reorg. + doc

README.md

@@ -1,6 +1,6 @@
 # gsb2023
 
-2023-01-30 ps 
+2023-02-01 ps 
 
 Environnement et playbooks ansible pour le projet GSB 2023
 
@@ -13,7 +13,6 @@ Prérequis :
     * **debian-buster-gsb-2023a.ova**
 
 
-
   * **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid 
   * **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad**
   * **r-int** : routage, DHCP 
@@ -42,13 +41,25 @@ Prérequis :
 
 ## Installation
 
-On utilisera l'image de machine virtuelle suivante : 
+On utilisera les images de machines virtuelle suivantes : 
   * **debian-bullseye-2023a.ova** (2023-01-06)
     * Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go
 
+et pour **s-fog** : 
+  * **debian-buster-2023a.ova** (2023-01-06)
+    * Debian Buster 10 - 2 cartes - 1 Go - stockage 20 Go
+
+On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer une VM
+
+```shell
+gsb2023>
+cd pre
+$ mkvm s-adm
+
+```
 
 ### Machine s-adm
-  * créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut
+  * créer la machine virtuelle **s-adm** avec **mkvm * comme décrit plus haut.
   * renommer la machine puis redémarrer
   * taper :
 ```shell
@@ -66,11 +77,10 @@ On utilisera l'image de machine virtuelle suivante :
   
 ### Pour chaque machine
 
-  - importer la machine à partir du fichier **.ova**
-  - définir les cartes réseau en accord avec le plan d'adressage et le schéma
+  - créer la machine avec **mkvm**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications 
   - donner le nom adapté (avec sed -i …)
   - redémarrer
-  - mettre à jour les paquets : apt update && apt upgrade
+  - mettre à jour les paquets : apt update 
   - cloner le dépot : 
 ```shell
 mkdir -p tools/ansible ; cd tools/ansible

roles/lb-bd/files/.my.cnf

@@ -1,3 +0,0 @@
-[client]
-user=root
-password=root

roles/lb-bd/files/installmysql.sh

@@ -1,16 +0,0 @@
-# Download and Install the Latest Updates for the OS
-apt-get update && apt-get upgrade -y
-
-# Install MySQL Server in a Non-Interactive mode. Default root password will be "root"
-echo "mysql-server mysql-server/root_password password root" | debconf-set-selections
-echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
-apt-get -y install mysql-server
-
-
-# Run the MySQL Secure Installation wizard
-mysql_secure_installation
-
-sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /etc/mysql/my.cnf
-mysql -uroot -p -e 'USE mysql; UPDATE `user` SET `Host`="%" WHERE `User`="root" AND `Host`="localhost"; DELETE FROM `user` WHERE `Host` != "%" AND `User`="root"; FLUSH PRIVILEGES;'
-
-service mysql restart

roles/lb-bd/files/my.cnf

@@ -1,128 +0,0 @@
-#
-# The MySQL database server configuration file.
-#
-# You can copy this to one of:
-# - "/etc/mysql/my.cnf" to set global options,
-# - "~/.my.cnf" to set user-specific options.
-# 
-# One can use all long options that the program supports.
-# Run program with --help to get a list of available options and with
-# --print-defaults to see which it would actually understand and use.
-#
-# For explanations see
-# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
-
-# This will be passed to all mysql clients
-# It has been reported that passwords should be enclosed with ticks/quotes
-# escpecially if they contain "#" chars...
-# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
-[client]
-port		= 3306
-socket		= /var/run/mysqld/mysqld.sock
-
-# Here is entries for some specific programs
-# The following values assume you have at least 32M ram
-
-# This was formally known as [safe_mysqld]. Both versions are currently parsed.
-[mysqld_safe]
-socket		= /var/run/mysqld/mysqld.sock
-nice		= 0
-
-[mysqld]
-#
-# * Basic Settings
-#
-user		= mysql
-pid-file	= /var/run/mysqld/mysqld.pid
-socket		= /var/run/mysqld/mysqld.sock
-port		= 3306
-basedir		= /usr
-datadir		= /var/lib/mysql
-tmpdir		= /tmp
-lc-messages-dir	= /usr/share/mysql
-skip-external-locking
-#
-# Instead of skip-networking the default is now to listen only on
-# localhost which is more compatible and is not less secure.
-#bind-address		= 127.0.0.1
-#
-# * Fine Tuning
-#
-key_buffer		= 16M
-max_allowed_packet	= 16M
-thread_stack		= 192K
-thread_cache_size       = 8
-# This replaces the startup script and checks MyISAM tables if needed
-# the first time they are touched
-myisam-recover         = BACKUP
-#max_connections        = 100
-#table_cache            = 64
-#thread_concurrency     = 10
-#
-# * Query Cache Configuration
-#
-query_cache_limit	= 1M
-query_cache_size        = 16M
-#
-# * Logging and Replication
-#
-# Both location gets rotated by the cronjob.
-# Be aware that this log type is a performance killer.
-# As of 5.1 you can enable the log at runtime!
-#general_log_file        = /var/log/mysql/mysql.log
-#general_log             = 1
-#
-# Error log - should be very few entries.
-#
-log_error = /var/log/mysql/error.log
-#
-# Here you can see queries with especially long duration
-#slow_query_log_file = /var/log/mysql/mysql-slow.log
-#slow_query_log      = 1
-#long_query_time = 2
-#log_queries_not_using_indexes
-#
-# The following can be used as easy to replay backup logs or for replication.
-# note: if you are setting up a replication slave, see README.Debian about
-#       other settings you may need to change.
-#server-id		= 1
-#log_bin			= /var/log/mysql/mysql-bin.log
-expire_logs_days	= 10
-max_binlog_size         = 100M
-#binlog_do_db		= include_database_name
-#binlog_ignore_db	= include_database_name
-#
-# * InnoDB
-#
-# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
-# Read the manual for more InnoDB related options. There are many!
-#
-# * Security Features
-#
-# Read the manual, too, if you want chroot!
-# chroot = /var/lib/mysql/
-#
-# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
-#
-# ssl-ca=/etc/mysql/cacert.pem
-# ssl-cert=/etc/mysql/server-cert.pem
-# ssl-key=/etc/mysql/server-key.pem
-
-
-
-[mysqldump]
-quick
-quote-names
-max_allowed_packet	= 16M
-
-[mysql]
-#no-auto-rehash	# faster start of mysql but no tab completition
-
-[isamchk]
-key_buffer		= 16M
-
-#
-# * IMPORTANT: Additional settings that can override those from this file!
-#   The files must end with '.cnf', otherwise they'll be ignored.
-#
-!includedir /etc/mysql/conf.d/

roles/lb-bd/handlers/main.yml

@@ -1,3 +1,4 @@
 ---
- - name: restart mysql-server
-   service: name=mysql-server state=restarted
+- name: restart mariadb
+  ansible.builtin.service:
+    name: mariadb

roles/lb-bd/tasks/main.yml

@@ -1,4 +1,35 @@
 ---
-- name: Install paquets
-  apt: name=mysql-server state=present force=yes
+
+- name: modules python pour
+  apt:
+    name: python3-pymysql
+    state: present
+
+- name: install mariadb-server
+  apt:
+    name: mariadb-server
+    state: present
+
+- name: Cree Bd wordpress
+  mysql_db:
+    db: wordpressdb
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    state: present
+
+- name: Ouvre port 3306 mariadb-server
+  replace:
+    path: /etc/mysql/mariadb.conf.d/50-server.cnf
+    regexp: '^bind-address.*'
+    replace: '#bind-adress = 127.0.0.1'
+    backup: yes
+  notify: restart mariadb
+
+- name: Create MySQL user for wordpress
+  mysql_user:
+    name: wordpressuser
+    password: wordpresspasswd
+    priv: "wordpressdb.*:ALL"
+    host: '%'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
 

roles/wireguard-r/README.md

@@ -4,10 +4,11 @@ Procédure d'installation de r-vp1 et de copie du fichier wg0-b.conf.
 Depuis r-vp1 se deplacer dans le repertoire **/tools/ansible/gsb2023** pour executer le playbook:
 **"ansible-playbook -i localhost, -c local r-vp1.yml"** puis reboot r-vp1.
 
-Attendre la fin de l'installation. Ensuite faire une copie distante du fichier
-wg0-b.conf sur r-vp2 **"scp /confwg/wg0-b.conf root@'ip r-vp2':/etc/wireguard/"**.
- 
-Renommer les fichiers en **wg0.conf**
+Sur r-vp1:
+Attendre la fin de l'installation. Ensuite faire une ouverture serveur web avec python3 pour récuperer le fichier
+wg0-b.conf sur r-vp2. Lancer le script r-vp1-post.sh dans **/tools/ansible/gsb2023/Scripts**.
+
+Sur r-vp2:
+Lancer le script r-vp2-post.sh dans **/tools/ansible/gsb2023/Scripts** pour recuperer wg0-b.conf
+et qui renomme le fichier en **wg0.conf** . Il redémarre et active le service **wg-quick@wg0**.
 
-Executer **"systemctl enable wg-quick@wg0"** puis **"systemctl start wg-quick@wg0"** sur r-vp1 et r-vp2.
-Entrer la commande **"wg"** pour voir si l'interface wg0 est correctement montée. 

s-lb-bd.yml

@@ -3,47 +3,11 @@
   become: true
   tasks:
 
-  - name: modules python pour
-    apt:
-      name: python3-pymysql
-      state: present
-
-  - name: install mariadb-server
-    apt:
-      name: mariadb-server
-      state: present
-
-  - name: Cree Bd wordpress
-    mysql_db:
-      db: wordpressdb
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-      state: present
-
-  - name: Ouvre port 3306 mariadb-server
-    replace:
-      path: /etc/mysql/mariadb.conf.d/50-server.cnf
-      regexp: '^bind-address.*'
-      replace: '#bind-adress = 127.0.0.1'
-      backup: yes
-    notify: restart mariadb
-
-  - name: Create MySQL user for wordpress
-    mysql_user:
-      name: wordpressuser
-      password: wordpresspasswd
-      priv: "wordpressdb.*:ALL"
-      host: '%'
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  handlers:
-    - name: restart mariadb
-      ansible.builtin.service:
-        name: mariadb
-        state: restarted
 
   roles:
     - base
     - goss
+    - lb-bd
     - post
     - snmp-agent
+    - ssh-cli

s-lb-web1.yml

@@ -7,3 +7,5 @@
     - post
     - lb-web
     - snmp-agent
+    - ssh-cli
+

s-lb-web2.yml

@@ -7,3 +7,4 @@
     - post
     - lb-web
     - snmp-agent
+    - ssh-cli

s-lb.yml

@@ -7,5 +7,6 @@
      - goss
      - lb-front
      - snmp-agent
+     - ssh-cli
      - post
 

scripts/mkvm.ps1

@@ -22,11 +22,10 @@ function create_vm{ param([string]$nomvm)
 function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$reseau)
 	#Création d'une interface
 	if ($nomvm -and $nic -and $rang -and $reseau) {
-	#if ("1" -eq "1") {
 		if ($nic -eq "bridge") {
 			#Création d'une interface en pont
 			& "$vboxmanage" modifyvm  "$nomvm" --nic"$rang" bridged
-			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" 82540EM
+			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" virtio
 			& "$vboxmanage" modifyvm  "$nomvm" --cableconnected"$rang" on
 			& "$vboxmanage" modifyvm  "$nomvm" --nicpromisc"$rang" allow-all
 			Write-Host "$nomvm : IF$rang $nic"
@@ -35,7 +34,7 @@ function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$res
 			#Création d'une interface en reseau interne
 			& "$vboxmanage" modifyvm  "$nomvm" --nic"$rang" intnet
 			& "$vboxmanage" modifyvm  "$nomvm" --intnet"$rang" "$reseau"
-			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" 82540EM
+			& "$vboxmanage" modifyvm  "$nomvm" --nictype"$rang" virtio
 			& "$vboxmanage" modifyvm  "$nomvm" --cableconnected"$rang" on
 			& "$vboxmanage" modifyvm  "$nomvm" --nicpromisc"$rang" allow-all
 			Write-Host "$nomvm : IF$rang $nic $reseau"
@@ -43,6 +42,9 @@ function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$res
 	}
 }
 
+function usage{
+	Write-Host "usage : mkvm ${myInvocation.ScriptName} <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-agence|s-appli|s-backup|s-itil|s-ncx|s-fog|s-dns-ext|s-web-ext|s-lb|s-lb-bd|s-lb-web1|s-lb-web2|s-lb-web3>"
+}
 
 if ($args[0] -eq "s-adm") {
 
@@ -52,107 +54,103 @@ if ($args[0] -eq "s-adm") {
 	
 }
 
-elseif ($args[0] -eq "s-infra") {
+elseif ($args[0] -eq "r-int") {
 
 	create_vm $args[0]
 	create_if $args[0] "int" 1 "n-adm"
-	create_if $args[0] "int" 2 "n-infra"
-
-#création de la première interface
-& "$vboxmanage" modifyvm  "s-infra" --nic1 intnet
-& "$vboxmanage" modifyvm  "s-infra" --intnet1 "n-adm"
-& "$vboxmanage" modifyvm  "s-infra" --nictype1 82540EM
-& "$vboxmanage" modifyvm  "s-infra" --cableconnected1 on
-& "$vboxmanage" modifyvm  "s-infra" --nicpromisc1 allow-all
-
-#création de la deuxième interface
-& "$vboxmanage" modifyvm  "s-infra" --nic2 intnet
-& "$vboxmanage" modifyvm  "s-infra" --intnet2 "n-infra"
-& "$vboxmanage" modifyvm  "s-infra" --nictype2 82540EM
-& "$vboxmanage" modifyvm  "s-infra" --cableconnected2 on
-& "$vboxmanage" modifyvm  "s-infra" --nicpromisc2 allow-all
-}
-
-elseif ($args[0] -eq "r-int") {
-
-	create_vm($args[0])
-
-#interface 1
-& "$vboxmanage" modifyvm  "r-int" --nic1 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet1 "n-adm"
-& "$vboxmanage" modifyvm  "r-int" --nictype1 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected1 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc1 allow-all
-
-#interface 2
-& "$vboxmanage" modifyvm  "r-int" --nic2 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet2 "n-link"
-& "$vboxmanage" modifyvm  "r-int" --nictype2 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected2 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc2 allow-all
-
-#interface 3
-& "$vboxmanage" modifyvm  "r-int" --nic3 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet3 "n-wifi"
-& "$vboxmanage" modifyvm  "r-int" --nictype3 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected3 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc3 allow-all
-
-#interface 4
-& "$vboxmanage" modifyvm  "r-int" --nic4 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet4 "n-user"
-& "$vboxmanage" modifyvm  "r-int" --nictype4 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected4 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc4 allow-all
-
-#interface 5
-& "$vboxmanage" modifyvm  "r-int" --nic5 intnet
-& "$vboxmanage" modifyvm  "r-int" --intnet5 "n-infra"
-& "$vboxmanage" modifyvm  "r-int" --nictype5 82540EM
-& "$vboxmanage" modifyvm  "r-int" --cableconnected5 on
-& "$vboxmanage" modifyvm  "r-int" --nicpromisc5 allow-all
+	create_if $args[0] "int" 2 "n-link"
+	create_if $args[0] "int" 3 "n-wifi"
+	create_if $args[0] "int" 4 "n-user"
+	create_if $args[0] "int" 5 "n-infra"
 }
 
 elseif ($args[0] -eq "r-ext") {
 
-	create_vm($args[0])
-
-#interface 1
-& "$vboxmanage" modifyvm  "r-ext" --nic1 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet1 "n-adm"
-& "$vboxmanage" modifyvm  "r-ext" --nictype1 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected1 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc1 allow-all
-
-#interface 2
-& "$vboxmanage" modifyvm  "r-ext" --nic2 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet2 "n-dmz"
-& "$vboxmanage" modifyvm  "r-ext" --nictype2 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected2 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc2 allow-all
-
-#interface 3
-& "$vboxmanage" modifyvm  "r-ext" --nic3 bridged
-& "$vboxmanage" modifyvm  "r-ext" --nictype3 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected3 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc3 allow-all
-
-#interface 4
-& "$vboxmanage" modifyvm  "r-ext" --nic4 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet4 "n-linkv"
-& "$vboxmanage" modifyvm  "r-ext" --nictype4 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected4 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc4 allow-all
-
-#interface 5
-& "$vboxmanage" modifyvm  "r-ext" --nic5 intnet
-& "$vboxmanage" modifyvm  "r-ext" --intnet5 "n-link"
-& "$vboxmanage" modifyvm  "r-ext" --nictype5 82540EM
-& "$vboxmanage" modifyvm  "r-ext" --cableconnected5 on
-& "$vboxmanage" modifyvm  "r-ext" --nicpromisc5 allow-all
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz"
+	create_if $args[0] "bridge" 3 "null"
+	create_if $args[0] "int" 4 "n-linkv"
+	create_if $args[0] "int" 5 "n-link"
 }
 
-elseif ($args[0] -eq "test") {
+elseif (((((((($args[0] -eq "s-elk") `
+-or ($args[0] -eq "s-mon") `
+-or ($args[0] -eq "s-backup") `
+-or ($args[0] -eq "s-appli") `
+-or ($args[0] -eq "s-infra") `
+-or ($args[0] -eq "s-proxy") `
+-or ($args[0] -eq "s-itil") `
+-or ($args[0] -eq "s-nxc") `
+))))))) {
 
-fonction1 $args[0] $args[1]
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+}
+
+elseif ($args[0] -eq "s-fog") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	create_if $args[0] "int" 3 "n-user"
+}
+
+elseif ($args[0] -eq "s-agence") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-agence"
+}
+
+elseif ($args[0] -eq "s-lb") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz"
+	create_if $args[0] "int" 3 "n-dmz-lb"
+}
+
+elseif (($args[0] -eq "s-lb-db") -or ($args[0] -eq "s-nas")) {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz-db"
+}
+
+elseif ((($args[0] -eq "s-lb-web1") -or ($args[0] -eq "s-lb-web2") -or ($args[0] -eq "s-lb-web3"))) {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-dmz-lb"
+	create_if $args[0] "int" 3 "n-dmz-db"
+}
+
+elseif (($args[0] -eq "s-dns-ext") -or ($args[0] -eq "s-web-ext")) {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	create_if $args[0] "int" 3 "n-user"
+}
+
+elseif ($args[0] -eq "r-vp1") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-linkv"
+	create_if $args[0] "bridge" 3 "null"
+}
+
+elseif ($args[0] -eq "r-vp2") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-agence"
+	create_if $args[0] "bridge" 3 "null"
+}
+
+else {
+	usage
 }

scripts/r-vp2-post.sh

@@ -3,3 +3,5 @@
 wget http://r-vp1.gsb.adm:8000/wg0-b.qconf
 #renomage fichier et mv
 mv ./wg0-b.conf /etc/wireguard/wg0.conf
+#activation interface wg0
+systemctl enable wg-quick@wg0 && systemctl start wg-quick@wg0