commit cc25b19822f9d7c74394ce76acc8ed478f0c219f Author: root Date: Sat Dec 17 00:03:03 2022 +0100 premier commit diff --git a/hosts.yml b/hosts.yml new file mode 100644 index 0000000..4984760 --- /dev/null +++ b/hosts.yml @@ -0,0 +1,5 @@ +tests: + hosts: + miniinf-infra: + ansible_host: 192.168.99.1 + diff --git a/hosts2.yml b/hosts2.yml new file mode 100644 index 0000000..540f89f --- /dev/null +++ b/hosts2.yml @@ -0,0 +1,5 @@ +tests: + hosts: + miniinf: + ansible_host: 172.16.0.202 + diff --git a/miniinf-infra.tf b/miniinf-infra.tf new file mode 100644 index 0000000..7a51169 --- /dev/null +++ b/miniinf-infra.tf @@ -0,0 +1,37 @@ +resource "proxmox_vm_qemu" "miniinf-infra" { + name = "miniinf-infra" + os_type = "cloudinit" + desc = "Serveur install s-adm" + target_node = "pxlab1" # la machine Proxmox cible + clone = "Debian-11.5-Template" # le nom de la template a cloner + cores = 1 + sockets = 1 + memory = 1024 + + ipconfig0 = "ip=192.168.99.1/24,gw=192.168.99.100" # + ipconfig1 = "ip=172.16.1.1/24" # ou bien ip=dhcp + ssh_user = "debian" # le compte SSH de connexion par défaut + + sshkeys = <<-EOT +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible + EOT + + + network { + model = "virtio" + bridge = "vmbr1" # le bridge standard pour l'interface réseau + } + + network { + model = "virtio" + bridge = "vmbr2" # le bridge standard pour l'interface réseau + } + +disk { + type = "scsi" + storage = "local-lvm" + # storage_type = "qcow2" + size = "6G" + format = "raw" + } +} diff --git a/miniinf-infra.yml b/miniinf-infra.yml new file mode 100644 index 0000000..46aed5b --- /dev/null +++ b/miniinf-infra.yml @@ -0,0 +1,79 @@ +--- +- hosts: all + become: yes + # become_user: debian + tasks: + + - name: Copie apt.conf pour proxy + copy: + src: files/apt.conf + dest: /etc/apt/apt.conf + + - name: Copie resolv.conf + copy: + src: files/resolv.conf + dest: /etc/ + + - name: Copie apt.conf pour proxy + copy: + src: apt.conf + dest: /etc/apt/apt.conf + + # + # + #- name: Sysctl desactive ipv6 + # sysctl: + # name: net.ipv6.conf.all.disable_ipv6 + # value: 1 + # sysctl_set: yes + # state: present + # reload: yes + + - name: Update + Upgrade + apt: + upgrade: yes + update_cache: yes + cache_valid_time: 86400 #One day + + - name: Install paquets tcpdump curl rsync sudo iptables + apt: + state: present + name: + - tcpdump + - curl + - rsync + - sudo + - iptables + + - name: Desinstall paquets + apt: + state: absent + name: + - nfs-common + - rpcbind + - bluetooth + + - name: Configure Vim + alternatives: + name: editor + path: /usr/bin/vim + + - name: Desactive IPV6 avec sysctl + sysctl: + name: "{{ item }}" + value: "1" + state: present + reload: yes + with_items: + - net.ipv6.conf.all.disable_ipv6 + - net.ipv6.conf.default.disable_ipv6 + - net.ipv6.conf.lo.disable_ipv6 + + - name: copie cle publique ssh + authorized_key: + user: debian + state: present + key: "{{ lookup('file','keys/id_rsa.pub')}}" +roles: + - dhcp-server + - dns-master diff --git a/miniinf.tf b/miniinf.tf new file mode 100644 index 0000000..144898f --- /dev/null +++ b/miniinf.tf @@ -0,0 +1,39 @@ +resource "proxmox_vm_qemu" "miniinf" { + name = "miniinf" + os_type = "cloudinit" + desc = "Serveur install s-adm" + target_node = "pxlab1" # la machine Proxmox cible + clone = "Debian-11.5-Template" # le nom de la template a cloner + cores = 1 + sockets = 1 + memory = 1024 + + ipconfig0 = "gw=172.16.0.254,ip=172.16.0.202/24" # ou bien ip=dhcp + ipconfig1 = "ip=192.168.99.100/24" # + ssh_user = "debian" # le compte SSH de connexion par défaut + + sshkeys = <<-EOT +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible + EOT + + + network { + # id = 0 + model = "virtio" + bridge = "vmbr0" # le bridge standard pour l'interface réseau + } + + network { +# id = 1 + model = "virtio" + bridge = "vmbr1" # le bridge standard pour l'interface réseau + } + +disk { + type = "scsi" + storage = "local-lvm" + # storage_type = "qcow2" + size = "6G" + format = "raw" + } +} diff --git a/miniinf.yml b/miniinf.yml new file mode 100644 index 0000000..c79a978 --- /dev/null +++ b/miniinf.yml @@ -0,0 +1,102 @@ +--- +- hosts: all + become: yes + # become_user: debian + tasks: + + - name: Copie apt.conf pour proxy + copy: + src: files/apt.conf + dest: /etc/apt/apt.conf + + - name: Copie resolv.conf + copy: + src: files/resolv.conf + dest: /etc/ + + - name: Copie apt.conf pour proxy + copy: + src: apt.conf + dest: /etc/apt/apt.conf + + # + # + #- name: Sysctl desactive ipv6 + # sysctl: + # name: net.ipv6.conf.all.disable_ipv6 + # value: 1 + # sysctl_set: yes + # state: present + # reload: yes + + - name: Update + Upgrade + apt: + upgrade: yes + update_cache: yes + cache_valid_time: 86400 #One day + + - name: Install paquets tcpdump curl rsync sudo iptables + apt: + state: present + name: + - tcpdump + - curl + - rsync + - sudo + - iptables + + - name: Installe dnsmasq, git, ansible + apt: + state: present + name: + - dnsmasq + - git + - ansible + + - name: Desinstall paquets + apt: + state: absent + name: + - nfs-common + - rpcbind + - bluetooth + + - name: Configure Vim + alternatives: + name: editor + path: /usr/bin/vim + + - name: active routage + sysctl: + name: net.ipv4.ip_forward + value: "1" + sysctl_set: yes + state: present + reload: yes + + - name: Desactive IPV6 avec sysctl + sysctl: + name: "{{ item }}" + value: "1" + state: present + reload: yes + with_items: + - net.ipv6.conf.all.disable_ipv6 + - net.ipv6.conf.default.disable_ipv6 + - net.ipv6.conf.lo.disable_ipv6 + + - name: Copie dnsmasq.conf + copy: + src: files/dnsmasq.conf + dest: /etc/ + + - name: redémarre dnsmasq + service: + name: dnsmasq + state: restarted + + - name: copie cle publique ssh + authorized_key: + user: debian + state: present + key: "{{ lookup('file','keys/id_rsa.pub')}}" diff --git a/roles/dhcp-server/files/dhcpd.conf b/roles/dhcp-server/files/dhcpd.conf new file mode 100644 index 0000000..2fd7e0e --- /dev/null +++ b/roles/dhcp-server/files/dhcpd.conf @@ -0,0 +1,142 @@ +# +# Sample configuration file for ISC dhcpd for Debian +# +# + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# option definitions common to all supported networks... +option domain-name "gsb.lan"; +option domain-name-servers 172.16.1.1; + +default-lease-time 86400; +max-lease-time 86400; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +#authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility local7; + +# No service will be given on this subnet, but declaring it helps the +# DHCP server to understand the network topology. + +#subnet 10.152.187.0 netmask 255.255.255.0 { +#} + +# This is a very basic subnet declaration. + +#subnet 10.254.239.0 netmask 255.255.255.224 { +# range 10.254.239.10 10.254.239.20; +# option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; +#} + +# This declaration allows BOOTP clients to get dynamic addresses, +# which we don't really recommend. + +#subnet 10.254.239.32 netmask 255.255.255.224 { +# range dynamic-bootp 10.254.239.40 10.254.239.60; +# option broadcast-address 10.254.239.31; +# option routers rtr-239-32-1.example.org; +#} + +# A slightly different configuration for an internal subnet. +#subnet 10.5.5.0 netmask 255.255.255.224 { +# range 10.5.5.26 10.5.5.30; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +#} + +# Hosts which require special configuration options can be listed in +# host statements. If no address is specified, the address will be +# allocated dynamically (if possible), but the host-specific information +# will still come from the host declaration. + +#host passacaglia { +# hardware ethernet 0:0:c0:5d:bd:95; +# filename "vmunix.passacaglia"; +# server-name "toccata.fugue.com"; +#} + +# Fixed IP addresses can also be specified for hosts. These addresses +# should not also be listed as being available for dynamic assignment. +# Hosts for which fixed IP addresses have been specified can boot using +# BOOTP or DHCP. Hosts for which no fixed address is specified can only +# be booted with DHCP, unless there is an address range on the subnet +# to which a BOOTP client is connected which has the dynamic-bootp flag +# set. +#host fantasia { +# hardware ethernet 08:00:07:26:c0:a5; +# fixed-address fantasia.fugue.com; +#} + +# You can declare a class of clients and then do address allocation +# based on that. The example below shows a case where all clients +# in a certain class get addresses on the 10.17.224/24 subnet, and all +# other clients get addresses on the 10.0.29/24 subnet. + +#class "foo" { +# match if substring (option vendor-class-identifier, 0, 4) = "SUNW"; +#} + +#shared-network 224-29 { +# subnet 10.17.224.0 netmask 255.255.255.0 { +# option routers rtr-224.example.org; +# } +# subnet 10.0.29.0 netmask 255.255.255.0 { +# option routers rtr-29.example.org; +# } +# pool { +# allow members of "foo"; +# range 10.17.224.10 10.17.224.250; +# } +# pool { +# deny members of "foo"; +# range 10.0.29.10 10.0.29.230; +# } +#} + +#DHCP pour le réseau wifi +subnet 172.16.65.0 netmask 255.255.255.0 { + range 172.16.65.1 172.16.65.100; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +} + +#DHCP pour le réseau USER + +subnet 172.16.64.0 netmask 255.255.255.0 { + range 172.16.64.20 172.16.64.120; + option domain-name-servers 172.16.0.1 ; + option routers 172.16.64.254; + option broadcast-address 172.16.64.255; +# default-lease-time 600; +# max-lease-time 7200; +} + +#DHCP pour le réseau INFRA + +subnet 172.16.0.0 netmask 255.255.255.0 { +# range 172.16.0.1 172.16.0.100; +# option domain-name-servers ns1.internal.example.org; +# option domain-name "internal.example.org"; +# option routers 10.5.5.1; +# option broadcast-address 10.5.5.31; +# default-lease-time 600; +# max-lease-time 7200; +} + diff --git a/roles/dhcp-server/files/isc-dhcp-server b/roles/dhcp-server/files/isc-dhcp-server new file mode 100644 index 0000000..3930248 --- /dev/null +++ b/roles/dhcp-server/files/isc-dhcp-server @@ -0,0 +1,18 @@ +# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server) + +# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf). +DHCPDv4_CONF=/etc/dhcp/dhcpd.conf +#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf + +# Path to dhcpd's PID file (default: /var/run/dhcpd.pid). +DHCPDv4_PID=/var/run/dhcpd.pid +#DHCPDv6_PID=/var/run/dhcpd6.pid + +# Additional options to start dhcpd with. +# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead +#OPTIONS="" + +# On what interfaces should the DHCP server (dhcpd) serve DHCP requests? +# Separate multiple interfaces with spaces, e.g. "eth0 eth1". +INTERFACESv4="enp0s9 enp0s10" +INTERFACESv6="" diff --git a/roles/dhcp-server/handlers/main.yml b/roles/dhcp-server/handlers/main.yml new file mode 100644 index 0000000..e2bb399 --- /dev/null +++ b/roles/dhcp-server/handlers/main.yml @@ -0,0 +1,3 @@ +--- + - name: restart isc-dhcp-server + service: name=isc-dhcp-server state=restarted diff --git a/roles/dhcp-server/tasks/main.yml b/roles/dhcp-server/tasks/main.yml new file mode 100644 index 0000000..46121f4 --- /dev/null +++ b/roles/dhcp-server/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- name: Installation serveur DHCP - isc-dhcp-server + apt: + name: isc-dhcp-server + state: present + +- name: Copie du fichier isc-dhcp-server dans /etc/default + copy: + src: isc-dhcp-server + dest: /etc/default/ + +- name: Copie du fichier dhcpd.conf dans /etc + copy: + src: dhcpd.conf + dest: /etc/dhcp/ + notify: + - restart isc-dhcp-server + + diff --git a/roles/dns-master/files/db.gsb.lan b/roles/dns-master/files/db.gsb.lan new file mode 100644 index 0000000..93f62a5 --- /dev/null +++ b/roles/dns-master/files/db.gsb.lan @@ -0,0 +1,38 @@ +; 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200) + +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA s-infra.gsb.lan. root.s-infra.gsb.lan. ( + 2022041200 ; Serial + 7200 ; Refresh + 86400 ; Retry + 8419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS s-infra.gsb.lan. +@ IN NS s-backup.gsb.lan. +@ IN A 127.0.0.1 +@ IN AAAA ::1 +s-infra IN A 172.16.0.1 +s-backup IN A 172.16.0.4 +s-proxy IN A 172.16.0.2 +s-appli IN A 172.16.0.3 +s-win IN A 172.16.0.6 +s-mess IN A 172.16.0.7 +s-nxc IN A 172.16.0.7 +s-docker IN A 172.16.0.7 +s-mon IN A 172.16.0.8 +s-itil IN A 172.16.0.9 +s-elk IN A 172.16.0.10 +s-gestsup IN A 172.16.0.17 +r-int IN A 172.16.0.254 +r-int-lnk IN A 192.168.200.254 +r-ext IN A 192.168.200.253 +s-lb IN A 192.168.100.10 +s-web1 IN A 192.168.101.1 +s-web2 IN A 192.168.101.2 +s-lb.gsb.lan IN A 192.168.100.10 +ns IN CNAME s-infra.gsb.lan. +wpad IN CNAME s-infra.gsb.lan. diff --git a/roles/dns-master/files/db.gsb.lan.rev b/roles/dns-master/files/db.gsb.lan.rev new file mode 100644 index 0000000..92a6bcc --- /dev/null +++ b/roles/dns-master/files/db.gsb.lan.rev @@ -0,0 +1,31 @@ +; 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200) + +; +; BIND data file for local loopback interface +; +$TTL 604800 +@ IN SOA s-infra.gsb.lan. root.s-infra.gsb.lan. ( + 2022041200 ; Serial + 7200 ; Refresh + 86400 ; Retry + 8419200 ; Expire + 604800 ) ; Negative Cache TTL +; +@ IN NS s-infra.gsb.lan. +@ IN NS s-backup.gsb.lan. +1.0 IN PTR s-infra.gsb.lan. +4.0 IN PTR s-backup.gsb.lan. +2.0 IN PTR s-proxy.gsb.lan. +3.0 IN PTR s-appli.gsb.lan. +6.0 IN PTR s-win.gsb.lan. +7.0 IN PTR s-nxc.gsb.lan. +8.0 IN PTR s-mon.gsb.lan. +9.0 IN PTR s-itil.gsb.lan. +101.1 IN PTR s-web1 +101.2 IN PTR s-web2 +100.10 IN PTR s-lb +100.10 IN PTR s-lb.gsb.lan +10.0 IN PTR s-elk.gsb.lan. +17.0 IN PTR s-gestsup.lan +254.0 IN PTR r-int.gsb.lan. + diff --git a/roles/dns-master/files/forbidden.html b/roles/dns-master/files/forbidden.html new file mode 100644 index 0000000..648fafc --- /dev/null +++ b/roles/dns-master/files/forbidden.html @@ -0,0 +1,2 @@ +
Bloque
+

Vous n'avez pas les droits requis pour acceder a cette page, veuillez contacter votre Administrateur.

diff --git a/roles/dns-master/files/hosts b/roles/dns-master/files/hosts new file mode 100644 index 0000000..3c35fbd --- /dev/null +++ b/roles/dns-master/files/hosts @@ -0,0 +1,7 @@ +127.0.0.1 localhost +127.0.1.1 s-infra + +# The following lines are desirable for IPv6 capable hosts +::1 localhost ip6-localhost ip6-loopback +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/roles/dns-master/files/named.conf.local b/roles/dns-master/files/named.conf.local new file mode 100644 index 0000000..28e3aaa --- /dev/null +++ b/roles/dns-master/files/named.conf.local @@ -0,0 +1,20 @@ +// 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200) + +// +// Do any local configuration here +// + +// Consider adding the 1918 zones here, if they are not used in your +// organization +//include "/etc/bind/zones.rfc1918"; + +zone "gsb.lan" { + type master; + file "/etc/bind/db.gsb.lan"; +}; + +zone "16.172.in-addr.arpa"{ + type master; + notify no; + file "/etc/bind/db.gsb.lan.rev"; +}; diff --git a/roles/dns-master/files/named.conf.options b/roles/dns-master/files/named.conf.options new file mode 100644 index 0000000..cc3b575 --- /dev/null +++ b/roles/dns-master/files/named.conf.options @@ -0,0 +1,26 @@ +// 0.2 - putconf - vendredi 12 avril 2013, 08:54:33 (UTC+0200) + +options { + directory "/var/cache/bind"; + + // If there is a firewall between you and nameservers you want + // to talk to, you may need to fix the firewall to allow multiple + // ports to talk. See http://www.kb.cert.org/vuls/id/800113 + + // If your ISP provided one or more IP addresses for stable + // nameservers, you probably want to use them as forwarders. + // Uncomment the following block, and insert the addresses replacing + // the all-0's placeholder. + + forwarders { + 192.168.99.99; + + }; + + auth-nxdomain no; # conform to RFC1035 + listen-on-v6 { none; }; + allow-query { 172.16.0.0/16; } ; + allow-recursion { 172.16.0.0/16; } ; + dnssec-validation no; +}; + diff --git a/roles/dns-master/files/resolv.conf b/roles/dns-master/files/resolv.conf new file mode 100644 index 0000000..13b8bd5 --- /dev/null +++ b/roles/dns-master/files/resolv.conf @@ -0,0 +1,4 @@ +domain gsb.lan +search gsb.lan +nameserver 127.0.0.1 + diff --git a/roles/dns-master/handlers/main.yml b/roles/dns-master/handlers/main.yml new file mode 100644 index 0000000..33d4f98 --- /dev/null +++ b/roles/dns-master/handlers/main.yml @@ -0,0 +1,4 @@ +--- + - name: restart bind9 + service: name=bind9 state=restarted + diff --git a/roles/dns-master/tasks/main.yml b/roles/dns-master/tasks/main.yml new file mode 100644 index 0000000..81e0ac5 --- /dev/null +++ b/roles/dns-master/tasks/main.yml @@ -0,0 +1,48 @@ +--- + +- name: Installation bind9 + apt: + name: bind9 + state: present + update_cache: yes + +- name: Copie named.conf.options + copy: + src: named.conf.options + dest: /etc/bind + notify: + - restart bind9 + +- name: Copie named.conf.local + copy: + src: named.conf.local + dest: /etc/bind + notify: + - restart bind9 + +- name: Copie fichier zone directe db.gsb.lan + copy: + src: db.gsb.lan + dest: /etc/bind + notify: + - restart bind9 + +- name: Copie fichier zone inverse db.gsb.lan.rev + copy: + src: db.gsb.lan.rev + dest: /etc/bind + notify: + - restart bind9 + +- name: Copie resolv.conf + copy: + src: resolv.conf + dest: /etc + notify: + - restart bind9 + +- name: Copie page squidguard + copy: + src: forbidden.html + dest: /var/www/ + diff --git a/s-adm.tf b/s-adm.tf new file mode 100644 index 0000000..2b5b7d8 --- /dev/null +++ b/s-adm.tf @@ -0,0 +1,46 @@ + provider "proxmox" { # description de la connexion au serveur proxmox + pm_tls_insecure = true + pm_api_url = "https://pxlab1.sio.lan:8006/api2/json" + pm_user = "root@pam" + pm_password = "Azerty1+" +} + +resource "proxmox_vm_qemu" "s-adm" { + name = "s-adm" + os_type = "cloudinit" + desc = "Serveur install s-adm" + target_node = "pxlab1" # la machine Proxmox cible + clone = "Debian-11.5-Template" # le nom de la template a cloner + cores = 1 + sockets = 1 + memory = 1024 + + ipconfig0 = "gw=172.16.0.254,ip=172.16.0.201/24" # ou bien ip=dhcp + ipconfig1 = "ip=192.168.99.99/24" # + ssh_user = "debian" # le compte SSH de connexion par défaut + + sshkeys = <<-EOT +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible + EOT + + + network { + # id = 0 + model = "virtio" + bridge = "vmbr0" # le bridge standard pour l'interface réseau + } + + network { +# id = 1 + model = "virtio" + bridge = "vmbr1" # le bridge standard pour l'interface réseau + } + +disk { + type = "scsi" + storage = "local-lvm" + # storage_type = "qcow2" + size = "6G" + format = "raw" + } +} diff --git a/s-infra.tf b/s-infra.tf new file mode 100644 index 0000000..7341885 --- /dev/null +++ b/s-infra.tf @@ -0,0 +1,44 @@ +## provider "proxmox" { # description de la connexion au serveur proxmox +# pm_tls_insecure = true +# pm_api_url = "https://pxlab1.sio.lan:8006/api2/json" +# pm_user = "root@pam" +# pm_password = "Azerty1+" +#} + +resource "proxmox_vm_qemu" "s-infra" { + name = "s-infra" + os_type = "cloudinit" + desc = "Serveur s-infra" + target_node = "pxlab1" # la machine Proxmox cible + clone = "Debian-11.5-Template" # le nom de la template a cloner + cores = 1 + sockets = 1 + memory = 1024 + + ipconfig0 = "ip=192.168.99.2/24,gw=192.168.99.99" # ou bien ip=dhcp + ipconfig1 = "ip=172.16.1.2/24" # ou bien ip=dhcp + ssh_user = "debian" # le compte SSH de connexion par défaut + + sshkeys = <<-EOT +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible + EOT + + + network { + model = "virtio" + bridge = "vmbr1" # reseau -n-adm + } + + network { + model = "virtio" + bridge = "vmbr2" # reseau infra + } + +disk { + type = "scsi" + storage = "local-lvm" + # storage_type = "qcow2" + size = "6G" + format = "raw" + } +} diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..6a260e0 --- /dev/null +++ b/variables.tf @@ -0,0 +1,16 @@ +variable "pm_api_url" { + default = "https://pxlab1:8006/api2/json" +} + +variable "pm_user" { + default = "root@pam" +} + +variable "pm_password" { + default = "Azerty1+" +} + + +variable "ssh_key" { + default = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible" +} diff --git a/vars.tf b/vars.tf new file mode 100644 index 0000000..4596917 --- /dev/null +++ b/vars.tf @@ -0,0 +1,9 @@ + terraform { + required_providers { + proxmox = { + source = "telmate/proxmox" + version = "2.9.11" + } + } +} +