running: true
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.11/24
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.11/24

goss/s-mon.yaml

@@ -1,26 +1,27 @@
 file:
-  /etc/icinga/htpasswd.users:
+  /etc/nagios4/htdigest.users:
     exists: true
-    mode: "0644"
-    size: 26
-    owner: root
-    group: root
+    mode: "0640"
+    owner: nagios
+    group: www-data
     filetype: file
-    contains: []
+    contains: [nagiosadmin]
 package:
   apache2:
     installed: true
   nagios-snmp-plugins:
     installed: true
-  icinga:
+  nagios4:
     installed: true
   snmp:
     installed: true
+  python3-passlib:
+    installed: true
 port:
-  tcp6:80:
+  tcp:80:
     listening: true
     ip:
-    - '::'
+    - 0.0.0.0
   udp:514:
     listening: true
     ip:
@@ -29,7 +30,7 @@ service:
   apache2:
     enabled: true
     running: true
-  icinga:
+  nagios4:
     enabled: true
     running: true
 command:
@@ -42,7 +43,7 @@ command:
 process:
   apache2:
     running: true
-  icinga:
+  nagios4:
     running: true
 interface:
   enp0s3:
@@ -54,7 +55,7 @@ interface:
     addrs:
     - 172.16.0.8/24
 http:
-  http://localhost/icinga:
+  http://localhost/nagios4:
     status: 401
     allow-insecure: false
     no-follow-redirects: false

graylog-pont.yml

@@ -1,8 +0,0 @@
----
-- hosts: localhost
-  connection: local
-
-  roles:
-    - goss
-    - docker-graylog-pont
-    - post

lisezmoi.txt

@@ -7,7 +7,7 @@ Ce document décrit les divers élements du projet GSB du BTS SIO utilisé pour
 Le projet GSB décrit les diférents playbooks permttant d'installer les
 machines du projet GSB
 
-Les répertoires :
+Les répertoires : 
 
 - roles : les roles
 - goss : les outils de test

ping-agence.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.128.254
-
-ping -c3 192.168.1.2
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.200.253
-
-ping -c3 192.168.200.254
-
-ping -c3 172.16.0.254
-
-ping -c3 172.16.0.1

ping-rext.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.0.1
-
-ping -c3 172.16.0.254
-
-ping -c3 192.168.200.254
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.1.2
-
-ping -c3 172.16.128.254
-
-ping -c3 172.16.128.10

ping-rint.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.0.1
-
-ping -c3 192.168.200.253
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.1.2
-
-ping -c3 172.16.128.254
-
-ping -c3 172.16.128.10

ping-sinfra.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-ping -c3 172.16.0.254
-
-ping -c3 192.168.200.254
-
-ping -c3 192.168.200.253
-
-ping -c3 192.168.1.1
-
-ping -c3 192.168.1.2
-
-ping -c3 172.16.125.254
-
-ping -c3 172.16.128.10

pre/gsbboot

@@ -24,7 +24,7 @@ if [[ -z ${DEPL+x} ]]; then
 fi
 
 hostf="${host}.local" 
-prj=gsb2022
+prj=gsb2023
 APT=apt
 
 which git >> /dev/null
@@ -34,7 +34,7 @@ if [[ $? != 0 ]]; then
 	${APT} install -y git-core
 fi
 ${APT} update
-${APT} upgrade -y
+#${APT} upgrade -y
 
 which ansible >> /dev/null
 if [[ $? != 0 ]]; then

pre/inst-depl

@@ -1,41 +1,53 @@
 #!/bin/bash
-## ps : 2021-04-01 15:25
+## aa : 2023-01-18 15:25
+## ps : 2023-02-01 15:25
 
 set -o errexit
 set -o pipefail
 GITUSR=gitgsb
-GITPRJ=gsb2022
-apt update && apt upgrade
-apt install -y apache2 git 
+GITPRJ=gsb2023
+apt-get update 
+apt-get install -y apache2 git 
 STOREREP="/var/www/html/gsbstore" 
 
-GLPIREL=9.5.6
+GLPIREL=10.0.6
 str="wget -nc https://github.com/glpi-project/glpi/releases/download/${GLPIREL}/glpi-${GLPIREL}.tgz"
 
-FIREL=9.5 
-str2="https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi9.5%2B3.0/fusioninventory-9.5+3.0.tar.bz2"
 
-FIAGREL=2.6
-str31="wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x64_${FIAGREL}.exe"
+#Fusion Inventory
+
+#FIREL=10.0.3+1.0
+#str2="https://github.com/fusioninventory/fusioninventory-for-glpi/releases/download/glpi${FIREL}/fusioninventory-${FIREL}.tar.bz2"
+
+
+#GLPI Agent
+
+GLPIAGVER=1.4
+str31="wget -nc https://github.com/glpi-project/glpi-agent/releases/download/${GLPIAGVER}/GLPI-Agent-${GLPIAGVER}-x64.msi"
+
+str32="wget -nc https://github.com/glpi-project/glpi-agent/releases/download/${GLPIAGVER}/GLPI-Agent-${GLPIAGVER}-x86.msi"
 
-str32="wget -nc https://github.com/fusioninventory/fusioninventory-agent/releases/download/${FIAGREL}/fusioninventory-agent_windows-x86_${FIAGREL}.exe"
 
 FOGREL=1.5.9
 str4="wget -nc https://github.com/FOGProject/fogproject/archive/${FOGREL}.tar.gz -O fogproject-${FOGREL}.tar.gz"
 
-WPREL=5.8.2
-str5="wget -nc https://fr.wordpress.org/wordpress-${WPREL}-fr_FR.tar.gz"
+WPREL=6.1.1
+#v6.1.1 le 17/01/2023
+str5="wget -nc https://fr.wordpress.org/latest-fr_FR.tar.gz -O wordpress-6.1.1-fr_FR.tar.gz"
 
-GOSSVER=v0.3.16
+GOSSVER=v0.3.21
 str6="curl -L https://github.com/aelsabbahy/goss/releases/download/${GOSSVER}/goss-linux-amd64 -o goss"
 
-DOCKERREL=1.29.2
-str7="curl -L https://github.com/docker/compose/releases/download/${DOCKERREL}/docker-compose-$(uname -s)-$(uname -m) -o docker-compose"
+#DOCKERREL=1.29.2
+#str7="curl -L https://github.com/docker/compose/releases/download/${DOCKERREL}/docker-compose-$(uname -s)-$(uname -m) -o docker-compose"
 
-GESTSUPREL=3.2.15
-str8="wget -nc https://gestsup.fr/downloads/versions/current/version/gestsup_${GESTSUPREL}.zip"
+#GESTSUPREL=3.2.30
+#str8="wget -nc 'https://gestsup.fr/index.php?page=download&channel=stable&version=${GESTSUPREL}&type=gestsup' -O gestsup_${GESTSUPREL}.zip"
+str8="wget -nc 'https://gestsup.fr/index.php?page=download&channel=stable&version=3.2.30&type=gestsup' -O gestsup_3.2.30.zip"
 
-ELKREL=7.16.3
+
+#METRICBEAT ET FILEBEAT
+ELKREL=8.5.3
 str81="wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${ELKREL}-amd64.deb"
 
 str82="wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-${ELKREL}-windows-x86_64.zip"
@@ -70,12 +82,12 @@ curl -L https://get.docker.com -o getdocker.sh
 
 chmod +x ./getdocker.sh
 
-${str7}
+#${str7}
 
-chmod +x ./docker-compose
+#chmod +x ./docker-compose
 
 
-wget -nc https://github.com/FiloSottile/mkcert/releases/download/v1.4.3/mkcert-v1.4.3-linux-amd64 -O mkcert
+wget -nc https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64 -O mkcert
 
 chmod +x ./mkcert
 
@@ -90,4 +102,3 @@ EOT
 )
 
 cat "${STOREREP}/getall"
-

pre/pull-config

@@ -1,7 +1,11 @@
 #!/bin/bash
 
+dir=/root/tools/ansible
+prj=gsb2023
+opt=""
+
 if [ -z ${UREP+x} ]; then 
-	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git 
+	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git 
 fi
 
 dir=/root/tools/ansible
@@ -11,6 +15,14 @@ dir=/root/tools/ansible
 cd  "${dir}" || exit 1
 
 hostname  > hosts
-ansible-pull -i "${dir}/hosts"  -U "${UREP}"
+if [[ $# == 1 ]] ; then
+	opt=$1
+fi
+if [[ "${opt}" == '-l'  ]] ; then
+   cd "${dir}/${prj}" || exit 2	
+   ansible-playbook -i localhost, -c local  "$(hostname).yml"
+else
+   ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
+fi
 
 exit 0

proxy

@@ -1 +0,0 @@
-/etc/nginx/sites-availables/proxy

pull-config

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 if [ -z ${UREP+x} ]; then 
-	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git 
+	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git 
 fi
 
 dir=/root/tools/ansible
@@ -11,6 +11,6 @@ dir=/root/tools/ansible
 cd  "${dir}" || exit 1
 
 hostname  > hosts
-ansible-pull -i "${dir}/hosts"  -U "${UREP}"
+ansible-pull -i "${dir}/hosts"  -C main -U "${UREP}"
 
 exit 0

r-vp1-fw.yml

@@ -0,0 +1,13 @@
+---
+- hosts: localhost
+  connection: local
+
+  vars:
+   - ip1: 192.168.0.51
+   - remip: 192.168.0.52
+   - mynet: 192.168.1.0
+   - remnet: 172.16.128.0
+
+  roles:
+   - fw-ferm
+   

r-vp1.yml

@@ -12,9 +12,8 @@
    - base
    - goss
 #   - snmp-agent
-#   - firewall-vpn-r
+   - post
    - wireguard-r
-#   - x509-r
    - ssh-cli
    - syslog-cli
-   - post
+   

r-vp2-fw.yml

@@ -0,0 +1,12 @@
+---
+- hosts: localhost
+  connection: local
+
+  vars:
+   - ip1: 192.168.0.52
+   - remip: 192.168.0.51
+   - mynet: 172.16.128.0
+   - remnet: 192.168.1.0
+
+  roles:
+   - fw-ferm

r-vp2.yml

@@ -15,9 +15,7 @@
    - dns-agence
    - ssh-root-access
 #   - snmp-agent
-#   - firewall-vpn-l
    - wireguard-l
-#   - x509-l
+   - post
    - ssh-cli
    - syslog-cli
-   - post

roles/base/templates/hosts.j2

@@ -10,18 +10,25 @@
 192.168.99.3	s-appli.gsb.adm
 192.168.99.4	s-backup.gsb.adm
 192.168.99.5	s-puppet.gsb.adm
-192.168.99.6 	s-win.gsb.adm 
+192.168.99.6	s-win.gsb.adm 
 192.168.99.7	s-nxc.gsb.adm
 192.168.99.8	s-mon.gsb.adm
 192.168.99.9	s-itil.gsb.adm
-192.168.99.10	s-sspec.gsb.adm
-192.168.99.11	s-web-ext.gsb.adm
+192.168.99.10	s-lb.gsb.adm
+192.168.99.11	s-elk.gsb.adm
 192.168.99.10	s-dns.gsb.adm
 192.168.99.12	r-int.gsb.adm
 192.168.99.13	r-ext.gsb.adm
 192.168.99.14	s-nas.gsb.adm
 192.168.99.15	s-san.gsb.adm
 192.168.99.16	s-fog.gsb.adm
+192.168.99.50	s-lb-bd.gsb.adm
+192.168.99.101	s-lb-web1.gsb.adm
+192.168.99.102	s-lb-web2.gsb.adm
+192.168.99.103	s-lb-web3.gsb.adm
+192.168.99.112  r-vp1.gsb.adm
+192.168.99.102  r-vp2.gsb.adm
+192.168.99.120  s-peertube.gsb.adm
 
 192.168.99.8	syslog.gsb.adm
 

roles/base/templates/hosts.s-proxy.j2

@@ -11,16 +11,22 @@
 192.168.99.3	s-appli.gsb.adm
 192.168.99.4	s-backup.gsb.adm
 192.168.99.5	s-puppet.gsb.adm
-192.168.99.6 	s-win.gsb.adm 
+192.168.99.6	s-win.gsb.adm 
 192.168.99.7	s-nxc.gsb.adm
 192.168.99.8	s-mon.gsb.adm
 192.168.99.9	s-itil.gsb.adm
-192.168.99.10	s-sspec.gsb.adm
-192.168.99.11	s-web-ext.gsb.adm
+192.168.99.10	s-lb.gsb.adm
+192.168.99.11	s-elk.gsb.adm
 192.168.99.10	s-dns.gsb.adm
 192.168.99.12	r-int.gsb.adm
 192.168.99.13	r-ext.gsb.adm
 192.168.99.14	s-nas.gsb.adm
-
+192.168.99.50	s-lb-bd.gsb.adm
+192.168.99.101	s-lb-web1.gsb.adm
+192.168.99.102	s-lb-web2.gsb.adm
+192.168.99.103	s-lb-web3.gsb.adm
+192.168.99.112  r-vp1.gsb.adm
+192.168.99.102  r-vp2.gsb.adm
+192.168.99.120  s-peertube.gsb.adm
 192.168.99.8	syslog.gsb.adm
 

roles/dhcp-fog/files/dhcpd.conf

@@ -109,12 +109,12 @@ log-facility local7;
 #DHCP pour le réseau wifi
 #subnet 172.16.65.0 netmask 255.255.255.0 {
 #	range 172.16.65.1 172.16.65.100;
-#  	option domain-name-servers ns1.internal.example.org;
-#  	option domain-name "internal.example.org";
-#  	option routers 10.5.5.1;
-#  	option broadcast-address 10.5.5.31;
-#  	default-lease-time 600;
-#  	max-lease-time 7200;
+#	option domain-name-servers ns1.internal.example.org;
+#	option domain-name "internal.example.org";
+#	option routers 10.5.5.1;
+#	option broadcast-address 10.5.5.31;
+#	default-lease-time 600;
+#	max-lease-time 7200;
 #}
 
 #DHCP pour le réseau USER

roles/dhcp-fog/tasks/main.yml

@@ -10,5 +10,3 @@
   copy: src=dhcpd.conf dest=/etc/dhcp/
   notify:
     - restart isc-dhcp-server
-  
- 

roles/dns-ag-cs/files/named.conf.options

@@ -1,23 +0,0 @@
-// 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200)
-
-options {
-        directory "/var/cache/bind";
-
-        // If there is a firewall between you and nameservers you want
-        // to talk to, you may need to fix the firewall to allow multiple
-        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113
-
-        // If your ISP provided one or more IP addresses for stable
-        // nameservers, you probably want to use them as forwarders.
-        // Uncomment the following block, and insert the addresses replacing
-        // the all-0's placeholder.
-
-        forwarders {
-                172.16.0.1;
-
-         };
-
-        auth-nxdomain no;    # conform to RFC1035
-        listen-on-v6 { any; };
-};
-

roles/dns-ag-cs/handlers/main.yml

@@ -1,4 +0,0 @@
----
-  - name: restart bind9
-    service: name=bind9 state=restarted
-

roles/dns-ag-cs/tasks/main.yml

@@ -1,11 +0,0 @@
----
-
-- name: Installation bind9
-  apt:  name=bind9 state=present update_cache=yes
-
-- name: Copie named.conf.options
-  copy: src=named.conf.options dest=/etc/bind
-  notify:
-    - restart bind9
-
-

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2022041200      ; Serial
+                        2023051000      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -25,7 +25,7 @@ s-nxc		IN	A	172.16.0.7
 s-docker	IN	A	172.16.0.7
 s-mon    	IN      A       172.16.0.8
 s-itil		IN	A	172.16.0.9
-s-elk		IN	A	172.16.0.10
+s-elk		IN	A	172.16.0.11
 s-gestsup	IN	A	172.16.0.17
 r-int    	IN      A       172.16.0.254
 r-int-lnk    	IN      A       192.168.200.254
@@ -35,4 +35,6 @@ s-web1          IN      A       192.168.101.1
 s-web2          IN      A       192.168.101.2
 s-lb.gsb.lan    IN      A       192.168.100.10
 ns   	        IN      CNAME   s-infra.gsb.lan.
-wpad		IN	CNAME	s-infra.gsb.lan.	
+wpad		IN	CNAME	s-infra.gsb.lan.
+s-peertube	IN	A	192.168.100.20
+peertube 	IN 	CNAME 	s-peertube

roles/dns-master/files/db.gsb.lan.rev

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2022041200      ; Serial
+                        2023040501      ; Serial
                         7200            ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -20,12 +20,11 @@ $TTL    604800
 6.0       IN      PTR     s-win.gsb.lan.
 7.0       IN      PTR     s-nxc.gsb.lan.
 8.0       IN      PTR     s-mon.gsb.lan.
-9.0	  IN	  PTR 	  s-itil.gsb.lan.
+9.0	  IN	  PTR	  s-itil.gsb.lan.
 101.1     IN      PTR     s-web1
 101.2     IN      PTR     s-web2
 100.10   IN      PTR      s-lb
 100.10   IN      PTR      s-lb.gsb.lan
-10.0	  IN	  PTR	  s-elk.gsb.lan.
+11.0	  IN	  PTR	  s-elk.gsb.lan.
 17.0	  IN	  PTR	  s-gestsup.lan
-254.0     IN      PTR     r-int.gsb.lan.
-
+254.0     IN      PTR     r-int.gsb.lan.

roles/docker/tasks/main.yml

@@ -1,16 +1,16 @@
 ---
-- name: Téléchargement getdocker.sh
-  ansible.builtin.get_url:
-    url: http://s-adm.gsb.adm/gsbstore/getdocker.sh
-    dest: /tmp
-    mode: '0755'
+- name: Supprime le fichier getdocker.sh si déjà présent
+  file:
+    state: absent
+    path: /tmp/getdocker.sh
+
+- name: Télécharge le script d'installation de docker
+  uri:
+    url: 'https://get.docker.com'
+    method: GET
+    dest: /tmp/getdocker.sh
+    mode: a+x
+  register: result
 
 - name: Execution du script getdocker
-  ansible.builtin.script: 
-    cmd: /tmp/getdocker.sh
-
-- name: Téléchargement docker-compose
-  ansible.builtin.get_url:
-    url: http://s-adm.gsb.adm/gsbstore/docker-compose
-    dest: /usr/local/bin               
-    mode: '0755'
+  shell: bash /tmp/getdocker.sh

roles/elk/README.md

@@ -1,8 +1,9 @@
 ## Principe du rôle elk
-  
-Ce rôle permet de créer un serveur ELK pour centraliser les logs et d'avoir des métriques pour simplifier la gestion du parc informatique GSB. 
-Le principe de se rôle est d'installer docker, les différentes tâches de se rôle est de :  
-Vérifier si ELK est déjà installé,  
-Installer ELK sur github,  
-Changer la configuration  
-Lancer ELK avec docker-compose   
+ELK 8.5.3
+
+Ce rôle permet de créer un serveur ELK pour centraliser les logs et de des métriques pour simplifier la gestion du parc informatique GSB. 
+Le principe de ce rôle est d'installer docker, les différentes tâches de ce rôle sont de :
+- Vérifier si ELK est déjà installé,
+- Importation un docker-compose depuis github,
+- Changement la configuration pour passer en version 'basic'
+- Lancement d'ELK avec docker-compose

roles/elk/files/get_docker.sh

@@ -1,502 +0,0 @@
-#!/bin/sh
-set -e
-# Docker CE for Linux installation script
-#
-# See https://docs.docker.com/install/ for the installation steps.
-#
-# This script is meant for quick & easy install via:
-#   $ curl -fsSL https://get.docker.com -o get-docker.sh
-#   $ sh get-docker.sh
-#
-# For test builds (ie. release candidates):
-#   $ curl -fsSL https://test.docker.com -o test-docker.sh
-#   $ sh test-docker.sh
-#
-# NOTE: Make sure to verify the contents of the script
-#       you downloaded matches the contents of install.sh
-#       located at https://github.com/docker/docker-install
-#       before executing.
-#
-# Git commit from https://github.com/docker/docker-install when
-# the script was uploaded (Should only be modified by upload job):
-SCRIPT_COMMIT_SHA="3d8fe77c2c46c5b7571f94b42793905e5b3e42e4"
-
-
-# The channel to install from:
-#   * nightly
-#   * test
-#   * stable
-#   * edge (deprecated)
-DEFAULT_CHANNEL_VALUE="stable"
-if [ -z "$CHANNEL" ]; then
-	CHANNEL=$DEFAULT_CHANNEL_VALUE
-fi
-
-DEFAULT_DOWNLOAD_URL="https://download.docker.com"
-if [ -z "$DOWNLOAD_URL" ]; then
-	DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
-fi
-
-DEFAULT_REPO_FILE="docker-ce.repo"
-if [ -z "$REPO_FILE" ]; then
-	REPO_FILE="$DEFAULT_REPO_FILE"
-fi
-
-mirror=''
-DRY_RUN=${DRY_RUN:-}
-while [ $# -gt 0 ]; do
-	case "$1" in
-		--mirror)
-			mirror="$2"
-			shift
-			;;
-		--dry-run)
-			DRY_RUN=1
-			;;
-		--*)
-			echo "Illegal option $1"
-			;;
-	esac
-	shift $(( $# > 0 ? 1 : 0 ))
-done
-
-case "$mirror" in
-	Aliyun)
-		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
-		;;
-	AzureChinaCloud)
-		DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
-		;;
-esac
-
-command_exists() {
-	command -v "$@" > /dev/null 2>&1
-}
-
-is_dry_run() {
-	if [ -z "$DRY_RUN" ]; then
-		return 1
-	else
-		return 0
-	fi
-}
-
-is_wsl() {
-	case "$(uname -r)" in
-	*microsoft* ) true ;; # WSL 2
-	*Microsoft* ) true ;; # WSL 1
-	* ) false;;
-	esac
-}
-
-is_darwin() {
-	case "$(uname -s)" in
-	*darwin* ) true ;;
-	*Darwin* ) true ;;
-	* ) false;;
-	esac
-}
-
-deprecation_notice() {
-	distro=$1
-	date=$2
-	echo
-	echo "DEPRECATION WARNING:"
-	echo "    The distribution, $distro, will no longer be supported in this script as of $date."
-	echo "    If you feel this is a mistake please submit an issue at https://github.com/docker/docker-install/issues/new"
-	echo
-	sleep 10
-}
-
-get_distribution() {
-	lsb_dist=""
-	# Every system that we officially support has /etc/os-release
-	if [ -r /etc/os-release ]; then
-		lsb_dist="$(. /etc/os-release && echo "$ID")"
-	fi
-	# Returning an empty string here should be alright since the
-	# case statements don't act unless you provide an actual value
-	echo "$lsb_dist"
-}
-
-add_debian_backport_repo() {
-	debian_version="$1"
-	backports="deb http://ftp.debian.org/debian $debian_version-backports main"
-	if ! grep -Fxq "$backports" /etc/apt/sources.list; then
-		(set -x; $sh_c "echo \"$backports\" >> /etc/apt/sources.list")
-	fi
-}
-
-echo_docker_as_nonroot() {
-	if is_dry_run; then
-		return
-	fi
-	if command_exists docker && [ -e /var/run/docker.sock ]; then
-		(
-			set -x
-			$sh_c 'docker version'
-		) || true
-	fi
-	your_user=your-user
-	[ "$user" != 'root' ] && your_user="$user"
-	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
-	echo "If you would like to use Docker as a non-root user, you should now consider"
-	echo "adding your user to the \"docker\" group with something like:"
-	echo
-	echo "  sudo usermod -aG docker $your_user"
-	echo
-	echo "Remember that you will have to log out and back in for this to take effect!"
-	echo
-	echo "WARNING: Adding a user to the \"docker\" group will grant the ability to run"
-	echo "         containers which can be used to obtain root privileges on the"
-	echo "         docker host."
-	echo "         Refer to https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface"
-	echo "         for more information."
-
-}
-
-# Check if this is a forked Linux distro
-check_forked() {
-
-	# Check for lsb_release command existence, it usually exists in forked distros
-	if command_exists lsb_release; then
-		# Check if the `-u` option is supported
-		set +e
-		lsb_release -a -u > /dev/null 2>&1
-		lsb_release_exit_code=$?
-		set -e
-
-		# Check if the command has exited successfully, it means we're in a forked distro
-		if [ "$lsb_release_exit_code" = "0" ]; then
-			# Print info about current distro
-			cat <<-EOF
-			You're using '$lsb_dist' version '$dist_version'.
-			EOF
-
-			# Get the upstream release info
-			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
-			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
-
-			# Print info about upstream distro
-			cat <<-EOF
-			Upstream release is '$lsb_dist' version '$dist_version'.
-			EOF
-		else
-			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
-				if [ "$lsb_dist" = "osmc" ]; then
-					# OSMC runs Raspbian
-					lsb_dist=raspbian
-				else
-					# We're Debian and don't even know it!
-					lsb_dist=debian
-				fi
-				dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
-				case "$dist_version" in
-					10)
-						dist_version="buster"
-					;;
-					9)
-						dist_version="stretch"
-					;;
-					8|'Kali Linux 2')
-						dist_version="jessie"
-					;;
-				esac
-			fi
-		fi
-	fi
-}
-
-semverParse() {
-	major="${1%%.*}"
-	minor="${1#$major.}"
-	minor="${minor%%.*}"
-	patch="${1#$major.$minor.}"
-	patch="${patch%%[-.]*}"
-}
-
-do_install() {
-	echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
-
-	if command_exists docker; then
-		docker_version="$(docker -v | cut -d ' ' -f3 | cut -d ',' -f1)"
-		MAJOR_W=1
-		MINOR_W=10
-
-		semverParse "$docker_version"
-
-		shouldWarn=0
-		if [ "$major" -lt "$MAJOR_W" ]; then
-			shouldWarn=1
-		fi
-
-		if [ "$major" -le "$MAJOR_W" ] && [ "$minor" -lt "$MINOR_W" ]; then
-			shouldWarn=1
-		fi
-
-		cat >&2 <<-'EOF'
-			Warning: the "docker" command appears to already exist on this system.
-
-			If you already have Docker installed, this script can cause trouble, which is
-			why we're displaying this warning and provide the opportunity to cancel the
-			installation.
-
-			If you installed the current Docker package using this script and are using it
-		EOF
-
-		if [ $shouldWarn -eq 1 ]; then
-			cat >&2 <<-'EOF'
-			again to update Docker, we urge you to migrate your image store before upgrading
-			to v1.10+.
-
-			You can find instructions for this here:
-			https://github.com/docker/docker/wiki/Engine-v1.10.0-content-addressability-migration
-			EOF
-		else
-			cat >&2 <<-'EOF'
-			again to update Docker, you can safely ignore this message.
-			EOF
-		fi
-
-		cat >&2 <<-'EOF'
-
-			You may press Ctrl+C now to abort this script.
-		EOF
-		( set -x; sleep 20 )
-	fi
-
-	user="$(id -un 2>/dev/null || true)"
-
-	sh_c='sh -c'
-	if [ "$user" != 'root' ]; then
-		if command_exists sudo; then
-			sh_c='sudo -E sh -c'
-		elif command_exists su; then
-			sh_c='su -c'
-		else
-			cat >&2 <<-'EOF'
-			Error: this installer needs the ability to run commands as root.
-			We are unable to find either "sudo" or "su" available to make this happen.
-			EOF
-			exit 1
-		fi
-	fi
-
-	if is_dry_run; then
-		sh_c="echo"
-	fi
-
-	# perform some very rudimentary platform detection
-	lsb_dist=$( get_distribution )
-	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
-
-	if is_wsl; then
-		echo
-		echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
-		echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
-		echo
-		cat >&2 <<-'EOF'
-
-			You may press Ctrl+C now to abort this script.
-		EOF
-		( set -x; sleep 20 )
-	fi
-
-	case "$lsb_dist" in
-
-		ubuntu)
-			if command_exists lsb_release; then
-				dist_version="$(lsb_release --codename | cut -f2)"
-			fi
-			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
-				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
-			fi
-		;;
-
-		debian|raspbian)
-			dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
-			case "$dist_version" in
-				10)
-					dist_version="buster"
-				;;
-				9)
-					dist_version="stretch"
-				;;
-				8)
-					dist_version="jessie"
-				;;
-			esac
-		;;
-
-		centos|rhel)
-			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
-				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
-			fi
-		;;
-
-		*)
-			if command_exists lsb_release; then
-				dist_version="$(lsb_release --release | cut -f2)"
-			fi
-			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
-				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
-			fi
-		;;
-
-	esac
-
-	# Check if this is a forked Linux distro
-	check_forked
-
-	# Run setup for each distro accordingly
-	case "$lsb_dist" in
-		ubuntu|debian|raspbian)
-			pre_reqs="apt-transport-https ca-certificates curl"
-			if [ "$lsb_dist" = "debian" ]; then
-				# libseccomp2 does not exist for debian jessie main repos for aarch64
-				if [ "$(uname -m)" = "aarch64" ] && [ "$dist_version" = "jessie" ]; then
-					add_debian_backport_repo "$dist_version"
-				fi
-			fi
-
-			if ! command -v gpg > /dev/null; then
-				pre_reqs="$pre_reqs gnupg"
-			fi
-			apt_repo="deb [arch=$(dpkg --print-architecture)] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				$sh_c 'apt-get update -qq >/dev/null'
-				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
-				$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | apt-key add -qq - >/dev/null"
-				$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
-				$sh_c 'apt-get update -qq >/dev/null'
-			)
-			pkg_version=""
-			if [ -n "$VERSION" ]; then
-				if is_dry_run; then
-					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
-				else
-					# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
-					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
-					search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
-					pkg_version="$($sh_c "$search_command")"
-					echo "INFO: Searching repository for VERSION '$VERSION'"
-					echo "INFO: $search_command"
-					if [ -z "$pkg_version" ]; then
-						echo
-						echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
-						echo
-						exit 1
-					fi
-					search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
-					# Don't insert an = for cli_pkg_version, we'll just include it later
-					cli_pkg_version="$($sh_c "$search_command")"
-					pkg_version="=$pkg_version"
-				fi
-			fi
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				if [ -n "$cli_pkg_version" ]; then
-					$sh_c "apt-get install -y -qq --no-install-recommends docker-ce-cli=$cli_pkg_version >/dev/null"
-				fi
-				$sh_c "apt-get install -y -qq --no-install-recommends docker-ce$pkg_version >/dev/null"
-			)
-			echo_docker_as_nonroot
-			exit 0
-			;;
-		centos|fedora|rhel)
-			yum_repo="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
-			if ! curl -Ifs "$yum_repo" > /dev/null; then
-				echo "Error: Unable to curl repository file $yum_repo, is it valid?"
-				exit 1
-			fi
-			if [ "$lsb_dist" = "fedora" ]; then
-				pkg_manager="dnf"
-				config_manager="dnf config-manager"
-				enable_channel_flag="--set-enabled"
-				disable_channel_flag="--set-disabled"
-				pre_reqs="dnf-plugins-core"
-				pkg_suffix="fc$dist_version"
-			else
-				pkg_manager="yum"
-				config_manager="yum-config-manager"
-				enable_channel_flag="--enable"
-				disable_channel_flag="--disable"
-				pre_reqs="yum-utils"
-				pkg_suffix="el"
-			fi
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				$sh_c "$pkg_manager install -y -q $pre_reqs"
-				$sh_c "$config_manager --add-repo $yum_repo"
-
-				if [ "$CHANNEL" != "stable" ]; then
-					$sh_c "$config_manager $disable_channel_flag docker-ce-*"
-					$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
-				fi
-				$sh_c "$pkg_manager makecache"
-			)
-			pkg_version=""
-			if [ -n "$VERSION" ]; then
-				if is_dry_run; then
-					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
-				else
-					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
-					search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
-					pkg_version="$($sh_c "$search_command")"
-					echo "INFO: Searching repository for VERSION '$VERSION'"
-					echo "INFO: $search_command"
-					if [ -z "$pkg_version" ]; then
-						echo
-						echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
-						echo
-						exit 1
-					fi
-					search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
-					# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
-					cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
-					# Cut out the epoch and prefix with a '-'
-					pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
-				fi
-			fi
-			(
-				if ! is_dry_run; then
-					set -x
-				fi
-				# install the correct cli version first
-				if [ -n "$cli_pkg_version" ]; then
-					$sh_c "$pkg_manager install -y -q docker-ce-cli-$cli_pkg_version"
-				fi
-				$sh_c "$pkg_manager install -y -q docker-ce$pkg_version"
-			)
-			echo_docker_as_nonroot
-			exit 0
-			;;
-		*)
-			if [ -z "$lsb_dist" ]; then
-				if is_darwin; then
-					echo
-					echo "ERROR: Unsupported operating system 'macOS'"
-					echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
-					echo
-					exit 1
-				fi
-			fi
-			echo
-			echo "ERROR: Unsupported distribution '$lsb_dist'"
-			echo
-			exit 1
-			;;
-	esac
-	exit 1
-}
-
-# wrapped up in a function so that we have some protection against only getting
-# half the file during "curl | sh"
-do_install

roles/elk/tasks/main.yml

@@ -22,6 +22,6 @@
       replace: 'xpack.license.self_generated.type: basic'
      
   - name: Execution du fichier docker-compose.yml
-    shell: docker-compose up -d
+    shell: docker compose up -d
     args:
       chdir: /root/elk

roles/filebeat-cli/defaults/main.yml

@@ -0,0 +1 @@
+BEATVER: "8.5.3"

roles/filebeat-cli/handlers/main.yml

@@ -1,4 +1,4 @@
-- name: start filebeat
+- name: restart filebeat
   service:
     name: filebeat
     state: started

roles/filebeat-cli/tasks/main.yml

@@ -1,12 +1,12 @@
 ---
 - name: Récupération de filebeat
   get_url:
-    url: http://s-adm.gsb.adm/gsbstore/filebeat-7.16.3-amd64.deb
+    url: http://s-adm.gsb.adm/gsbstore/filebeat-${BEATVAR}-amd64.deb
     dest: /tmp/
 
 - name: Installation de filebeat
   apt:
-    deb: /tmp/filebeat-7.16.3-amd64.deb
+    deb: /tmp/filebeat-${BEATVEAR}-amd64.deb
 
 - name: Changement du fichier de conf
   copy:
@@ -15,9 +15,9 @@
 
 - name: Configuration de filebeat
   shell: filebeat modules enable system  
-  notify: start filebeat
+  notify: restart filebeat
  
 - name: Lancement de la configuration de filebeat
   shell: filebeat setup -e
-  notify: start filebeat
+  notify: restart filebeat
 

roles/fog/README.md

@@ -0,0 +1,16 @@
+# Fog
+
+Ce rôle permet l'installation et la modification de Fog.
+
+
+## Fog, c'est quoi ?
+
+
+Fog permet le déploiement d'images disque tel que Windows ou bien Linux en utilisant PXE (Preboot Execution Environment).
+
+
+## Comment l'installer ?
+
+
+Avant toute chose, lancer le fichier goss de s-fog ( présent dans gsb2023/goss/s-fog.yaml ) pour vérifier que la configuration réseau est correct et opérationnel. Une fois l'installation principale effectuée, il faut lancer le playbook ansible s-fog.yaml.
+Il faudra se rendre dans le dossier **fog** pour lancer le script **installfog.sh** ( fog/bin/ ). La configuration sera déjà établie via le fichier **.fogsettings**

roles/fog/files/fogsettings

@@ -0,0 +1,46 @@
+## Start of FOG Settings
+## Created by the FOG Installer
+## Find more information about this file in the FOG Project wiki:
+##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
+## Version: 1.5.9
+## Install time: jeu. 26 janv. 2023 11:41:05
+ipaddress='172.16.64.16'
+copybackold='0'
+interface='enp0s9'
+submask='255.255.255.0'
+hostname='s-fog.gsb.lan'
+routeraddress='192.168.99.99'
+plainrouter='192.168.99.99'
+dnsaddress='172.16.0.1'
+username='fogproject'
+password='/7ElC1OHrP47EN2w59xl'
+osid='2'
+osname='Debian'
+dodhcp='y'
+bldhcp='1'
+dhcpd='isc-dhcp-server'
+blexports='1'
+installtype='N'
+snmysqluser='fogmaster'
+snmysqlpass='HHO5vSGqFiHE_9d2lja3'
+snmysqlhost='localhost'
+mysqldbname='fog'
+installlang='0'
+storageLocation='/images'
+fogupdateloaded=1
+docroot='/var/www/html/'
+webroot='/fog/'
+caCreated='yes'
+httpproto='http'
+startrange='172.16.64.10'
+endrange='172.16.64.254'
+bootfilename='undionly.kpxe'
+packages='apache2 bc build-essential cpp curl g++ gawk gcc genisoimage git gzip htmldoc isc-dhcp-server isolinux lftp libapache2-mod-php7.4 libc6 libcurl4 li>
+noTftpBuild=''
+sslpath='/opt/fog/snapins/ssl/'
+backupPath='/home/'
+armsupport='0'
+php_ver='7.4'
+php_verAdds='-7.4'
+sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
+## End of FOG Settings

roles/fog/tasks/main.yml

@@ -11,7 +11,16 @@
     clone: yes
     update: yes
 
-#- name: Instructions
-#  tags: msg
-#    debug: msg='{{instructions}}'
+- name: Modification fichier bash (desac UDPCast)
+  ansible.builtin.lineinfile:
+    path: /root/tools/fog/lib/common/functions.sh
+    regexp: '^configureUDPCast\(\).*'
+    line: "configureUDPCast() {\nreturn"
+    backup: yes
+
+- name: fichier config fogsettings
+  command: "cp /root/tools/ansible/roles/fog/files/fogsettings /opt/fog/"
+
+- name: fichier fogsettings en .fogsettings
+  command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
 

roles/fw-ferm/README.md

@@ -0,0 +1,23 @@
+# [Ferm](http://ferm.foo-projects.org/)
+
+Modifier l'execution d'iptables [plus d'info ici](https://wiki.debian.org/iptables)
+```shell
+update-alternatives --set iptables /usr/sbin/iptables-legacy
+```
+
+Pour tester utiliser [Nmap](https://nmap.org/man/fr/man-briefoptions.html)
+### r-vp1
+```shell
+sudo nmap -p51820  192.168.0.51
+```
+### r-vp2
+```shell
+sudo nmap -p51820  192.168.0.52
+```
+### Sortie :
+```
+`PORT      STATE    SERVICE
+51820/tcp filtered unknown`
+```
+
+Faire des ping!

roles/fw-ferm/files/ferm.conf.r-vp1

@@ -0,0 +1,69 @@
+# -*- shell-script -*-
+#
+# Ferm script r-vp1
+
+@def $DEV_PRIVATE = enp0s8;
+@def $DEV_WORLD = enp0s9;
+@def $DEV_WORLD = enp0s9;
+@def $DEV_VPN= wg0;
+@def $NET_PRIVATE = 172.16.0.0/24;
+
+table filter {
+
+    chain (INPUT OUTPUT){
+        # allow VPN
+	proto udp dport 51820 ACCEPT;
+}
+    chain INPUT {
+        policy DROP;
+
+        # connection tracking
+        mod state state INVALID DROP;
+        mod state state (ESTABLISHED RELATED) ACCEPT;
+
+        # allow local connections
+        interface lo ACCEPT;
+
+        # respond to ping
+        proto icmp icmp-type echo-request ACCEPT;  
+       
+
+        # allow SSH connections from the private network and from some
+        # well-known internet hosts
+        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
+
+        # we provide DNS and SMTP services for the internal net
+        interface $DEV_PRIVATE saddr $NET_PRIVATE {
+            proto (udp tcp) dport domain ACCEPT;
+            proto udp dport bootps ACCEPT;
+        }
+
+        # the rest is dropped by the above policy
+
+    }#FIN INPUT
+
+    # outgoing connections are not limited
+
+    chain OUTPUT {
+        policy ACCEPT;
+
+    }#FIN OUTPUT
+
+    chain FORWARD {
+        policy ACCEPT;
+
+        proto icmp icmp-type echo-request ACCEPT;
+        # connection tracking
+        mod state state INVALID DROP;
+        mod state state (ESTABLISHED RELATED) ACCEPT;
+
+        # connections from the internal net to the internet or to other
+        # internal nets are allowed
+        interface $DEV_PRIVATE ACCEPT;
+
+	interface $DEV_VPN daddr $NET_PRIVATE {
+ 	proto tcp dport ssh DROP;
+        }
+        # the rest is dropped by the above policy
+    }
+}

roles/fw-ferm/files/ferm.conf.r-vp2

@@ -0,0 +1,68 @@
+# -*- shell-script -*-
+#
+# Ferm script r-vp2
+
+@def $DEV_PRIVATE = enp0s9;
+@def $DEV_WORLD = enp0s8;
+@def $DEV_VPN= wg0;
+@def $NET_PRIVATE = 172.16.0.0/24;
+
+table filter {
+    chain (INPUT OUTPUT){
+        # allow VPN
+	proto udp dport 51820 ACCEPT;
+}
+    chain INPUT {
+        policy DROP;
+
+        # connection tracking
+        mod state state INVALID DROP;
+        mod state state (ESTABLISHED RELATED) ACCEPT;
+
+        # allow local connections
+        interface lo ACCEPT;
+
+        # respond to ping
+        proto icmp icmp-type echo-request ACCEPT;
+
+        # allow SSH connections from the private network and from some
+        # well-known internet hosts
+        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
+
+        # we provide DNS and SMTP services for the internal net
+        interface $DEV_PRIVATE saddr $NET_PRIVATE {
+            proto (udp tcp) dport domain ACCEPT;
+            proto udp dport bootps ACCEPT;
+        }
+
+
+        # interface réseau
+        interface $DEV_WORLD {
+
+        }
+
+        # the rest is dropped by the above policy
+    }#FIN INPUT
+
+    # outgoing connections are not limited
+    chain OUTPUT {
+	policy ACCEPT;
+}
+    chain FORWARD {
+        policy ACCEPT;
+
+	proto icmp icmp-type echo-request ACCEPT;
+        # connection tracking
+        mod state state INVALID DROP;
+        mod state state (ESTABLISHED RELATED) ACCEPT;
+
+        # connections from the internal net to the internet or to other
+        # internal nets are allowed
+        interface $DEV_PRIVATE ACCEPT;
+
+	interface $DEV_VPN daddr $NET_PRIVATE {
+	proto tcp dport ssh DROP;
+	}
+        # the rest is dropped by the above policy
+    }
+}

roles/fw-ferm/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: installation de ferm
+  apt:
+    name: ferm
+    state: present
+
+- name: copie du ferm.conf
+  copy:
+    src: ferm.conf.{{ ansible_hostname }}
+    dest: /etc/ferm/ferm.conf
+
+- name: redemarage service ferm
+  ansible.builtin.service:
+    name: ferm.service
+    state: restarted

roles/glpi/README.md

@@ -14,22 +14,6 @@ mot de passe : glpi
 Selectionner la base glpi  
 Ne pas envoyer de statistique d'usage  
 
-## Fusion Inventory :
-  
-Installer le plugin dans Configuration > Plugins  
-Activer le plugin  
-Pour que la remonter de l'agent se fasse, il faut ajouter une crontab (crontab -e) sur s-itil : * * * * * /usr/bin/php7.4 /var/www/glpi/front/cron.php &>/dev/null  
-Puis éxécuter le tasksheduler dans Configuration > Actions automatiques > taskscheduler  
-  
-Pour l'agent Windows, récuperer l'agent sur http://s-itil/ficlients  
-Il faut faire une installation à parti de 0  
-Selectionner comme type d'installation complète  
-Dans le mode serveur mettre l'url : http://s-itil/plugins/fusioninventory et cocher la case installation rapide  
-  
-Pour l'agent Debian il faut installer le paquet fusioninventory-agent  
-Ajouter la ligne server = http://s-itil/plugins/fusioninventory dans le fichier /etc/fusioninventory/agent.cfg  
-Redemarrer le service fusioninventory-agent puis faite un reload  
-Exécuter la commande pkill -USR1 -f -P 1 fusioninventory-agent  
   
 ## Postfix :
   

roles/glpi/defaults/main.yml

@@ -0,0 +1,6 @@
+depl_url: "http://s-adm.gsb.adm/gsbstore"
+#depl_glpi: "glpi-9.5.6.tgz"
+depl_glpi: "glpi-10.0.6.tgz"
+#depl_fusioninventory: "fusioninventory-9.5+3.0.tar.bz2"
+depl_glpi_agentx64: "GLPI-Agent-1.4-x64.msi"
+depl_glpi_agentx86: "GLPI-Agent-1.4-x86.msi"

roles/glpi/tasks/main.yml

@@ -105,12 +105,12 @@
 #  - name: copy .my.cnf file with root password credentials
 #    copy: src=.my.cnf dest=/root/tools/ansible/.my.cnf owner=root mode=0600
 
-  - name: Installation de Fusioninventory pour Linux
-    unarchive:
-      src: "{{ depl_url }}/{{ depl_fusioninventory }}"
-      #src: http://depl/gsbstore/fusioninventory-{{ fd_version }}.tar.bz2
-      dest: /var/www/html/glpi/plugins
-      remote_src: yes
+#  - name: Installation de Fusioninventory pour Linux
+#    unarchive:
+#      src: "{{ depl_url }}/{{ depl_fusioninventory }}"
+#src: http://depl/gsbstore/fusioninventory-{{ fd_version }}.tar.bz2
+#      dest: /var/www/html/glpi/plugins
+#      remote_src: yes
 
   - name: Creation de ficlient
     file:
@@ -127,23 +127,15 @@
       group: www-data
       mode: 0775
 
-  - name: Installation de FusionInventory windows x64
+  - name: Installation de GLPI Agent windows x64
     get_url:
-      url: "{{ depl_url }}/{{ depl_fusioninventory_agentx64 }}"
+      url: "{{ depl_url }}/{{ depl_glpi_agentx64 }}"
       dest: "/var/www/html/ficlients"
 
-  - name: Installation de FusionInventory windows x86
-    get_url:
-      url: "{{ depl_url }}/{{ depl_fusioninventory_agentx86 }}"
-      dest: "/var/www/html/ficlients"
-
-  - name: Attribution des permissions sur repertoire /plugins/fusioninventory
-    file:
-      path: /var/www/html/glpi/plugins/fusioninventory
-      owner: www-data
-      group: www-data
-      recurse: yes
-      state: directory
+#  - name: Installation de GLPI Agent windows x86
+#    get_url:
+#      url: "{{ depl_url }}/{{ depl_glpi_agentx86 }}"
+#      dest: "/var/www/html/ficlients"
 
   - name: Copie du script dbdump
     copy: 

roles/goss/defaults/main.yml

@@ -1,3 +1,2 @@
 depl_url: "http://s-adm.gsb.adm/gsbstore"
 depl_goss: "goss"
-

roles/goss/tasks/main.yml

@@ -1,21 +1,19 @@
 ---
-
 - name: goss binary exists
   stat: path=/usr/local/bin/goss
   register: gossbin
- 
+
 - name: install goss sur machine standard
-  get_url: 
-    url: "{{ depl_url }}/{{ depl_goss }}"
+  get_url:
+    url: "{{ depl_url }}/{{ depl_goss }}"
     dest: /usr/local/bin/{{ depl_goss }}
     mode: 0755
-  when: gossbin.stat.exists == False and ansible_hostname != "s-adm"
+  when: gossbin.stat.exists == false and ansible_hostname != "s-adm"
 
 - name: install goss sur s-adm
-  copy: 
+  copy:
     src: "/var/www/html/gsbstore/{{ depl_goss }}"
     dest: /usr/local/bin/{{ depl_goss }}
     mode: 0755
     remote_src: yes
-  when: gossbin.stat.exists == False and ansible_hostname == "s-adm"
-
+  when: gossbin.stat.exists == false and ansible_hostname == "s-adm"

roles/itil/defaults/main.yml

@@ -1,5 +0,0 @@
-depl_url: "http://s-adm.gsb.adm/gsbstore"
-depl_glpi: "glpi-9.5.6.tgz"
-depl_fusioninventory: "fusioninventory-9.5+3.0.tar.bz2"
-depl_fusioninventory_agentx64: "fusioninventory-agent_windows-x64_2.6.exe"
-depl_fusioninventory_agentx86: "fusioninventory-agent_windows-x86_2.6.exe"

roles/lb-bd/handlers/main.yml

@@ -0,0 +1,4 @@
+---
+- name: restart mariadb
+  ansible.builtin.service:
+    name: mariadb

roles/lb-bd/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+
+- name: modules python pour
+  apt:
+    name: python3-pymysql
+    state: present
+
+- name: install mariadb-server
+  apt:
+    name: mariadb-server
+    state: present
+
+- name: Cree Bd wordpress
+  mysql_db:
+    db: wordpressdb
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    state: present
+
+- name: Ouvre port 3306 mariadb-server
+  replace:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    regexp: '^bind-address.*'
+    replace: '#bind-adress = 127.0.0.1'
+    backup: yes
+  notify: restart mariadb
+
+- name: Create MySQL user for wordpress
+  mysql_user:
+    name: wordpressuser
+    password: wordpresspasswd
+    priv: "wordpressdb.*:ALL"
+    host: '%'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+

roles/lb-front/files/haproxy.cfg

@@ -44,7 +44,6 @@ backend fermeweb
 	#option httpchk HEAD / HTTP/1.0
 	server s-lb-web1 192.168.101.1:80 check
 	server s-lb-web2 192.168.101.2:80 check
-	#server s-lb-web3 192.168.101.3:80 check
 
 
 listen stats

roles/lb-front/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: install haproxy
+  apt:
+    name: haproxy
+    state: present
+
+- name: parametre backend et fontend
+  blockinfile:
+    path: /etc/haproxy/haproxy.cfg
+    block: |
+      frontend proxypublic
+        bind 192.168.100.10:80
+        default_backend fermeweb
+      
+      backend fermeweb
+        balance roundrobin
+        option httpclose
+        #option httpchk HEAD / HTTP/1.0
+        server s-lb-web1 192.168.101.1:80 check
+        server s-lb-web2 192.168.101.2:80 check
+
+- name: redemarre haproxy
+  service:
+    name: haproxy
+#    state: restarted
+    enabled: yes

roles/lb-nfs-client/tasks/main.yml

@@ -10,4 +10,4 @@
     dest: /etc/fstab
     regexp: ''
     insertafter: EOF
-    line: '192.168.102.253:/home/wordpress /var/www/html/wordpress nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0'
+    line: '192.168.102.253:/home/ /var/www/html/wordpress nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0'

roles/lb-nfs-server/README.md

@@ -0,0 +1,10 @@
+# Role s-nas-server
+## Installation de nfs-server et mise en oeuvre du partage /home/wordpress
+  
+Ce rôle :
+  * installe **nfs-server**
+  * copie le fichier de configuration **exports**  pour exporter le répertoire **/home/wordpress** 
+  * relance le service **nfs-server**
+  * décompresse wordpress
+### Objectif
+Le répertoire **/home/wordpress** est exporté par **nfs** sur le réseau **n-dmz-db**

roles/lb-nfs-server/files/exports

@@ -7,4 +7,4 @@
 # Example for NFSv4:
 # /srv/nfs4        gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check)
 # /srv/nfs4/homes  gss/krb5i(rw,sync,no_subtree_check)
-/home/wordpress 192.168.102.0/255.255.255.0 (rw,no_root_squash,subtree_check)
+/home/wordpress 192.168.102.0/255.255.255.0(rw,no_root_squash,subtree_check)

roles/lb-nfs-server/tasks/main.yml

@@ -0,0 +1,70 @@
+- name: 00 - cree repertoire wordpress pour export nfs
+  file:
+    path: /home/wordpress
+    state: directory
+
+- name: 05 - Install nfs-server
+  apt:
+    name: nfs-server
+    state: present
+
+- name: 10 - creation fichier exports nfs
+  ansible.builtin.blockinfile:
+    path: /etc/exports
+    block: |
+      /home/wordpress 192.168.102.0/255.255.255.0(rw,no_root_squash,subtree_check)
+
+- name: 20 - decompresse wordpress
+  unarchive:
+    src: https://fr.wordpress.org/latest-fr_FR.tar.gz
+    dest: /home/
+    remote_src: yes
+
+- name: 22 - change owner et group pour repertoire wordpress
+  file:
+    path: /home/wordpress
+    state: directory
+    recurse: yes
+    owner: www-data
+    group: www-data
+
+- name: 30 - genere fichier de config wordpress
+  copy:
+    src: /home/wordpress/wp-config-sample.php
+    dest: /home/wordpress/wp-config.php
+    remote_src: yes
+
+- name: 35 - ajuste variable dbname dans fichier de config wp-config.php
+  replace:
+    path: /home/wordpress/wp-config.php
+    regexp: "votre_nom_de_bdd"
+    replace: "wordpressdb"
+    backup: yes
+
+
+- name: 40 ajuste variable dbusername dans fichier de config wp-config.php
+  replace:
+    path: /home/wordpress/wp-config.php
+    regexp: "votre_utilisateur_de_bdd"
+    replace: "wordpressuser"
+    backup: yes
+
+- name: 45 - ajuste variable mdp dans fichier de config wp-config.php
+  replace:
+    path: /home/wordpress/wp-config.php
+    regexp: "votre_mdp_de_bdd"
+    replace: "wordpresspasswd"
+    backup: yes
+
+- name: 50 - ajuste hostname fichier wp-config.php
+  replace:
+    path: /home/wordpress/wp-config.php
+    regexp: "localhost"
+    replace: "192.168.102.254"
+    backup: yes
+
+- name: 55 - relance nfs
+  service:
+    name: nfs-server
+    state: restarted
+    enabled: yes

roles/lb-web/defaults/main.yml

@@ -0,0 +1,2 @@
+depl_url: "http://s-adm.gsb.adm/gsbstore/"
+depl_wordpress: "wordpress-6.1.1-fr_FR.tar.gz"

roles/lb-web/tasks/main.yml

@@ -0,0 +1,15 @@
+---
+- name: installation des paquets web
+  apt:
+    name:
+      - apache2
+      - php
+      - php-mbstring
+      - php-mysql
+      - mariadb-client
+    state: present
+
+- name: install nfs-common
+  apt:
+    name: nfs-common
+    state: present

roles/local-store/files/getall-latest

@@ -1,5 +1,6 @@
 #!/bin/bash
-GLPIREL=9.5.3
+#GLPIREL=9.5.3
+GLPIREL=10.0.5
 wget -nc https://github.com/glpi-project/glpi/releases/download/${GLPIREL}/glpi-${GLPIREL}.tgz
  
 FIREL=9.5+1.0

roles/metricbeat-cli/defaults/main.yml

@@ -0,0 +1 @@
+BEATVER: "8.5.3"

roles/metricbeat-cli/handlers/main.yml

@@ -1,5 +1,5 @@
-- name: start metricbeat
+- name: restart metricbeat
   service:
     name: metricbeat
-    state: started
+    state: restarted
     enabled: yes

roles/metricbeat-cli/tasks/main.yml

@@ -1,12 +1,12 @@
 ---
 - name: Récupération de metricbeat
   get_url:
-    url: http://s-adm.gsb.adm/gsbstore/metricbeat-7.16.3-amd64.deb
+    url: http://s-adm.gsb.adm/gsbstore/metricbeat-${BEATVER}-amd64.deb
     dest: /tmp/
 
 - name: Installation de metricbeat
   apt:
-    deb: /tmp/metricbeat-7.16.3-amd64.deb
+    deb: /tmp/metricbeat-${BEATVER}-amd64.deb
 
 - name: Changement du fichier de conf
   copy:
@@ -15,9 +15,9 @@
 
 - name: Configuration de metricbeat
   shell: metricbeat modules enable system  
-  notify: start metricbeat
+  notify: restart metricbeat
  
 - name: Lancement de la configuration de metricbeat
   shell: metricbeat setup -e
-  notify: start metricbeat
+  notify: restart metricbeat
 

roles/nagios/defaults/main.yml

@@ -0,0 +1 @@
+MAIL_DEST: "anthony.arnoux@protonmail.ch"

roles/nagios/files/cfg/localhost.cfg

@@ -26,6 +26,7 @@ define host {
     host_name               localhost
     alias                   localhost
     address                 127.0.0.1
+    parents		    r-int
 }
 
 

roles/nagios/files/cfg/s-adm.cfg

@@ -9,5 +9,6 @@ define host{
         host_name               s-adm
         alias                   debian-servers
         address                 192.168.99.99
+	parents			r-int
         }
 

roles/nagios/files/cfg/s-appli.cfg

@@ -9,5 +9,6 @@ define host{
         host_name               s-appli
         alias                   debian-servers
         address                 172.16.0.3
+	parents			r-int
         }
 

roles/nagios/files/cfg/s-backup.cfg

@@ -9,5 +9,6 @@ define host{
         host_name               s-backup
         alias                   serveur proxy
         address                 172.16.0.4
+	parents			r-int
         }
 

roles/nagios/files/cfg/s-fog.cfg

@@ -9,6 +9,7 @@ define host{
         host_name               s-fog
         alias                   serveur proxy
         address                 172.16.0.16
+	parents			r-int
         }
 
 

roles/nagios/files/cfg/s-infra.cfg

@@ -9,5 +9,6 @@ define host{
         host_name               s-infra
         alias                   debian-servers
         address                 172.16.0.1
+	parents			r-int
         }
 

roles/nagios/files/cfg/s-itil.cfg

@@ -9,6 +9,7 @@ define host{
         host_name               s-itil
         alias                   serveur proxy
         address                 172.16.0.9
+	parents			r-int
         }
 
 

roles/nagios/files/cfg/s-nxc.cfg

@@ -9,5 +9,6 @@ define host{
         host_name               s-nxc
         alias                   debian-servers
         address                 172.16.0.7
+	parents			r-int
         }
 

roles/nagios/files/cfg/s-proxy.cfg

@@ -9,6 +9,7 @@ define host{
         host_name               s-proxy
         alias                   serveur proxy
         address                 172.16.0.2
+	parents			r-int
         }
 
 

roles/nagios/files/cfg/s-win.cfg

@@ -9,6 +9,7 @@ define host{
         host_name               s-win
         alias                   serveur proxy
         address                 172.16.0.6
+	parents			r-int
         }