carcact. parasites

README.md

@@ -1,5 +1,7 @@
 # vagrant
 
+le 2023-01-19
+
 Ce dépôt héberge des **Vagrantfile** dont
   * **docker**
   * **docker-wordpress**
@@ -10,4 +12,8 @@ Ce dépôt héberge des **Vagrantfile** dont
   * **docker-traefik-nginx**
   * **docker-elk**
   * **devstack**
+  * **guacamole** : Vagrantfile pour Apache Guacamole dockerise sans frontal
+  * **k8s** : kubernetes 1.26.00 + playbook pour master **k8s-master** et 2 noeuds **node-1** et **node-2**
   * **minione**
+  * **rundeck** : Vagrantfile + playbook pour installation avec Mariadb
+  * **wp-lb** : Wordpress web1 et web2, lb HaProxy, nfs, db Mariadb - Vagrantfile + playbooks

divers/bind/mkzone

@@ -0,0 +1,92 @@
+#/bin/bash
+set -u
+set -e
+# cree les fichiers de configuration bind9 
+#  - ficher de zone directe
+#  - ficher de zone inverse
+#
+readonly zone="domaine.lan"
+readonly zonerev="1.168.192.in-addr.arpa"
+readonly nsname="ns"
+readonly nsip="192.168.1.10"
+readonly nsiprev=$(echo ${nsip}|cut -d. -f4) # dernier octet pour classe C
+readonly nsname2="ns2"
+readonly nsip2="192.168.1.11"
+readonly nsiprev2=$(echo ${nsip2}|cut -d. -f4)
+readonly ttl="86400"
+
+readonly nsfqdn="${nsname}.${zone}"
+readonly nsfqdnp="${nsfqdn}."
+readonly zonep="${zone}."
+readonly date=$(date +%Y%m%d00)
+
+
+cat <<EOT > "named.conf.local"
+
+; fichier zone ${zone}
+; le $(date)
+
+zone "${zone}" {
+    type master;
+    file "/etc/bind/db.${zone}"; # zone directe
+};
+
+zone "${zonerev}" {
+    type master;
+    file "/etc/bind/db.${zone}.rev";  # zone inverse 
+};
+
+EOT
+
+
+cat <<EOT > "db.${zone}"
+; fichier zone ${zone}
+; le $(date)
+\$TTL ${ttl} ; (1 day)
+\$ORIGIN ${zonep}
+@ IN SOA ${nsfqdnp} root.${nsfqdnp} (
+                ${date} ; serial YYYYMMDDnn
+                14400      ; refresh (4 hours)
+                1800       ; retry   (30 minutes)
+                1209600    ; expire  (2 weeks)
+                3600       ; minimum (1 hour)
+                )
+ 
+                   IN   NS    ${nsname}
+                   IN   NS    ${nsname2}
+ 
+                   IN   A     203.0.113.10 # zone 
+                   IN   AAAA  2001:DB8:BEEF:113::10  #
+www                IN   CNAME ${nsfqdnp}
+ftp                IN   CNAME ${nsfqdnp}
+ 
+${nsname}	   IN   A     ${nsip}
+                   IN   AAAA  2001:DB8:BEEF:2::22
+${nsname2}         IN   A     ${nsip2}
+                   IN   AAAA  2001:DB8:BEEF:100::22
+
+EOT
+
+cat <<EOT > "db.${zone}.rev"
+; fichier zone inverse ${zone}
+; le $(date)
+\$TTL ${ttl} ; (1 day)
+\$ORIGIN ${zonep}
+@ IN SOA ${nsfqdnp} root.${nsfqdnp} (
+                ${date} ; serial YYYYMMDDnn
+                14400      ; refresh (4 hours)
+                1800       ; retry   (30 minutes)
+                1209600    ; expire  (2 weeks)
+                3600       ; minimum (1 hour)
+                )
+ 
+                 IN   NS    ${nsname}
+                 IN   NS    ${nsname2}
+ 
+           10    IN   PTR
+ 
+${nsiprev}	 IN   PTR     ${nsname}
+${nsiprev2}      IN   PTR     ${nsname2}
+
+EOT
+

gitweb/Vagrantfile

@@ -0,0 +1,88 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "gitweb"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt-get install -y curl wget vim apache2 php 
+     chown -R www-data:www-data /var/www/html/
+     chmod g+w /var/www/html/
+     apt-get install -y git
+     useradd -m -s /bin/bash -d /home/git -c git git
+     gpasswd -a git www-data
+     echo "git:git"|sudo chpasswd
+     su - -c "git init  --bare --shared web" git 
+     su - -c "echo 'ref: refs/heads/main' > web/HEAD" git
+     cat > /home/git/web/hooks/post-update <<-'EOF'
+#!/bin/bash
+GWT=/var/www/html/web
+[[ -e ${GWT} ]] || mkdir -p ${GWT} 
+GIT_WORK_TREE=${GWT} git checkout -f
+EOF
+
+   chmod +x /home/git/web/hooks/post-update
+   chown git:git /home/git/web/hooks/post-update
+   SHELL
+end

guacamole/README.md

@@ -0,0 +1,10 @@
+# Guacamole
+
+**Apache Guacamole** est un outil permettant les connexions à distance (RDP, SSH, VNC, ...) via une interface web.
+
+Il est mis en oeuvre (Version 1.4.0) ici avec une **Vagrantfile**, docker et mariadb en accès direct hTTP sans proxy. 
+
+**Acces** : http://<adresse-IP>:8080/guacamole  avec **guacadmin/guacadmin**
+
+le 2023-01-17
+

guacamole/Vagrantfile

@@ -0,0 +1,71 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "guacamole"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+   config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   apt-get update
+  #   apt-get install -y apache2
+  # SHELL
+   config.vm.provision "shell" do |s|
+     s.path = "provision/setup.sh"
+   end
+
+end

guacamole/provision/setup.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+rep="guacamole"
+
+apt-get update
+apt-get install -y curl wget vim
+
+if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+fi
+
+[[ -e "$rep" ]] || mkdir "$rep"
+
+cd "$rep" || exit 1
+
+cat > docker-compose.yml <<EOT
+version: '3'
+services:
+
+  guacdb:
+    container_name: guacdb
+    image: mariadb/server:latest
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: 'MariaDBRootPSW'
+      MYSQL_DATABASE: 'guacamole_db'
+      MYSQL_USER: 'guacamole_user'
+      MYSQL_PASSWORD: 'MariaDBUserPSW'
+    volumes:
+      - 'guacdb-data:/var/lib/mysql'
+      - ./initdb:/docker-entrypoint-initdb.d
+
+  guacd:
+    container_name: guacd
+    image: guacamole/guacd
+    restart: unless-stopped
+
+  guacamole:
+    container_name: guacamole
+    image: 'guacamole/guacamole:latest'
+    restart: unless-stopped
+    ports:
+      - '8080:8080'
+    environment:
+      GUACD_HOSTNAME: "guacd"
+      MYSQL_HOSTNAME: "guacdb"
+      MYSQL_DATABASE: "guacamole_db"
+      MYSQL_USER: "guacamole_user"
+      MYSQL_PASSWORD: "MariaDBUserPSW"
+    depends_on:
+      - guacdb
+      - guacd
+
+volumes:
+  guacdb-data:
+EOT
+
+
+docker compose pull
+# creation fichiers initialisation mariadb
+[[ -e "initdb" ]] || mkdir "initdb"
+cat > initdb/01-initdb.sql <<EOT
+CREATE DATABASE IF NOT EXISTS guacamole_db;
+EOT
+
+echo "USE guacamole_db ;" > initdb/02-initdb.sql
+docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql >> initdb/02-initdb.sql
+cat > initdb/03-initdb.sql <<EOT
+CREATE USER IF NOT EXISTS 'guacamole_user'@'%' IDENTIFIED BY 'StrongPassw0rd';
+GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'%';
+FLUSH PRIVILEGES;
+EOT
+docker compose up -d
+
+

journald-remote/Vagrantfile

@@ -0,0 +1,39 @@
+IMAGE_NAME = "debian/bullseye64"
+N =2 
+node_ip = "192.168.56.10"
+Vagrant.configure("2") do |config|
+    config.ssh.insert_key = false
+
+    config.vm.provider "virtualbox" do |v|
+        v.memory = 512
+        v.cpus = 1
+    end
+      
+    config.vm.define "journald-rcv" do |master|
+        master.vm.box = IMAGE_NAME
+        master.vm.network "private_network", ip: "192.168.56.10"
+        master.vm.hostname = "journald-rcv"
+        master.vm.provision "shell" do |shell|
+            shell.path = "journald-rcv.sh"
+	end
+#         master.vm.provision "ansible" do |ansible|
+#            ansible.playbook = "kubernetes-setup/master-playbook.yml"
+#            ansible.extra_vars = {
+#                node_ip: "192.168.56.10",
+#            }
+#        end
+    end
+
+    (1..N).each do |i|
+        config.vm.define "journald-snd-#{i}" do |node|
+            node.vm.box = IMAGE_NAME
+            node.vm.network "private_network", ip: "192.168.56.#{i + 10}"
+            node.vm.hostname = "journald-snd-#{i}"
+            node.vm.provision "shell" do |shell|
+                shell.path = "journald-snd.sh"
+                shell.args  = node_ip
+            end
+        end
+    end
+end
+

journald-remote/journald-rcv.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+sudo systemctl enable systemd-journal-remote.socket
+
+
+sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
+
+sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
+
+[[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
+sudo chown systemd-journal-remote /var/log/journal/remote
+
+sudo systemctl daemon-reload
+sudo ss -lntp4
+
+

journald-remote/journald-snd.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+rpl="s/^# URL=/URL=http:\/\/${1}:19532/"
+sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
+
+sudo systemctl enable systemd-journal-upload.service
+sudo systemctl restart systemd-journal-upload.service

k8s/README.md

@@ -0,0 +1,15 @@
+# kubernetes
+
+## Mise en place d'un cluster kubernetes à 3 machines (1 maitre et 2 noeuds)
+
+le 2022-12-27
+
+Ce ficher **Vagrantfile** permet l'installation d'un cluster kubernetes 1.26.00 avec **kubeadm**
+
+Ce cluster se compose :
+* d'un maitre (controle-plane) appelé **k8s-master** 192.168.56.10
+* et de deux noeuds : 
+  * **node-1** (192.168.56.11)
+  * **node-2** (192.168.56.12)
+
+La couche réseau est fournie par le fournisseur **calico**

k8s/Vagrantfile

@@ -0,0 +1,39 @@
+#IMAGE_NAME = "bento/ubuntu-16.04"
+IMAGE_NAME = "debian/bullseye64"
+N = 2
+
+Vagrant.configure("2") do |config|
+    config.ssh.insert_key = false
+
+    config.vm.provider "virtualbox" do |v|
+        v.memory = 2048
+        v.cpus = 2
+    end
+      
+    config.vm.define "k8s-master" do |master|
+        master.vm.box = IMAGE_NAME
+        master.vm.network "private_network", ip: "192.168.56.10"
+        master.vm.hostname = "k8s-master"
+        master.vm.provision "ansible" do |ansible|
+            ansible.playbook = "kubernetes-setup/master-playbook.yml"
+            ansible.extra_vars = {
+                node_ip: "192.168.56.10",
+            }
+        end
+    end
+
+    (1..N).each do |i|
+        config.vm.define "node-#{i}" do |node|
+            node.vm.box = IMAGE_NAME
+            node.vm.network "private_network", ip: "192.168.56.#{i + 10}"
+            node.vm.hostname = "node-#{i}"
+            node.vm.provision "ansible" do |ansible|
+                ansible.playbook = "kubernetes-setup/node-playbook.yml"
+                ansible.extra_vars = {
+                    node_ip: "192.168.56.#{i + 10}",
+                }
+            end
+        end
+    end
+end
+

k8s/kubernetes-setup/common.yml

@@ -0,0 +1,139 @@
+  - name: Set timezone to Europe/Paris
+    community.general.timezone:
+     name: Europe/Paris
+
+  - name: maj fichier hosts  
+    ansible.builtin.blockinfile:
+      path: /etc/hosts
+      block: |
+        192.168.56.10 k8s-master
+        192.168.56.11 node-1
+        192.168.56.12 node-2
+
+  - name: Forwarding IPv4 and letting iptables see bridged traffic
+    ansible.builtin.blockinfile:
+      path: /etc/modules-load.d/k8s.conf
+      create: yes
+      block: |
+        overlay
+        br_netfilter
+ 
+  - name: charge module overlay 
+    community.general.modprobe:
+      state: present
+      name: overlay
+  
+  - name: charge module overlay et br_netfilter
+    community.general.modprobe:
+      state: present
+      name: br_netfilter
+ 
+  - name: persistance des bridges
+    ansible.builtin.blockinfile:
+      path: /etc/sysctl.d/k8s.conf
+      create: yes
+      block: |
+        net.bridge.bridge-nf-call-iptables  = 1
+        net.bridge.bridge-nf-call-ip6tables = 1
+        net.ipv4.ip_forward                 = 1
+
+  - name: applique les parametres sysctl
+    command: "sysctl --system"
+  
+  - name: Recupere get-docker
+    get_url: 
+      url: "https://get.docker.com"
+      dest: /tmp/get-docker.sh
+
+  - name: lance get-docker - installe docker, containerd ... 
+    command: 'sh /tmp/get-docker.sh'
+
+  - name: Add vagrant user to docker group
+    user:
+      name: vagrant
+      group: docker
+
+  - name: cree repertoire /etc/containerd
+    file:
+      path: /etc/containerd
+      state: directory  
+
+  - name: genere config.toml (containerd)
+    #command: "sudo containerd config default | sudo tee /etc/containerd/config.toml"
+    shell: "containerd config default | tee /etc/containerd/config.toml"
+
+  - name: configure cgroup driver pour systemd (config.toml)
+    replace:
+      path: "/etc/containerd/config.toml"
+      regexp:  'SystemdCgroup = false'
+      replace: 'SystemdCgroup = true'  
+      backup: yes
+
+  - name: redemarre containerd
+    service:
+      name: containerd
+      state: restarted
+      enabled: yes
+
+  - name: Remove swapfile from /etc/fstab
+    mount:
+      name: "{{ item }}"
+      fstype: swap
+      state: absent
+    with_items:
+      - swap
+      - none
+
+  - name: Disable swap
+    command: swapoff -a
+    when: ansible_swaptotal_mb > 0
+
+  - name: Add an apt signing key for Kubernetes
+    apt_key:
+      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      state: present
+
+  - name: Adding apt repository for Kubernetes
+    apt_repository:
+      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
+      state: present
+      filename: kubernetes.list
+
+  - name: Install Kubernetes binaries
+    apt:
+      name: "{{ packages }}"
+      state: present
+      update_cache: yes
+    vars:
+      packages:
+        - kubelet
+        - kubeadm
+        - kubectl
+
+  - name: Cree file kubelet
+    ansible.builtin.file:
+      path: /etc/default/kubelet
+      state: touch 
+
+  - name: Configure node ip
+    lineinfile:
+      path: /etc/default/kubelet
+      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
+      create: yes
+
+  - name: Restart kubelet
+    service:
+      name: kubelet
+      daemon_reload: yes
+      state: restarted
+
+        #  - name:  nettoie config.toml 
+        #    file: 
+        #      path: /etc/containerd/config.toml
+        #      state: absent
+
+  - name:  redemarre containerd 
+    service:
+      name: containerd
+      state: restarted
+

k8s/kubernetes-setup/master-playbook.yml

@@ -0,0 +1,34 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - include_tasks: common.yml
+
+  - name: Initialize the Kubernetes cluster using kubeadm
+    command: kubeadm init --apiserver-advertise-address="{{ node_ip }}" --apiserver-cert-extra-sans="{{ node_ip }}"  --node-name k8s-master --pod-network-cidr=192.168.0.0/16
+
+  - name: Setup kubeconfig for vagrant user
+    command: "{{ item }}"
+    with_items:
+     - mkdir -p /home/vagrant/.kube
+     - cp -i /etc/kubernetes/admin.conf /home/vagrant/.kube/config
+     - chown vagrant:vagrant /home/vagrant/.kube/config
+
+  - name: Install calico pod network
+    become: false
+    command: "kubectl create -f https://docs.projectcalico.org/manifests/calico-typha.yaml"
+
+  - name: Generate join command
+    command: "kubeadm token create --print-join-command"
+    register: join_command
+
+  - name: Copy join command to local file
+    become: false
+    local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="./join-command"
+
+  handlers:
+    - name: docker status
+      service:
+         name: docker
+         state: started
+

k8s/kubernetes-setup/node-playbook.yml

@@ -0,0 +1,20 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - include_tasks: common.yml
+
+  - name: Copy the join command to server location
+    copy: 
+      src: join-command
+      dest: /tmp/join-command.sh
+      mode: 0777
+
+  - name: Join the node to cluster
+    command: sh /tmp/join-command.sh
+
+  - name: docker status
+    service:
+       name: docker
+       state: started
+

rundeck/deploy-rundeck.yml

@@ -31,7 +31,7 @@
       name: mariadb-server
       state: present
 
-  - name: cree db "{{ rddbname }}"
+  - name: cree db "{{ rddbname }}"
     community.mysql.mysql_db:
       name: "{{ rddbname }}"
       state: present

salut

@@ -0,0 +1 @@
+salut

semaphore/Vagrantfile

@@ -0,0 +1,75 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bullseye64"
+  config.vm.hostname = "semaphore"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  # config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+  #   vb.memory = "1024"
+  # end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt-get install -y vim wget curl
+   SHELL
+   config.vm.provision "ansible" do |ansible|
+       ansible.playbook = "semaphore.yml"
+   end
+
+end

semaphore/semaphore.yml

@@ -0,0 +1,55 @@
+---
+- hosts: all
+  become: true
+  tasks:
+
+  - name: Installe paquets  git et ansible
+    apt:
+      name:
+        - git
+        - ansible
+      state: present
+
+  - name: Recupere paquet semaphore
+    get_url:
+      url: https://github.com/ansible-semaphore/semaphore/releases/download/v2.8.75/semaphore_2.8.75_linux_amd64.deb
+      dest: /tmp/
+
+  - name: Installie paquet semaphore
+    apt:
+      deb: semaphore_2.8.75_linux_amd64.deb
+
+  - name: cree repert /etc/semaphore
+    file:
+      path: /etc/semaphore
+      state: directory
+      mode: '0755'
+
+  - name: constitution fichier semaphore.service
+    blockinfile:
+      path: /etc/systemd/system/semaphore.service
+      mode: '0644'
+      create: yes
+      block: |
+        [Unit]
+        Description=Semaphore Ansible
+        Documentation=https://github.com/ansible-semaphore/semaphore
+        Wants=network-online.target
+        After=network-online.target
+
+        [Service]
+        Type=simple
+        ExecReload=/bin/kill -HUP $MAINPID
+        ExecStart=/usr/bin/semaphore service --config=/etc/semaphore/config.json
+        SyslogIdentifier=semaphore
+        Restart=always
+
+        [Install]
+        WantedBy=multi-user.target
+
+  - name: reload daemon-reload
+    service:
+      name: semaphore
+      state: started
+      enabled: yes
+

wp-lb/Vagrantfile

@@ -0,0 +1,81 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # Base VM OS configuration.
+  config.vm.box = "debian/bullseye64"
+  config.ssh.insert_key = false
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
+  # General VirtualBox VM configuration.
+  config.vm.provider :virtualbox do |v|
+    v.memory = 512
+    v.cpus = 1
+    v.linked_clone = true
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # lb HAproxy.
+  config.vm.define "lb" do |lb|
+    lb.vm.hostname = "lb.test"
+    lb.vm.network :private_network, ip: "192.168.56.2"
+    lb.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    lb.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-lb.yml"
+    end
+  end
+
+  # NFS.
+  config.vm.define "nfs" do |nfs|
+    nfs.vm.hostname = "nfs.test"
+    nfs.vm.network :private_network, ip: "192.168.56.6"
+    nfs.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    nfs.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-nfs.yml"
+    end
+  end
+
+  # MySQL.
+  config.vm.define "db" do |db|
+    db.vm.hostname = "db.test"
+    db.vm.network :private_network, ip: "192.168.56.5"
+    db.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    db.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-db.yml"
+    end
+  end
+
+  # Apache web1.
+  config.vm.define "web1" do |web1|
+    web1.vm.hostname = "web1.test"
+    web1.vm.network :private_network, ip: "192.168.56.3"
+    web1.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    web1.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    web1.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-web.yml"
+    end
+  end
+
+  # Apachei web2.
+  config.vm.define "web2" do |web2|
+    web2.vm.hostname = "web2.test"
+    web2.vm.network :private_network, ip: "192.168.56.4"
+    web2.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    web2.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    web2.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-web.yml"
+    end
+  end
+
+end
+

wp-lb/provision/setup-db.yml

@@ -0,0 +1,43 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: modules python pour 
+    apt:
+      name: python3-pymysql
+      state: present
+
+  - name: install mariadb-server
+    apt: 
+     name: mariadb-server
+     state: present
+
+  - name: Cree Bd wordpress 
+    mysql_db: 
+      db: wordpressdb
+      login_unix_socket: /var/run/mysqld/mysqld.sock  
+      state: present
+  
+  - name: Ouvre port 3306 mariadb-server 
+    replace: 
+      path: /etc/mysql/mariadb.conf.d/50-server.cnf
+      regexp: '^bind-address.*'
+      replace: '#bind-adress = 127.0.0.1'
+      backup: yes  
+    notify: restart mariadb
+
+  - name: Create MySQL user for wordpress.
+    mysql_user:
+      name: wordpressuser
+      password: wordpresspasswd
+      priv: "wordpressdb.*:ALL"
+      host: '%'
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock  
+
+  handlers:
+  - name: restart mariadb
+    ansible.builtin.service:
+      name: mariadb
+      state: restarted
+

wp-lb/provision/setup-lb.yml

@@ -0,0 +1,29 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: install haproxy
+    apt:
+      name: haproxy
+      state: present
+
+  - name: parametre backend et fontend
+    blockinfile:
+      path: /etc/haproxy/haproxy.cfg
+      block: |
+        frontend proxypublic
+          bind 192.168.56.2:80
+          default_backend fermeweb
+        
+        backend fermeweb
+          balance roundrobin
+          option httpclose
+          #option httpchk HEAD / HTTP/1.0
+          server web1.test 192.168.56.3:80 check
+          #server web2.test 192.168.56.4:80 check
+
+  - name: redemarre haproxy
+    service:
+      name: haproxy
+      state: restarted
+      enabled: yes

wp-lb/provision/setup-nfs.yml

@@ -0,0 +1,88 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: 00 - cree repertoire wordpress pour export nfs
+    file:
+      path: /exports/wordpress
+      state: directory
+
+  - name: 05 - Install nfs-server
+    apt:
+      name: nfs-server
+      state: present
+
+  - name: 10 - creation fichier exports nfs  
+    ansible.builtin.blockinfile:
+      path: /etc/exports
+      block: |
+        /exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check)
+
+
+  - name: 15 - Recupere wordpress.tar.gz
+    get_url: 
+      url: "https://fr.wordpress.org/latest-fr_FR.tar.gz"
+      dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz
+
+  - name: 20 - decompresse wordpress 
+    unarchive: 
+      src: /tmp/wordpress-6.1.1-fr_FR.tar.gz
+      dest: /exports/
+      remote_src: yes  
+  
+  - name: 22 - change owner et group pour repertoire wordpress
+    file:
+      path: /exports/wordpress
+      state: directory
+      recurse: yes
+      owner: www-data
+      group: www-data
+
+  - name: 25 - genere fichier de config wordpress 
+    copy: 
+      src: /exports/wordpress/wp-config-sample.php
+      dest: /exports/wordpress/wp-config.php
+      remote_src: yes  
+
+  - name: 30 - genere fichier de config wordpress 
+    copy: 
+      src: /exports/wordpress/wp-config-sample.php
+      dest: /exports/wordpress/wp-config.php
+      remote_src: yes  
+
+  - name: 35 - ajuste variable dbname dans fichier de config wp-config.php  
+    replace: 
+      path: /exports/wordpress/wp-config.php
+      regexp: "votre_nom_de_bdd"
+      replace: "wordpressdb"
+      backup: yes
+
+
+  - name: 40 ajuste variable dbusername dans fichier de config wp-config.php  
+    replace: 
+      path: /exports/wordpress/wp-config.php
+      regexp: "votre_utilisateur_de_bdd"
+      replace: "wordpressuser"
+      backup: yes
+  
+  - name: 45 - ajuste variable mdp dans fichier de config wp-config.php  
+    replace: 
+      path: /exports/wordpress/wp-config.php
+      regexp: "votre_mdp_de_bdd"
+      replace: "wordpresspasswd"
+      backup: yes
+
+  - name: 50 - ajuste hostname fichier wp-config.php  
+    replace: 
+      path: /exports/wordpress/wp-config.php
+      regexp: "localhost"
+      replace: "192.168.56.5"
+      backup: yes
+
+  - name: 55 - relance nfs
+    service:
+      name: nfs-server
+      state: restarted
+      enabled: yes
+
+

wp-lb/provision/setup-web.yml

@@ -0,0 +1,31 @@
+---
+- hosts: all
+  become: true
+  tasks:
+  - name: install apache ...
+    apt: 
+      name: 
+        - apache2
+        - php
+        - php-mbstring
+        - php-mysql
+        - mariadb-client  
+      state: present
+
+  - name: install nfs-common ...
+    apt: 
+      name: nfs-common 
+      state: present
+
+  - name: montage nfs pour word press
+    blockinfile:
+      path: /etc/fstab
+      block: |
+        192.168.56.6:/exports/wordpress /var/www/html nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0
+
+  - name: monte export wordpress
+    ansible.posix.mount:
+      path: /var/www/html
+      state: mounted
+      fstype: nfs
+      src: 192.168.56.6:/exports/wordpress