gadmin/vagrant
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Modif kea-dhcp-ha et stork

Browse Source
This commit is contained in:
phil 2025-01-24 00:24:26 +01:00
parent b5b2181d4f
commit 758a0ddb75
9 changed files with 341 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
kea-dhcp-ha/Vagrantfile vendored
View File

@ -16,15 +16,20 @@ Vagrant.configure("2") do |config|
v.customize ["modifyvm", :id, "--ioapic", "on"] v.customize ["modifyvm", :id, "--ioapic", "on"]
end end
# MySQL. # stork.
config.vm.define "db" do |db| config.vm.define "stork" do |stork|
db.vm.hostname = "db.test" stork.vm.hostname = "stork"
db.vm.network :private_network, ip: "192.168.56.5" stork.vm.network :private_network, ip: "192.168.56.5"
db.vm.provision "shell", stork.vm.provision "shell",
inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget" inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
# db.vm.provision "ansible" do |ansible| stork.vm.provision "ansible" do |ansible|
# ansible.playbook = "provision/setup-db.yml" ansible.extra_vars = {
# end stork_db_name: "stork",
stork_db_user: "stork-server",
stork_db_passwd: "stork-passwd",
}
ansible.playbook = "provision/setup-stork.yml"
end
end end
# Kea DHCP server 1. # Kea DHCP server 1.

46
kea-dhcp-ha/provision/agent.env.j2 Normal file
View File

@ -0,0 +1,46 @@
### the IP or hostname to listen on for incoming Stork server connections
STORK_AGENT_HOST={{ srv_ip }}
### the TCP port to listen on for incoming Stork server connections
# STORK_AGENT_PORT=8080
### listen for commands from the Stork server only, but not for Prometheus requests
STORK_AGENT_LISTEN_STORK_ONLY=true
### listen for Prometheus requests only, but not for commands from the Stork server
STORK_AGENT_LISTEN_PROMETHEUS_ONLY=false
### settings for exporting stats to Prometheus
### the IP or hostname on which the agent exports Kea statistics to Prometheus
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
### the port on which the agent exports Kea statistics to Prometheus
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
### how often the agent collects stats from Kea, in seconds
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=
## enable or disable collecting per-subnet stats from Kea
# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
### the port on which the agent exports BIND 9 statistics to Prometheus
# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=
### how often the agent collects stats from BIND 9, in seconds
# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=
### Stork Server URL used by the agent to send REST commands to the server during agent registration
STORK_AGENT_SERVER_URL=http://192.168.56.5:8080
### skip TLS certificate verification when the Stork Agent connects
### to Kea over TLS and Kea uses self-signed certificates
STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
### Logging parameters
### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
# STORK_LOG_LEVEL=DEBUG
### disable output colorization
# CLICOLOR=false
### path to the hook directory
# STORK_AGENT_HOOK_DIRECTORY=

106
kea-dhcp-ha/provision/kea-ctrl-agent.conf.j2 Normal file
View File

@ -0,0 +1,106 @@
// This is a basic configuration for the Kea Control Agent.
//
// This is just a very basic configuration. Kea comes with large suite (over 30)
// of configuration examples and extensive Kea User's Guide. Please refer to
// those materials to get better understanding of what this software is able to
// do. Comments in this configuration file sometimes refer to sections for more
// details. These are section numbers in Kea User's Guide. The version matching
// your software should come with your Kea package, but it is also available
// in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
// the stable version is https://kea.readthedocs.io/).
//
// This configuration file contains only Control Agent's configuration.
// If configurations for other Kea services are also included in this file they
// are ignored by the Control Agent.
{
// This is a basic configuration for the Kea Control Agent.
// RESTful interface to be available at http://127.0.0.1:8000/
"Control-agent": {
"http-host": "127.0.0.1",
// If enabling HA and multi-threading, the 8000 port is used by the HA
// hook library http listener. When using HA hook library with
// multi-threading to function, make sure the port used by dedicated
// listener is different (e.g. 8001) than the one used by CA. Note
// the commands should still be sent via CA. The dedicated listener
// is specifically for HA updates only.
"http-port": 8000,
// Specify location of the files to which the Control Agent
// should connect to forward commands to the DHCPv4, DHCPv6
// and D2 servers via unix domain sockets.
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/tmp/kea4-ctrl-socket"
},
"dhcp6": {
"socket-type": "unix",
"socket-name": "/tmp/kea6-ctrl-socket"
},
"d2": {
"socket-type": "unix",
"socket-name": "/tmp/kea-ddns-ctrl-socket"
}
},
// Specify hooks libraries that are attached to the Control Agent.
// Such hooks libraries should support 'control_command_receive'
// hook point. This is currently commented out because it has to
// point to the existing hooks library. Otherwise the Control
// Agent will fail to start.
"hooks-libraries": [
// {
// "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
// "parameters": {
// "param1": "foo"
// }
// }
],
// Logging configuration starts here. Kea uses different loggers to log various
// activities. For details (e.g. names of loggers), see Chapter 18.
"loggers": [
{
// This specifies the logging for Control Agent daemon.
"name": "kea-ctrl-agent",
"output-options": [
{
// Specifies the output file. There are several special values
// supported:
// - stdout (prints on standard output)
// - stderr (prints on standard error)
// - syslog (logs to syslog)
// - syslog:name (logs to syslog using specified name)
// Any other value is considered a name of the file
"output": "stdout",
// Shorter log pattern suitable for use with systemd,
// avoids redundant information
"pattern": "%-5p %m\n"
// This governs whether the log output is flushed to disk after
// every write.
// "flush": false,
// This specifies the maximum size of the file before it is
// rotated.
// "maxsize": 1048576,
// This specifies the maximum number of rotated files to keep.
// "maxver": 8
}
],
// This specifies the severity of log messages to keep. Supported values
// are: FATAL, ERROR, WARN, INFO, DEBUG
"severity": "INFO",
// If DEBUG level is specified, this value is used. 0 is least verbose,
// 99 is most verbose. Be cautious, Kea can generate lots and lots
// of logs if told to do so.
"debuglevel": 0
}
]
}
}

53
kea-dhcp-ha/provision/server.env.j2 Normal file
View File

@ -0,0 +1,53 @@
### database settings
### the address of a PostgreSQL database
# STORK_DATABASE_HOST=
### the port of a PostgreSQL database
# STORK_DATABASE_PORT=
### the name of a database
STORK_DATABASE_NAME={{ stork_db_name }}
### the username for connecting to the database
STORK_DATABASE_USER_NAME={{ stork_db_user }}
### the SSL mode for connecting to the database
### possible values: disable, require, verify-ca, or verify-full
# STORK_DATABASE_SSLMODE=
### the location of the SSL certificate used by the server to connect to the database
# STORK_DATABASE_SSLCERT=
### the location of the SSL key used by the server to connect to the database
# STORK_DATABASE_SSLKEY=
### the location of the root certificate file used to verify the database server's certificate
# STORK_DATABASE_SSLROOTCERT=
### the password for the username connecting to the database
### empty password is set to avoid prompting a user for database password
STORK_DATABASE_PASSWORD={{ stork_db_passwd}}
### REST API settings
### the IP address on which the server listens
# STORK_REST_HOST=
### the port number on which the server listens
# STORK_REST_PORT=
### the file with a certificate to use for secure connections
# STORK_REST_TLS_CERTIFICATE=
### the file with a private key to use for secure connections
# STORK_REST_TLS_PRIVATE_KEY=
### the certificate authority file used for mutual TLS authentication
# STORK_REST_TLS_CA_CERTIFICATE=
### the directory with static files served in the UI
STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
### the base URL of the UI - to be used only if the UI is served from a subdirectory
# STORK_REST_BASE_URL=
### enable Prometheus /metrics HTTP endpoint for exporting metrics from
### the server to Prometheus. It is recommended to secure this endpoint
### (e.g. using HTTP proxy).
# STORK_SERVER_ENABLE_METRICS=true
### Logging parameters
### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
# STORK_LOG_LEVEL=DEBUG
### disable output colorization
# CLICOLOR=false
### path to the hook directory
# STORK_SERVER_HOOK_DIRECTORY=

43
kea-dhcp-ha/provision/setup-db.yml
View File

@ -1,43 +0,0 @@
---
- hosts: all
become: true
tasks:
- name: modules python pour
apt:
name: python3-pymysql
state: present
- name: install mariadb-server
apt:
name: mariadb-server
state: present
- name: Cree Bd wordpress
mysql_db:
db: wordpressdb
login_unix_socket: /var/run/mysqld/mysqld.sock
state: present
- name: Ouvre port 3306 mariadb-server
replace:
path: /etc/mysql/mariadb.conf.d/50-server.cnf
regexp: '^bind-address.*'
replace: '#bind-adress = 127.0.0.1'
backup: yes
notify: restart mariadb
- name: Create MySQL user for wordpress.
mysql_user:
name: wordpressuser
password: wordpresspasswd
priv: "wordpressdb.*:ALL"
host: '%'
state: present
login_unix_socket: /var/run/mysqld/mysqld.sock
handlers:
- name: restart mariadb
ansible.builtin.service:
name: mariadb
state: restarted

96
kea-dhcp-ha/provision/setup-kea.yml
View File

@ -2,36 +2,92 @@
- hosts: all - hosts: all
become: true become: true
tasks: tasks:
- name: kea-dhcp4-server et kea-ctrl-agent ... - name: Preparation
apt: ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-6/setup.deb.sh' | sudo -E bash
name:
- kea-dhcp4-server - name: Update apt
- kea-dhcp6-server ansible.builtin.apt:
- kea-ctrl-agent update_cache: yes
- name: Installation isc-kea-dhcp4
ansible.builtin.apt:
name: isc-kea-dhcp4-server
state: present state: present
- name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf - name: Installation isc-kea-ctrl-agent
ansible.builtin.replace: ansible.builtin.apt:
path: /etc/kea/kea-ctrl-agent.conf name: isc-kea-ctrl-agent
regexp: '"http-host": "127.0.0.1",' state: present
replace: '"http-host": "{{ srv_ip }}",'
backup: yes
- name: Installation isc-kea-hooks
ansible.builtin.apt:
name: isc-kea-hooks
state: present
# - name: Generation du fichier de configuration kea-ctrl-agent
# ansible.builtin.template:
# src: kea-ctrl-agent.conf.j2
# dest: /etc/kea/kea-ctrl-agent.conf
# backup: yes
# notify:
# - Restart isc-kea-ctrl-agent
- name: Generation du fichier de configuration kea-dhcp4.conf
ansible.builtin.template:
src: kea-dhcp4.conf.j2
dest: /etc/kea/kea-dhcp4.conf
backup: yes
notify:
- relance isc-kea-dhcp4-server
# - name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf
# ansible.builtin.replace:
# path: /etc/kea/kea-ctrl-agent.conf
# regexp: '"http-host": "127.0.0.1",'
# replace: '"http-host": "{{ srv_ip }}",'
# backup: yes
#
- name: Preparation depot stork agent
ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
- name: Update apt
ansible.builtin.apt:
update_cache: yes
- name: Installation isc-stork-agent
ansible.builtin.apt:
name: isc-stork-agent
state: present
- name: Generation du fichier agent.env pour stork-agent
ansible.builtin.template:
src: agent.env.j2
dest: /etc/stork/agent.env
backup: yes
notify:
- relance isc-stork-agent
- name: Preparation stork agent
ansible.builtin.shell: sudo su stork-agent -s /bin/sh -c 'stork-agent register --server-url http://192.168.56.5:8080'
handlers:
- name: relance service kea-ctrl-agent - name: relance service kea-ctrl-agent
ansible.builtin.service: ansible.builtin.service:
name: kea-ctrl-agent name: kea-ctrl-agent
state: restarted state: restarted
enabled: yes enabled: yes
- name: genere ikea-dhcp4.conf a partir de la template - name: relance isc-stork-agent
ansible.builtin.template:
src: kea-dhcp4.conf.j2
dest: /etc/kea/kea-dhcp4.conf
backup: yes
- name: relance service kea-dhcp4-server
ansible.builtin.service: ansible.builtin.service:
name: kea-dhcp4-server name: isc-stork-agent
state: restarted state: restarted
enabled: yes enabled: yes
- name: relance isc-kea-dhcp4-server
ansible.builtin.service:
name: isc-kea-dhcp4-server
state: restarted
enabled: yes

29
kea-dhcp-ha/provision/setup-lb.yml
View File

@ -1,29 +0,0 @@
---
- hosts: all
become: true
tasks:
- name: install haproxy
apt:
name: haproxy
state: present
- name: parametre backend et fontend
blockinfile:
path: /etc/haproxy/haproxy.cfg
block: |
frontend proxypublic
bind 192.168.56.2:80
default_backend fermeweb
backend fermeweb
balance roundrobin
option httpclose
#option httpchk HEAD / HTTP/1.0
server web1.test 192.168.56.3:80 check
#server web2.test 192.168.56.4:80 check
- name: redemarre haproxy
service:
name: haproxy
state: restarted
enabled: yes

88
kea-dhcp-ha/provision/setup-nfs.yml
View File

@ -1,88 +0,0 @@
---
- hosts: all
become: true
tasks:
- name: 00 - cree repertoire wordpress pour export nfs
file:
path: /exports/wordpress
state: directory
- name: 05 - Install nfs-server
apt:
name: nfs-server
state: present
- name: 10 - creation fichier exports nfs
ansible.builtin.blockinfile:
path: /etc/exports
block: |
/exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check)
- name: 15 - Recupere wordpress.tar.gz
get_url:
url: "https://fr.wordpress.org/latest-fr_FR.tar.gz"
dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz
- name: 20 - decompresse wordpress
unarchive:
src: /tmp/wordpress-6.1.1-fr_FR.tar.gz
dest: /exports/
remote_src: yes
- name: 22 - change owner et group pour repertoire wordpress
file:
path: /exports/wordpress
state: directory
recurse: yes
owner: www-data
group: www-data
- name: 25 - genere fichier de config wordpress
copy:
src: /exports/wordpress/wp-config-sample.php
dest: /exports/wordpress/wp-config.php
remote_src: yes
- name: 30 - genere fichier de config wordpress
copy:
src: /exports/wordpress/wp-config-sample.php
dest: /exports/wordpress/wp-config.php
remote_src: yes
- name: 35 - ajuste variable dbname dans fichier de config wp-config.php
replace:
path: /exports/wordpress/wp-config.php
regexp: "votre_nom_de_bdd"
replace: "wordpressdb"
backup: yes
- name: 40 ajuste variable dbusername dans fichier de config wp-config.php
replace:
path: /exports/wordpress/wp-config.php
regexp: "votre_utilisateur_de_bdd"
replace: "wordpressuser"
backup: yes
- name: 45 - ajuste variable mdp dans fichier de config wp-config.php
replace:
path: /exports/wordpress/wp-config.php
regexp: "votre_mdp_de_bdd"
replace: "wordpresspasswd"
backup: yes
- name: 50 - ajuste hostname fichier wp-config.php
replace:
path: /exports/wordpress/wp-config.php
regexp: "localhost"
replace: "192.168.56.5"
backup: yes
- name: 55 - relance nfs
service:
name: nfs-server
state: restarted
enabled: yes

47
kea-dhcp-ha/provision/setup-stork.yml Normal file
View File

@ -0,0 +1,47 @@
---
- hosts: all
become: true
tasks:
- name: Preparation depots
ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
- name: Update apt
ansible.builtin.apt:
update_cache: yes
- name: Installation isc-stork-server postgresql et postgresql-contrib
ansible.builtin.apt:
pkg:
- isc-stork-server
- postgresql
- postgresql-contrib
# - name: Lance la commande de création de la base de donnees stork
# ansible.builtin.shell: sudo postgresql-setup --initdb
- name : lancement postgres
ansible.builtin.service:
name: postgresql
state: restarted
enabled: yes
- name: Lance la commande de création de la base de donnees stork
ansible.builtin.shell: su postgres --command "stork-tool db-create --db-name {{ stork_db_name }} --db-user {{ stork_db_user }} --db-password {{ stork_db_passwd }}"
- name: Generation du fichier de configuration server.env
ansible.builtin.template:
src: server.env.j2
dest: /etc/stork/server.env
notify:
- Restart isc-stork-server.service
handlers:
- name: Restart isc-stork-server.service
ansible.builtin.service:
name: isc-stork-server.service
state: restarted
enabled: yes