diff --git a/kea-dhcp-ha/Vagrantfile b/kea-dhcp-ha/Vagrantfile index d734b11..0fd3155 100644 --- a/kea-dhcp-ha/Vagrantfile +++ b/kea-dhcp-ha/Vagrantfile @@ -16,15 +16,20 @@ Vagrant.configure("2") do |config| v.customize ["modifyvm", :id, "--ioapic", "on"] end - # MySQL. - config.vm.define "db" do |db| - db.vm.hostname = "db.test" - db.vm.network :private_network, ip: "192.168.56.5" - db.vm.provision "shell", + # stork. + config.vm.define "stork" do |stork| + stork.vm.hostname = "stork" + stork.vm.network :private_network, ip: "192.168.56.5" + stork.vm.provision "shell", inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget" - # db.vm.provision "ansible" do |ansible| - # ansible.playbook = "provision/setup-db.yml" - # end + stork.vm.provision "ansible" do |ansible| + ansible.extra_vars = { + stork_db_name: "stork", + stork_db_user: "stork-server", + stork_db_passwd: "stork-passwd", + } + ansible.playbook = "provision/setup-stork.yml" + end end # Kea DHCP server 1. diff --git a/kea-dhcp-ha/provision/agent.env.j2 b/kea-dhcp-ha/provision/agent.env.j2 new file mode 100644 index 0000000..0267592 --- /dev/null +++ b/kea-dhcp-ha/provision/agent.env.j2 @@ -0,0 +1,46 @@ +### the IP or hostname to listen on for incoming Stork server connections +STORK_AGENT_HOST={{ srv_ip }} + +### the TCP port to listen on for incoming Stork server connections +# STORK_AGENT_PORT=8080 + +### listen for commands from the Stork server only, but not for Prometheus requests +STORK_AGENT_LISTEN_STORK_ONLY=true + +### listen for Prometheus requests only, but not for commands from the Stork server +STORK_AGENT_LISTEN_PROMETHEUS_ONLY=false + +### settings for exporting stats to Prometheus +### the IP or hostname on which the agent exports Kea statistics to Prometheus +# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS= +### the port on which the agent exports Kea statistics to Prometheus +# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT= +### how often the agent collects stats from Kea, in seconds +# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL= +## enable or disable collecting per-subnet stats from Kea +# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true +### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus +# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS= +### the port on which the agent exports BIND 9 statistics to Prometheus +# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT= +### how often the agent collects stats from BIND 9, in seconds +# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL= + +### Stork Server URL used by the agent to send REST commands to the server during agent registration +STORK_AGENT_SERVER_URL=http://192.168.56.5:8080 + +### skip TLS certificate verification when the Stork Agent connects +### to Kea over TLS and Kea uses self-signed certificates +STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true + + +### Logging parameters + +### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR +# STORK_LOG_LEVEL=DEBUG +### disable output colorization +# CLICOLOR=false + +### path to the hook directory +# STORK_AGENT_HOOK_DIRECTORY= + diff --git a/kea-dhcp-ha/provision/kea-ctrl-agent.conf.j2 b/kea-dhcp-ha/provision/kea-ctrl-agent.conf.j2 new file mode 100644 index 0000000..2ae79a9 --- /dev/null +++ b/kea-dhcp-ha/provision/kea-ctrl-agent.conf.j2 @@ -0,0 +1,106 @@ +// This is a basic configuration for the Kea Control Agent. +// +// This is just a very basic configuration. Kea comes with large suite (over 30) +// of configuration examples and extensive Kea User's Guide. Please refer to +// those materials to get better understanding of what this software is able to +// do. Comments in this configuration file sometimes refer to sections for more +// details. These are section numbers in Kea User's Guide. The version matching +// your software should come with your Kea package, but it is also available +// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for +// the stable version is https://kea.readthedocs.io/). +// +// This configuration file contains only Control Agent's configuration. +// If configurations for other Kea services are also included in this file they +// are ignored by the Control Agent. +{ + +// This is a basic configuration for the Kea Control Agent. +// RESTful interface to be available at http://127.0.0.1:8000/ +"Control-agent": { + "http-host": "127.0.0.1", + // If enabling HA and multi-threading, the 8000 port is used by the HA + // hook library http listener. When using HA hook library with + // multi-threading to function, make sure the port used by dedicated + // listener is different (e.g. 8001) than the one used by CA. Note + // the commands should still be sent via CA. The dedicated listener + // is specifically for HA updates only. + "http-port": 8000, + + // Specify location of the files to which the Control Agent + // should connect to forward commands to the DHCPv4, DHCPv6 + // and D2 servers via unix domain sockets. + "control-sockets": { + "dhcp4": { + "socket-type": "unix", + "socket-name": "/tmp/kea4-ctrl-socket" + }, + "dhcp6": { + "socket-type": "unix", + "socket-name": "/tmp/kea6-ctrl-socket" + }, + "d2": { + "socket-type": "unix", + "socket-name": "/tmp/kea-ddns-ctrl-socket" + } + }, + + // Specify hooks libraries that are attached to the Control Agent. + // Such hooks libraries should support 'control_command_receive' + // hook point. This is currently commented out because it has to + // point to the existing hooks library. Otherwise the Control + // Agent will fail to start. + "hooks-libraries": [ +// { +// "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so", +// "parameters": { +// "param1": "foo" +// } +// } + ], + +// Logging configuration starts here. Kea uses different loggers to log various +// activities. For details (e.g. names of loggers), see Chapter 18. + "loggers": [ + { + // This specifies the logging for Control Agent daemon. + "name": "kea-ctrl-agent", + "output-options": [ + { + // Specifies the output file. There are several special values + // supported: + // - stdout (prints on standard output) + // - stderr (prints on standard error) + // - syslog (logs to syslog) + // - syslog:name (logs to syslog using specified name) + // Any other value is considered a name of the file + "output": "stdout", + + // Shorter log pattern suitable for use with systemd, + // avoids redundant information + "pattern": "%-5p %m\n" + + // This governs whether the log output is flushed to disk after + // every write. + // "flush": false, + + // This specifies the maximum size of the file before it is + // rotated. + // "maxsize": 1048576, + + // This specifies the maximum number of rotated files to keep. + // "maxver": 8 + } + ], + // This specifies the severity of log messages to keep. Supported values + // are: FATAL, ERROR, WARN, INFO, DEBUG + "severity": "INFO", + + // If DEBUG level is specified, this value is used. 0 is least verbose, + // 99 is most verbose. Be cautious, Kea can generate lots and lots + // of logs if told to do so. + "debuglevel": 0 + } + ] +} +} + diff --git a/kea-dhcp-ha/provision/server.env.j2 b/kea-dhcp-ha/provision/server.env.j2 new file mode 100644 index 0000000..14f13cf --- /dev/null +++ b/kea-dhcp-ha/provision/server.env.j2 @@ -0,0 +1,53 @@ +### database settings +### the address of a PostgreSQL database +# STORK_DATABASE_HOST= +### the port of a PostgreSQL database +# STORK_DATABASE_PORT= +### the name of a database +STORK_DATABASE_NAME={{ stork_db_name }} +### the username for connecting to the database +STORK_DATABASE_USER_NAME={{ stork_db_user }} +### the SSL mode for connecting to the database +### possible values: disable, require, verify-ca, or verify-full +# STORK_DATABASE_SSLMODE= +### the location of the SSL certificate used by the server to connect to the database +# STORK_DATABASE_SSLCERT= +### the location of the SSL key used by the server to connect to the database +# STORK_DATABASE_SSLKEY= +### the location of the root certificate file used to verify the database server's certificate +# STORK_DATABASE_SSLROOTCERT= +### the password for the username connecting to the database +### empty password is set to avoid prompting a user for database password +STORK_DATABASE_PASSWORD={{ stork_db_passwd}} + +### REST API settings +### the IP address on which the server listens +# STORK_REST_HOST= +### the port number on which the server listens +# STORK_REST_PORT= +### the file with a certificate to use for secure connections +# STORK_REST_TLS_CERTIFICATE= +### the file with a private key to use for secure connections +# STORK_REST_TLS_PRIVATE_KEY= +### the certificate authority file used for mutual TLS authentication +# STORK_REST_TLS_CA_CERTIFICATE= +### the directory with static files served in the UI +STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www +### the base URL of the UI - to be used only if the UI is served from a subdirectory +# STORK_REST_BASE_URL= + +### enable Prometheus /metrics HTTP endpoint for exporting metrics from +### the server to Prometheus. It is recommended to secure this endpoint +### (e.g. using HTTP proxy). +# STORK_SERVER_ENABLE_METRICS=true + +### Logging parameters + +### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR +# STORK_LOG_LEVEL=DEBUG +### disable output colorization +# CLICOLOR=false + +### path to the hook directory +# STORK_SERVER_HOOK_DIRECTORY= + diff --git a/kea-dhcp-ha/provision/setup-db.yml b/kea-dhcp-ha/provision/setup-db.yml deleted file mode 100644 index 1863ded..0000000 --- a/kea-dhcp-ha/provision/setup-db.yml +++ /dev/null @@ -1,43 +0,0 @@ ---- -- hosts: all - become: true - tasks: - - name: modules python pour - apt: - name: python3-pymysql - state: present - - - name: install mariadb-server - apt: - name: mariadb-server - state: present - - - name: Cree Bd wordpress - mysql_db: - db: wordpressdb - login_unix_socket: /var/run/mysqld/mysqld.sock - state: present - - - name: Ouvre port 3306 mariadb-server - replace: - path: /etc/mysql/mariadb.conf.d/50-server.cnf - regexp: '^bind-address.*' - replace: '#bind-adress = 127.0.0.1' - backup: yes - notify: restart mariadb - - - name: Create MySQL user for wordpress. - mysql_user: - name: wordpressuser - password: wordpresspasswd - priv: "wordpressdb.*:ALL" - host: '%' - state: present - login_unix_socket: /var/run/mysqld/mysqld.sock - - handlers: - - name: restart mariadb - ansible.builtin.service: - name: mariadb - state: restarted - diff --git a/kea-dhcp-ha/provision/setup-kea.yml b/kea-dhcp-ha/provision/setup-kea.yml index aaffaa1..8165a90 100644 --- a/kea-dhcp-ha/provision/setup-kea.yml +++ b/kea-dhcp-ha/provision/setup-kea.yml @@ -2,36 +2,92 @@ - hosts: all become: true tasks: - - name: kea-dhcp4-server et kea-ctrl-agent ... - apt: - name: - - kea-dhcp4-server - - kea-dhcp6-server - - kea-ctrl-agent + - name: Preparation + ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-6/setup.deb.sh' | sudo -E bash + + - name: Update apt + ansible.builtin.apt: + update_cache: yes + + - name: Installation isc-kea-dhcp4 + ansible.builtin.apt: + name: isc-kea-dhcp4-server state: present - - name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf - ansible.builtin.replace: - path: /etc/kea/kea-ctrl-agent.conf - regexp: '"http-host": "127.0.0.1",' - replace: '"http-host": "{{ srv_ip }}",' - backup: yes + - name: Installation isc-kea-ctrl-agent + ansible.builtin.apt: + name: isc-kea-ctrl-agent + state: present + - name: Installation isc-kea-hooks + ansible.builtin.apt: + name: isc-kea-hooks + state: present + + # - name: Generation du fichier de configuration kea-ctrl-agent + # ansible.builtin.template: + # src: kea-ctrl-agent.conf.j2 + # dest: /etc/kea/kea-ctrl-agent.conf + # backup: yes + # notify: + # - Restart isc-kea-ctrl-agent + + - name: Generation du fichier de configuration kea-dhcp4.conf + ansible.builtin.template: + src: kea-dhcp4.conf.j2 + dest: /etc/kea/kea-dhcp4.conf + backup: yes + notify: + - relance isc-kea-dhcp4-server + + # - name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf + # ansible.builtin.replace: + # path: /etc/kea/kea-ctrl-agent.conf + # regexp: '"http-host": "127.0.0.1",' + # replace: '"http-host": "{{ srv_ip }}",' + # backup: yes + # + - name: Preparation depot stork agent + ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash + + - name: Update apt + ansible.builtin.apt: + update_cache: yes + + - name: Installation isc-stork-agent + ansible.builtin.apt: + name: isc-stork-agent + state: present + + - name: Generation du fichier agent.env pour stork-agent + ansible.builtin.template: + src: agent.env.j2 + dest: /etc/stork/agent.env + backup: yes + notify: + - relance isc-stork-agent + + - name: Preparation stork agent + ansible.builtin.shell: sudo su stork-agent -s /bin/sh -c 'stork-agent register --server-url http://192.168.56.5:8080' + + handlers: - name: relance service kea-ctrl-agent ansible.builtin.service: name: kea-ctrl-agent state: restarted enabled: yes - - name: genere ikea-dhcp4.conf a partir de la template - ansible.builtin.template: - src: kea-dhcp4.conf.j2 - dest: /etc/kea/kea-dhcp4.conf - backup: yes - - - name: relance service kea-dhcp4-server + - name: relance isc-stork-agent ansible.builtin.service: - name: kea-dhcp4-server + name: isc-stork-agent state: restarted enabled: yes + + - name: relance isc-kea-dhcp4-server + ansible.builtin.service: + name: isc-kea-dhcp4-server + state: restarted + enabled: yes + + diff --git a/kea-dhcp-ha/provision/setup-lb.yml b/kea-dhcp-ha/provision/setup-lb.yml deleted file mode 100644 index 8015b43..0000000 --- a/kea-dhcp-ha/provision/setup-lb.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -- hosts: all - become: true - tasks: - - name: install haproxy - apt: - name: haproxy - state: present - - - name: parametre backend et fontend - blockinfile: - path: /etc/haproxy/haproxy.cfg - block: | - frontend proxypublic - bind 192.168.56.2:80 - default_backend fermeweb - - backend fermeweb - balance roundrobin - option httpclose - #option httpchk HEAD / HTTP/1.0 - server web1.test 192.168.56.3:80 check - #server web2.test 192.168.56.4:80 check - - - name: redemarre haproxy - service: - name: haproxy - state: restarted - enabled: yes diff --git a/kea-dhcp-ha/provision/setup-nfs.yml b/kea-dhcp-ha/provision/setup-nfs.yml deleted file mode 100644 index 532c6d4..0000000 --- a/kea-dhcp-ha/provision/setup-nfs.yml +++ /dev/null @@ -1,88 +0,0 @@ ---- -- hosts: all - become: true - tasks: - - name: 00 - cree repertoire wordpress pour export nfs - file: - path: /exports/wordpress - state: directory - - - name: 05 - Install nfs-server - apt: - name: nfs-server - state: present - - - name: 10 - creation fichier exports nfs - ansible.builtin.blockinfile: - path: /etc/exports - block: | - /exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check) - - - - name: 15 - Recupere wordpress.tar.gz - get_url: - url: "https://fr.wordpress.org/latest-fr_FR.tar.gz" - dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz - - - name: 20 - decompresse wordpress - unarchive: - src: /tmp/wordpress-6.1.1-fr_FR.tar.gz - dest: /exports/ - remote_src: yes - - - name: 22 - change owner et group pour repertoire wordpress - file: - path: /exports/wordpress - state: directory - recurse: yes - owner: www-data - group: www-data - - - name: 25 - genere fichier de config wordpress - copy: - src: /exports/wordpress/wp-config-sample.php - dest: /exports/wordpress/wp-config.php - remote_src: yes - - - name: 30 - genere fichier de config wordpress - copy: - src: /exports/wordpress/wp-config-sample.php - dest: /exports/wordpress/wp-config.php - remote_src: yes - - - name: 35 - ajuste variable dbname dans fichier de config wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "votre_nom_de_bdd" - replace: "wordpressdb" - backup: yes - - - - name: 40 ajuste variable dbusername dans fichier de config wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "votre_utilisateur_de_bdd" - replace: "wordpressuser" - backup: yes - - - name: 45 - ajuste variable mdp dans fichier de config wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "votre_mdp_de_bdd" - replace: "wordpresspasswd" - backup: yes - - - name: 50 - ajuste hostname fichier wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "localhost" - replace: "192.168.56.5" - backup: yes - - - name: 55 - relance nfs - service: - name: nfs-server - state: restarted - enabled: yes - - diff --git a/kea-dhcp-ha/provision/setup-stork.yml b/kea-dhcp-ha/provision/setup-stork.yml new file mode 100644 index 0000000..8807253 --- /dev/null +++ b/kea-dhcp-ha/provision/setup-stork.yml @@ -0,0 +1,47 @@ +--- +- hosts: all + become: true + tasks: + - name: Preparation depots + ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash + + - name: Update apt + ansible.builtin.apt: + update_cache: yes + + - name: Installation isc-stork-server postgresql et postgresql-contrib + ansible.builtin.apt: + pkg: + - isc-stork-server + - postgresql + - postgresql-contrib + + # - name: Lance la commande de création de la base de donnees stork + # ansible.builtin.shell: sudo postgresql-setup --initdb + + - name : lancement postgres + ansible.builtin.service: + name: postgresql + state: restarted + enabled: yes + + - name: Lance la commande de création de la base de donnees stork + ansible.builtin.shell: su postgres --command "stork-tool db-create --db-name {{ stork_db_name }} --db-user {{ stork_db_user }} --db-password {{ stork_db_passwd }}" + + - name: Generation du fichier de configuration server.env + ansible.builtin.template: + src: server.env.j2 + dest: /etc/stork/server.env + notify: + - Restart isc-stork-server.service + + + handlers: + - name: Restart isc-stork-server.service + ansible.builtin.service: + name: isc-stork-server.service + state: restarted + enabled: yes + + +