Compare commits
46 Commits
v0.0.4a-aa
...
v0.0.5e-ml
Author | SHA1 | Date | |
---|---|---|---|
c72a4025c6 | |||
43a21a2d04 | |||
0ac4a711bd | |||
787be707af | |||
d6c7e685aa | |||
87e0e17eec | |||
dbe75506e3 | |||
2555cbd40f | |||
be38bd0251 | |||
aca56a9eb5 | |||
167060157c | |||
30fd771045 | |||
ca2f1ca8a1 | |||
f185789e08 | |||
2a8ecb7f18 | |||
206291e753 | |||
87c1d8eee6 | |||
5224ae00cd | |||
fa000f3116 | |||
ad2dadb0b6 | |||
abad0fcdbc | |||
a7a9752aa0 | |||
4490b84c15 | |||
46ad76af18 | |||
019096fb7e | |||
993c34b934 | |||
fe914d9894 | |||
83bfd34e91 | |||
00289e1bcb | |||
8f3f364152 | |||
e36f8af7e6 | |||
495546fae7 | |||
c29549a281 | |||
761d3a00bc | |||
aadc552dc3 | |||
3cbae83a73 | |||
e1323f22b8 | |||
f541cebcc2 | |||
ea4166590b | |||
b04ae4302b | |||
e328a1e13c | |||
ac65be862f | |||
83f3d14c2a | |||
9bda971ff6 | |||
038e41dd40 | |||
a4ef2de7e8 |
26
README.md
26
README.md
@ -1,6 +1,6 @@
|
|||||||
# gsb2023
|
# gsb2023
|
||||||
|
|
||||||
2023-01-25 ps
|
2023-02-01 ps
|
||||||
|
|
||||||
Environnement et playbooks ansible pour le projet GSB 2023
|
Environnement et playbooks ansible pour le projet GSB 2023
|
||||||
|
|
||||||
@ -13,7 +13,6 @@ Prérequis :
|
|||||||
* **debian-buster-gsb-2023a.ova**
|
* **debian-buster-gsb-2023a.ova**
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid
|
* **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid
|
||||||
* **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad**
|
* **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad**
|
||||||
* **r-int** : routage, DHCP
|
* **r-int** : routage, DHCP
|
||||||
@ -34,7 +33,7 @@ Prérequis :
|
|||||||
* **s-lb-web1** : Serveur Wordpress 1 Load Balancer
|
* **s-lb-web1** : Serveur Wordpress 1 Load Balancer
|
||||||
* **s-lb-web2** : Serveur Wordpress 2 Load Balancer
|
* **s-lb-web2** : Serveur Wordpress 2 Load Balancer
|
||||||
* **s-lb-db** : Serveur Mariadb pour Wordpress
|
* **s-lb-db** : Serveur Mariadb pour Wordpress
|
||||||
* **s-lb-nfs** : Serveur NFS pour application Wordpress
|
* **s-nas** : Serveur NFS pour application Wordpress avec LB
|
||||||
|
|
||||||
|
|
||||||
## Les playbooks
|
## Les playbooks
|
||||||
@ -42,13 +41,25 @@ Prérequis :
|
|||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
On utilisera l'image de machine virtuelle suivante :
|
On utilisera les images de machines virtuelle suivantes :
|
||||||
* **debian-bullseye-2023a.ova** (2023-01-06)
|
* **debian-bullseye-2023a.ova** (2023-01-06)
|
||||||
* Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go
|
* Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go
|
||||||
|
|
||||||
|
et pour **s-fog** :
|
||||||
|
* **debian-buster-2023a.ova** (2023-01-06)
|
||||||
|
* Debian Buster 10 - 2 cartes - 1 Go - stockage 20 Go
|
||||||
|
|
||||||
|
On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer une VM
|
||||||
|
|
||||||
|
```shell
|
||||||
|
gsb2023>
|
||||||
|
cd pre
|
||||||
|
$ mkvm s-adm
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
### Machine s-adm
|
### Machine s-adm
|
||||||
* créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut
|
* créer la machine virtuelle **s-adm** avec **mkvm * comme décrit plus haut.
|
||||||
* renommer la machine puis redémarrer
|
* renommer la machine puis redémarrer
|
||||||
* taper :
|
* taper :
|
||||||
```shell
|
```shell
|
||||||
@ -66,11 +77,10 @@ On utilisera l'image de machine virtuelle suivante :
|
|||||||
|
|
||||||
### Pour chaque machine
|
### Pour chaque machine
|
||||||
|
|
||||||
- importer la machine à partir du fichier **.ova**
|
- créer la machine avec **mkvm**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications
|
||||||
- définir les cartes réseau en accord avec le plan d'adressage et le schéma
|
|
||||||
- donner le nom adapté (avec sed -i …)
|
- donner le nom adapté (avec sed -i …)
|
||||||
- redémarrer
|
- redémarrer
|
||||||
- mettre à jour les paquets : apt update && apt upgrade
|
- mettre à jour les paquets : apt update
|
||||||
- cloner le dépot :
|
- cloner le dépot :
|
||||||
```shell
|
```shell
|
||||||
mkdir -p tools/ansible ; cd tools/ansible
|
mkdir -p tools/ansible ; cd tools/ansible
|
||||||
|
@ -1,12 +1,13 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
## aa : 2023-04-18 15:25
|
## aa : 2023-01-18 15:25
|
||||||
|
## ps : 2023-02-01 15:25
|
||||||
|
|
||||||
set -o errexit
|
set -o errexit
|
||||||
set -o pipefail
|
set -o pipefail
|
||||||
GITUSR=gitgsb
|
GITUSR=gitgsb
|
||||||
GITPRJ=gsb2023
|
GITPRJ=gsb2023
|
||||||
apt update && apt upgrade
|
apt-get update
|
||||||
apt install -y apache2 git
|
apt-get install -y apache2 git
|
||||||
STOREREP="/var/www/html/gsbstore"
|
STOREREP="/var/www/html/gsbstore"
|
||||||
|
|
||||||
GLPIREL=10.0.6
|
GLPIREL=10.0.6
|
||||||
|
@ -13,9 +13,9 @@
|
|||||||
- goss
|
- goss
|
||||||
# - snmp-agent
|
# - snmp-agent
|
||||||
# - firewall-vpn-r
|
# - firewall-vpn-r
|
||||||
|
- post
|
||||||
- wireguard-r
|
- wireguard-r
|
||||||
# - x509-r
|
|
||||||
- fw-ferm
|
- fw-ferm
|
||||||
- ssh-cli
|
- ssh-cli
|
||||||
- syslog-cli
|
- syslog-cli
|
||||||
- post
|
|
||||||
|
@ -26,6 +26,8 @@
|
|||||||
192.168.99.101 s-lb-web1.gsb.adm
|
192.168.99.101 s-lb-web1.gsb.adm
|
||||||
192.168.99.102 s-lb-web2.gsb.adm
|
192.168.99.102 s-lb-web2.gsb.adm
|
||||||
192.168.99.103 s-lb-web3.gsb.adm
|
192.168.99.103 s-lb-web3.gsb.adm
|
||||||
|
192.168.99.112 r-vp1.gsb.adm
|
||||||
|
192.168.99.102 r-vp2.gsb.adm
|
||||||
|
|
||||||
|
|
||||||
192.168.99.8 syslog.gsb.adm
|
192.168.99.8 syslog.gsb.adm
|
||||||
|
@ -25,6 +25,8 @@
|
|||||||
192.168.99.101 s-lb-web1.gsb.adm
|
192.168.99.101 s-lb-web1.gsb.adm
|
||||||
192.168.99.102 s-lb-web2.gsb.adm
|
192.168.99.102 s-lb-web2.gsb.adm
|
||||||
192.168.99.103 s-lb-web3.gsb.adm
|
192.168.99.103 s-lb-web3.gsb.adm
|
||||||
|
192.168.99.112 r-vp1.gsb.adm
|
||||||
|
192.168.99.102 r-vp2.gsb.adm
|
||||||
|
|
||||||
192.168.99.8 syslog.gsb.adm
|
192.168.99.8 syslog.gsb.adm
|
||||||
|
|
||||||
|
@ -109,12 +109,12 @@ log-facility local7;
|
|||||||
#DHCP pour le réseau wifi
|
#DHCP pour le réseau wifi
|
||||||
#subnet 172.16.65.0 netmask 255.255.255.0 {
|
#subnet 172.16.65.0 netmask 255.255.255.0 {
|
||||||
# range 172.16.65.1 172.16.65.100;
|
# range 172.16.65.1 172.16.65.100;
|
||||||
# option domain-name-servers ns1.internal.example.org;
|
# option domain-name-servers ns1.internal.example.org;
|
||||||
# option domain-name "internal.example.org";
|
# option domain-name "internal.example.org";
|
||||||
# option routers 10.5.5.1;
|
# option routers 10.5.5.1;
|
||||||
# option broadcast-address 10.5.5.31;
|
# option broadcast-address 10.5.5.31;
|
||||||
# default-lease-time 600;
|
# default-lease-time 600;
|
||||||
# max-lease-time 7200;
|
# max-lease-time 7200;
|
||||||
#}
|
#}
|
||||||
|
|
||||||
#DHCP pour le réseau USER
|
#DHCP pour le réseau USER
|
||||||
|
@ -10,5 +10,3 @@
|
|||||||
copy: src=dhcpd.conf dest=/etc/dhcp/
|
copy: src=dhcpd.conf dest=/etc/dhcp/
|
||||||
notify:
|
notify:
|
||||||
- restart isc-dhcp-server
|
- restart isc-dhcp-server
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,17 +1,15 @@
|
|||||||
---
|
---
|
||||||
- name: creation d'un repertoire fog
|
|
||||||
file:
|
|
||||||
path: /root/tools/fog
|
|
||||||
state: directory
|
|
||||||
|
|
||||||
- name: recuperation de l'archive d'installation fog sur git
|
- name: recuperation de l'archive d'installation fog sur git
|
||||||
git:
|
git:
|
||||||
repo: https://gitea.lyc-lecastel.fr/gadmin/fog.git
|
repo: https://gitea.lyc-lecastel.fr/gadmin/fog.git
|
||||||
dest: /root/tools/fog/
|
dest: /root/tools/fog/
|
||||||
clone: yes
|
clone: yes
|
||||||
update: yes
|
update: yes
|
||||||
|
force: yes
|
||||||
|
|
||||||
#- name: Instructions
|
- name: Modification fichier bash (desac UDPCast)
|
||||||
# tags: msg
|
ansible.builtin.lineinfile:
|
||||||
# debug: msg='{{instructions}}'
|
path: /root/tools/fog/lib/common/functions.sh
|
||||||
|
regexp: '^configureUDPCast\(\).*'
|
||||||
|
line: "configureUDPCast() {\nreturn"
|
||||||
|
backup: yes
|
||||||
|
@ -1,11 +1,11 @@
|
|||||||
[Ferm]:http://ferm.foo-projects.org/
|
# [Ferm](http://ferm.foo-projects.org/)
|
||||||
|
|
||||||
Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables
|
Modifier l'execution d'iptables [plus d'info ici](https://wiki.debian.org/iptables)
|
||||||
```shell
|
```shell
|
||||||
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||||
```
|
```
|
||||||
|
|
||||||
Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html
|
Pour tester utiliser [Nmap](https://nmap.org/man/fr/man-briefoptions.html)
|
||||||
### r-vp1
|
### r-vp1
|
||||||
```shell
|
```shell
|
||||||
sudo nmap -p51820 192.168.0.51
|
sudo nmap -p51820 192.168.0.51
|
||||||
|
@ -14,22 +14,6 @@ mot de passe : glpi
|
|||||||
Selectionner la base glpi
|
Selectionner la base glpi
|
||||||
Ne pas envoyer de statistique d'usage
|
Ne pas envoyer de statistique d'usage
|
||||||
|
|
||||||
## Fusion Inventory :
|
|
||||||
|
|
||||||
Installer le plugin dans Configuration > Plugins
|
|
||||||
Activer le plugin
|
|
||||||
Pour que la remonter de l'agent se fasse, il faut ajouter une crontab (crontab -e) sur s-itil : * * * * * /usr/bin/php7.4 /var/www/glpi/front/cron.php &>/dev/null
|
|
||||||
Puis éxécuter le tasksheduler dans Configuration > Actions automatiques > taskscheduler
|
|
||||||
|
|
||||||
Pour l'agent Windows, récuperer l'agent sur http://s-itil/ficlients
|
|
||||||
Il faut faire une installation à parti de 0
|
|
||||||
Selectionner comme type d'installation complète
|
|
||||||
Dans le mode serveur mettre l'url : http://s-itil/plugins/fusioninventory et cocher la case installation rapide
|
|
||||||
|
|
||||||
Pour l'agent Debian il faut installer le paquet fusioninventory-agent
|
|
||||||
Ajouter la ligne server = http://s-itil/plugins/fusioninventory dans le fichier /etc/fusioninventory/agent.cfg
|
|
||||||
Redemarrer le service fusioninventory-agent puis faite un reload
|
|
||||||
Exécuter la commande pkill -USR1 -f -P 1 fusioninventory-agent
|
|
||||||
|
|
||||||
## Postfix :
|
## Postfix :
|
||||||
|
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
[client]
|
|
||||||
user=root
|
|
||||||
password=root
|
|
@ -1,16 +0,0 @@
|
|||||||
# Download and Install the Latest Updates for the OS
|
|
||||||
apt-get update && apt-get upgrade -y
|
|
||||||
|
|
||||||
# Install MySQL Server in a Non-Interactive mode. Default root password will be "root"
|
|
||||||
echo "mysql-server mysql-server/root_password password root" | debconf-set-selections
|
|
||||||
echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
|
|
||||||
apt-get -y install mysql-server
|
|
||||||
|
|
||||||
|
|
||||||
# Run the MySQL Secure Installation wizard
|
|
||||||
mysql_secure_installation
|
|
||||||
|
|
||||||
sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /etc/mysql/my.cnf
|
|
||||||
mysql -uroot -p -e 'USE mysql; UPDATE `user` SET `Host`="%" WHERE `User`="root" AND `Host`="localhost"; DELETE FROM `user` WHERE `Host` != "%" AND `User`="root"; FLUSH PRIVILEGES;'
|
|
||||||
|
|
||||||
service mysql restart
|
|
@ -1,128 +0,0 @@
|
|||||||
#
|
|
||||||
# The MySQL database server configuration file.
|
|
||||||
#
|
|
||||||
# You can copy this to one of:
|
|
||||||
# - "/etc/mysql/my.cnf" to set global options,
|
|
||||||
# - "~/.my.cnf" to set user-specific options.
|
|
||||||
#
|
|
||||||
# One can use all long options that the program supports.
|
|
||||||
# Run program with --help to get a list of available options and with
|
|
||||||
# --print-defaults to see which it would actually understand and use.
|
|
||||||
#
|
|
||||||
# For explanations see
|
|
||||||
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
|
|
||||||
|
|
||||||
# This will be passed to all mysql clients
|
|
||||||
# It has been reported that passwords should be enclosed with ticks/quotes
|
|
||||||
# escpecially if they contain "#" chars...
|
|
||||||
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
|
|
||||||
[client]
|
|
||||||
port = 3306
|
|
||||||
socket = /var/run/mysqld/mysqld.sock
|
|
||||||
|
|
||||||
# Here is entries for some specific programs
|
|
||||||
# The following values assume you have at least 32M ram
|
|
||||||
|
|
||||||
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
|
|
||||||
[mysqld_safe]
|
|
||||||
socket = /var/run/mysqld/mysqld.sock
|
|
||||||
nice = 0
|
|
||||||
|
|
||||||
[mysqld]
|
|
||||||
#
|
|
||||||
# * Basic Settings
|
|
||||||
#
|
|
||||||
user = mysql
|
|
||||||
pid-file = /var/run/mysqld/mysqld.pid
|
|
||||||
socket = /var/run/mysqld/mysqld.sock
|
|
||||||
port = 3306
|
|
||||||
basedir = /usr
|
|
||||||
datadir = /var/lib/mysql
|
|
||||||
tmpdir = /tmp
|
|
||||||
lc-messages-dir = /usr/share/mysql
|
|
||||||
skip-external-locking
|
|
||||||
#
|
|
||||||
# Instead of skip-networking the default is now to listen only on
|
|
||||||
# localhost which is more compatible and is not less secure.
|
|
||||||
#bind-address = 127.0.0.1
|
|
||||||
#
|
|
||||||
# * Fine Tuning
|
|
||||||
#
|
|
||||||
key_buffer = 16M
|
|
||||||
max_allowed_packet = 16M
|
|
||||||
thread_stack = 192K
|
|
||||||
thread_cache_size = 8
|
|
||||||
# This replaces the startup script and checks MyISAM tables if needed
|
|
||||||
# the first time they are touched
|
|
||||||
myisam-recover = BACKUP
|
|
||||||
#max_connections = 100
|
|
||||||
#table_cache = 64
|
|
||||||
#thread_concurrency = 10
|
|
||||||
#
|
|
||||||
# * Query Cache Configuration
|
|
||||||
#
|
|
||||||
query_cache_limit = 1M
|
|
||||||
query_cache_size = 16M
|
|
||||||
#
|
|
||||||
# * Logging and Replication
|
|
||||||
#
|
|
||||||
# Both location gets rotated by the cronjob.
|
|
||||||
# Be aware that this log type is a performance killer.
|
|
||||||
# As of 5.1 you can enable the log at runtime!
|
|
||||||
#general_log_file = /var/log/mysql/mysql.log
|
|
||||||
#general_log = 1
|
|
||||||
#
|
|
||||||
# Error log - should be very few entries.
|
|
||||||
#
|
|
||||||
log_error = /var/log/mysql/error.log
|
|
||||||
#
|
|
||||||
# Here you can see queries with especially long duration
|
|
||||||
#slow_query_log_file = /var/log/mysql/mysql-slow.log
|
|
||||||
#slow_query_log = 1
|
|
||||||
#long_query_time = 2
|
|
||||||
#log_queries_not_using_indexes
|
|
||||||
#
|
|
||||||
# The following can be used as easy to replay backup logs or for replication.
|
|
||||||
# note: if you are setting up a replication slave, see README.Debian about
|
|
||||||
# other settings you may need to change.
|
|
||||||
#server-id = 1
|
|
||||||
#log_bin = /var/log/mysql/mysql-bin.log
|
|
||||||
expire_logs_days = 10
|
|
||||||
max_binlog_size = 100M
|
|
||||||
#binlog_do_db = include_database_name
|
|
||||||
#binlog_ignore_db = include_database_name
|
|
||||||
#
|
|
||||||
# * InnoDB
|
|
||||||
#
|
|
||||||
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
|
|
||||||
# Read the manual for more InnoDB related options. There are many!
|
|
||||||
#
|
|
||||||
# * Security Features
|
|
||||||
#
|
|
||||||
# Read the manual, too, if you want chroot!
|
|
||||||
# chroot = /var/lib/mysql/
|
|
||||||
#
|
|
||||||
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
|
|
||||||
#
|
|
||||||
# ssl-ca=/etc/mysql/cacert.pem
|
|
||||||
# ssl-cert=/etc/mysql/server-cert.pem
|
|
||||||
# ssl-key=/etc/mysql/server-key.pem
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[mysqldump]
|
|
||||||
quick
|
|
||||||
quote-names
|
|
||||||
max_allowed_packet = 16M
|
|
||||||
|
|
||||||
[mysql]
|
|
||||||
#no-auto-rehash # faster start of mysql but no tab completition
|
|
||||||
|
|
||||||
[isamchk]
|
|
||||||
key_buffer = 16M
|
|
||||||
|
|
||||||
#
|
|
||||||
# * IMPORTANT: Additional settings that can override those from this file!
|
|
||||||
# The files must end with '.cnf', otherwise they'll be ignored.
|
|
||||||
#
|
|
||||||
!includedir /etc/mysql/conf.d/
|
|
@ -1,3 +1,4 @@
|
|||||||
---
|
---
|
||||||
- name: restart mysql-server
|
- name: restart mariadb
|
||||||
service: name=mysql-server state=restarted
|
ansible.builtin.service:
|
||||||
|
name: mariadb
|
||||||
|
@ -1,4 +1,35 @@
|
|||||||
---
|
---
|
||||||
- name: Install paquets
|
|
||||||
apt: name=mysql-server state=present force=yes
|
- name: modules python pour
|
||||||
|
apt:
|
||||||
|
name: python3-pymysql
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: install mariadb-server
|
||||||
|
apt:
|
||||||
|
name: mariadb-server
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Cree Bd wordpress
|
||||||
|
mysql_db:
|
||||||
|
db: wordpressdb
|
||||||
|
login_unix_socket: /var/run/mysqld/mysqld.sock
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ouvre port 3306 mariadb-server
|
||||||
|
replace:
|
||||||
|
path: /etc/mysql/mariadb.conf.d/50-server.cnf
|
||||||
|
regexp: '^bind-address.*'
|
||||||
|
replace: '#bind-adress = 127.0.0.1'
|
||||||
|
backup: yes
|
||||||
|
notify: restart mariadb
|
||||||
|
|
||||||
|
- name: Create MySQL user for wordpress
|
||||||
|
mysql_user:
|
||||||
|
name: wordpressuser
|
||||||
|
password: wordpresspasswd
|
||||||
|
priv: "wordpressdb.*:ALL"
|
||||||
|
host: '%'
|
||||||
|
state: present
|
||||||
|
login_unix_socket: /var/run/mysqld/mysqld.sock
|
||||||
|
|
||||||
|
@ -10,4 +10,4 @@
|
|||||||
dest: /etc/fstab
|
dest: /etc/fstab
|
||||||
regexp: ''
|
regexp: ''
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
line: '192.168.102.253:/home/wordpress /var/www/html/wordpress nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0'
|
line: '192.168.102.253:/home/ /var/www/html/wordpress nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0'
|
||||||
|
@ -60,7 +60,7 @@
|
|||||||
replace:
|
replace:
|
||||||
path: /home/wordpress/wp-config.php
|
path: /home/wordpress/wp-config.php
|
||||||
regexp: "localhost"
|
regexp: "localhost"
|
||||||
replace: "192.168.102.253"
|
replace: "192.168.102.254"
|
||||||
backup: yes
|
backup: yes
|
||||||
|
|
||||||
- name: 55 - relance nfs
|
- name: 55 - relance nfs
|
||||||
|
@ -1,102 +0,0 @@
|
|||||||
<?php
|
|
||||||
/**
|
|
||||||
* La configuration de base de votre installation WordPress.
|
|
||||||
*
|
|
||||||
* Ce fichier est utilisé par le script de création de wp-config.php pendant
|
|
||||||
* le processus d’installation. Vous n’avez pas à utiliser le site web, vous
|
|
||||||
* pouvez simplement renommer ce fichier en « wp-config.php » et remplir les
|
|
||||||
* valeurs.
|
|
||||||
*
|
|
||||||
* Ce fichier contient les réglages de configuration suivants :
|
|
||||||
*
|
|
||||||
* Réglages MySQL
|
|
||||||
* Préfixe de table
|
|
||||||
* Clés secrètes
|
|
||||||
* Langue utilisée
|
|
||||||
* ABSPATH
|
|
||||||
*
|
|
||||||
* @link https://fr.wordpress.org/support/article/editing-wp-config-php/.
|
|
||||||
*
|
|
||||||
* @package WordPress
|
|
||||||
*/
|
|
||||||
|
|
||||||
// ** Réglages MySQL - Votre hébergeur doit vous fournir ces informations. ** //
|
|
||||||
/** Nom de la base de données de WordPress. */
|
|
||||||
define( 'DB_NAME', 'wordpress' );
|
|
||||||
|
|
||||||
/** Utilisateur de la base de données MySQL. */
|
|
||||||
define( 'DB_USER', 'wp' );
|
|
||||||
|
|
||||||
/** Mot de passe de la base de données MySQL. */
|
|
||||||
define( 'DB_PASSWORD', 'wp' );
|
|
||||||
|
|
||||||
/** Adresse de l’hébergement MySQL. */
|
|
||||||
define( 'DB_HOST', '192.168.102.254' );
|
|
||||||
|
|
||||||
/** Jeu de caractères à utiliser par la base de données lors de la création des tables. */
|
|
||||||
define( 'DB_CHARSET', 'utf8' );
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Type de collation de la base de données.
|
|
||||||
* N’y touchez que si vous savez ce que vous faites.
|
|
||||||
*/
|
|
||||||
define( 'DB_COLLATE', '' );
|
|
||||||
|
|
||||||
/**#@+
|
|
||||||
* Clés uniques d’authentification et salage.
|
|
||||||
*
|
|
||||||
* Remplacez les valeurs par défaut par des phrases uniques !
|
|
||||||
* Vous pouvez générer des phrases aléatoires en utilisant
|
|
||||||
* {@link https://api.wordpress.org/secret-key/1.1/salt/ le service de clés secrètes de WordPress.org}.
|
|
||||||
* Vous pouvez modifier ces phrases à n’importe quel moment, afin d’invalider tous les cookies existants.
|
|
||||||
* Cela forcera également tous les utilisateurs à se reconnecter.
|
|
||||||
*
|
|
||||||
* @since 2.6.0
|
|
||||||
*/
|
|
||||||
define( 'AUTH_KEY', 'mettez une phrase unique ici' );
|
|
||||||
define( 'SECURE_AUTH_KEY', 'mettez une phrase unique ici' );
|
|
||||||
define( 'LOGGED_IN_KEY', 'mettez une phrase unique ici' );
|
|
||||||
define( 'NONCE_KEY', 'mettez une phrase unique ici' );
|
|
||||||
define( 'AUTH_SALT', 'mettez une phrase unique ici' );
|
|
||||||
define( 'SECURE_AUTH_SALT', 'mettez une phrase unique ici' );
|
|
||||||
define( 'LOGGED_IN_SALT', 'mettez une phrase unique ici' );
|
|
||||||
define( 'NONCE_SALT', 'mettez une phrase unique ici' );
|
|
||||||
/**#@-*/
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Préfixe de base de données pour les tables de WordPress.
|
|
||||||
*
|
|
||||||
* Vous pouvez installer plusieurs WordPress sur une seule base de données
|
|
||||||
* si vous leur donnez chacune un préfixe unique.
|
|
||||||
* N’utilisez que des chiffres, des lettres non-accentuées, et des caractères soulignés !
|
|
||||||
*/
|
|
||||||
$table_prefix = 'wp_';
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Pour les développeurs : le mode déboguage de WordPress.
|
|
||||||
*
|
|
||||||
* En passant la valeur suivante à "true", vous activez l’affichage des
|
|
||||||
* notifications d’erreurs pendant vos essais.
|
|
||||||
* Il est fortement recommandé que les développeurs d’extensions et
|
|
||||||
* de thèmes se servent de WP_DEBUG dans leur environnement de
|
|
||||||
* développement.
|
|
||||||
*
|
|
||||||
* Pour plus d’information sur les autres constantes qui peuvent être utilisées
|
|
||||||
* pour le déboguage, rendez-vous sur le Codex.
|
|
||||||
*
|
|
||||||
* @link https://fr.wordpress.org/support/article/debugging-in-wordpress/
|
|
||||||
*/
|
|
||||||
define( 'WP_DEBUG', false );
|
|
||||||
|
|
||||||
/* C’est tout, ne touchez pas à ce qui suit ! Bonne publication. */
|
|
||||||
|
|
||||||
/** Chemin absolu vers le dossier de WordPress. */
|
|
||||||
if ( ! defined( 'ABSPATH' ) )
|
|
||||||
define( 'ABSPATH', dirname( __FILE__ ) . '/' );
|
|
||||||
|
|
||||||
/** Réglage des variables de WordPress et de ses fichiers inclus. */
|
|
||||||
require_once( ABSPATH . 'wp-settings.php' );
|
|
||||||
define('DB_NAME', 'wordpress');
|
|
||||||
define('DB_HOST', '192.168.102.254');
|
|
||||||
define('DB_USER', 'wp');
|
|
||||||
define('DB_PASSWORD', 'wp');
|
|
@ -1,5 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: installation php et apache ...
|
- name: installation des paquets web
|
||||||
apt:
|
apt:
|
||||||
name:
|
name:
|
||||||
- apache2
|
- apache2
|
||||||
@ -8,3 +8,21 @@
|
|||||||
- php-mysql
|
- php-mysql
|
||||||
- mariadb-client
|
- mariadb-client
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
|
- name: install nfs-common
|
||||||
|
apt:
|
||||||
|
name: nfs-common
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: montage nfs pour word press
|
||||||
|
blockinfile:
|
||||||
|
path: /etc/fstab
|
||||||
|
block: |
|
||||||
|
192.168.102.253:/home/wordpress /var/www/html nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0
|
||||||
|
|
||||||
|
#- name: monte export wordpress
|
||||||
|
# ansible.posix.mount:
|
||||||
|
# path: /var/www/html
|
||||||
|
# state: mounted
|
||||||
|
# fstype: nfs
|
||||||
|
# src: 192.168.102.253:/exports/wordpress
|
||||||
|
80
roles/nxc-traefik/files/docker-compose.yml
Normal file
80
roles/nxc-traefik/files/docker-compose.yml
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
version: '3'
|
||||||
|
volumes:
|
||||||
|
nextcloud:
|
||||||
|
db:
|
||||||
|
|
||||||
|
networks:
|
||||||
|
proxy:
|
||||||
|
external: true
|
||||||
|
nxc:
|
||||||
|
external: false
|
||||||
|
|
||||||
|
services:
|
||||||
|
reverse-proxy:
|
||||||
|
# The official v2 Traefik docker image
|
||||||
|
image: traefik:latest
|
||||||
|
container_name: traefik
|
||||||
|
# Enables the web UI and tells Traefik to listen to docker
|
||||||
|
command: --api.insecure=true --providers.docker
|
||||||
|
ports:
|
||||||
|
# The HTTP port
|
||||||
|
- "80:80"
|
||||||
|
- "443:443"
|
||||||
|
# The Web UI (enabled by --api.insecure=true)
|
||||||
|
- "8080:8080"
|
||||||
|
volumes:
|
||||||
|
# So that Traefik can listen to the Docker events
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||||
|
# Map the static configuration into the container
|
||||||
|
- ./config/static.yml:/etc/traefik/traefik.yml:ro
|
||||||
|
# Map the dynamic configuration into the container
|
||||||
|
- ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
|
||||||
|
# Map the certificats into the container
|
||||||
|
- ./certs:/etc/certs:ro
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: mariadb:10.5
|
||||||
|
container_name: db
|
||||||
|
restart: always
|
||||||
|
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||||
|
volumes:
|
||||||
|
- db:/var/lib/mysql
|
||||||
|
networks:
|
||||||
|
- nxc
|
||||||
|
environment:
|
||||||
|
- MYSQL_ROOT_PASSWORD=Azerty1+
|
||||||
|
- MYSQL_PASSWORD=Azerty1+
|
||||||
|
- MYSQL_DATABASE=nextcloud
|
||||||
|
- MYSQL_USER=nextcloud
|
||||||
|
|
||||||
|
app:
|
||||||
|
image: nextcloud
|
||||||
|
container_name: app
|
||||||
|
restart: always
|
||||||
|
ports:
|
||||||
|
- 8081:80
|
||||||
|
#links:
|
||||||
|
depends_on:
|
||||||
|
- db
|
||||||
|
volumes:
|
||||||
|
- ./nextcloud:/var/www/html
|
||||||
|
networks:
|
||||||
|
- proxy
|
||||||
|
- nxc
|
||||||
|
labels:
|
||||||
|
# - "traefik.enable=true"
|
||||||
|
- "traefik.http.routers.app.rule=Host(`s-nxc.gsb.lan`)"
|
||||||
|
- "traefik.http.routers.app.tls=true"
|
||||||
|
- "traefik.enable=true"
|
||||||
|
- "traefik.docker.network=proxy"
|
||||||
|
# - "traefik.http.routers.app.entrypoints=websecure"
|
||||||
|
# - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
|
||||||
|
- "traefik.http.routers.app.service=app-service"
|
||||||
|
- "traefik.http.services.app-service.loadbalancer.server.port=80"
|
||||||
|
environment:
|
||||||
|
- MYSQL_PASSWORD=Azerty1+
|
||||||
|
- MYSQL_DATABASE=nextcloud
|
||||||
|
- MYSQL_USER=nextcloud
|
||||||
|
- MYSQL_HOST=db
|
@ -1,58 +0,0 @@
|
|||||||
version: '2'
|
|
||||||
|
|
||||||
volumes:
|
|
||||||
# nextcloud:
|
|
||||||
db:
|
|
||||||
|
|
||||||
services:
|
|
||||||
db:
|
|
||||||
image: mariadb
|
|
||||||
container_name: db
|
|
||||||
restart: always
|
|
||||||
#command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
|
||||||
command: --innodb-read-only-compressed=OFF
|
|
||||||
volumes:
|
|
||||||
- db:/var/lib/mysql
|
|
||||||
networks:
|
|
||||||
- nxc-db
|
|
||||||
environment:
|
|
||||||
- MYSQL_ROOT_PASSWORD=blabla
|
|
||||||
- MYSQL_PASSWORD=blabla
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
|
|
||||||
nxc:
|
|
||||||
image: nextcloud
|
|
||||||
restart: always
|
|
||||||
container_name: nxc
|
|
||||||
# ports:
|
|
||||||
# - 8080:80
|
|
||||||
# links:
|
|
||||||
depends_on:
|
|
||||||
- db
|
|
||||||
volumes:
|
|
||||||
- ./nextcloud:/var/www/html
|
|
||||||
environment:
|
|
||||||
- MYSQL_PASSWORD=blabla
|
|
||||||
- MYSQL_DATABASE=nextcloud
|
|
||||||
- MYSQL_USER=nextcloud
|
|
||||||
- MYSQL_HOST=db
|
|
||||||
labels:
|
|
||||||
# Enable this container to be mapped by traefik
|
|
||||||
# For more information, see: https://docs.traefik.io/providers/docker/#exposedbydefault
|
|
||||||
- "traefik.enable=true"
|
|
||||||
# URL to reach this container
|
|
||||||
- "traefik.http.routers.nxc.rule=Host(`s-nxc.gsb.lan`)"
|
|
||||||
# Activation of TLS
|
|
||||||
- "traefik.http.routers.nxc.tls=true"
|
|
||||||
# If port is different than 80, use the following service:
|
|
||||||
#- "traefik.http.services.<service_name>.loadbalancer.server.port=<port>"
|
|
||||||
# - "traefik.http.services.app.loadbalancer.server.port=8080"
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
- nxc-db
|
|
||||||
networks:
|
|
||||||
proxy:
|
|
||||||
external: true
|
|
||||||
nxc-db:
|
|
||||||
external: false
|
|
@ -1,6 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
docker-compose -f nextcloud.yml down
|
docker compose down -v
|
||||||
docker-compose -f traefik.yml down
|
|
||||||
sleep 1
|
sleep 1
|
||||||
docker-compose -f traefik.yml up -d --remove-orphans
|
docker compose up -d
|
||||||
docker-compose -f nextcloud.yml up -d
|
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
docker volume prune -f
|
|
||||||
docker container prune -f
|
docker compose down -v
|
||||||
docker image prune -f
|
#docker volume prune -f
|
||||||
|
#docker container prune -f
|
||||||
|
#docker image prune -f
|
||||||
|
@ -1,3 +1,2 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
docker-compose -f traefik.yml up -d
|
docker compose up -d
|
||||||
docker-compose -f nextcloud.yml up -d
|
|
||||||
|
@ -1,3 +1,2 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
docker-compose -f nextcloud.yml down
|
docker compose down
|
||||||
docker-compose -f traefik.yml down
|
|
||||||
|
@ -1,28 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
|
|
||||||
services:
|
|
||||||
reverse-proxy:
|
|
||||||
#image: traefik:v2.5
|
|
||||||
image: traefik
|
|
||||||
container_name: traefik
|
|
||||||
restart: always
|
|
||||||
security_opt:
|
|
||||||
- no-new-privileges:true
|
|
||||||
ports:
|
|
||||||
# Web
|
|
||||||
- 80:80
|
|
||||||
- 443:443
|
|
||||||
volumes:
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
|
||||||
# Map the static configuration into the container
|
|
||||||
- ./config/static.yml:/etc/traefik/traefik.yml:ro
|
|
||||||
# Map the dynamic configuration into the container
|
|
||||||
- ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
|
|
||||||
# Map the certificats into the container
|
|
||||||
- ./certs:/etc/certs:ro
|
|
||||||
networks:
|
|
||||||
- proxy
|
|
||||||
|
|
||||||
networks:
|
|
||||||
proxy:
|
|
||||||
external: true
|
|
@ -24,14 +24,9 @@
|
|||||||
src: dynamic.yml
|
src: dynamic.yml
|
||||||
dest: /root/nxc/config
|
dest: /root/nxc/config
|
||||||
|
|
||||||
- name: Copie de nextcloud.yml
|
- name: Copie de docker-compose.yml
|
||||||
copy:
|
copy:
|
||||||
src: nextcloud.yml
|
src: docker-compose.yml
|
||||||
dest: /root/nxc
|
|
||||||
|
|
||||||
- name: Copie de traefik.yml
|
|
||||||
copy:
|
|
||||||
src: traefik.yml
|
|
||||||
dest: /root/nxc
|
dest: /root/nxc
|
||||||
|
|
||||||
- name: Copie de nxc-stop.sh
|
- name: Copie de nxc-stop.sh
|
||||||
@ -76,3 +71,8 @@
|
|||||||
|
|
||||||
- name: Creation reseau docker proxy
|
- name: Creation reseau docker proxy
|
||||||
command: docker network create proxy
|
command: docker network create proxy
|
||||||
|
|
||||||
|
#- name: Démarrage du docker-compose...
|
||||||
|
#command: /bin/bash docker-compose up -d
|
||||||
|
#args:
|
||||||
|
#chdir: /root/nxc
|
||||||
|
@ -1,10 +1,14 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: Creation de .ssh
|
- name: Creation de .ssh
|
||||||
file: path=/root/.ssh mode=0700 state=directory
|
file:
|
||||||
|
path: /root/.ssh
|
||||||
|
mode: 0700
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: Copie cle public s-adm
|
- name: Copie cle publiique depuis s-adm
|
||||||
shell: curl 192.168.99.99/id_rsa.pub > ~/.ssh/authorized_keys
|
ansible.posix.authorized_key:
|
||||||
|
user: root
|
||||||
|
state: present
|
||||||
|
key: http://s-adm.gsb.adm/id_rsa.pub
|
||||||
|
|
||||||
#- name: Copie cle public s-spec
|
|
||||||
# shell: curl 192.168.99.10/id_rsa.pub >> ~/.ssh/authorized_keys
|
|
||||||
|
@ -14,8 +14,7 @@
|
|||||||
name: wireguard-tools
|
name: wireguard-tools
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
#- name: copie du fichier de configuration depuis r-vp1
|
|
||||||
# command: "sshpass -p 'root' scp -r root@192.168.99.112:/root/confwg/wg0-b.conf /etc/wireguard/"
|
|
||||||
|
|
||||||
#- name: renommage du fichier de configuration
|
#- name: renommage du fichier de configuration
|
||||||
# command: "mv /etc/wireguard/wg0-b.conf /etc/wireguard/wg0.conf"
|
# command: "mv /etc/wireguard/wg0-b.conf /etc/wireguard/wg0.conf"
|
||||||
|
@ -1,13 +1,19 @@
|
|||||||
Procédure d'installation de r-vp1 et de copie du fichier wg0-b.conf.
|
Procédure d'installation de **r-vp1** et de copie du fichier wg0-b.conf.
|
||||||
***
|
***
|
||||||
|
|
||||||
Depuis r-vp1 se deplacer dans le repertoire **/tools/ansible/gsb2023** pour executer le playbook:
|
|
||||||
**"ansible-playbook -i localhost, -c local r-vp1.yml"** puis reboot r-vp1.
|
|
||||||
|
|
||||||
Attendre la fin de l'installation. Ensuite faire une copie distante du fichier
|
Depuis **r-vp1** se deplacer dans le repertoire **/tools/ansible/gsb2023** pour executer le playbook:
|
||||||
wg0-b.conf sur r-vp2 **"scp /confwg/wg0-b.conf root@'ip r-vp2':/etc/wireguard/"**.
|
**"ansible-playbook -i localhost, -c local r-vp1.yml"** puis reboot **r-vp1**.
|
||||||
|
|
||||||
Renommer les fichiers en **wg0.conf**
|
|
||||||
|
Sur **r-vp1**:
|
||||||
|
|
||||||
|
Attendre la fin de l'installation. Ensuite lancer un serveur http avec python3 pour récuperer le fichier
|
||||||
|
wg0-b.conf sur **r-vp2** . Lancer le script **r-vp1-post.sh** dans **/tools/ansible/gsb2023/Scripts**.
|
||||||
|
|
||||||
|
|
||||||
|
Sur **r-vp2**:
|
||||||
|
|
||||||
|
Lancer le script r-vp2-post.sh dans **/tools/ansible/gsb2023/Scripts** pour recuperer wg0-b.conf
|
||||||
|
et qui renomme le fichier en **wg0.conf** . Il redémarre et active le service **wg-quick@wg0**.
|
||||||
|
|
||||||
Executer **"systemctl enable wg-quick@wg0"** puis **"systemctl start wg-quick@wg0"** sur r-vp1 et r-vp2.
|
|
||||||
Entrer la commande **"wg"** pour voir si l'interface wg0 est correctement montée.
|
|
||||||
|
@ -39,3 +39,4 @@
|
|||||||
name: wg-quick@wg0
|
name: wg-quick@wg0
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: restarted
|
state: restarted
|
||||||
|
|
||||||
|
40
s-lb-bd.yml
40
s-lb-bd.yml
@ -3,47 +3,11 @@
|
|||||||
become: true
|
become: true
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
- name: modules python pour
|
|
||||||
apt:
|
|
||||||
name: python3-pymysql
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: install mariadb-server
|
|
||||||
apt:
|
|
||||||
name: mariadb-server
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Cree Bd wordpress
|
|
||||||
mysql_db:
|
|
||||||
db: wordpressdb
|
|
||||||
login_unix_socket: /var/run/mysqld/mysqld.sock
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Ouvre port 3306 mariadb-server
|
|
||||||
replace:
|
|
||||||
path: /etc/mysql/mariadb.conf.d/50-server.cnf
|
|
||||||
regexp: '^bind-address.*'
|
|
||||||
replace: '#bind-adress = 127.0.0.1'
|
|
||||||
backup: yes
|
|
||||||
notify: restart mariadb
|
|
||||||
|
|
||||||
- name: Create MySQL user for wordpress
|
|
||||||
mysql_user:
|
|
||||||
name: wordpressuser
|
|
||||||
password: wordpresspasswd
|
|
||||||
priv: "wordpressdb.*:ALL"
|
|
||||||
host: '%'
|
|
||||||
state: present
|
|
||||||
login_unix_socket: /var/run/mysqld/mysqld.sock
|
|
||||||
|
|
||||||
handlers:
|
|
||||||
- name: restart mariadb
|
|
||||||
ansible.builtin.service:
|
|
||||||
name: mariadb
|
|
||||||
state: restarted
|
|
||||||
|
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
- goss
|
- goss
|
||||||
|
- lb-bd
|
||||||
- post
|
- post
|
||||||
- snmp-agent
|
- snmp-agent
|
||||||
|
- ssh-cli
|
||||||
|
@ -4,7 +4,8 @@
|
|||||||
|
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
|
- post
|
||||||
- lb-web
|
- lb-web
|
||||||
- snmp-agent
|
- snmp-agent
|
||||||
- lb-nfs-client
|
- ssh-cli
|
||||||
- post
|
|
||||||
|
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
roles:
|
roles:
|
||||||
- base
|
- base
|
||||||
|
- post
|
||||||
- lb-web
|
- lb-web
|
||||||
- snmp-agent
|
- snmp-agent
|
||||||
- lb-nfs-client
|
- ssh-cli
|
||||||
- post
|
|
||||||
|
1
s-lb.yml
1
s-lb.yml
@ -7,5 +7,6 @@
|
|||||||
- goss
|
- goss
|
||||||
- lb-front
|
- lb-front
|
||||||
- snmp-agent
|
- snmp-agent
|
||||||
|
- ssh-cli
|
||||||
- post
|
- post
|
||||||
|
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
mkvmrelease="v1.2"
|
mkvmrelease="v1.2.1"
|
||||||
|
|
||||||
ovarelease="2023a"
|
ovarelease="2023a"
|
||||||
ovafogrelease="2023a"
|
ovafogrelease="2023a"
|
||||||
@ -11,7 +11,7 @@ deletemode=0
|
|||||||
usage () {
|
usage () {
|
||||||
echo "$0 - version ${mkvmrelease} - Ova version ${ovarelease}"
|
echo "$0 - version ${mkvmrelease} - Ova version ${ovarelease}"
|
||||||
echo "$0 : creation VM et parametrage interfaces"
|
echo "$0 : creation VM et parametrage interfaces"
|
||||||
echo "usage : $0 [-r] <s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog>"
|
echo "usage : $0 [-r] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog>"
|
||||||
echo " option -r : efface vm existante avant creation nouvelle"
|
echo " option -r : efface vm existante avant creation nouvelle"
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
@ -33,7 +33,6 @@ create_vm () {
|
|||||||
}
|
}
|
||||||
|
|
||||||
setif () {
|
setif () {
|
||||||
|
|
||||||
VBoxManage modifyvm "$1" --nic"${2}" intnet
|
VBoxManage modifyvm "$1" --nic"${2}" intnet
|
||||||
VBoxManage modifyvm "$1" --intnet"${2}" "$3"
|
VBoxManage modifyvm "$1" --intnet"${2}" "$3"
|
||||||
VBoxManage modifyvm "$1" --nictype"${2}" 82540EM
|
VBoxManage modifyvm "$1" --nictype"${2}" 82540EM
|
||||||
@ -66,7 +65,9 @@ fi
|
|||||||
vm="$1"
|
vm="$1"
|
||||||
|
|
||||||
create_vm "${vm}"
|
create_vm "${vm}"
|
||||||
if [[ "${vm}" == "s-infra" ]] ; then
|
if [[ "${vm}" == "s-adm" ]] ; then
|
||||||
|
bash addint.s-adm
|
||||||
|
elif [[ "${vm}" == "s-infra" ]] ; then
|
||||||
create_if "${vm}" "n-adm" "n-infra"
|
create_if "${vm}" "n-adm" "n-infra"
|
||||||
elif [[ "${vm}" == "s-proxy" ]] ; then
|
elif [[ "${vm}" == "s-proxy" ]] ; then
|
||||||
create_if "${vm}" "n-adm" "n-infra"
|
create_if "${vm}" "n-adm" "n-infra"
|
||||||
|
156
scripts/mkvm.ps1
Normal file
156
scripts/mkvm.ps1
Normal file
@ -0,0 +1,156 @@
|
|||||||
|
# POUR POUVOIR EXECUTER DES SCRIPTS POWERSHELL SOUS WINDOWS LANCER COMMANDE SUIVANTE EN ADMIN SOUS POWERSHELL
|
||||||
|
# set-executionpolicy unrestricted
|
||||||
|
|
||||||
|
#mkvm pour toutes les vms
|
||||||
|
|
||||||
|
$mkvmrelease="v1.2"
|
||||||
|
$ovarelease="2023a"
|
||||||
|
$ovafogrelease="2023a"
|
||||||
|
$ovafile="$HOME\Downloads\debian-bullseye-gsb-${ovarelease}.ova"
|
||||||
|
$ovafilefog="$HOME\Downloads\debian-buster-gsb-${ovafogrelease}.ova"
|
||||||
|
$vboxmanage="C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"
|
||||||
|
$deletemode=0
|
||||||
|
|
||||||
|
#FONCTIONS
|
||||||
|
|
||||||
|
function create_vm{ param([string]$nomvm)
|
||||||
|
#Importation depuis l'ova
|
||||||
|
& "$vboxmanage" import "$ovafile" --vsys 0 --vmname "$nomvm"
|
||||||
|
Write-Host "Machine $nomvm importée"
|
||||||
|
}
|
||||||
|
|
||||||
|
function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$reseau)
|
||||||
|
#Création d'une interface
|
||||||
|
if ($nomvm -and $nic -and $rang -and $reseau) {
|
||||||
|
if ($nic -eq "bridge") {
|
||||||
|
#Création d'une interface en pont
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --nic"$rang" bridged
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --nictype"$rang" virtio
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --cableconnected"$rang" on
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --nicpromisc"$rang" allow-all
|
||||||
|
Write-Host "$nomvm : IF$rang $nic"
|
||||||
|
}
|
||||||
|
elseif ($nic -eq "int") {
|
||||||
|
#Création d'une interface en reseau interne
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --nic"$rang" intnet
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --intnet"$rang" "$reseau"
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --nictype"$rang" virtio
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --cableconnected"$rang" on
|
||||||
|
& "$vboxmanage" modifyvm "$nomvm" --nicpromisc"$rang" allow-all
|
||||||
|
Write-Host "$nomvm : IF$rang $nic $reseau"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function usage{
|
||||||
|
Write-Host "usage : mkvm ${myInvocation.ScriptName} <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-agence|s-appli|s-backup|s-itil|s-ncx|s-fog|s-dns-ext|s-web-ext|s-lb|s-lb-bd|s-lb-web1|s-lb-web2|s-lb-web3>"
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($args[0] -eq "s-adm") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "bridge" 1 "null"
|
||||||
|
create_if $args[0] "int" 2 "n-adm"
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "r-int") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-link"
|
||||||
|
create_if $args[0] "int" 3 "n-wifi"
|
||||||
|
create_if $args[0] "int" 4 "n-user"
|
||||||
|
create_if $args[0] "int" 5 "n-infra"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "r-ext") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-dmz"
|
||||||
|
create_if $args[0] "bridge" 3 "null"
|
||||||
|
create_if $args[0] "int" 4 "n-linkv"
|
||||||
|
create_if $args[0] "int" 5 "n-link"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (((((((($args[0] -eq "s-elk") `
|
||||||
|
-or ($args[0] -eq "s-mon") `
|
||||||
|
-or ($args[0] -eq "s-backup") `
|
||||||
|
-or ($args[0] -eq "s-appli") `
|
||||||
|
-or ($args[0] -eq "s-infra") `
|
||||||
|
-or ($args[0] -eq "s-proxy") `
|
||||||
|
-or ($args[0] -eq "s-itil") `
|
||||||
|
-or ($args[0] -eq "s-nxc") `
|
||||||
|
))))))) {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-infra"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "s-fog") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-infra"
|
||||||
|
create_if $args[0] "int" 3 "n-user"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "s-agence") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-agence"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "s-lb") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-dmz"
|
||||||
|
create_if $args[0] "int" 3 "n-dmz-lb"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (($args[0] -eq "s-lb-db") -or ($args[0] -eq "s-nas")) {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-dmz-db"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ((($args[0] -eq "s-lb-web1") -or ($args[0] -eq "s-lb-web2") -or ($args[0] -eq "s-lb-web3"))) {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-dmz-lb"
|
||||||
|
create_if $args[0] "int" 3 "n-dmz-db"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif (($args[0] -eq "s-dns-ext") -or ($args[0] -eq "s-web-ext")) {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-infra"
|
||||||
|
create_if $args[0] "int" 3 "n-user"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "r-vp1") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-linkv"
|
||||||
|
create_if $args[0] "bridge" 3 "null"
|
||||||
|
}
|
||||||
|
|
||||||
|
elseif ($args[0] -eq "r-vp2") {
|
||||||
|
|
||||||
|
create_vm $args[0]
|
||||||
|
create_if $args[0] "int" 1 "n-adm"
|
||||||
|
create_if $args[0] "int" 2 "n-agence"
|
||||||
|
create_if $args[0] "bridge" 3 "null"
|
||||||
|
}
|
||||||
|
|
||||||
|
else {
|
||||||
|
usage
|
||||||
|
}
|
5
scripts/r-vp1-post.sh
Normal file
5
scripts/r-vp1-post.sh
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#stoper le fw
|
||||||
|
systemctl stop ferm
|
||||||
|
#ouverture du service web pour copie distante
|
||||||
|
cd /root/confwg/ && python3 -m http.server 8000 &
|
7
scripts/r-vp2-post.sh
Normal file
7
scripts/r-vp2-post.sh
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#recuperation du fichier de config
|
||||||
|
wget http://r-vp1.gsb.adm:8000/wg0-b.qconf
|
||||||
|
#renomage fichier et mv
|
||||||
|
mv ./wg0-b.conf /etc/wireguard/wg0.conf
|
||||||
|
#activation interface wg0
|
||||||
|
systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0
|
Reference in New Issue
Block a user