nagios ok mail

goss/s-webcom.yaml

@@ -0,0 +1,24 @@
+package:
+  apache2:
+    installed: true
+addr:
+  tcp://depl.sio.lan:80:
+    reachable: true
+    timeout: 500
+port:
+  tcp:80:
+    listening: true
+service:
+  apache2:
+dns:
+  depl.sio.lan:
+    resolveable: true
+    timeout: 500
+process:
+  apache2:
+    running: true
+interface:
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.12/24

lisezmoi.txt

@@ -7,7 +7,7 @@ Ce document décrit les divers élements du projet GSB du BTS SIO utilisé pour
 Le projet GSB décrit les diférents playbooks permttant d'installer les
 machines du projet GSB
 
-Les répertoires :
+Les répertoires : 
 
 - roles : les roles
 - goss : les outils de test

pre/pull-config

@@ -5,7 +5,7 @@ prj=gsb2023
 opt=""
 
 if [ -z ${UREP+x} ]; then 
-	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git 
+	UREP=https://gitea.lyc-lecastel.fr/anthony.arnoux/gsb2023.git 
 fi
 
 dir=/root/tools/ansible

pull-config

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 if [ -z ${UREP+x} ]; then 
-	UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git 
+	UREP=https://gitea.lyc-lecastel.fr/anthony.arnoux/gsb2023.git 
 fi
 
 dir=/root/tools/ansible

r-vp1.yml

@@ -16,4 +16,5 @@
    - wireguard-r
    - ssh-cli
    - syslog-cli
+   - fw-ferm
    

r-vp2.yml

@@ -19,3 +19,4 @@
    - post
    - ssh-cli
    - syslog-cli
+   - fw-ferm

roles/apache2only/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted

roles/apache2only/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+- name: apt update
+  apt:
+    update_cache: yes
+    cache_valid_time: 3600
+
+- name: Install apache2
+  apt:
+    pkg:
+    - apache2

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023040501      ; Serial
+                        2023060100      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -26,6 +26,7 @@ s-docker	IN	A	172.16.0.7
 s-mon    	IN      A       172.16.0.8
 s-itil		IN	A	172.16.0.9
 s-elk		IN	A	172.16.0.11
+s-webcom	IN	A	172.16.0.12
 s-gestsup	IN	A	172.16.0.17
 r-int    	IN      A       172.16.0.254
 r-int-lnk    	IN      A       192.168.200.254
@@ -36,4 +37,5 @@ s-web2          IN      A       192.168.101.2
 s-lb.gsb.lan    IN      A       192.168.100.10
 ns   	        IN      CNAME   s-infra.gsb.lan.
 wpad		IN	CNAME	s-infra.gsb.lan.
-peertube	IN	A	192.168.100.20
+s-peertube	IN	A	192.168.100.20
+peertube 	IN 	CNAME 	s-peertube

roles/dns-master/files/db.gsb.lan.rev

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023040501      ; Serial
+                        2023060100      ; Serial
                         7200            ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -26,6 +26,6 @@ $TTL    604800
 100.10   IN      PTR      s-lb
 100.10   IN      PTR      s-lb.gsb.lan
 11.0	  IN	  PTR	  s-elk.gsb.lan.
+12.0	  IN	  PTR	  s-webcom.gsb.lan.
 17.0	  IN	  PTR	  s-gestsup.lan
-254.0     IN      PTR     r-int.gsb.lan.
+254.0     IN      PTR     r-int.gsb.lan.
-100.20	IN	PTR	  s-peertube

roles/fog/tasks/main.yml

@@ -22,5 +22,5 @@
   command: "cp /root/tools/ansible/roles/fog/files/fogsettings /opt/fog/"
 
 - name: fichier fogsettings en .fogsettings
-command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
+  command: "mv /opt/fog/fogsettings /opt/fog/.fogsettings"
 

roles/nagios/files/cfg/s-webcom.cfg

@@ -0,0 +1,14 @@
+# A simple configuration file for monitoring the local host
+# This can serve as an example for configuring other servers;
+# Custom services specific to this host are added here, but services
+# defined in nagios2-common_services.cfg may also apply.
+# 
+
+define host{
+        use                     linux-server            ; Name of host template to use
+        host_name               s-webcom
+        alias                   debian-servers, http-servers
+        address                 172.16.0.12
+		parents			r-ext
+        }
+

roles/nagios/files/commands.cfg

@@ -11,13 +11,13 @@
 # 'notify-host-by-email' command definition
 define command{
 	command_name	notify-host-by-email
-	command_line	/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
+	command_line	/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nServer : $HOSTNAME$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Host Alert: $HOSTNAME$ is $HOSTSTATE$ **" $CONTACTEMAIL$
 	}
 
 # 'notify-service-by-email' command definition
 define command{
 	command_name	notify-service-by-email
-	command_line	/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
+	command_line	/usr/bin/printf "%b" "***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\n\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nServer : $HOSTNAME*\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$\n" | /usr/bin/mail -s "** $NOTIFICATIONTYPE$ Service Alert: $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$ **" $CONTACTEMAIL$
 	}
 
 

roles/nagios/files/hostgroups.cfg

@@ -2,7 +2,7 @@ define hostgroup {
 
     hostgroup_name          debian-servers           ; The name of the hostgroup
     alias                   Linux Servers           ; Long name of the group
-    members                 s-infra, s-proxy, s-adm, s-nxc, s-appli, s-backup, s-itil, s-fog, r-int, r-ext               ; Comma separated list of hosts that belong to this group
+    members                 s-infra, s-proxy, s-adm, s-nxc, s-appli, s-backup, s-itil, s-fog, r-int, r-ext, s-webcom               ; Comma separated list of hosts that belong to this group
 }
 
 define hostgroup {
@@ -14,7 +14,7 @@ define hostgroup {
 define hostgroup {
 	hostgroup_name		http-servers
 	alias			Serveurs web
-	members			s-itil
+	members			s-itil, s-webcom
 }
 
 define hostgroup {

roles/peertube-k3s/tasks/main.yml

@@ -14,7 +14,7 @@
       host: localhost
 
   - name: installation de k3s...
-    shell: curl -sfL https://get.k3s.io | sh -s - --docker
+    shell: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--node-ip=192.168.100.20 --flannel-iface=enp0s8" sh -s - --docker
 
   - name: attente de l'installation de k3s...
     wait_for:

roles/peertube/files/finish

@@ -1,10 +1,7 @@
+MYHOST=peertube.gsb.lan;
 export KUBECONFIG=/etc/rancher/k3s/k3s.yaml;
-helm upgrade --install ingress-nginx ingress-nginx \
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.cert -subj /CN="${MYHOST}"/O="${MYHOST}" -addext "subjectAltName = DNS:${MYHOST}";
-  --repo https://kubernetes.github.io/ingress-nginx \
+kubectl create secret tls tls-peertube --key tls.key --cert tls.cert;
-  --namespace ingress-nginx --create-namespace;
-sleep 15;
-openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ${KEY_FILE} -out ${CERT_FILE} -subj "/CN=${HOST}/O=${HOST}" -addext "subjectAltName = DNS:${HOST}";
-kubectl create secret tls tls-peertube --key ${KEY_FILE} --cert ${CERT_FILE};
 helm repo add postgresql https://charts.bitnami.com/bitnami;
 helm repo add redis https://charts.bitnami.com/bitnami;
 helm repo add mail https://bokysan.github.io/docker-postfix;

roles/peertube/files/resolv.conf

@@ -1 +1,4 @@
-nameserver 192.168.99.99
+domain gsb.lan
+search gsb.lan
+nameserver 172.16.0.1
+nameserver 192.168.99.99

roles/peertube/files/values.yaml

@@ -45,7 +45,7 @@ peertube:
     dbPasswd: user # must be consistent with postgresql configuration
     dbSsl: false # disabled by default WARNING: ssl connection feature not tested, use at your own risk
     dbHostname: peertube-gsb-postgresql # must be consistent with postgresql configuration
-    webHostname: s-peertube.gsb.lan # must be changed to your local setup
+    webHostname: peertube.gsb.lan # must be changed to your local setup
     secret: b2753b0f37444974de0e81f04815e6a889fcf8960bd203a01b624d8fa8a37683
     smtpHostname: peertube-gsb-mail # must be consistent with mail configuration
     smtpPort: 587 # must be consistent with mail configuration
@@ -101,18 +101,18 @@ ingress:
   enabled: true
   className: ""
   annotations: 
-    kubernetes.io/ingress.class: nginx
+    kubernetes.io/ingress.class: traefik
-    nginx.ingress.kubernetes.io/proxy-body-size: 4G # this caps the size of imported videos, if set low this might prevent you from uploading videos
+    traefik.ingress.kubernetes.io/proxy-body-size: 6G # this caps the size of imported videos, if set low this might prevent you from uploading videos
     # kubernetes.io/tls-acme: "true"
   hosts:
-    - host: s-peertube.gsb.lan
+    - host: peertube.gsb.lan
       paths:
         - path: /
           pathType: ImplementationSpecific
   tls:
     - secretName: tls-peertube
     - hosts:
-      -  s-peertube.gsb.lan
+      - peertube.gsb.lan
 
 resources: {}
 autoscaling:

roles/post/files/interfaces.r-int

@@ -34,4 +34,4 @@ iface enp0s10 inet static
 allow-hotplug enp0s16
 iface enp0s16 inet static
 	address 172.16.0.254/24
-	
+	post-up sleep 10 && systemctl restart isc-dhcp-server	

roles/post/files/interfaces.r-vp1

@@ -15,6 +15,7 @@ allow-hotplug enp0s8
 iface enp0s8 inet static
 	address 192.168.1.2
 	netmask 255.255.255.0
+	post-up route add default gw 192.168.1.1
 
 # accés par pont et entre vpn
 allow-hotplug enp0s9

roles/post/files/interfaces.s-agence

@@ -11,4 +11,4 @@ iface enp0s3 inet dhcp
 
 allow-hotplug enp0s8
 iface enp0s8 inet dhcp
-
+	post-up route add default gw 172.16.128.254

roles/post/files/interfaces.s-webcom

@@ -0,0 +1,21 @@
+#This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# cote N-adm
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.99.12
+	netmask 255.255.255.0
+    gateway 192.168.99.99
+
+
+# cote N-infra
+allow-hotplug enp0s8
+iface enp0s8 inet static
+	address 172.16.0.12
+	netmask 255.255.255.0
+	post-up route add -net 172.16.64.0/24 gw 172.16.0.254

roles/r-int/tasks/main.yml

@@ -17,3 +17,13 @@
 
   #- name: extraction fog.tar.gz
   #unarchive: src=/tmp/fog.tar.gz  dest=/var/www/ copy=no
+
+#- name: delais 2 secondes isc-dhcp-service
+#  become: yes
+#  lineinfile:
+#    path: /etc/init.d/isc-dhcp-server
+#    insertafter: '^\s+start\)$'
+#    line: "                sleep 2"
+#    firstmatch: yes
+#    state: present
+#    backup: yes

roles/wireguard-l/README.md

@@ -1,5 +1,5 @@
-#ajout du sleep 5
+# ajout du sleep 5
 
-éditer "/etc/init.d/isc-dhcp-server"
+~~éditer "/etc/init.d/isc-dhcp-server"~~
-aller au "case \"$1\" in" et rajouter "sleep 5" avant le "if"
+~~aller au "case \"$1\" in" et rajouter "sleep 5" avant le "if"~~
 

s-webcom.yml

@@ -0,0 +1,11 @@
+---
+- hosts: localhost
+  connection: local
+
+  roles:
+    - base
+    - ssh-cli
+    - syslog-cli
+    - snmp-agent
+    - apache2only
+    - post

scripts/mkvm

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-mkvmrelease="v1.2.2"
+mkvmrelease="v1.2.3"
 
 ovarelease="2023b"
 ovafogrelease="2023b"
@@ -11,7 +11,7 @@ deletemode=0
 usage () {
 	echo "$0 - version ${mkvmrelease} - Ova version ${ovarelease}"
 	echo "$0 : creation VM et parametrage interfaces"
-	echo "usage : $0 [-r] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog>"
+	echo "usage : $0 [-r] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog|s-webcom>"
 	echo "       option -r : efface vm existante avant creation nouvelle"
 	exit 1
 }
@@ -80,6 +80,8 @@ elif [[ "${vm}" == "r-ext" ]] ; then
 	./addint.r-ext
 elif [[ "${vm}" == "s-mon" ]] ; then
         create_if "${vm}" "n-adm" "n-infra"
+elif [[ "${vm}" == "s-webcom" ]] ; then
+        create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-appli" ]] ; then
         create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-backup" ]] ; then

scripts/mkvm.ps1

@@ -3,7 +3,7 @@
 
 #mkvm pour toutes les vms
 
-$mkvmrelease="v1.2.2"
+$mkvmrelease="v1.2.3"
 $ovarelease="2023b"
 $ovafogrelease="2023b"
 $ovafile="$HOME\Downloads\debian-bullseye-gsb-${ovarelease}.ova"
@@ -43,7 +43,7 @@ function create_if{ param([string]$nomvm, [string]$nic, [int]$rang, [string]$res
 }
 
 function usage{
-	Write-Host "usage : mkvm ${myInvocation.ScriptName} <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-agence|s-appli|s-backup|s-itil|s-ncx|s-fog|s-dns-ext|s-web-ext|s-lb|s-lb-bd|s-lb-web1|s-lb-web2|s-lb-web3>"
+	Write-Host "usage : mkvm ${myInvocation.ScriptName} <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-agence|s-appli|s-backup|s-itil|s-ncx|s-fog|s-dns-ext|s-web-ext|s-lb|s-lb-bd|s-lb-web1|s-lb-web2|s-lb-web3|s-webcom>"
 }
 
 if ($args[0] -eq "s-adm") {
@@ -80,6 +80,7 @@ elseif (((((((($args[0] -eq "s-elk") `
 -or ($args[0] -eq "s-appli") `
 -or ($args[0] -eq "s-infra") `
 -or ($args[0] -eq "s-proxy") `
+-or ($args[0] -eq "s-webcom") `
 -or ($args[0] -eq "s-itil") `
 -or ($args[0] -eq "s-nxc") `
 ))))))) {

windows/mkusr-backup.cmd

@@ -1,3 +1,4 @@
+@echo off
 net group gg-backup /ADD
 call mkusr uBackup "u-backup" gg-backup
 icacls "C:\gsb\partages\public" /Grant:r uBackup:M /T

windows/mkusr-compta.cmd

@@ -1,4 +1,5 @@
+@echo off
 call mkusr aDupont "Albert Dupon" gg-compta
 call mkusr cSeum "Claire Seum" gg-compta
 call mkusr nPaul "Nicolas Paul" gg-compta
-call mkusr atour "Alexandre Tour" gg-compta
+call mkusr atour "Alexandre Tour" gg-compta

windows/mkusr-nextcloud.cmd

@@ -0,0 +1,2 @@
+@echo off
+call mkusr nextcloud "nextcloud" nextcloud