typo diverses

typo boxtype
gitea-docker-traefik
2024-02-09 00:16:20 +01:00 · 2024-02-09 00:02:04 +01:00 · 2024-02-09 00:00:00 +01:00 · 2024-02-08 22:10:16 +01:00 · 2024-01-25 13:51:00 +01:00 · 2024-01-10 22:53:30 +01:00
54 changed files with 4104 additions and 1118 deletions
--- a/README.md
+++ b/README.md
@ -1,8 +1,10 @@
 # vagrant
-le 2022-12-04
+le 2023-06-25 00h30 - ps
-Ce dépôt héberge des **Vagrantfile** dont
+Ce dépôt héberge des **Vagrantfile** dont : 
  * **dns** : Vagrantfile pour 2 serveurs **Bind9** (1 maitre et un esclave), tests **goss** chainés  
  * **divers/logs** : Vagrantfile pour serveur et client **rsyslog**  sans journald  
  * **docker**
  * **docker-wordpress**
  * **docker-glpi**
@ -12,6 +14,13 @@ Ce dépôt héberge des **Vagrantfile** dont
  * **docker-traefik-nginx**
  * **docker-elk**
  * **devstack**
-  * **k8s** : kubernetes 1.26.00 + playbook pout master **k8s-master** et 2 noeuds **node-1** et **node-2**
+  * **dvlpt** : Vagrantfile pour VM Debian 11 LAMP + phpmyadmin
  * **glpi** : Vagrantfile pour VM Debian 11 GLPI 10.0.7
  * **guacamole** : Vagrantfile pour Apache Guacamole dockerise sans frontal
  * **k8s** : kubernetes 1.26.00 + playbook pour master **k8s-master** et 2 noeuds **node-1** et **node-2**
  * **k3s-awx** : Vagrantfile + script **inst-awx** pour installation  **Ansible AWX** sur **k3s** avec **awx-on-k3s**
  * **minione**
  * **rundeck** : Vagrantfile + playbook pour installation avec Mariadb
  * **samba-ad-dc** : Vagrantfile + playbook pour **Samba 4.17 ad-dc** sur **Debian 12 Bookworm**
  * **wp-lb** : Wordpress web1 et web2, lb HaProxy, nfs, db Mariadb - Vagrantfile + playbooks
--- a/divers/bind/mkzone
+++ b/divers/bind/mkzone
@ -0,0 +1,244 @@
 #!/usr/bin/env bash
 set -Eeuo pipefail
 trap cleanup SIGINT SIGTERM ERR EXIT
 # cree les fichiers de configuration bind9 
 #  - ficher de zone directe
 #  - ficher de zone inverse
 #
 version="1.1a"
 zone="domaine.lan"
 slave=0
 cleanup() {
  trap - SIGINT SIGTERM ERR EXIT
  # script cleanup here
 }
 initialize () {
 readonly zonenet="192.168.56"
 readonly zonerev="56.168.192.in-addr.arpa"
 # NS1
 readonly nsname="srv1"
 readonly nsip="${zonenet}.10"
 readonly nsiprev=$(echo ${nsip}|cut -d. -f4) # dernier octet pour classe C
 # NS2 
 readonly nsname2="srv2"
 readonly nsip2="${zonenet}.11"
 readonly nsiprev2=$(echo ${nsip2}|cut -d. -f4)
 readonly ttl="86400"
 # Global
 readonly nsfqdn="${nsname}.${zone}"
 readonly nsfqdnp="${nsfqdn}."
 readonly zonep="${zone}."
 readonly date=$(date +%Y%m%d00)
 }
 mkconflocal () {
 if [[ "${slave}" != 1 ]] ; then
 echo "Generation fichier named.conf.local ..."
 cat <<EOT > "named.conf.local"
 # fichier zone ${zone}
 # le $(date)
 zone "${zone}" {
    type master;
    file "/etc/bind/db.${zone}"; # zone directe
 };
 zone "${zonerev}" {
    type master;
    file "/etc/bind/db.${zone}.rev"; # zone directe
 };
 EOT
 else 
 echo "Generation fichier named.conf.local ..."
 cat <<EOT > "named.conf.local"
 # fichier zone ${zone}
 # le $(date)
 zone "${zone}" {
    type slave;
    file "/var/cache/bind/db.${zone}"; # zone directe
    masters { ${nsip} ; };
 };
 zone "${zonerev}" {
    type slave;
    file "/var/cache/bind/db.${zone}.rev"; # zone directe
    masters { ${nsip} ; };
 };
 EOT
 fi
 }
 mkzdirect () {
 # fichier de zone directe 
 echo "Generation fichier de zone directe db.${zone} ..."
 cat <<EOT > "db.${zone}"
 ; fichier zone ${zone}
 ; le $(date)
 \$TTL ${ttl} ; (1 day)
 \$ORIGIN ${zonep}
@ IN SOA ${nsfqdnp} root.${nsfqdnp} (
                ${date} ; serial YYYYMMDDnn
                14400      ; refresh (4 hours)
                1800       ; retry   (30 minutes)
                1209600    ; expire  (2 weeks)
                3600       ; minimum (1 hour)
                )
@                  IN   NS    ${nsname}
@                  IN   NS    ${nsname2}
                   IN   A     203.0.113.10 ;  zone 
                   IN   AAAA  2001:DB8:BEEF:113::10  ;
 www                IN   CNAME ${nsfqdnp}
 ftp                IN   CNAME ${nsfqdnp}
 ${nsname}	   IN   A     ${nsip}
                   IN   AAAA  2001:DB8:BEEF:2::22
 ${nsname2}         IN   A     ${nsip2}
                   IN   AAAA  2001:DB8:BEEF:100::22
 EOT
 }
 mkzreverse () {
 echo "Generation fichier de zone inverse db.${zone}.rev ..."
 cat <<EOT > "db.${zone}.rev"
 ; fichier zone inverse ${zone}
 ; le $(date)
 \$TTL ${ttl} ; (1 day)
@ IN SOA ${nsfqdnp} root.${nsfqdnp} (
                ${date} ; serial YYYYMMDDnn
                14400      ; refresh (4 hours)
                1800       ; retry   (30 minutes)
                1209600    ; expire  (2 weeks)
                3600       ; minimum (1 hour)
                )
@                 IN   NS    ${nsname}.${zone}.
@                 IN   NS    ${nsname2}.${zone}.
 ${nsiprev}	 IN   PTR     ${nsname}.${zone}.
 ${nsiprev2}      IN   PTR     ${nsname2}.${zone}.
 EOT
 }
 mkresolv () {
 echo "Generation fichier /etc/resolv.conf ..."
 cat <<EOT > "/etc/resolv.conf"
 # fichier resolv.conf ${zone}
 # le $(date)
 domain ${zone}
 search ${zone}
 nameserver 127.0.0.1
 EOT
 }
 script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
 usage() {
  cat <<EOF # remove the space between << and EOF, this is due to web plugin issue
 Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value zone [arg2...]
 Script description here.
 Available options:
 -h, --help      Print this help and exit
 -v, --verbose   Print script debug info
 -s, --slave      Some flag description
 -p, --param     Some param description
 EOF
  exit
 }
 cleanup() {
  trap - SIGINT SIGTERM ERR EXIT
  # script cleanup here
 }
 setup_colors() {
  if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then
    NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m'
  else
    NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW=''
  fi
 }
 msg() {
  echo >&2 -e "${1-}"
 }
 die() {
  local msg=$1
  local code=${2-1} # default exit status 1
  msg "$msg"
  exit "$code"
 }
 parse_params() {
  # default values of variables set from params
  flag=0
  param=''
  while :; do
    case "${1-}" in
    -h | --help) usage ;;
    --no-color) NO_COLOR=1 ;;
    -s | --slave) flag=1 ;; # example flag
 #    -p | --param) # example named parameter
 #      param="${2-}"
 #      shift
 #      ;;
    -?*) die "Unknown option: $1" ;;
    *) break ;;
    esac
    shift
  done
  args=("$@")
  # check required params and arguments
 #  [[ -z "${param-}" ]] && die "Missing required parameter: param"
  [[ ${#args[@]} -eq 0 ]] && die "Missing script arguments"
  return 0
 }
 parse_params "$@"
 setup_colors
 # script logic here
 #msg "${RED}Read parameters:${NOFORMAT}"
 #msg "- flag: ${flag}"
 #msg "- param: ${param}"
 #msg "- arguments: ${args[*]-}"
 zone="${args[0]-}"
 slave="${flag}"
 initialize
 if [[ ${flag} != 1 ]] ; then
 	mkconflocal
 	mkzdirect
 	mkzreverse
 	mkresolv
 else
 	mkconflocal
 	mkresolv
 fi
 exit 0
--- a/divers/logs/Vagrantfile
+++ b/divers/logs/Vagrantfile
@ -0,0 +1,28 @@
 Vagrant.configure("2") do |config|
  config.vm.define 'srv' do |config|
 	  config.vm.box = "debian/bullseye64"
 	  config.vm.hostname = "srv"
 	  config.vm.network "private_network", ip: "192.168.56.10"
 	  config.vm.provision "shell", inline:<<-SHELL
 #	    apt-get update
 #	    apt-get install -y vim curl wget 
 	    sed -i 's/^#module\(load="imudp"\)/module(load="imudp")/' /etc/rsyslog.conf
 	    sed -i 's/^#input\(type="imudp" port="514"\)/input(type="imudp" port="514")/' /etc/rsyslog.conf
 	    systemctl restart syslog
 	    ss -lnu 
 	  SHELL
 	end
  config.vm.define 'cli' do |config| 
 	  config.vm.box = "debian/bullseye64"
 	  config.vm.hostname = "cli"
 	  config.vm.network "private_network", ip: "192.168.56.11"
 	  config.vm.provision "shell", inline:<<-SHELL
 #	    apt-get update
 #	    apt-get install -y vim curl wget 
 	    echo "*.* @192.168.56.10" >> /etc/rsyslog.conf
 	    systemctl restart syslog
 	    logger salut 
 	  SHELL
 	end
 end
--- a/dns/Vagrantfile
+++ b/dns/Vagrantfile
@ -0,0 +1,53 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 Vagrant.configure("2") do |config|
  # Base VM OS configuration.
  config.vm.box = "debian/bullseye64"
  config.ssh.insert_key = false
  config.vm.synced_folder '.', '/vagrant', disabled: true
  # General VirtualBox VM configuration.
  config.vm.provider :virtualbox do |v|
    v.memory = 512
    v.cpus = 1
    v.linked_clone = true
    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
    v.customize ["modifyvm", :id, "--ioapic", "on"]
  end
  # srv1 master.
  config.vm.define "srv1" do |srv1|
    srv1.vm.hostname = "srv1"
    srv1.vm.network :private_network, ip: "192.168.56.10"
    srv1.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    srv1.vm.provision "shell", path: "provision/setup-master.sh"
  end
  # srv2 slave.
  config.vm.define "srv2" do |srv2|
    srv2.vm.hostname = "srv2"
    srv2.vm.network :private_network, ip: "192.168.56.11"
    srv2.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    srv2.vm.provision "shell", path: "provision/setup-slave.sh"
  end
  # cli.
  config.vm.define "cli" do |cli|
    cli.vm.hostname = "cli"
    cli.vm.network :private_network, ip: "192.168.56.30"
    cli.vm.provider :virtualbox do |v|
      v.customize ["modifyvm", :id, "--memory", 512]
    end
    cli.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    cli.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/setup-cli.sh"
    end
  end
 end
--- a/dns/provision/setup-master.sh
+++ b/dns/provision/setup-master.sh
@ -0,0 +1,28 @@
 #!/bin/bash
 set -eu
 mondomaine=domaine.lan
 apt-get install -y  bind9 bind9-doc bind9-host 
 curl -fsSL https://goss.rocks/install |sh
 wget -nc https://gitea.lyc-lecastel.fr/gadmin/vagrant/raw/branch/main/divers/bind/mkzone
 bash mkzone "${mondomaine}"
 cp db.${mondomaine}* /etc/bind
 cp named.conf.local  /etc/bind
 sudo named-checkconf /etc/bind/named.conf
 sudo named-checkzone "${mondomaine}" "/etc/bind/db.${mondomaine}"
 sudo systemctl restart bind9
 host srv1
 host srv2
 host -t soa "${mondomaine}"
 host -l "${mondomaine}"
 goss add command "host ${mondomaine}"
 goss add command "host -t soa ${mondomaine}"
 goss add command "host -t ns ${mondomaine}"
 goss add command "host srv1.${mondomaine}"
 goss add command "host srv1"
 goss add command "host www"
 goss add command "host srv2.${mondomaine}"
 goss add command "host srv2"
 goss add command "host 192.168.56.10"
 goss add command "host 192.168.56.11"
 goss v -f tap
--- a/dns/provision/setup-slave.sh
+++ b/dns/provision/setup-slave.sh
@ -0,0 +1,15 @@
 #!/bin/bash
 set -eu
 mondomaine=domaine.lan
 apt-get install -y  bind9 bind9-doc bind9-host 
 wget -nc https://gitea.lyc-lecastel.fr/gadmin/vagrant/raw/branch/main/divers/bind/mkzone
 bash mkzone -s "${mondomaine}"
 cp named.conf.local  /etc/bind
 sudo named-checkconf /etc/bind/named.conf
 sudo named-checkzone "${mondomaine}" "/var/cache/bind/db.${mondomaine}"
 sudo systemctl restart bind9
 host srv1
 host srv2
 host -t soa "${mondomaine}"
 host -l "${mondomaine}"
--- a/docker-app/docker-compose.yml
+++ b/docker-app/docker-compose.yml
@ -0,0 +1,32 @@
 version: "3.9"
 services:
  php:
    container_name: php
 #   image: php:apache
    build: './php'
    restart: always
    ports:
      - "8000:80" 
    volumes:
      - ./code:/var/www/html 
    depends_on:
      - db
    env_file:
      - .env
  db:
    container_name: db
    image: mariadb
    restart: always
    environment:
      MYSQL_ROOT_PASSWORD: $MYSQL_ROOT_PASSWORD
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    volumes:
      - ./db:/var/lib/mysql
      - ./db-init:/docker-entrypoint-initdb.d
    env_file:
      - .env
--- a/docker-traefik-nextcloud/Vagrantfile
+++ b/docker-traefik-nextcloud/Vagrantfile
@ -64,95 +64,8 @@ Vagrant.configure("2") do |config|
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
-   config.vm.provision "shell", inline: <<-SHELL
+   config.vm.provision "shell",
-     apt-get update
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
-     apt install -y wget curl git vim
+   config.vm.provision "shell", path: "provision/setup.sh"
     if ! which docker ; then
       curl -s -o getdocker.sh https://get.docker.com
       bash getdocker.sh
       gpasswd -a vagrant docker
     fi
     mkdir -p nextcloud && cd nextcloud
 cat > traefik.yml  <<-'EOT'
 version: '3'
 networks:
  proxy:
    external: true
 services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.9
    container_name: traefik
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - proxy
 'EOT'
 cat > nextcloud.yml  <<-'EOT'
 version: '2'
 volumes:
  nextcloud:
  db:
 networks:
  proxy:
    external: true
  nxc:
    external: false
 services:
  db:
    image: mariadb:10.5
    container_name: db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    networks:
      - nxc
    environment:
      - MYSQL_ROOT_PASSWORD=Azerty1+
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
  app:
    image: nextcloud
    container_name: app
    restart: always
      #    ports:
      #      - 8081:80
    links:
      - db
    volumes:
      - nextcloud:/var/www/html
    networks:
      - proxy
      - nxc
    labels:
      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
    environment:
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
 'EOT'
  docker network create proxy
  docker compose -f traefik.yml up -d 
  docker compose -f nextcloud.yml up -d 
  ip -br a 
   SHELL
 end
--- a/docker-traefik-nextcloud/provision/docker-compose.yml
+++ b/docker-traefik-nextcloud/provision/docker-compose.yml
@ -0,0 +1,82 @@
 version: '3'
 volumes:
  nextcloud:
  db:
 networks:
  proxy:
    external: true
  nxc:
    external: false
 services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:latest
    container_name: traefik
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Map the static configuration into the container
      - ./config/static.yml:/etc/traefik/traefik.yml:ro
      # Map the dynamic configuration into the container
      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
      # Map the certificats into the container
      - ./certs:/etc/certs:ro
    networks:
      - proxy
  db:
    image: mariadb:10.5
    container_name: db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    networks:
      - nxc
    environment:
      - MYSQL_ROOT_PASSWORD=Azerty1+
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
  app:
    image: nextcloud
    container_name: app
    restart: always
    ports:
      - 8081:80
    #links:
    depends_on:
      - db
    volumes:
      - nextcloud:/var/www/html
    networks:
      - proxy
      - nxc
    labels:
 #      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
      - "traefik.http.routers.app.tls=true"
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
        #      - "traefik.http.routers.app.entrypoints=websecure"
        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
      - "traefik.http.routers.app.service=app-service"
      - "traefik.http.services.app-service.loadbalancer.server.port=80"
    environment:
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
--- a/docker-traefik-nextcloud/provision/setup.sh
+++ b/docker-traefik-nextcloud/provision/setup.sh
@ -0,0 +1,161 @@
 #!/bin/bash
 apt-get update
 apt-get install -y wget curl git vim
 if ! which docker ; then
   curl -s -o getdocker.sh https://get.docker.com
   bash getdocker.sh
   gpasswd -a vagrant docker
 fi
 mkdir -p nextcloud && cd nextcloud
 wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
 chmod +x mkcert
 mv mkcert /usr/local/bin
 sudo apt-get install -y libnss3-tools
 mkdir certs config
 mkcert -install
 mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "mon.nxc" "*.mon.nxc"
 cat > traefik.yml  <<EOT
 version: '3'
 networks:
  proxy:
    external: true
 services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:latest
    container_name: traefik
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Map the static configuration into the container
      - ./config/static.yml:/etc/traefik/traefik.yml:ro
      # Map the dynamic configuration into the container
      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
      # Map the certificats into the container
      - ./certs:/etc/certs:ro
    networks:
      - proxy
 EOT
 cat > ./config/static.yml <<EOT
 global:
  sendAnonymousUsage: false
 api:
  dashboard: true
  insecure: true
 providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    watch: true
    exposedByDefault: false
  file:
    filename: /etc/traefik/dynamic.yml
    watch: true
 log:
  level: INFO
  format: common
 entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
 EOT
 cat > ./config/dynamic.yml <<EOT
 http:
  routers:
    traefik:
      rule: "Host(`traefik.docker.localhost`)"
      service: "api@internal"
      tls:
        domains:
          - main: "docker.localhost"
            sans:
              - "*.docker.localhost"
          - main: "mon.nxc"
            sans:
              - "*.mon.nxc"
 tls:
  certificates:
    - certFile: "/etc/certs/local-cert.pem"
      keyFile: "/etc/certs/local-key.pem"
 EOT
 cat > nextcloud.yml  <<'EOT'
 version: '2'
 volumes:
  nextcloud:
  db:
 networks:
  proxy:
    external: true
  nxc:
    external: false
 services:
  db:
    image: mariadb:10.5
    container_name: db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    networks:
      - nxc
    environment:
      - MYSQL_ROOT_PASSWORD=Azerty1+
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
  app:
    image: nextcloud
    container_name: app
    restart: always
      #    ports:
      #      - 8081:80
    #links:
    depends_on:
      - db
    volumes:
      - nextcloud:/var/www/html
    networks:
      - proxy
      - nxc
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
      - "traefik.http.routers.app.tls=true"
    environment:
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
 'EOT'
 docker network create proxy
 docker compose -f traefik.yml up -d 
 docker compose -f nextcloud.yml up -d 
 ip -br a 
--- a/dvlpt/README.md
+++ b/dvlpt/README.md
@ -0,0 +1,25 @@
 # dvlpt
 **dvlpt** est une VM Debian 11 avec :
  * **apache2**
  * **php** (7.4)
  * **mariadb-server**
  * **phpmyadmin**
 ## Installation
  vagrant up
 ## Utilisation
 **Acces SSH** :  vagrant ssh
 **Acces web** : http://localhost:2080
 **Acces phpmyadmin** : http://localhost:2080/phpmyadmin
 **Acces ssh** : ssh root@localhost -p 2022
 le 2023-05-04
--- a/dvlpt/Vagrantfile
+++ b/dvlpt/Vagrantfile
@ -0,0 +1,83 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bullseye64"
  config.vm.hostname = "dvlpt"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
   config.vm.network "forwarded_port", guest: 22, host: 2022
   config.vm.network "forwarded_port", guest: 80, host: 2080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
   config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
     vb.memory = "1024"
   end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell", inline: <<-SHELL
     timedatectl set-timezone Europe/Paris
     apt-get update
     export DEBIAN_FRONTEND=noninteractive
     apt-get install -y vim wget curl git apache2 php php-mysql php-gd php-xml mariadb-server phpmyadmin
     cp /etc/phpmyadmin/apache.conf /etc/apache2/sites-available/phpmyadmin.conf
     a2ensite phpmyadmin.conf
     systemctl restart apache2
     echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
     systemctl restart ssh
     echo 'connexion SSH avec vagrant : vagrant ssh'
     echo 'connexion SSH : ssh root@localhost -p 2022'
     echo 'connexion web : http://localhost:2080'
     echo 'connexion phpmyadmin : http://localhost:2080/phpmyadmin'
   SHELL
 end
--- a/gitea-docker-traefik/Vagrantfile
+++ b/gitea-docker-traefik/Vagrantfile
@ -0,0 +1,71 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bookworm64"
  config.vm.hostname = "gitea-traefik"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
   config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
     vb.memory = "1024"
   end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
   config.vm.provision "shell", path: "provision/setup.sh"
 end
--- a/gitea-docker-traefik/provision/docker-compose.yml
+++ b/gitea-docker-traefik/provision/docker-compose.yml
@ -0,0 +1,82 @@
 version: '3'
 volumes:
  nextcloud:
  db:
 networks:
  proxy:
    external: true
  nxc:
    external: false
 services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:latest
    container_name: traefik
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Map the static configuration into the container
      - ./config/static.yml:/etc/traefik/traefik.yml:ro
      # Map the dynamic configuration into the container
      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
      # Map the certificats into the container
      - ./certs:/etc/certs:ro
    networks:
      - proxy
  db:
    image: mariadb:10.5
    container_name: db
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    networks:
      - nxc
    environment:
      - MYSQL_ROOT_PASSWORD=Azerty1+
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
  app:
    image: nextcloud
    container_name: app
    restart: always
    ports:
      - 8081:80
    #links:
    depends_on:
      - db
    volumes:
      - nextcloud:/var/www/html
    networks:
      - proxy
      - nxc
    labels:
 #      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
      - "traefik.http.routers.app.tls=true"
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
        #      - "traefik.http.routers.app.entrypoints=websecure"
        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
      - "traefik.http.routers.app.service=app-service"
      - "traefik.http.services.app-service.loadbalancer.server.port=80"
    environment:
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
      - MYSQL_HOST=db
--- a/gitea-docker-traefik/provision/setup.sh
+++ b/gitea-docker-traefik/provision/setup.sh
@ -0,0 +1,163 @@
 #!/bin/bash
 apt-get update
 apt-get install -y wget curl git vim
 if ! which docker ; then
   curl -s -o getdocker.sh https://get.docker.com
   bash getdocker.sh
   gpasswd -a vagrant docker
 fi
 mkdir -p gitea && cd gitea
 wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
 chmod +x mkcert
 mv mkcert /usr/local/bin
 sudo apt-get install -y libnss3-tools
 mkdir certs config
 mkcert -install
 mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "gitea.local" "*.gitea.local"
 cat > traefik.yml  <<EOT
 version: '3'
 networks:
  proxy:
    external: true
 services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:latest
    container_name: traefik
    # Enables the web UI and tells Traefik to listen to docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # Map the static configuration into the container
      - ./config/static.yml:/etc/traefik/traefik.yml:ro
      # Map the dynamic configuration into the container
      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
      # Map the certificats into the container
      - ./certs:/etc/certs:ro
    networks:
      - proxy
 EOT
 cat > ./config/static.yml <<EOT
 global:
  sendAnonymousUsage: false
 api:
  dashboard: true
  insecure: true
 providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    watch: true
    exposedByDefault: false
  file:
    filename: /etc/traefik/dynamic.yml
    watch: true
 log:
  level: INFO
  format: common
 entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
 EOT
 cat > ./config/dynamic.yml <<EOT
 http:
  routers:
    traefik:
      rule: "Host(`traefik.docker.localhost`)"
      service: "api@internal"
      tls:
        domains:
          - main: "docker.localhost"
            sans:
              - "*.docker.localhost"
          - main: "gitea.local"
            sans:
              - "*.gitea.local"
 tls:
  certificates:
    - certFile: "/etc/certs/local-cert.pem"
      keyFile: "/etc/certs/local-key.pem"
 EOT
 cat > gitea.yml <<-'EOT'
 version: '2'
 volumes:
  gitea:
  db:
 networks:
  proxy:
    external: true
  gitea:
    external: false
 services:
  db:
    image: mariadb
    container_name: db
    restart: always
 #    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - db:/var/lib/mysql
    networks:
      - gitea
    environment:
      - MYSQL_ROOT_PASSWORD=Azerty1+
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
  app:
    image: gitea/gitea
    container_name: gitea
    restart: always
      #    ports:
      #      - 8081:80
    #links:
    depends_on:
      - db
    volumes:
      - gitea:/var/www/html
    networks:
      - proxy
      - gitea
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`gitea.local`)"
      - "traefik.http.routers.app.tls=true"
      - "traefik.http.services.app.loadbalancer.server.port=3000"
    environment:
      - MYSQL_PASSWORD=Azerty1+
      - MYSQL_DATABASE=gitea
      - MYSQL_USER=gitea
      - MYSQL_HOST=db:3006
 EOT
 docker network create proxy
 docker compose -f traefik.yml up -d 
 docker compose -f gitea.yml up -d 
 ip -br a 
--- a/gitea-docker/Vagrantfile
+++ b/gitea-docker/Vagrantfile
@ -0,0 +1,133 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bookworm64"
  config.vm.hostname = "gitea"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
   config.vm.network "forwarded_port", guest: 3000, host: 3000
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Disable the default share of the current code directory. Doing this
  # provides improved isolation between the vagrant box and your host
  # by making sure your Vagrantfile isn't accessible to the vagrant box.
  # If you use this you may want to enable additional shared subfolders as
  # shown above.
  # config.vm.synced_folder ".", "/vagrant", disabled: true
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
  config.vm.provision "shell", inline: <<-SHELL
     apt-get update
     apt-get install -y vim wget curl git 
     if ! which docker ; then
        curl -s -o getdocker.sh https://get.docker.com
        bash getdocker.sh
        gpasswd -a vagrant docker
     fi
     [[ -d ~/gitea ]] || mkdir -p ~/gitea
     cd ~/gitea
     cat <<-EOT > ~/gitea/docker-compose.yml
 version: "3"
 networks:
  gitea:
    external: false
 services:
  server:
    image: gitea/gitea
    container_name: gitea
    environment:
      - USER_UID=1000
      - USER_GID=1000
      - GITEA__database__DB_TYPE=mysql
      - GITEA__database__HOST=db:3306
      - GITEA__database__NAME=gitea
      - GITEA__database__USER=gitea
      - GITEA__database__PASSWD=gitea
    restart: always
    networks:
      - gitea
    volumes:
      - ./gitea:/data
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    ports:
      - "3000:3000"
      - "2222:22"
    depends_on:
      - db
  db:
    image: mariadb
    restart: always
    environment:
      - MYSQL_ROOT_PASSWORD=gitea
      - MYSQL_USER=gitea
      - MYSQL_PASSWORD=gitea
      - MYSQL_DATABASE=gitea
    networks:
      - gitea
    volumes:
      - ./mysql:/var/lib/mysql
 EOT
  ( cd ~/gitea ; docker compose pull ; docker compose up -d )
  SHELL
 end
--- a/gitweb/Vagrantfile
+++ b/gitweb/Vagrantfile
@ -0,0 +1,88 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bullseye64"
  config.vm.hostname = "gitweb"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell", inline: <<-SHELL
     apt-get update
     apt-get install -y curl wget vim apache2 php 
     chown -R www-data:www-data /var/www/html/
     chmod g+w /var/www/html/
     apt-get install -y git
     useradd -m -s /bin/bash -d /home/git -c git git
     gpasswd -a git www-data
     echo "git:git"|sudo chpasswd
     su - -c "git init  --bare --shared web" git 
     su - -c "echo 'ref: refs/heads/main' > web/HEAD" git
     cat > /home/git/web/hooks/post-update <<-'EOF'
 #!/bin/bash
 GWT=/var/www/html/web
 [[ -e ${GWT} ]] || mkdir -p ${GWT} 
 GIT_WORK_TREE=${GWT} git checkout -f
 EOF
   chmod +x /home/git/web/hooks/post-update
   chown git:git /home/git/web/hooks/post-update
   SHELL
 end
--- a/glpi/README.md
+++ b/glpi/README.md
@ -0,0 +1,34 @@
 # GLPI
 **glpi**  installe une VM Debian 11 avec :
  * **apache2**
  * **php** (7.4) et les paquets associés
  * **mariadb-server**
  * **GLPI** 10.0.7
 ## Installation
  vagrant up
 ### se connecter à la VM :
  vagrant ssh
  sudo mysql_secure_administration
 ### avec un navigateur :
 se connecter à l'URL http://loclahost:2080/glpi  
 lancer l'installation de **GLPI**
 ## Utilisation
 **Acces SSH** :  vagrant ssh
 **Acces web** : http://localhost:2080
 **Acces ssh** : ssh root@localhost -p 2022
 le 2023-05-04
--- a/glpi/Vagrantfile
+++ b/glpi/Vagrantfile
@ -0,0 +1,91 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bullseye64"
  config.vm.hostname = "glpi"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
   config.vm.network "forwarded_port", guest: 22, host: 2022
   config.vm.network "forwarded_port", guest: 80, host: 2080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
   config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
     vb.memory = "1024"
   end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell", inline: <<-SHELL
 #     export http_proxy=http://10.121.38.1:8080
 #     export https_proxy=http://10.121.38.1:8080
     timedatectl set-timezone Europe/Paris
     apt-get update
     export DEBIAN_FRONTEND=noninteractive
     apt-get install -y vim wget curl git apache2 php php-mysql php-ldap php-gd php-intl php-xml php-curl php-zip mariadb-server
     ( cd /var/www/html 
     wget https://github.com/glpi-project/glpi/releases/download/10.0.7/glpi-10.0.7.tgz
     tar xvfz glpi-10.0.7.tgz 
     chown -R root:root glpi
     cd glpi
     chown -R www-data:www-data files config 
      )
 #     systemctl restart apache2
     echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
     systemctl restart ssh
     echo 'connexion SSH avec vagrant : vagrant ssh'
     echo 'connexion SSH : ssh root@localhost -p 2022'
     echo 'connexion web : http://localhost:2080'
     echo 'connexion phpmyadmin : http://localhost:2080/glpi'
   SHELL
 end
--- a/guacamole/README.md
+++ b/guacamole/README.md
@ -0,0 +1,10 @@
 # Guacamole
 **Apache Guacamole** est un outil permettant les connexions à distance (RDP, SSH, VNC, ...) via une interface web.
 Il est mis en oeuvre (Version 1.4.0) ici avec une **Vagrantfile**, docker et mariadb en accès direct hTTP sans proxy. 
 **Acces** : http://<adresse-IP>:8080/guacamole  avec **guacadmin/guacadmin**
 le 2023-01-17
--- a/guacamole/Vagrantfile
+++ b/guacamole/Vagrantfile
@ -0,0 +1,71 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bullseye64"
  config.vm.hostname = "guacamole"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
   config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
   config.vm.provider "virtualbox" do |vb|
     vb.memory = "2048"
   end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   apt-get update
  #   apt-get install -y apache2
  # SHELL
   config.vm.provision "shell" do |s|
     s.path = "provision/setup.sh"
   end
 end
--- a/guacamole/provision/setup.sh
+++ b/guacamole/provision/setup.sh
@ -0,0 +1,76 @@
 #!/bin/bash
 rep="guacamole"
 apt-get update
 apt-get install -y curl wget vim
 if ! which docker ; then
       curl -s -o getdocker.sh https://get.docker.com
       bash getdocker.sh
       gpasswd -a vagrant docker
 fi
 [[ -e "$rep" ]] || mkdir "$rep"
 cd "$rep" || exit 1
 cat > docker-compose.yml <<EOT
 version: '3'
 services:
  guacdb:
    container_name: guacdb
    image: mariadb/server:latest
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'MariaDBRootPSW'
      MYSQL_DATABASE: 'guacamole_db'
      MYSQL_USER: 'guacamole_user'
      MYSQL_PASSWORD: 'MariaDBUserPSW'
    volumes:
      - 'guacdb-data:/var/lib/mysql'
      - ./initdb:/docker-entrypoint-initdb.d
  guacd:
    container_name: guacd
    image: guacamole/guacd
    restart: unless-stopped
  guacamole:
    container_name: guacamole
    image: 'guacamole/guacamole:latest'
    restart: unless-stopped
    ports:
      - '8080:8080'
    environment:
      GUACD_HOSTNAME: "guacd"
      MYSQL_HOSTNAME: "guacdb"
      MYSQL_DATABASE: "guacamole_db"
      MYSQL_USER: "guacamole_user"
      MYSQL_PASSWORD: "MariaDBUserPSW"
    depends_on:
      - guacdb
      - guacd
 volumes:
  guacdb-data:
 EOT
 docker compose pull
 # creation fichiers initialisation mariadb
 [[ -e "initdb" ]] || mkdir "initdb"
 cat > initdb/01-initdb.sql <<EOT
 CREATE DATABASE IF NOT EXISTS guacamole_db;
 EOT
 echo "USE guacamole_db ;" > initdb/02-initdb.sql
 docker run --rm guacamole/guacamole /opt/guacamole/bin/initdb.sh --mysql >> initdb/02-initdb.sql
 cat > initdb/03-initdb.sql <<EOT
 CREATE USER IF NOT EXISTS 'guacamole_user'@'%' IDENTIFIED BY 'StrongPassw0rd';
 GRANT SELECT,INSERT,UPDATE,DELETE ON guacamole_db.* TO 'guacamole_user'@'%';
 FLUSH PRIVILEGES;
 EOT
 docker compose up -d
--- a/journald-remote/Vagrantfile
+++ b/journald-remote/Vagrantfile
@ -0,0 +1,39 @@
 IMAGE_NAME = "debian/bullseye64"
 N =2 
 node_ip = "192.168.56.10"
 Vagrant.configure("2") do |config|
    config.ssh.insert_key = false
    config.vm.provider "virtualbox" do |v|
        v.memory = 512
        v.cpus = 1
    end
    config.vm.define "journald-rcv" do |master|
        master.vm.box = IMAGE_NAME
        master.vm.network "private_network", ip: "192.168.56.10"
        master.vm.hostname = "journald-rcv"
        master.vm.provision "shell" do |shell|
            shell.path = "journald-rcv.sh"
 	end
 #         master.vm.provision "ansible" do |ansible|
 #            ansible.playbook = "kubernetes-setup/master-playbook.yml"
 #            ansible.extra_vars = {
 #                node_ip: "192.168.56.10",
 #            }
 #        end
    end
    (1..N).each do |i|
        config.vm.define "journald-snd-#{i}" do |node|
            node.vm.box = IMAGE_NAME
            node.vm.network "private_network", ip: "192.168.56.#{i + 10}"
            node.vm.hostname = "journald-snd-#{i}"
            node.vm.provision "shell" do |shell|
                shell.path = "journald-snd.sh"
                shell.args  = node_ip
            end
        end
    end
 end
--- a/journald-remote/journald-rcv.sh
+++ b/journald-remote/journald-rcv.sh
@ -0,0 +1,18 @@
 #!/bin/bash
 sudo apt-get update
 sudo apt-get install -y systemd-journal-remote
 sudo systemctl enable systemd-journal-remote.socket
 sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
 sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
 [[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
 sudo chown systemd-journal-remote /var/log/journal/remote
 sudo systemctl daemon-reload
 sudo ss -lntp4
--- a/journald-remote/journald-snd.sh
+++ b/journald-remote/journald-snd.sh
@ -0,0 +1,9 @@
 #!/bin/bash
 sudo apt-get update
 sudo apt-get install -y systemd-journal-remote
 rpl="s/^# URL=/URL=http:\/\/${1}:19532/"
 sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
 sudo systemctl enable systemd-journal-upload.service
 sudo systemctl restart systemd-journal-upload.service
--- a/k3s-awx/Vagrantfile
+++ b/k3s-awx/Vagrantfile
@ -0,0 +1,72 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bullseye64"
  config.vm.hostname = "k3s-awx"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  config.vm.network "private_network", ip: "192.168.56.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
   config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
     vb.memory = "3072"
   end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell", inline: <<-SHELL
     apt-get update
     apt-get install -y curl vim git make
   SHELL
 end
--- a/k3s-awx/inst-awx
+++ b/k3s-awx/inst-awx
@ -0,0 +1,36 @@
 #!/bin/bash
 # installation awx sur k3s
 export NAMESPACE=awx
 AWX_HOST="awx.sio.lan"
 REL="2.0.1"
 [ -x /usr/local/bin/k3s-uninstall.sh ] &&  /usr/local/bin/k3s-uninstall.sh
 sudo rm -rf /data
 sudo rm -rf awx*
 export NAMESPACE=awx
 #export http_proxy=http://10.121.38.1:8080
 #export https_proxy=http://10.121.38.1:8080
 curl -sfL https://get.k3s.io | sh -s - --write-kubeconfig-mode 644
 cd ~
 git clone https://github.com/ansible/awx-operator.git
 cd awx-operator
 git checkout "${REL}"
 export NAMESPACE=awx
 make deploy
 kubectl -n awx get all
 cd ~
 git clone https://github.com/kurokobo/awx-on-k3s.git
 cd awx-on-k3s
 git checkout "${REL}"
 #AWX_HOST="awx.sio.lan"
 openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./base/tls.crt -keyout ./base/tls.key -subj "/CN=${AWX_HOST}/O=${AWX_HOST}" -addext "subjectAltName = DNS:${AWX_HOST}"
 sed -i "s/awx.example.com/${AWX_HOST}/"   base/awx.yaml 
 sudo mkdir -p /data/postgres-13
 sudo mkdir -p /data/projects
 sudo chmod 755 /data/postgres-13
 sudo chown 1000:0 /data/projects
 kubectl apply -k base
 kubectl -n awx logs -f deployments/awx-operator-controller-manager
 kubectl -n awx get awx,all,ingress,secrets
--- a/k8s/kubernetes-setup/common.yml
+++ b/k8s/kubernetes-setup/common.yml
@ -0,0 +1,139 @@
  - name: Set timezone to Europe/Paris
    community.general.timezone:
     name: Europe/Paris
  - name: maj fichier hosts  
    ansible.builtin.blockinfile:
      path: /etc/hosts
      block: |
        192.168.56.10 k8s-master
        192.168.56.11 node-1
        192.168.56.12 node-2
  - name: Forwarding IPv4 and letting iptables see bridged traffic
    ansible.builtin.blockinfile:
      path: /etc/modules-load.d/k8s.conf
      create: yes
      block: |
        overlay
        br_netfilter
  - name: charge module overlay 
    community.general.modprobe:
      state: present
      name: overlay
  - name: charge module overlay et br_netfilter
    community.general.modprobe:
      state: present
      name: br_netfilter
  - name: persistance des bridges
    ansible.builtin.blockinfile:
      path: /etc/sysctl.d/k8s.conf
      create: yes
      block: |
        net.bridge.bridge-nf-call-iptables  = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        net.ipv4.ip_forward                 = 1
  - name: applique les parametres sysctl
    command: "sysctl --system"
  - name: Recupere get-docker
    get_url: 
      url: "https://get.docker.com"
      dest: /tmp/get-docker.sh
  - name: lance get-docker - installe docker, containerd ... 
    command: 'sh /tmp/get-docker.sh'
  - name: Add vagrant user to docker group
    user:
      name: vagrant
      group: docker
  - name: cree repertoire /etc/containerd
    file:
      path: /etc/containerd
      state: directory  
  - name: genere config.toml (containerd)
    #command: "sudo containerd config default | sudo tee /etc/containerd/config.toml"
    shell: "containerd config default | tee /etc/containerd/config.toml"
  - name: configure cgroup driver pour systemd (config.toml)
    replace:
      path: "/etc/containerd/config.toml"
      regexp:  'SystemdCgroup = false'
      replace: 'SystemdCgroup = true'  
      backup: yes
  - name: redemarre containerd
    service:
      name: containerd
      state: restarted
      enabled: yes
  - name: Remove swapfile from /etc/fstab
    mount:
      name: "{{ item }}"
      fstype: swap
      state: absent
    with_items:
      - swap
      - none
  - name: Disable swap
    command: swapoff -a
    when: ansible_swaptotal_mb > 0
  - name: Add an apt signing key for Kubernetes
    apt_key:
      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
      state: present
  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
      state: present
      filename: kubernetes.list
  - name: Install Kubernetes binaries
    apt:
      name: "{{ packages }}"
      state: present
      update_cache: yes
    vars:
      packages:
        - kubelet
        - kubeadm
        - kubectl
  - name: Cree file kubelet
    ansible.builtin.file:
      path: /etc/default/kubelet
      state: touch 
  - name: Configure node ip
    lineinfile:
      path: /etc/default/kubelet
      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
      create: yes
  - name: Restart kubelet
    service:
      name: kubelet
      daemon_reload: yes
      state: restarted
        #  - name:  nettoie config.toml 
        #    file: 
        #      path: /etc/containerd/config.toml
        #      state: absent
  - name:  redemarre containerd 
    service:
      name: containerd
      state: restarted
--- a/k8s/kubernetes-setup/index.html
+++ b/k8s/kubernetes-setup/index.html
@ -1,656 +0,0 @@
 #!/bin/sh
 set -e
 # Docker CE for Linux installation script
 #
 # See https://docs.docker.com/engine/install/ for the installation steps.
 #
 # This script is meant for quick & easy install via:
 #   $ curl -fsSL https://get.docker.com -o get-docker.sh
 #   $ sh get-docker.sh
 #
 # For test builds (ie. release candidates):
 #   $ curl -fsSL https://test.docker.com -o test-docker.sh
 #   $ sh test-docker.sh
 #
 # NOTE: Make sure to verify the contents of the script
 #       you downloaded matches the contents of install.sh
 #       located at https://github.com/docker/docker-install
 #       before executing.
 #
 # Git commit from https://github.com/docker/docker-install when
 # the script was uploaded (Should only be modified by upload job):
 SCRIPT_COMMIT_SHA="4f282167c425347a931ccfd95cc91fab041d414f"
 # strip "v" prefix if present
 VERSION="${VERSION#v}"
 # The channel to install from:
 #   * nightly
 #   * test
 #   * stable
 #   * edge (deprecated)
 DEFAULT_CHANNEL_VALUE="stable"
 if [ -z "$CHANNEL" ]; then
 	CHANNEL=$DEFAULT_CHANNEL_VALUE
 fi
 DEFAULT_DOWNLOAD_URL="https://download.docker.com"
 if [ -z "$DOWNLOAD_URL" ]; then
 	DOWNLOAD_URL=$DEFAULT_DOWNLOAD_URL
 fi
 DEFAULT_REPO_FILE="docker-ce.repo"
 if [ -z "$REPO_FILE" ]; then
 	REPO_FILE="$DEFAULT_REPO_FILE"
 fi
 mirror=''
 DRY_RUN=${DRY_RUN:-}
 while [ $# -gt 0 ]; do
 	case "$1" in
 		--mirror)
 			mirror="$2"
 			shift
 			;;
 		--dry-run)
 			DRY_RUN=1
 			;;
 		--*)
 			echo "Illegal option $1"
 			;;
 	esac
 	shift $(( $# > 0 ? 1 : 0 ))
 done
 case "$mirror" in
 	Aliyun)
 		DOWNLOAD_URL="https://mirrors.aliyun.com/docker-ce"
 		;;
 	AzureChinaCloud)
 		DOWNLOAD_URL="https://mirror.azure.cn/docker-ce"
 		;;
 esac
 command_exists() {
 	command -v "$@" > /dev/null 2>&1
 }
 # version_gte checks if the version specified in $VERSION is at least
 # the given CalVer (YY.MM) version. returns 0 (success) if $VERSION is either
 # unset (=latest) or newer or equal than the specified version. Returns 1 (fail)
 # otherwise.
 #
 # examples:
 #
 # VERSION=20.10
 # version_gte 20.10 // 0 (success)
 # version_gte 19.03 // 0 (success)
 # version_gte 21.10 // 1 (fail)
 version_gte() {
 	if [ -z "$VERSION" ]; then
 			return 0
 	fi
 	eval calver_compare "$VERSION" "$1"
 }
 # calver_compare compares two CalVer (YY.MM) version strings. returns 0 (success)
 # if version A is newer or equal than version B, or 1 (fail) otherwise. Patch
 # releases and pre-release (-alpha/-beta) are not taken into account
 #
 # examples:
 #
 # calver_compare 20.10 19.03 // 0 (success)
 # calver_compare 20.10 20.10 // 0 (success)
 # calver_compare 19.03 20.10 // 1 (fail)
 calver_compare() (
 	set +x
 	yy_a="$(echo "$1" | cut -d'.' -f1)"
 	yy_b="$(echo "$2" | cut -d'.' -f1)"
 	if [ "$yy_a" -lt "$yy_b" ]; then
 		return 1
 	fi
 	if [ "$yy_a" -gt "$yy_b" ]; then
 		return 0
 	fi
 	mm_a="$(echo "$1" | cut -d'.' -f2)"
 	mm_b="$(echo "$2" | cut -d'.' -f2)"
 	if [ "${mm_a#0}" -lt "${mm_b#0}" ]; then
 		return 1
 	fi
 	return 0
 )
 is_dry_run() {
 	if [ -z "$DRY_RUN" ]; then
 		return 1
 	else
 		return 0
 	fi
 }
 is_wsl() {
 	case "$(uname -r)" in
 	*microsoft* ) true ;; # WSL 2
 	*Microsoft* ) true ;; # WSL 1
 	* ) false;;
 	esac
 }
 is_darwin() {
 	case "$(uname -s)" in
 	*darwin* ) true ;;
 	*Darwin* ) true ;;
 	* ) false;;
 	esac
 }
 deprecation_notice() {
 	distro=$1
 	distro_version=$2
 	echo
 	printf "\033[91;1mDEPRECATION WARNING\033[0m\n"
 	printf "    This Linux distribution (\033[1m%s %s\033[0m) reached end-of-life and is no longer supported by this script.\n" "$distro" "$distro_version"
 	echo   "    No updates or security fixes will be released for this distribution, and users are recommended"
 	echo   "    to upgrade to a currently maintained version of $distro."
 	echo
 	printf   "Press \033[1mCtrl+C\033[0m now to abort this script, or wait for the installation to continue."
 	echo
 	sleep 10
 }
 get_distribution() {
 	lsb_dist=""
 	# Every system that we officially support has /etc/os-release
 	if [ -r /etc/os-release ]; then
 		lsb_dist="$(. /etc/os-release && echo "$ID")"
 	fi
 	# Returning an empty string here should be alright since the
 	# case statements don't act unless you provide an actual value
 	echo "$lsb_dist"
 }
 echo_docker_as_nonroot() {
 	if is_dry_run; then
 		return
 	fi
 	if command_exists docker && [ -e /var/run/docker.sock ]; then
 		(
 			set -x
 			$sh_c 'docker version'
 		) || true
 	fi
 	# intentionally mixed spaces and tabs here -- tabs are stripped by "<<-EOF", spaces are kept in the output
 	echo
 	echo "================================================================================"
 	echo
 	if version_gte "20.10"; then
 		echo "To run Docker as a non-privileged user, consider setting up the"
 		echo "Docker daemon in rootless mode for your user:"
 		echo
 		echo "    dockerd-rootless-setuptool.sh install"
 		echo
 		echo "Visit https://docs.docker.com/go/rootless/ to learn about rootless mode."
 		echo
 	fi
 	echo
 	echo "To run the Docker daemon as a fully privileged service, but granting non-root"
 	echo "users access, refer to https://docs.docker.com/go/daemon-access/"
 	echo
 	echo "WARNING: Access to the remote API on a privileged Docker daemon is equivalent"
 	echo "         to root access on the host. Refer to the 'Docker daemon attack surface'"
 	echo "         documentation for details: https://docs.docker.com/go/attack-surface/"
 	echo
 	echo "================================================================================"
 	echo
 }
 # Check if this is a forked Linux distro
 check_forked() {
 	# Check for lsb_release command existence, it usually exists in forked distros
 	if command_exists lsb_release; then
 		# Check if the `-u` option is supported
 		set +e
 		lsb_release -a -u > /dev/null 2>&1
 		lsb_release_exit_code=$?
 		set -e
 		# Check if the command has exited successfully, it means we're in a forked distro
 		if [ "$lsb_release_exit_code" = "0" ]; then
 			# Print info about current distro
 			cat <<-EOF
 			You're using '$lsb_dist' version '$dist_version'.
 			EOF
 			# Get the upstream release info
 			lsb_dist=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'id' | cut -d ':' -f 2 | tr -d '[:space:]')
 			dist_version=$(lsb_release -a -u 2>&1 | tr '[:upper:]' '[:lower:]' | grep -E 'codename' | cut -d ':' -f 2 | tr -d '[:space:]')
 			# Print info about upstream distro
 			cat <<-EOF
 			Upstream release is '$lsb_dist' version '$dist_version'.
 			EOF
 		else
 			if [ -r /etc/debian_version ] && [ "$lsb_dist" != "ubuntu" ] && [ "$lsb_dist" != "raspbian" ]; then
 				if [ "$lsb_dist" = "osmc" ]; then
 					# OSMC runs Raspbian
 					lsb_dist=raspbian
 				else
 					# We're Debian and don't even know it!
 					lsb_dist=debian
 				fi
 				dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
 				case "$dist_version" in
 					11)
 						dist_version="bullseye"
 					;;
 					10)
 						dist_version="buster"
 					;;
 					9)
 						dist_version="stretch"
 					;;
 					8)
 						dist_version="jessie"
 					;;
 				esac
 			fi
 		fi
 	fi
 }
 do_install() {
 	echo "# Executing docker install script, commit: $SCRIPT_COMMIT_SHA"
 	if command_exists docker; then
 		cat >&2 <<-'EOF'
 			Warning: the "docker" command appears to already exist on this system.
 			If you already have Docker installed, this script can cause trouble, which is
 			why we're displaying this warning and provide the opportunity to cancel the
 			installation.
 			If you installed the current Docker package using this script and are using it
 			again to update Docker, you can safely ignore this message.
 			You may press Ctrl+C now to abort this script.
 		EOF
 		( set -x; sleep 20 )
 	fi
 	user="$(id -un 2>/dev/null || true)"
 	sh_c='sh -c'
 	if [ "$user" != 'root' ]; then
 		if command_exists sudo; then
 			sh_c='sudo -E sh -c'
 		elif command_exists su; then
 			sh_c='su -c'
 		else
 			cat >&2 <<-'EOF'
 			Error: this installer needs the ability to run commands as root.
 			We are unable to find either "sudo" or "su" available to make this happen.
 			EOF
 			exit 1
 		fi
 	fi
 	if is_dry_run; then
 		sh_c="echo"
 	fi
 	# perform some very rudimentary platform detection
 	lsb_dist=$( get_distribution )
 	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
 	if is_wsl; then
 		echo
 		echo "WSL DETECTED: We recommend using Docker Desktop for Windows."
 		echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
 		echo
 		cat >&2 <<-'EOF'
 			You may press Ctrl+C now to abort this script.
 		EOF
 		( set -x; sleep 20 )
 	fi
 	case "$lsb_dist" in
 		ubuntu)
 			if command_exists lsb_release; then
 				dist_version="$(lsb_release --codename | cut -f2)"
 			fi
 			if [ -z "$dist_version" ] && [ -r /etc/lsb-release ]; then
 				dist_version="$(. /etc/lsb-release && echo "$DISTRIB_CODENAME")"
 			fi
 		;;
 		debian|raspbian)
 			dist_version="$(sed 's/\/.*//' /etc/debian_version | sed 's/\..*//')"
 			case "$dist_version" in
 				11)
 					dist_version="bullseye"
 				;;
 				10)
 					dist_version="buster"
 				;;
 				9)
 					dist_version="stretch"
 				;;
 				8)
 					dist_version="jessie"
 				;;
 			esac
 		;;
 		centos|rhel|sles)
 			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
 				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
 			fi
 		;;
 		*)
 			if command_exists lsb_release; then
 				dist_version="$(lsb_release --release | cut -f2)"
 			fi
 			if [ -z "$dist_version" ] && [ -r /etc/os-release ]; then
 				dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
 			fi
 		;;
 	esac
 	# Check if this is a forked Linux distro
 	check_forked
 	# Print deprecation warnings for distro versions that recently reached EOL,
 	# but may still be commonly used (especially LTS versions).
 	case "$lsb_dist.$dist_version" in
 		debian.stretch|debian.jessie)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		raspbian.stretch|raspbian.jessie)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		ubuntu.xenial|ubuntu.trusty)
 			deprecation_notice "$lsb_dist" "$dist_version"
 			;;
 		fedora.*)
 			if [ "$dist_version" -lt 33 ]; then
 				deprecation_notice "$lsb_dist" "$dist_version"
 			fi
 			;;
 	esac
 	# Run setup for each distro accordingly
 	case "$lsb_dist" in
 		ubuntu|debian|raspbian)
 			pre_reqs="apt-transport-https ca-certificates curl"
 			if ! command -v gpg > /dev/null; then
 				pre_reqs="$pre_reqs gnupg"
 			fi
 			apt_repo="deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] $DOWNLOAD_URL/linux/$lsb_dist $dist_version $CHANNEL"
 			(
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c 'apt-get update -qq >/dev/null'
 				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq $pre_reqs >/dev/null"
 				$sh_c 'mkdir -p /etc/apt/keyrings && chmod -R 0755 /etc/apt/keyrings'
 				$sh_c "curl -fsSL \"$DOWNLOAD_URL/linux/$lsb_dist/gpg\" | gpg --dearmor --yes -o /etc/apt/keyrings/docker.gpg"
 				$sh_c "chmod a+r /etc/apt/keyrings/docker.gpg"
 				$sh_c "echo \"$apt_repo\" > /etc/apt/sources.list.d/docker.list"
 				$sh_c 'apt-get update -qq >/dev/null'
 			)
 			pkg_version=""
 			if [ -n "$VERSION" ]; then
 				if is_dry_run; then
 					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
 				else
 					# Will work for incomplete versions IE (17.12), but may not actually grab the "latest" if in the test channel
 					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/~ce~.*/g" | sed "s/-/.*/g").*-0~$lsb_dist"
 					search_command="apt-cache madison 'docker-ce' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
 					pkg_version="$($sh_c "$search_command")"
 					echo "INFO: Searching repository for VERSION '$VERSION'"
 					echo "INFO: $search_command"
 					if [ -z "$pkg_version" ]; then
 						echo
 						echo "ERROR: '$VERSION' not found amongst apt-cache madison results"
 						echo
 						exit 1
 					fi
 					if version_gte "18.09"; then
 							search_command="apt-cache madison 'docker-ce-cli' | grep '$pkg_pattern' | head -1 | awk '{\$1=\$1};1' | cut -d' ' -f 3"
 							echo "INFO: $search_command"
 							cli_pkg_version="=$($sh_c "$search_command")"
 					fi
 					pkg_version="=$pkg_version"
 				fi
 			fi
 			(
 				pkgs="docker-ce${pkg_version%=}"
 				if version_gte "18.09"; then
 						# older versions didn't ship the cli and containerd as separate packages
 						pkgs="$pkgs docker-ce-cli${cli_pkg_version%=} containerd.io"
 				fi
 				if version_gte "20.10"; then
 						pkgs="$pkgs docker-compose-plugin"
 				fi
 				if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then
 						# also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently)
 						pkgs="$pkgs docker-scan-plugin"
 				fi
 				# TODO(thaJeztah) remove the $CHANNEL check once 22.06 and docker-buildx-plugin is published to the "stable" channel
 				if [ "$CHANNEL" = "test" ] && version_gte "22.06"; then
 						pkgs="$pkgs docker-buildx-plugin"
 				fi
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends $pkgs >/dev/null"
 				if version_gte "20.10"; then
 					# Install docker-ce-rootless-extras without "--no-install-recommends", so as to install slirp4netns when available
 					$sh_c "DEBIAN_FRONTEND=noninteractive apt-get install -y -qq docker-ce-rootless-extras${pkg_version%=} >/dev/null"
 				fi
 			)
 			echo_docker_as_nonroot
 			exit 0
 			;;
 		centos|fedora|rhel)
 			if [ "$(uname -m)" != "s390x" ] && [ "$lsb_dist" = "rhel" ]; then
 				echo "Packages for RHEL are currently only available for s390x."
 				exit 1
 			fi
 			if [ "$lsb_dist" = "fedora" ]; then
 				pkg_manager="dnf"
 				config_manager="dnf config-manager"
 				enable_channel_flag="--set-enabled"
 				disable_channel_flag="--set-disabled"
 				pre_reqs="dnf-plugins-core"
 				pkg_suffix="fc$dist_version"
 			else
 				pkg_manager="yum"
 				config_manager="yum-config-manager"
 				enable_channel_flag="--enable"
 				disable_channel_flag="--disable"
 				pre_reqs="yum-utils"
 				pkg_suffix="el"
 			fi
 			repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
 			(
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "$pkg_manager install -y -q $pre_reqs"
 				$sh_c "$config_manager --add-repo $repo_file_url"
 				if [ "$CHANNEL" != "stable" ]; then
 					$sh_c "$config_manager $disable_channel_flag docker-ce-*"
 					$sh_c "$config_manager $enable_channel_flag docker-ce-$CHANNEL"
 				fi
 				$sh_c "$pkg_manager makecache"
 			)
 			pkg_version=""
 			if [ -n "$VERSION" ]; then
 				if is_dry_run; then
 					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
 				else
 					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g").*$pkg_suffix"
 					search_command="$pkg_manager list --showduplicates 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
 					pkg_version="$($sh_c "$search_command")"
 					echo "INFO: Searching repository for VERSION '$VERSION'"
 					echo "INFO: $search_command"
 					if [ -z "$pkg_version" ]; then
 						echo
 						echo "ERROR: '$VERSION' not found amongst $pkg_manager list results"
 						echo
 						exit 1
 					fi
 					if version_gte "18.09"; then
 						# older versions don't support a cli package
 						search_command="$pkg_manager list --showduplicates 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$2}'"
 						cli_pkg_version="$($sh_c "$search_command" | cut -d':' -f 2)"
 					fi
 					# Cut out the epoch and prefix with a '-'
 					pkg_version="-$(echo "$pkg_version" | cut -d':' -f 2)"
 				fi
 			fi
 			(
 				pkgs="docker-ce$pkg_version"
 				if version_gte "18.09"; then
 					# older versions didn't ship the cli and containerd as separate packages
 					if [ -n "$cli_pkg_version" ]; then
 						pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
 					else
 						pkgs="$pkgs docker-ce-cli containerd.io"
 					fi
 				fi
 				if version_gte "20.10" && [ "$(uname -m)" = "x86_64" ]; then
 						# also install the latest version of the "docker scan" cli-plugin (only supported on x86 currently)
 						pkgs="$pkgs docker-scan-plugin"
 				fi
 				if version_gte "20.10"; then
 					pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
 				fi
 				# TODO(thaJeztah) remove the $CHANNEL check once 22.06 and docker-buildx-plugin is published to the "stable" channel
 				if [ "$CHANNEL" = "test" ] && version_gte "22.06"; then
 						pkgs="$pkgs docker-buildx-plugin"
 				fi
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "$pkg_manager install -y -q $pkgs"
 			)
 			echo_docker_as_nonroot
 			exit 0
 			;;
 		sles)
 			if [ "$(uname -m)" != "s390x" ]; then
 				echo "Packages for SLES are currently only available for s390x"
 				exit 1
 			fi
 			if [ "$dist_version" = "15.3" ]; then
 				sles_version="SLE_15_SP3"
 			else
 				sles_minor_version="${dist_version##*.}"
 				sles_version="15.$sles_minor_version"
 			fi
 			opensuse_repo="https://download.opensuse.org/repositories/security:SELinux/$sles_version/security:SELinux.repo"
 			repo_file_url="$DOWNLOAD_URL/linux/$lsb_dist/$REPO_FILE"
 			pre_reqs="ca-certificates curl libseccomp2 awk"
 			(
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "zypper install -y $pre_reqs"
 				$sh_c "zypper addrepo $repo_file_url"
 				if ! is_dry_run; then
 						cat >&2 <<-'EOF'
 						WARNING!!
 						openSUSE repository (https://download.opensuse.org/repositories/security:SELinux) will be enabled now.
 						Do you wish to continue?
 						You may press Ctrl+C now to abort this script.
 						EOF
 						( set -x; sleep 30 )
 				fi
 				$sh_c "zypper addrepo $opensuse_repo"
 				$sh_c "zypper --gpg-auto-import-keys refresh"
 				$sh_c "zypper lr -d"
 			)
 			pkg_version=""
 			if [ -n "$VERSION" ]; then
 				if is_dry_run; then
 					echo "# WARNING: VERSION pinning is not supported in DRY_RUN"
 				else
 					pkg_pattern="$(echo "$VERSION" | sed "s/-ce-/\\\\.ce.*/g" | sed "s/-/.*/g")"
 					search_command="zypper search -s --match-exact 'docker-ce' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
 					pkg_version="$($sh_c "$search_command")"
 					echo "INFO: Searching repository for VERSION '$VERSION'"
 					echo "INFO: $search_command"
 					if [ -z "$pkg_version" ]; then
 						echo
 						echo "ERROR: '$VERSION' not found amongst zypper list results"
 						echo
 						exit 1
 					fi
 					search_command="zypper search -s --match-exact 'docker-ce-cli' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
 					# It's okay for cli_pkg_version to be blank, since older versions don't support a cli package
 					cli_pkg_version="$($sh_c "$search_command")"
 					pkg_version="-$pkg_version"
 					search_command="zypper search -s --match-exact 'docker-ce-rootless-extras' | grep '$pkg_pattern' | tail -1 | awk '{print \$6}'"
 					rootless_pkg_version="$($sh_c "$search_command")"
 					rootless_pkg_version="-$rootless_pkg_version"
 				fi
 			fi
 			(
 				pkgs="docker-ce$pkg_version"
 				if version_gte "18.09"; then
 					if [ -n "$cli_pkg_version" ]; then
 						# older versions didn't ship the cli and containerd as separate packages
 						pkgs="$pkgs docker-ce-cli-$cli_pkg_version containerd.io"
 					else
 						pkgs="$pkgs docker-ce-cli containerd.io"
 					fi
 				fi
 				if version_gte "20.10"; then
 					pkgs="$pkgs docker-compose-plugin docker-ce-rootless-extras$pkg_version"
 				fi
 				# TODO(thaJeztah) remove the $CHANNEL check once 22.06 and docker-buildx-plugin is published to the "stable" channel
 				if [ "$CHANNEL" = "test" ] && version_gte "22.06"; then
 						pkgs="$pkgs docker-buildx-plugin"
 				fi
 				if ! is_dry_run; then
 					set -x
 				fi
 				$sh_c "zypper -q install -y $pkgs"
 			)
 			echo_docker_as_nonroot
 			exit 0
 			;;
 		*)
 			if [ -z "$lsb_dist" ]; then
 				if is_darwin; then
 					echo
 					echo "ERROR: Unsupported operating system 'macOS'"
 					echo "Please get Docker Desktop from https://www.docker.com/products/docker-desktop"
 					echo
 					exit 1
 				fi
 			fi
 			echo
 			echo "ERROR: Unsupported distribution '$lsb_dist'"
 			echo
 			exit 1
 			;;
 	esac
 	exit 1
 }
 # wrapped up in a function so that we have some protection against only getting
 # half the file during "curl | sh"
 do_install
--- a/k8s/kubernetes-setup/join-command
+++ b/k8s/kubernetes-setup/join-command
@ -1 +0,0 @@
 kubeadm join 192.168.56.10:6443 --token n91jl0.zc7bph3quqqgoxwl --discovery-token-ca-cert-hash sha256:d75fb0f9601165872ffefeb5a2211713a401015864648ece848416035d420040
--- a/k8s/kubernetes-setup/master-playbook.yml
+++ b/k8s/kubernetes-setup/master-playbook.yml
@ -2,144 +2,7 @@
 - hosts: all
  become: true
  tasks:
-  - name: Set timezone to Europe/Paris
+  - include_tasks: common.yml
    community.general.timezone:
     name: Europe/Paris
  - name: maj fichier hosts  
    ansible.builtin.blockinfile:
      path: /etc/hosts
      block: |
        192.168.56.10 k8s-master
        192.168.56.11 node-1
        192.168.56.12 node-2
  - name: Forwarding IPv4 and letting iptables see bridged traffic
    ansible.builtin.blockinfile:
      path: /etc/modules-load.d/k8s.conf
      create: yes
      block: |
        overlay
        br_netfilter
  - name: charge module overlay 
    community.general.modprobe:
      state: present
      name: overlay
  - name: charge module overlay et br_netfilter
    community.general.modprobe:
      state: present
      name: br_netfilter
  - name: persistance des bridges
    ansible.builtin.blockinfile:
      path: /etc/sysctl.d/k8s.conf
      create: yes
      block: |
        net.bridge.bridge-nf-call-iptables  = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        net.ipv4.ip_forward                 = 1
  - name: applique les parametres sysctl
    command: "sysctl --system"
  - name: Recupere get-docker
    get_url: 
      url: "https://get.docker.com"
      dest: /tmp/get-docker.sh
  - name: lance get-docker - installe docker, containerd ... 
    command: 'sh /tmp/get-docker.sh'
  - name: Add vagrant user to docker group
    user:
      name: vagrant
      group: docker
  - name: cree repertoire /etc/containerd
    file:
      path: /etc/containerd
      state: directory  
  - name: genere config.toml (containerd)
    #command: "sudo containerd config default | sudo tee /etc/containerd/config.toml"
    shell: "containerd config default | tee /etc/containerd/config.toml"
  - name: configure cgroup driver pour systemd (config.toml)
    replace:
      path: "/etc/containerd/config.toml"
      regexp:  'SystemdCgroup = false'
      replace: 'SystemdCgroup = true'  
      backup: yes
  - name: redemarre containerd
    service:
      name: containerd
      state: restarted
      enabled: yes
  - name: Remove swapfile from /etc/fstab
    mount:
      name: "{{ item }}"
      fstype: swap
      state: absent
    with_items:
      - swap
      - none
  - name: Disable swap
    command: swapoff -a
    when: ansible_swaptotal_mb > 0
  - name: Add an apt signing key for Kubernetes
    apt_key:
      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
      state: present
  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
      state: present
      filename: kubernetes.list
  - name: Install Kubernetes binaries
    apt:
      name: "{{ packages }}"
      state: present
      update_cache: yes
    vars:
      packages:
        - kubelet
        - kubeadm
        - kubectl
  - name: Cree file kubelet
    ansible.builtin.file:
      path: /etc/default/kubelet
      state: touch 
  - name: Configure node ip
    lineinfile:
      path: /etc/default/kubelet
      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
      create: yes
  - name: Restart kubelet
    service:
      name: kubelet
      daemon_reload: yes
      state: restarted
        #  - name:  nettoie config.toml 
        #    file: 
        #      path: /etc/containerd/config.toml
        #      state: absent
  - name:  redemarre containerd 
    service:
      name: containerd
      state: restarted
  - name: Initialize the Kubernetes cluster using kubeadm
    command: kubeadm init --apiserver-advertise-address="{{ node_ip }}" --apiserver-cert-extra-sans="{{ node_ip }}"  --node-name k8s-master --pod-network-cidr=192.168.0.0/16
@ -153,9 +16,6 @@
  - name: Install calico pod network
    become: false
      #command: kubectl create -f https://docs.projectcalico.org/v3.24.5/getting-started/kubernetes/installation/hosted/calico.yaml
 #    command: kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/custom-resources.yaml
 #    command: "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.24.5/manifests/tigera-operator.yaml"
    command: "kubectl create -f https://docs.projectcalico.org/manifests/calico-typha.yaml"
  - name: Generate join command
@ -163,6 +23,7 @@
    register: join_command
  - name: Copy join command to local file
    become: false
    local_action: copy content="{{ join_command.stdout_lines[0] }}" dest="./join-command"
  handlers:
--- a/k8s/kubernetes-setup/node-playbook.old
+++ b/k8s/kubernetes-setup/node-playbook.old
@ -1,91 +0,0 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: Recupere get-docker
    get_url: 
      url: https://get.docker.com
      dest: /tmp/get-docker.sh
  - name: lance get-docker
    command: 'sh /tmp/get-docker.sh'
  - name: Add vagrant user to docker group
    user:
      name: vagrant
      group: docker
  - name: Remove swapfile from /etc/fstab
    mount:
      name: "{{ item }}"
      fstype: swap
      state: absent
    with_items:
      - swap
      - none
  - name: Disable swap
    command: swapoff -a
    when: ansible_swaptotal_mb > 0
  - name: Add an apt signing key for Kubernetes
    apt_key:
      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
      state: present
  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
      state: present
      filename: kubernetes.list
  - name: Install Kubernetes binaries
    apt:
      name: "{{ packages }}"
      state: present
      update_cache: yes
    vars:
      packages:
        - kubelet
        - kubeadm
        - kubectl
  - name: cree kubelet
    file:
      path: /etc/default/kubelet
      state: touch
  - name: Configure node ip
    lineinfile:
      path: /etc/default/kubelet
      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
  - name: Restart kubelet
    service:
      name: kubelet
      daemon_reload: yes
      state: restarted
  - name:  nettoie config.toml 
    file: 
      path: /etc/containerd/config.toml
      state: absent
  - name:  redemarre containerd 
    service:
      name: containerd
      state: restarted
  - name: Copy the join command to server location
    copy: 
      src: join-command
      dest: /tmp/join-command.sh
      mode: 0777
  - name: Join the node to cluster
    command: sh /tmp/join-command.sh
  handlers:
    - name: docker status
      service: name=docker state=started
--- a/k8s/kubernetes-setup/node-playbook.yml
+++ b/k8s/kubernetes-setup/node-playbook.yml
@ -2,139 +2,7 @@
 - hosts: all
  become: true
  tasks:
-  - name: Set timezone to Europe/Paris
+  - include_tasks: common.yml
    community.general.timezone:
      name: Europe/Paris
  - name: maj fichier hosts  
    ansible.builtin.blockinfile:
      path: /etc/hosts
      block: |
        192.168.56.10 k8s-master
        192.168.56.11 node-1
        192.168.56.12 node-2
  - name: Forwarding IPv4 and letting iptables see bridged traffic
    ansible.builtin.blockinfile:
      path: /etc/modules-load.d/k8s.conf
      create: yes
      block: |
        overlay
        br_netfilter
  - name: charge module overlay 
    community.general.modprobe:
      state: present
      name: overlay
  - name: charge module overlay et br_netfilter
    community.general.modprobe:
      state: present
      name: br_netfilter
  - name: persistance des bridges
    ansible.builtin.blockinfile:
      path: /etc/sysctl.d/k8s.conf
      create: yes
      block: |
        net.bridge.bridge-nf-call-iptables  = 1
        net.bridge.bridge-nf-call-ip6tables = 1
        net.ipv4.ip_forward                 = 1
  - name: applique les parametres sysctl
    command: "sysctl --system"
  - name: Recupere get-docker
    get_url: 
      url: "https://get.docker.com"
      dest: /tmp/get-docker.sh
  - name: lance get-docker - installe docker, containerd ... 
    command: 'sh /tmp/get-docker.sh'
  - name: Add vagrant user to docker group
    user:
      name: vagrant
      group: docker
  - name: cree repertoire /etc/containerd
    file:
      path: /etc/containerd
      state: directory  
  - name: genere config.toml (containerd)
    #command: "sudo containerd config default | sudo tee /etc/containerd/config.toml"
    shell: "containerd config default | tee /etc/containerd/config.toml"
  - name: configure cgroup driver pour systemd (config.toml)
    replace:
      path: "/etc/containerd/config.toml"
      regexp:  'SystemdCgroup = false'
      replace: 'SystemdCgroup = true'  
      backup: yes
  - name: redemarre containerd
    service:
      name: containerd
      state: restarted
      enabled: yes
  - name: Remove swapfile from /etc/fstab
    mount:
      name: "{{ item }}"
      fstype: swap
      state: absent
    with_items:
      - swap
      - none
  - name: Disable swap
    command: swapoff -a
    when: ansible_swaptotal_mb > 0
  - name: Add an apt signing key for Kubernetes
    apt_key:
      url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
      state: present
  - name: Adding apt repository for Kubernetes
    apt_repository:
      repo: deb https://apt.kubernetes.io/ kubernetes-xenial main
      state: present
      filename: kubernetes.list
  - name: Install Kubernetes binaries
    apt:
      name: "{{ packages }}"
      state: present
      update_cache: yes
    vars:
      packages:
        - kubelet
        - kubeadm
        - kubectl
  - name: Cree file kubelet
    ansible.builtin.file:
      path: /etc/default/kubelet
      state: touch 
  - name: Configure node ip
    lineinfile:
      path: /etc/default/kubelet
      line: KUBELET_EXTRA_ARGS=--node-ip={{ node_ip }}
      create: yes
  - name: Restart kubelet
    service:
      name: kubelet
      daemon_reload: yes
      state: restarted
  - name:  redemarre containerd 
    service:
      name: containerd
      state: restarted
  - name: Copy the join command to server location
    copy: 
--- a/kea-dhcp-ha/Vagrantfile
+++ b/kea-dhcp-ha/Vagrantfile
@ -0,0 +1,80 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 Vagrant.configure("2") do |config|
  # Base VM OS configuration.
  config.vm.box = "debian/bookworm64"
  config.ssh.insert_key = false
  config.vm.synced_folder '.', '/vagrant', disabled: true
  # General VirtualBox VM configuration.
  config.vm.provider :virtualbox do |v|
    v.memory = 1024
    v.cpus = 1
    v.linked_clone = true
    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
    v.customize ["modifyvm", :id, "--ioapic", "on"]
  end
  # MySQL.
  config.vm.define "db" do |db|
    db.vm.hostname = "db.test"
    db.vm.network :private_network, ip: "192.168.56.5"
    db.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
  #  db.vm.provision "ansible" do |ansible|
  #    ansible.playbook = "provision/setup-db.yml"
  #  end
  end
  # Kea DHCP server 1.
  config.vm.define "kea1" do |kea1|
    kea1.vm.hostname = "kea1"
    kea1.vm.network :private_network, ip: "192.168.56.2"
    kea1.vm.provider :virtualbox do |v|
      v.customize ["modifyvm", :id, "--memory", 512]
    end
    kea1.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    kea1.vm.provision "ansible" do |ansible|
      ansible.extra_vars = {
        srv_name: "kea1",
        srv_ip: "192.168.56.2",
      }
      ansible.playbook = "provision/setup-kea.yml"
    end
  end
  # Kea DHCP server 2.
  config.vm.define "kea2" do |kea2|
    kea2.vm.hostname = "kea2"
    kea2.vm.network :private_network, ip: "192.168.56.3"
    kea2.vm.provider :virtualbox do |v|
      v.customize ["modifyvm", :id, "--memory", 512]
    end
    kea2.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    kea2.vm.provision "ansible" do |ansible|
      ansible.extra_vars = {
        srv_name: "kea2",
        srv_ip: "192.168.56.3",
      }
      ansible.playbook = "provision/setup-kea.yml"
    end
  end
  # client DHCP .
  config.vm.define "cli" do |cli|
    cli.vm.hostname = "cli"
    #cli.vm.network :private_network, ip: "192.168.56.3"
    cli.vm.network :private_network, type: "dhcp"
    cli.vm.provider :virtualbox do |v|
      v.customize ["modifyvm", :id, "--memory", 512]
    end
    cli.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
  end
 end
--- a/kea-dhcp-ha/provision/ca.cnf.j2
+++ b/kea-dhcp-ha/provision/ca.cnf.j2
@ -0,0 +1,62 @@
 // This is an example of a configuration for Control-Agent (CA) listening
 // for incoming HTTP traffic. This is necessary for handling API commands,
 // in particular lease update commands needed for HA setup.
 {
    "Control-agent":
    {
        // We need to specify where the agent should listen to incoming HTTP
        // queries.
        "http-host": "{{ srv_ip }}",
        // This specifies the port CA will listen on.
        "http-port": 8000,
        "control-sockets":
        {
            // This is how the Agent can communicate with the DHCPv4 server.
            "dhcp4":
            {
                "comment": "socket to DHCPv4 server",
                "socket-type": "unix",
                "socket-name": "/tmp/kea4-ctrl-socket"
            },
            // Location of the DHCPv6 command channel socket.
            "dhcp6":
            {
                "socket-type": "unix",
                "socket-name": "/tmp/kea6-ctrl-socket"
            },
            // Location of the D2 command channel socket.
            "d2":
            {
                "socket-type": "unix",
                "socket-name": "/tmp/kea-ddns-ctrl-socket",
                "user-context": { "in-use": false }
            }
        },
        // Similar to other Kea components, CA also uses logging.
        "loggers": [
            {
                "name": "kea-ctrl-agent",
                "output-options": [
                    {
                        "output": "/var/log/kea-ctrl-agent.log",
                        // Several additional parameters are possible in addition
                        // to the typical output. Flush determines whether logger
                        // flushes output to a file. Maxsize determines maximum
                        // filesize before the file is rotated. maxver
                        // specifies the maximum number of rotated files being
                        // kept.
                        "flush": true,
                        "maxsize": 204800,
                        "maxver": 4,
                        // We use pattern to specify custom log message layout
                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
                    }
                ],
                "severity": "INFO",
                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
            }
        ]
    }
 }
--- a/kea-dhcp-ha/provision/kea-ctrl-agent.conf
+++ b/kea-dhcp-ha/provision/kea-ctrl-agent.conf
@ -0,0 +1,105 @@
 // This is a basic configuration for the Kea Control Agent.
 //
 // This is just a very basic configuration. Kea comes with large suite (over 30)
 // of configuration examples and extensive Kea User's Guide. Please refer to
 // those materials to get better understanding of what this software is able to
 // do. Comments in this configuration file sometimes refer to sections for more
 // details. These are section numbers in Kea User's Guide. The version matching
 // your software should come with your Kea package, but it is also available
 // in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
 // the stable version is https://kea.readthedocs.io/).
 //
 // This configuration file contains only Control Agent's configuration.
 // If configurations for other Kea services are also included in this file they
 // are ignored by the Control Agent.
 {
 // This is a basic configuration for the Kea Control Agent.
 // RESTful interface to be available at http://127.0.0.1:8000/
 "Control-agent": {
    "http-host": "127.0.0.1",
    // If enabling HA and multi-threading, the 8000 port is used by the HA
    // hook library http listener. When using HA hook library with
    // multi-threading to function, make sure the port used by dedicated
    // listener is different (e.g. 8001) than the one used by CA. Note
    // the commands should still be sent via CA. The dedicated listener
    // is specifically for HA updates only.
    "http-port": 8000,
    // Specify location of the files to which the Control Agent
    // should connect to forward commands to the DHCPv4, DHCPv6
    // and D2 servers via unix domain sockets.
    "control-sockets": {
        "dhcp4": {
            "socket-type": "unix",
            "socket-name": "/run/kea/kea4-ctrl-socket"
        },
        "dhcp6": {
            "socket-type": "unix",
            "socket-name": "/run/kea/kea6-ctrl-socket"
        },
        "d2": {
            "socket-type": "unix",
            "socket-name": "/run/kea/kea-ddns-ctrl-socket"
        }
    },
    // Specify hooks libraries that are attached to the Control Agent.
    // Such hooks libraries should support 'control_command_receive'
    // hook point. This is currently commented out because it has to
    // point to the existing hooks library. Otherwise the Control
    // Agent will fail to start.
    "hooks-libraries": [
 //  {
 //      "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/control-agent-commands.so",
 //      "parameters": {
 //          "param1": "foo"
 //      }
 //  }
    ],
 // Logging configuration starts here. Kea uses different loggers to log various
 // activities. For details (e.g. names of loggers), see Chapter 18.
    "loggers": [
    {
        // This specifies the logging for Control Agent daemon.
        "name": "kea-ctrl-agent",
        "output_options": [
            {
                // Specifies the output file. There are several special values
                // supported:
                // - stdout (prints on standard output)
                // - stderr (prints on standard error)
                // - syslog (logs to syslog)
                // - syslog:name (logs to syslog using specified name)
                // Any other value is considered a name of the file
                "output": "stdout",
                // Shorter log pattern suitable for use with systemd,
                // avoids redundant information
                "pattern": "%-5p %m\n"
                // This governs whether the log output is flushed to disk after
                // every write.
                // "flush": false,
                // This specifies the maximum size of the file before it is
                // rotated.
                // "maxsize": 1048576,
                // This specifies the maximum number of rotated files to keep.
                // "maxver": 8
            }
        ],
        // This specifies the severity of log messages to keep. Supported values
        // are: FATAL, ERROR, WARN, INFO, DEBUG
        "severity": "INFO",
        // If DEBUG level is specified, this value is used. 0 is least verbose,
        // 99 is most verbose. Be cautious, Kea can generate lots and lots
        // of logs if told to do so.
        "debuglevel": 0
    }
  ]
 }
 }
--- a/kea-dhcp-ha/provision/kea-dhcp4.conf
+++ b/kea-dhcp-ha/provision/kea-dhcp4.conf
@ -0,0 +1,461 @@
 // This is a basic configuration for the Kea DHCPv4 server. Subnet declarations
 // are mostly commented out and no interfaces are listed. Therefore, the servers
 // will not listen or respond to any queries.
 // The basic configuration must be extended to specify interfaces on which
 // the servers should listen. There are a number of example options defined.
 // These probably don't make any sense in your network. Make sure you at least
 // update the following, before running this example in your network:
 // - change the network interface names
 // - change the subnets to match your actual network
 // - change the option values to match your network
 //
 // This is just a very basic configuration. Kea comes with large suite (over 30)
 // of configuration examples and extensive Kea User's Guide. Please refer to
 // those materials to get better understanding of what this software is able to
 // do. Comments in this configuration file sometimes refer to sections for more
 // details. These are section numbers in Kea User's Guide. The version matching
 // your software should come with your Kea package, but it is also available
 // in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
 // the stable version is https://kea.readthedocs.io/).
 //
 // This configuration file contains only DHCPv4 server's configuration.
 // If configurations for other Kea services are also included in this file they
 // are ignored by the DHCPv4 server.
 {
 // DHCPv4 configuration starts here. This section will be read by DHCPv4 server
 // and will be ignored by other components.
 "Dhcp4": {
    // Add names of your network interfaces to listen on.
    "interfaces-config": {
        // See section 8.2.4 for more details. You probably want to add just
        // interface name (e.g. "eth0" or specific IPv4 address on that
        // interface name (e.g. "eth0/192.0.2.1").
        "interfaces": [ ]
        // Kea DHCPv4 server by default listens using raw sockets. This ensures
        // all packets, including those sent by directly connected clients
        // that don't have IPv4 address yet, are received. However, if your
        // traffic is always relayed, it is often better to use regular
        // UDP sockets. If you want to do that, uncomment this line:
        // "dhcp-socket-type": "udp"
    },
    // Kea supports control channel, which is a way to receive management
    // commands while the server is running. This is a Unix domain socket that
    // receives commands formatted in JSON, e.g. config-set (which sets new
    // configuration), config-reload (which tells Kea to reload its
    // configuration from file), statistic-get (to retrieve statistics) and many
    // more. For detailed description, see Sections 8.8, 16 and 15.
    "control-socket": {
        "socket-type": "unix",
        "socket-name": "/run/kea/kea4-ctrl-socket"
    },
    // Use Memfile lease database backend to store leases in a CSV file.
    // Depending on how Kea was compiled, it may also support SQL databases
    // (MySQL and/or PostgreSQL). Those database backends require more
    // parameters, like name, host and possibly user and password.
    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
    // Storage" for details.
    "lease-database": {
        // Memfile is the simplest and easiest backend to use. It's an in-memory
        // C++ database that stores its state in CSV file.
        "type": "memfile",
        "lfc-interval": 3600
    },
    // Kea allows storing host reservations in a database. If your network is
    // small or you have few reservations, it's probably easier to keep them
    // in the configuration file. If your network is large, it's usually better
    // to use database for it. To enable it, uncomment the following:
    // "hosts-database": {
    //     "type": "mysql",
    //     "name": "kea",
    //     "user": "kea",
    //     "password": "kea",
    //     "host": "localhost",
    //     "port": 3306
    // },
    // See Section 7.2.3 "Hosts storage" for details.
    // Setup reclamation of the expired leases and leases affinity.
    // Expired leases will be reclaimed every 10 seconds. Every 25
    // seconds reclaimed leases, which have expired more than 3600
    // seconds ago, will be removed. The limits for leases reclamation
    // are 100 leases or 250 ms for a single cycle. A warning message
    // will be logged if there are still expired leases in the
    // database after 5 consecutive reclamation cycles.
    "expired-leases-processing": {
        "reclaim-timer-wait-time": 10,
        "flush-reclaimed-timer-wait-time": 25,
        "hold-reclaimed-time": 3600,
        "max-reclaim-leases": 100,
        "max-reclaim-time": 250,
        "unwarned-reclaim-cycles": 5
    },
    // Global timers specified here apply to all subnets, unless there are
    // subnet specific values defined in particular subnets.
    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,
    // Many additional parameters can be specified here:
    // - option definitions (if you want to define vendor options, your own
    //                       custom options or perhaps handle standard options
    //                       that Kea does not support out of the box yet)
    // - client classes
    // - hooks
    // - ddns information (how the DHCPv4 component can reach a DDNS daemon)
    //
    // Some of them have examples below, but there are other parameters.
    // Consult Kea User's Guide to find out about them.
    // These are global options. They are going to be sent when a client
    // requests them, unless overwritten with values in more specific scopes.
    // The scope hierarchy is:
    // - global (most generic, can be overwritten by class, subnet or host)
    // - class (can be overwritten by subnet or host)
    // - subnet (can be overwritten by host)
    // - host (most specific, overwrites any other scopes)
    //
    // Not all of those options make sense. Please configure only those that
    // are actually useful in your network.
    //
    // For a complete list of options currently supported by Kea, see
    // Section 7.2.8 "Standard DHCPv4 Options". Kea also supports
    // vendor options (see Section 7.2.10) and allows users to define their
    // own custom options (see Section 7.2.9).
    "option-data": [
        // When specifying options, you typically need to specify
        // one of (name or code) and data. The full option specification
        // covers name, code, space, csv-format and data.
        // space defaults to "dhcp4" which is usually correct, unless you
        // use encapsulate options. csv-format defaults to "true", so
        // this is also correct, unless you want to specify the whole
        // option value as long hex string. For example, to specify
        // domain-name-servers you could do this:
        // {
        //     "name": "domain-name-servers",
        //     "code": 6,
        //     "csv-format": "true",
        //     "space": "dhcp4",
        //     "data": "192.0.2.1, 192.0.2.2"
        // }
        // but it's a lot of writing, so it's easier to do this instead:
        {
            "name": "domain-name-servers",
            "data": "192.0.2.1, 192.0.2.2"
        },
        // Typically people prefer to refer to options by their names, so they
        // don't need to remember the code names. However, some people like
        // to use numerical values. For example, option "domain-name" uses
        // option code 15, so you can reference to it either by
        // "name": "domain-name" or "code": 15.
        {
            "code": 15,
            "data": "example.org"
        },
        // Domain search is also a popular option. It tells the client to
        // attempt to resolve names within those specified domains. For
        // example, name "foo" would be attempted to be resolved as
        // foo.mydomain.example.com and if it fails, then as foo.example.com
        {
            "name": "domain-search",
            "data": "mydomain.example.com, example.com"
        },
        // String options that have a comma in their values need to have
        // it escaped (i.e. each comma is preceded by two backslashes).
        // That's because commas are reserved for separating fields in
        // compound options. At the same time, we need to be conformant
        // with JSON spec, that does not allow "\,". Therefore the
        // slightly uncommon double backslashes notation is needed.
        // Legal JSON escapes are \ followed by "\/bfnrt character
        // or \u followed by 4 hexadecimal numbers (currently Kea
        // supports only \u0000 to \u00ff code points).
        // CSV processing translates '\\' into '\' and '\,' into ','
        // only so for instance '\x' is translated into '\x'. But
        // as it works on a JSON string value each of these '\'
        // characters must be doubled on JSON input.
        {
            "name": "boot-file-name",
            "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
        },
        // Options that take integer values can either be specified in
        // dec or hex format. Hex format could be either plain (e.g. abcd)
        // or prefixed with 0x (e.g. 0xabcd).
        {
            "name": "default-ip-ttl",
            "data": "0xf0"
        }
        // Note that Kea provides some of the options on its own. In particular,
        // it sends IP Address lease type (code 51, based on valid-lifetime
        // parameter, Subnet mask (code 1, based on subnet definition), Renewal
        // time (code 58, based on renew-timer parameter), Rebind time (code 59,
        // based on rebind-timer parameter).
    ],
    // Other global parameters that can be defined here are option definitions
    // (this is useful if you want to use vendor options, your own custom
    // options or perhaps handle options that Kea does not handle out of the box
    // yet).
    // You can also define classes. If classes are defined, incoming packets
    // may be assigned to specific classes. A client class can represent any
    // group of devices that share some common characteristic, e.g. Windows
    // devices, iphones, broken printers that require special options, etc.
    // Based on the class information, you can then allow or reject clients
    // to use certain subnets, add special options for them or change values
    // of some fixed fields.
    "client-classes": [
        {
            // This specifies a name of this class. It's useful if you need to
            // reference this class.
            "name": "voip",
            // This is a test. It is an expression that is being evaluated on
            // each incoming packet. It is supposed to evaluate to either
            // true or false. If it's true, the packet is added to specified
            // class. See Section 12 for a list of available expressions. There
            // are several dozens. Section 8.2.14 for more details for DHCPv4
            // classification and Section 9.2.19 for DHCPv6.
            "test": "substring(option[60].hex,0,6) == 'Aastra'",
            // If a client belongs to this class, you can define extra behavior.
            // For example, certain fields in DHCPv4 packet will be set to
            // certain values.
            "next-server": "192.0.2.254",
            "server-hostname": "hal9000",
            "boot-file-name": "/dev/null"
            // You can also define option values here if you want devices from
            // this class to receive special options.
        }
    ],
    // Another thing possible here are hooks. Kea supports a powerful mechanism
    // that allows loading external libraries that can extract information and
    // even influence how the server processes packets. Those libraries include
    // additional forensic logging capabilities, ability to reserve hosts in
    // more flexible ways, and even add extra commands. For a list of available
    // hook libraries, see https://gitlab.isc.org/isc-projects/kea/wikis/Hooks-available.
    // "hooks-libraries": [
    //   {
    //       // Forensic Logging library generates forensic type of audit trail
    //       // of all devices serviced by Kea, including their identifiers
    //       // (like MAC address), their location in the network, times
    //       // when they were active etc.
    //       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_legal_log.so",
    //       "parameters": {
    //           "path": "/var/lib/kea",
    //           "base-name": "kea-forensic4"
    //       }
    //   },
    //   {
    //       // Flexible identifier (flex-id). Kea software provides a way to
    //       // handle host reservations that include addresses, prefixes,
    //       // options, client classes and other features. The reservation can
    //       // be based on hardware address, DUID, circuit-id or client-id in
    //       // DHCPv4 and using hardware address or DUID in DHCPv6. However,
    //       // there are sometimes scenario where the reservation is more
    //       // complex, e.g. uses other options that mentioned above, uses part
    //       // of specific options or perhaps even a combination of several
    //       // options and fields to uniquely identify a client. Those scenarios
    //       // are addressed by the Flexible Identifiers hook application.
    //       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
    //       "parameters": {
    //           "identifier-expression": "relay4[2].hex"
    //       }
    //   }
    // ],
    // Below an example of a simple IPv4 subnet declaration. Uncomment to enable
    // it. This is a list, denoted with [ ], of structures, each denoted with
    // { }. Each structure describes a single subnet and may have several
    // parameters. One of those parameters is "pools" that is also a list of
    // structures.
    "subnet4": [
        {
            // This defines the whole subnet. Kea will use this information to
            // determine where the clients are connected. This is the whole
            // subnet in your network. This is mandatory parameter for each
            // subnet.
            "subnet": "192.0.2.0/24",
            // Pools define the actual part of your subnet that is governed
            // by Kea. Technically this is optional parameter, but it's
            // almost always needed for DHCP to do its job. If you omit it,
            // clients won't be able to get addresses, unless there are
            // host reservations defined for them.
            "pools": [ { "pool": "192.0.2.1 - 192.0.2.200" } ],
            // These are options that are subnet specific. In most cases,
            // you need to define at least routers option, as without this
            // option your clients will not be able to reach their default
            // gateway and will not have Internet connectivity.
            "option-data": [
                {
                    // For each IPv4 subnet you most likely need to specify at
                    // least one router.
                    "name": "routers",
                    "data": "192.0.2.1"
                }
            ],
            // Kea offers host reservations mechanism. Kea supports reservations
            // by several different types of identifiers: hw-address
            // (hardware/MAC address of the client), duid (DUID inserted by the
            // client), client-id (client identifier inserted by the client) and
            // circuit-id (circuit identifier inserted by the relay agent).
            //
            // Kea also support flexible identifier (flex-id), which lets you
            // specify an expression that is evaluated for each incoming packet.
            // Resulting value is then used for as an identifier.
            //
            // Note that reservations are subnet-specific in Kea. This is
            // different than ISC DHCP. Keep that in mind when migrating
            // your configurations.
            "reservations": [
                // This is a reservation for a specific hardware/MAC address.
                // It's a rather simple reservation: just an address and nothing
                // else.
                {
                    "hw-address": "1a:1b:1c:1d:1e:1f",
                    "ip-address": "192.0.2.201"
                },
                // This is a reservation for a specific client-id. It also shows
                // the this client will get a reserved hostname. A hostname can
                // be defined for any identifier type, not just client-id.
                {
                    "client-id": "01:11:22:33:44:55:66",
                    "ip-address": "192.0.2.202",
                    "hostname": "special-snowflake"
                },
                // The third reservation is based on DUID. This reservation defines
                // a special option values for this particular client. If the
                // domain-name-servers option would have been defined on a global,
                // subnet or class level, the host specific values take preference.
                {
                    "duid": "01:02:03:04:05",
                    "ip-address": "192.0.2.203",
                    "option-data": [ {
                        "name": "domain-name-servers",
                        "data": "10.1.1.202, 10.1.1.203"
                    } ]
                },
                // The fourth reservation is based on circuit-id. This is an option
                // inserted by the relay agent that forwards the packet from client
                // to the server.  In this example the host is also assigned vendor
                // specific options.
                //
                // When using reservations, it is useful to configure
                // reservations-global, reservations-in-subnet,
                // reservations-out-of-pool (subnet specific parameters)
                // and host-reservation-identifiers (global parameter).
                {
                    "client-id": "01:12:23:34:45:56:67",
                    "ip-address": "192.0.2.204",
                    "option-data": [
                        {
                            "name": "vivso-suboptions",
                            "data": "4491"
                        },
                        {
                            "name": "tftp-servers",
                            "space": "vendor-4491",
                            "data": "10.1.1.202, 10.1.1.203"
                        }
                    ]
                },
                // This reservation is for a client that needs specific DHCPv4
                // fields to be set. Three supported fields are next-server,
                // server-hostname and boot-file-name
                {
                    "client-id": "01:0a:0b:0c:0d:0e:0f",
                    "ip-address": "192.0.2.205",
                    "next-server": "192.0.2.1",
                    "server-hostname": "hal9000",
                    "boot-file-name": "/dev/null"
                },
                // This reservation is using flexible identifier. Instead of
                // relying on specific field, sysadmin can define an expression
                // similar to what is used for client classification,
                // e.g. substring(relay[0].option[17],0,6). Then, based on the
                // value of that expression for incoming packet, the reservation
                // is matched. Expression can be specified either as hex or
                // plain text using single quotes.
                //
                // Note: flexible identifier requires flex_id hook library to be
                // loaded to work.
                {
                    "flex-id": "'s0mEVaLue'",
                    "ip-address": "192.0.2.206"
                }
                // You can add more reservations here.
            ]
            // You can add more subnets there.
        }
    ],
    // There are many, many more parameters that DHCPv4 server is able to use.
    // They were not added here to not overwhelm people with too much
    // information at once.
    // Logging configuration starts here. Kea uses different loggers to log various
    // activities. For details (e.g. names of loggers), see Chapter 18.
    "loggers": [
    {
        // This section affects kea-dhcp4, which is the base logger for DHCPv4
        // component. It tells DHCPv4 server to write all log messages (on
        // severity INFO or more) to a file.
        "name": "kea-dhcp4",
        "output_options": [
            {
                // Specifies the output file. There are several special values
                // supported:
                // - stdout (prints on standard output)
                // - stderr (prints on standard error)
                // - syslog (logs to syslog)
                // - syslog:name (logs to syslog using specified name)
                // Any other value is considered a name of the file
                "output": "stdout",
                // Shorter log pattern suitable for use with systemd,
                // avoids redundant information
                "pattern": "%-5p %m\n",
                // This governs whether the log output is flushed to disk after
                // every write.
                // "flush": false,
                // This specifies the maximum size of the file before it is
                // rotated.
                // "maxsize": 1048576,
                // This specifies the maximum number of rotated files to keep.
                // "maxver": 8
            }
        ],
        // This specifies the severity of log messages to keep. Supported values
        // are: FATAL, ERROR, WARN, INFO, DEBUG
        "severity": "INFO",
        // If DEBUG level is specified, this value is used. 0 is least verbose,
        // 99 is most verbose. Be cautious, Kea can generate lots and lots
        // of logs if told to do so.
        "debuglevel": 0
    }
  ]
 }
 }
--- a/kea-dhcp-ha/provision/kea-dhcp4.conf.j2
+++ b/kea-dhcp-ha/provision/kea-dhcp4.conf.j2
@ -0,0 +1,533 @@
 // This is a basic configuration for the Kea DHCPv4 server. Subnet declarations
 // are mostly commented out and no interfaces are listed. Therefore, the servers
 // will not listen or respond to any queries.
 // The basic configuration must be extended to specify interfaces on which
 // the servers should listen. There are a number of example options defined.
 // These probably don't make any sense in your network. Make sure you at least
 // update the following, before running this example in your network:
 // - change the network interface names
 // - change the subnets to match your actual network
 // - change the option values to match your network
 //
 // This is just a very basic configuration. Kea comes with large suite (over 30)
 // of configuration examples and extensive Kea User's Guide. Please refer to
 // those materials to get better understanding of what this software is able to
 // do. Comments in this configuration file sometimes refer to sections for more
 // details. These are section numbers in Kea User's Guide. The version matching
 // your software should come with your Kea package, but it is also available
 // in ISC's Knowledgebase (https://kea.readthedocs.io; the direct link for
 // the stable version is https://kea.readthedocs.io/).
 //
 // This configuration file contains only DHCPv4 server's configuration.
 // If configurations for other Kea services are also included in this file they
 // are ignored by the DHCPv4 server.
 {
 // DHCPv4 configuration starts here. This section will be read by DHCPv4 server
 // and will be ignored by other components.
 "Dhcp4": {
    // Add names of your network interfaces to listen on.
    "interfaces-config": {
        // See section 8.2.4 for more details. You probably want to add just
        // interface name (e.g. "eth0" or specific IPv4 address on that
        // interface name (e.g. "eth0/192.0.2.1").
        "interfaces": [ "eth1" ]
        // Kea DHCPv4 server by default listens using raw sockets. This ensures
        // all packets, including those sent by directly connected clients
        // that don't have IPv4 address yet, are received. However, if your
        // traffic is always relayed, it is often better to use regular
        // UDP sockets. If you want to do that, uncomment this line:
        // "dhcp-socket-type": "udp"
    },
    // Kea supports control channel, which is a way to receive management
    // commands while the server is running. This is a Unix domain socket that
    // receives commands formatted in JSON, e.g. config-set (which sets new
    // configuration), config-reload (which tells Kea to reload its
    // configuration from file), statistic-get (to retrieve statistics) and many
    // more. For detailed description, see Sections 8.8, 16 and 15.
    "control-socket": {
        "socket-type": "unix",
        "socket-name": "/run/kea/kea4-ctrl-socket"
    },
    // Use Memfile lease database backend to store leases in a CSV file.
    // Depending on how Kea was compiled, it may also support SQL databases
    // (MySQL and/or PostgreSQL). Those database backends require more
    // parameters, like name, host and possibly user and password.
    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
    // Storage" for details.
    "lease-database": {
        // Memfile is the simplest and easiest backend to use. It's an in-memory
        // C++ database that stores its state in CSV file.
        "type": "memfile",
        "lfc-interval": 3600
    },
    // Kea allows storing host reservations in a database. If your network is
    // small or you have few reservations, it's probably easier to keep them
    // in the configuration file. If your network is large, it's usually better
    // to use database for it. To enable it, uncomment the following:
    // "hosts-database": {
    //     "type": "mysql",
    //     "name": "kea",
    //     "user": "kea",
    //     "password": "kea",
    //     "host": "localhost",
    //     "port": 3306
    // },
    // See Section 7.2.3 "Hosts storage" for details.
    // Setup reclamation of the expired leases and leases affinity.
    // Expired leases will be reclaimed every 10 seconds. Every 25
    // seconds reclaimed leases, which have expired more than 3600
    // seconds ago, will be removed. The limits for leases reclamation
    // are 100 leases or 250 ms for a single cycle. A warning message
    // will be logged if there are still expired leases in the
    // database after 5 consecutive reclamation cycles.
    "expired-leases-processing": {
        "reclaim-timer-wait-time": 10,
        "flush-reclaimed-timer-wait-time": 25,
        "hold-reclaimed-time": 3600,
        "max-reclaim-leases": 100,
        "max-reclaim-time": 250,
        "unwarned-reclaim-cycles": 5
    },
    // Global timers specified here apply to all subnets, unless there are
    // subnet specific values defined in particular subnets.
    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,
    // Many additional parameters can be specified here:
    // - option definitions (if you want to define vendor options, your own
    //                       custom options or perhaps handle standard options
    //                       that Kea does not support out of the box yet)
    // - client classes
    // - hooks
    // - ddns information (how the DHCPv4 component can reach a DDNS daemon)
    //
    // Some of them have examples below, but there are other parameters.
    // Consult Kea User's Guide to find out about them.
    // These are global options. They are going to be sent when a client
    // requests them, unless overwritten with values in more specific scopes.
    // The scope hierarchy is:
    // - global (most generic, can be overwritten by class, subnet or host)
    // - class (can be overwritten by subnet or host)
    // - subnet (can be overwritten by host)
    // - host (most specific, overwrites any other scopes)
    //
    // Not all of those options make sense. Please configure only those that
    // are actually useful in your network.
    //
    // For a complete list of options currently supported by Kea, see
    // Section 7.2.8 "Standard DHCPv4 Options". Kea also supports
    // vendor options (see Section 7.2.10) and allows users to define their
    // own custom options (see Section 7.2.9).
    "option-data": [
        // When specifying options, you typically need to specify
        // one of (name or code) and data. The full option specification
        // covers name, code, space, csv-format and data.
        // space defaults to "dhcp4" which is usually correct, unless you
        // use encapsulate options. csv-format defaults to "true", so
        // this is also correct, unless you want to specify the whole
        // option value as long hex string. For example, to specify
        // domain-name-servers you could do this:
        // {
        //     "name": "domain-name-servers",
        //     "code": 6,
        //     "csv-format": "true",
        //     "space": "dhcp4",
        //     "data": "192.0.2.1, 192.0.2.2"
        // }
        // but it's a lot of writing, so it's easier to do this instead:
        {
            "name": "domain-name-servers",
            "data": "192.0.2.1, 192.0.2.2"
        },
        // Typically people prefer to refer to options by their names, so they
        // don't need to remember the code names. However, some people like
        // to use numerical values. For example, option "domain-name" uses
        // option code 15, so you can reference to it either by
        // "name": "domain-name" or "code": 15.
        {
            "code": 15,
            "data": "example.org"
        },
        // Domain search is also a popular option. It tells the client to
        // attempt to resolve names within those specified domains. For
        // example, name "foo" would be attempted to be resolved as
        // foo.mydomain.example.com and if it fails, then as foo.example.com
        {
            "name": "domain-search",
            "data": "mydomain.example.com, example.com"
        },
        // String options that have a comma in their values need to have
        // it escaped (i.e. each comma is preceded by two backslashes).
        // That's because commas are reserved for separating fields in
        // compound options. At the same time, we need to be conformant
        // with JSON spec, that does not allow "\,". Therefore the
        // slightly uncommon double backslashes notation is needed.
        // Legal JSON escapes are \ followed by "\/bfnrt character
        // or \u followed by 4 hexadecimal numbers (currently Kea
        // supports only \u0000 to \u00ff code points).
        // CSV processing translates '\\' into '\' and '\,' into ','
        // only so for instance '\x' is translated into '\x'. But
        // as it works on a JSON string value each of these '\'
        // characters must be doubled on JSON input.
        {
            "name": "boot-file-name",
            "data": "EST5EDT4\\,M3.2.0/02:00\\,M11.1.0/02:00"
        },
        // Options that take integer values can either be specified in
        // dec or hex format. Hex format could be either plain (e.g. abcd)
        // or prefixed with 0x (e.g. 0xabcd).
        {
            "name": "default-ip-ttl",
            "data": "0xf0"
        }
        // Note that Kea provides some of the options on its own. In particular,
        // it sends IP Address lease type (code 51, based on valid-lifetime
        // parameter, Subnet mask (code 1, based on subnet definition), Renewal
        // time (code 58, based on renew-timer parameter), Rebind time (code 59,
        // based on rebind-timer parameter).
    ],
    // Other global parameters that can be defined here are option definitions
    // (this is useful if you want to use vendor options, your own custom
    // options or perhaps handle options that Kea does not handle out of the box
    // yet).
    // You can also define classes. If classes are defined, incoming packets
    // may be assigned to specific classes. A client class can represent any
    // group of devices that share some common characteristic, e.g. Windows
    // devices, iphones, broken printers that require special options, etc.
    // Based on the class information, you can then allow or reject clients
    // to use certain subnets, add special options for them or change values
    // of some fixed fields.
    "client-classes": [
        {
            // This specifies a name of this class. It's useful if you need to
            // reference this class.
            "name": "voip",
            // This is a test. It is an expression that is being evaluated on
            // each incoming packet. It is supposed to evaluate to either
            // true or false. If it's true, the packet is added to specified
            // class. See Section 12 for a list of available expressions. There
            // are several dozens. Section 8.2.14 for more details for DHCPv4
            // classification and Section 9.2.19 for DHCPv6.
            "test": "substring(option[60].hex,0,6) == 'Aastra'",
            // If a client belongs to this class, you can define extra behavior.
            // For example, certain fields in DHCPv4 packet will be set to
            // certain values.
            "next-server": "192.0.2.254",
            "server-hostname": "hal9000",
            "boot-file-name": "/dev/null"
            // You can also define option values here if you want devices from
            // this class to receive special options.
        }
    ],
    // Another thing possible here are hooks. Kea supports a powerful mechanism
    // that allows loading external libraries that can extract information and
    // even influence how the server processes packets. Those libraries include
    // additional forensic logging capabilities, ability to reserve hosts in
    // more flexible ways, and even add extra commands. For a list of available
    // hook libraries, see https://gitlab.isc.org/isc-projects/kea/wikis/Hooks-available.
    "hooks-libraries": [
        // The lease_cmds library must be loaded because HA makes use of it to
        // deliver lease updates to the server as well as synchronize the
        // lease database after failure.
        {
            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
        },
      {
            // The HA hooks library should be loaded.
            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
            "parameters": {
                // Each server should have the same HA configuration, except for the
                // "this-server-name" parameter.
                "high-availability": [ {
                    // This parameter points to this server instance. The respective
                    // HA peers must have this parameter set to their own names.
                    "this-server-name": "{{ srv_name }}",
                    // The HA mode is set to hot-standby. In this mode, the active server handles
                    // all the traffic. The standby takes over if the primary becomes unavailable.
                    "mode": "hot-standby",
                    // Heartbeat is to be sent every 10 seconds if no other control
                    // commands are transmitted.
                    "heartbeat-delay": 10000,
                    // Maximum time for partner's response to a heartbeat, after which
                    // failure detection is started. This is specified in milliseconds.
                    // If we don't hear from the partner in 60 seconds, it's time to
                    // start worrying.
                    "max-response-delay": 60000,
                    // The following parameters control how the server detects the
                    // partner's failure. The ACK delay sets the threshold for the
                    // 'secs' field of the received discovers. This is specified in
                    // milliseconds.
                    "max-ack-delay": 5000,
                    // This specifies the number of clients which send messages to
                    // the partner but appear to not receive any response.
                    "max-unacked-clients": 5,
                    // This specifies the maximum timeout (in milliseconds) for the server
                    // to complete sync. If you have a large deployment (high tens or
                    // hundreds of thousands of clients), you may need to increase it
                    // further. The default value is 60000ms (60 seconds).
                    "sync-timeout": 60000,
                    "peers": [
                        // This is the configuration of this server instance.
                        {
                            "name": "kea1",
                            // This specifies the URL of our server instance. The
                            // Control Agent must run along with our DHCPv4 server
                            // instance and the "http-host" and "http-port" must be
                            // set to the corresponding values.
                            "url": "http://192.168.56.2:8000/",
                            // This server is primary. The other one must be
                            // secondary.
                            "role": "primary"
                        },
                        // This is the configuration of our HA peer.
                        {
                            "name": "kea2",
                            // Specifies the URL on which the partner's control
                            // channel can be reached. The Control Agent is required
                            // to run on the partner's machine with "http-host" and
                            // "http-port" values set to the corresponding values.
                            "url": "http://192.168.56.3:8000/",
                            // The partner is a secondary. Our is primary.
                            "role": "standby"
                        }
                    ]
                } ]
            }
        }
    ],
    //       // Forensic Logging library generates forensic type of audit trail
    //       // of all devices serviced by Kea, including their identifiers
    //       // (like MAC address), their location in the network, times
    //       // when they were active etc.
    //       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_legal_log.so",
    //       "parameters": {
    //           "path": "/var/lib/kea",
    //           "base-name": "kea-forensic4"
    //       }
    //   },
    //   {
    //       // Flexible identifier (flex-id). Kea software provides a way to
    //       // handle host reservations that include addresses, prefixes,
    //       // options, client classes and other features. The reservation can
    //       // be based on hardware address, DUID, circuit-id or client-id in
    //       // DHCPv4 and using hardware address or DUID in DHCPv6. However,
    //       // there are sometimes scenario where the reservation is more
    //       // complex, e.g. uses other options that mentioned above, uses part
    //       // of specific options or perhaps even a combination of several
    //       // options and fields to uniquely identify a client. Those scenarios
    //       // are addressed by the Flexible Identifiers hook application.
    //       "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_flex_id.so",
    //       "parameters": {
    //           "identifier-expression": "relay4[2].hex"
    //       }
    //   }
    // ],
    // Below an example of a simple IPv4 subnet declaration. Uncomment to enable
    // it. This is a list, denoted with [ ], of structures, each denoted with
    // { }. Each structure describes a single subnet and may have several
    // parameters. One of those parameters is "pools" that is also a list of
    // structures.
    "subnet4": [
        {
            // This defines the whole subnet. Kea will use this information to
            // determine where the clients are connected. This is the whole
            // subnet in your network. This is mandatory parameter for each
            // subnet.
            "subnet": "192.168.56.0/24",
 	    "interface" : "eth1", 
            // Pools define the actual part of your subnet that is governed
            // by Kea. Technically this is optional parameter, but it's
            // almost always needed for DHCP to do its job. If you omit it,
            // clients won't be able to get addresses, unless there are
            // host reservations defined for them.
            "pools": [ { "pool": "192.168.56.120 - 192.168.56.130" } ],
            // These are options that are subnet specific. In most cases,
            // you need to define at least routers option, as without this
            // option your clients will not be able to reach their default
            // gateway and will not have Internet connectivity.
            "option-data": [
                {
                    // For each IPv4 subnet you most likely need to specify at
                    // least one router.
                    "name": "routers",
                    "data": "192.168.56.1"
                }
            ],
            // Kea offers host reservations mechanism. Kea supports reservations
            // by several different types of identifiers: hw-address
            // (hardware/MAC address of the client), duid (DUID inserted by the
            // client), client-id (client identifier inserted by the client) and
            // circuit-id (circuit identifier inserted by the relay agent).
            //
            // Kea also support flexible identifier (flex-id), which lets you
            // specify an expression that is evaluated for each incoming packet.
            // Resulting value is then used for as an identifier.
            //
            // Note that reservations are subnet-specific in Kea. This is
            // different than ISC DHCP. Keep that in mind when migrating
            // your configurations.
            "reservations": [
                // This is a reservation for a specific hardware/MAC address.
                // It's a rather simple reservation: just an address and nothing
                // else.
                {
                    "hw-address": "1a:1b:1c:1d:1e:1f",
                    "ip-address": "192.168.56.201"
                },
                // This is a reservation for a specific client-id. It also shows
                // the this client will get a reserved hostname. A hostname can
                // be defined for any identifier type, not just client-id.
                {
                    "client-id": "01:11:22:33:44:55:66",
                    "ip-address": "192.168.56.202",
                    "hostname": "special-snowflake"
                },
                // The third reservation is based on DUID. This reservation defines
                // a special option values for this particular client. If the
                // domain-name-servers option would have been defined on a global,
                // subnet or class level, the host specific values take preference.
                {
                    "duid": "01:02:03:04:05",
                    "ip-address": "192.168.56.203",
                    "option-data": [ {
                        "name": "domain-name-servers",
                        "data": "10.1.1.202, 10.1.1.203"
                    } ]
                },
                // The fourth reservation is based on circuit-id. This is an option
                // inserted by the relay agent that forwards the packet from client
                // to the server.  In this example the host is also assigned vendor
                // specific options.
                //
                // When using reservations, it is useful to configure
                // reservations-global, reservations-in-subnet,
                // reservations-out-of-pool (subnet specific parameters)
                // and host-reservation-identifiers (global parameter).
                {
                    "client-id": "01:12:23:34:45:56:67",
                    "ip-address": "192.168.56.204",
                    "option-data": [
                        {
                            "name": "vivso-suboptions",
                            "data": "4491"
                        },
                        {
                            "name": "tftp-servers",
                            "space": "vendor-4491",
                            "data": "10.1.1.202, 10.1.1.203"
                        }
                    ]
                },
                // This reservation is for a client that needs specific DHCPv4
                // fields to be set. Three supported fields are next-server,
                // server-hostname and boot-file-name
                {
                    "client-id": "01:0a:0b:0c:0d:0e:0f",
                    "ip-address": "192.168.56.205",
                    "next-server": "192.168.56.206",
                    "server-hostname": "hal9000",
                    "boot-file-name": "/dev/null"
                },
                // This reservation is using flexible identifier. Instead of
                // relying on specific field, sysadmin can define an expression
                // similar to what is used for client classification,
                // e.g. substring(relay[0].option[17],0,6). Then, based on the
                // value of that expression for incoming packet, the reservation
                // is matched. Expression can be specified either as hex or
                // plain text using single quotes.
                //
                // Note: flexible identifier requires flex_id hook library to be
                // loaded to work.
                {
                    "flex-id": "'s0mEVaLue'",
                    "ip-address": "192.168.56.207"
                }
                // You can add more reservations here.
            ]
            // You can add more subnets there.
        }
    ],
    // There are many, many more parameters that DHCPv4 server is able to use.
    // They were not added here to not overwhelm people with too much
    // information at once.
    // Logging configuration starts here. Kea uses different loggers to log various
    // activities. For details (e.g. names of loggers), see Chapter 18.
    "loggers": [
    {
        // This section affects kea-dhcp4, which is the base logger for DHCPv4
        // component. It tells DHCPv4 server to write all log messages (on
        // severity INFO or more) to a file.
        "name": "kea-dhcp4",
        "output_options": [
            {
                // Specifies the output file. There are several special values
                // supported:
                // - stdout (prints on standard output)
                // - stderr (prints on standard error)
                // - syslog (logs to syslog)
                // - syslog:name (logs to syslog using specified name)
                // Any other value is considered a name of the file
                "output": "stdout",
                // Shorter log pattern suitable for use with systemd,
                // avoids redundant information
                "pattern": "%-5p %m\n",
                // This governs whether the log output is flushed to disk after
                // every write.
                // "flush": false,
                // This specifies the maximum size of the file before it is
                // rotated.
                // "maxsize": 1048576,
                // This specifies the maximum number of rotated files to keep.
                // "maxver": 8
            }
        ],
        // This specifies the severity of log messages to keep. Supported values
        // are: FATAL, ERROR, WARN, INFO, DEBUG
        "severity": "INFO",
        // If DEBUG level is specified, this value is used. 0 is least verbose,
        // 99 is most verbose. Be cautious, Kea can generate lots and lots
        // of logs if told to do so.
        "debuglevel": 0
    }
  ]
 }
 }
--- a/kea-dhcp-ha/provision/setup-db.yml
+++ b/kea-dhcp-ha/provision/setup-db.yml
@ -0,0 +1,43 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: modules python pour 
    apt:
      name: python3-pymysql
      state: present
  - name: install mariadb-server
    apt: 
     name: mariadb-server
     state: present
  - name: Cree Bd wordpress 
    mysql_db: 
      db: wordpressdb
      login_unix_socket: /var/run/mysqld/mysqld.sock  
      state: present
  - name: Ouvre port 3306 mariadb-server 
    replace: 
      path: /etc/mysql/mariadb.conf.d/50-server.cnf
      regexp: '^bind-address.*'
      replace: '#bind-adress = 127.0.0.1'
      backup: yes  
    notify: restart mariadb
  - name: Create MySQL user for wordpress.
    mysql_user:
      name: wordpressuser
      password: wordpresspasswd
      priv: "wordpressdb.*:ALL"
      host: '%'
      state: present
      login_unix_socket: /var/run/mysqld/mysqld.sock  
  handlers:
  - name: restart mariadb
    ansible.builtin.service:
      name: mariadb
      state: restarted
--- a/kea-dhcp-ha/provision/setup-kea.yml
+++ b/kea-dhcp-ha/provision/setup-kea.yml
@ -0,0 +1,37 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: kea-dhcp4-server et kea-ctrl-agent ...
    apt: 
      name: 
        - kea-dhcp4-server
        - kea-dhcp6-server
        - kea-ctrl-agent
      state: present
  - name: change adresse IP dans /etc/kea/kea-ctrl-agent.conf
    ansible.builtin.replace:
      path: /etc/kea/kea-ctrl-agent.conf
      regexp: '"http-host": "127.0.0.1",'
      replace: '"http-host": "{{ srv_ip }}",'
      backup: yes
  - name: relance service kea-ctrl-agent
    ansible.builtin.service:
      name: kea-ctrl-agent
      state: restarted
      enabled: yes
  - name: genere ikea-dhcp4.conf a partir de la template
    ansible.builtin.template: 
      src: kea-dhcp4.conf.j2 
      dest: /etc/kea/kea-dhcp4.conf
      backup: yes
  - name: relance service kea-dhcp4-server
    ansible.builtin.service:
      name: kea-dhcp4-server
      state: restarted
      enabled: yes
--- a/kea-dhcp-ha/provision/setup-lb.yml
+++ b/kea-dhcp-ha/provision/setup-lb.yml
@ -0,0 +1,29 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: install haproxy
    apt:
      name: haproxy
      state: present
  - name: parametre backend et fontend
    blockinfile:
      path: /etc/haproxy/haproxy.cfg
      block: |
        frontend proxypublic
          bind 192.168.56.2:80
          default_backend fermeweb
        backend fermeweb
          balance roundrobin
          option httpclose
          #option httpchk HEAD / HTTP/1.0
          server web1.test 192.168.56.3:80 check
          #server web2.test 192.168.56.4:80 check
  - name: redemarre haproxy
    service:
      name: haproxy
      state: restarted
      enabled: yes
--- a/kea-dhcp-ha/provision/setup-nfs.yml
+++ b/kea-dhcp-ha/provision/setup-nfs.yml
@ -0,0 +1,88 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: 00 - cree repertoire wordpress pour export nfs
    file:
      path: /exports/wordpress
      state: directory
  - name: 05 - Install nfs-server
    apt:
      name: nfs-server
      state: present
  - name: 10 - creation fichier exports nfs  
    ansible.builtin.blockinfile:
      path: /etc/exports
      block: |
        /exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check)
  - name: 15 - Recupere wordpress.tar.gz
    get_url: 
      url: "https://fr.wordpress.org/latest-fr_FR.tar.gz"
      dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz
  - name: 20 - decompresse wordpress 
    unarchive: 
      src: /tmp/wordpress-6.1.1-fr_FR.tar.gz
      dest: /exports/
      remote_src: yes  
  - name: 22 - change owner et group pour repertoire wordpress
    file:
      path: /exports/wordpress
      state: directory
      recurse: yes
      owner: www-data
      group: www-data
  - name: 25 - genere fichier de config wordpress 
    copy: 
      src: /exports/wordpress/wp-config-sample.php
      dest: /exports/wordpress/wp-config.php
      remote_src: yes  
  - name: 30 - genere fichier de config wordpress 
    copy: 
      src: /exports/wordpress/wp-config-sample.php
      dest: /exports/wordpress/wp-config.php
      remote_src: yes  
  - name: 35 - ajuste variable dbname dans fichier de config wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "votre_nom_de_bdd"
      replace: "wordpressdb"
      backup: yes
  - name: 40 ajuste variable dbusername dans fichier de config wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "votre_utilisateur_de_bdd"
      replace: "wordpressuser"
      backup: yes
  - name: 45 - ajuste variable mdp dans fichier de config wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "votre_mdp_de_bdd"
      replace: "wordpresspasswd"
      backup: yes
  - name: 50 - ajuste hostname fichier wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "localhost"
      replace: "192.168.56.5"
      backup: yes
  - name: 55 - relance nfs
    service:
      name: nfs-server
      state: restarted
      enabled: yes
--- a/lamp-ds/Vagrantfile
+++ b/lamp-ds/Vagrantfile
@ -0,0 +1,90 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bookworm64"
  config.vm.hostname = "lamp"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
   config.vm.network "forwarded_port", guest: 80, host: 2080
   config.vm.network "forwarded_port", guest: 22, host: 2022
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Disable the default share of the current code directory. Doing this
  # provides improved isolation between the vagrant box and your host
  # by making sure your Vagrantfile isn't accessable to the vagrant box.
  # If you use this you may want to enable additional shared subfolders as
  # shown above.
  #config.vm.synced_folder ".", "/vagrant", disabled: false
  config.vm.synced_folder ".", "/var/www/html", disabled: false
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
  config.vm.provision "shell", inline: <<-SHELL
    #  export http_proxy=http://10.121.38.1:8080
    #  export https_proxy=http://10.121.38.1:8080
     timedatectl set-timezone Europe/Paris
     apt-get update
     apt-get install -y vim wget curl git apache2 php mariadb-server 
     DEBIAN_FRONTEND=noninteractive apt-get -yq install phpmyadmin
     cp /etc/phpmyadmin/apache.conf /etc/apache2/conf-available/phpmyadmin.conf
     a2enconf phpmyadmin.conf
     systemctl reload apache2.service
   SHELL
 end
--- a/nagios4/Vagrantfile
+++ b/nagios4/Vagrantfile
@ -12,7 +12,9 @@ Vagrant.configure("2") do |config|
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
  config.vm.hostname = "nagios4"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
@ -65,12 +67,15 @@ Vagrant.configure("2") do |config|
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell", inline: <<-SHELL
      apt-get update
-      apt-get install -y curl wget
+      apt-get install -y vim curl wget apache2 php nagios4 nagios-plugins-contrib
      apt-get install -y nagios4
      cp /etc/nagios4/apache2.conf /etc/apache2/sites-available/nagios4.conf
      a2ensite nagios4.conf
      a2enmod rewrite cgi
 #      sed -i 's/Require all/#Require all/' /etc/apache2/conf-enabled/nagios4-cgi.conf
 #      sed -i 's/#Require\tvalid-user/Require\tvalid-user/' /etc/apache2/conf-enabled/nagios4-cgi.conf
      systemctl reload apache2
 #      htdigest -b -c /etc/nagios4/htdigest.users "Nagios4" nagiosadmin admin
   SHELL
 end
--- a/1
+++ b/1
@ -0,0 +1 @@
 salut
--- a/samba-ad-dc/Vagrantfile
+++ b/samba-ad-dc/Vagrantfile
@ -0,0 +1,78 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bookworm64"
  config.vm.hostname = "dc1"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  config.vm.network "private_network", ip: "192.168.56.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Disable the default share of the current code directory. Doing this
  # provides improved isolation between the vagrant box and your host
  # by making sure your Vagrantfile isn't accessable to the vagrant box.
  # If you use this you may want to enable additional shared subfolders as
  # shown above.
  # config.vm.synced_folder ".", "/vagrant", disabled: true
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "playbook.yml"
  end
 end
--- a/samba-ad-dc/playbook.yml
+++ b/samba-ad-dc/playbook.yml
@ -0,0 +1,186 @@
 ---
 - hosts: all
  become: true
  vars:
    samba_dc_dns_domain: "ad.sio.lan"
    samba_dc_hostname: "dc1.ad.sio.lan"
    samba_dc_hostname_short: "dc1"
    samba_dc_ip: "192.168.56.10"
    samba_dc_net: "192.168.56.0/24"
    samba_dc_realm: "AD.SIO.LAN"
    samba_dc_workgroup: "AD"
    samba_dc_domain: "AD"
    samba_dc_admin_password: "Azerty1+"
    samba_dc_dns_backend: "SAMBA_INTERNAL" # ou bien "BIND9_DLZ" 
  pre_tasks:
    - name: Set timezone to Europe/Paris
      timezone:
        name: Europe/Paris
    - name: Update apt cache if needed.
      apt:
        update_cache: true
        cache_valid_time: 3600
  tasks:
    - name: Pre - set hostname {{ samba_dc_hostname }}
      copy:
        content: |
          {{ samba_dc_hostname }}
        dest: /etc/hostname
    - name: Pre - set /etc/hosts
      copy:
        content: |
          127.0.0.1 localhost
          {{ samba_dc_ip }} {{ samba_dc_hostname }} {{ samba_dc_hostname_short }}
        dest: /etc/hosts
    - name: Pre - "Installe paquets de base"
      ansible.builtin.apt:
        state: present
        name:
          - acl
          - git
          - curl
          - wget
          - sudo
          - unzip
          - vim
          - gnupg
          - tmux
          - dnsutils
          - apt-transport-https
          - chrony
    - name: Samba - "Installe paquets Samba"
      ansible.builtin.apt:
        state: present
        name:
          - samba
          - winbind
          - libnss-winbind
          - krb5-user
          - smbclient
          - ldb-tools
          - python3-cryptography
    - name: Samba - Configuration Kerberos
      copy:
        content: |
          [libdefaults]
            default_realm = {{ samba_dc_realm }}
            dns_lookup_kdc = true
            dns_lookup_realm = false
        dest: /etc/krb5.conf
    - name: Samba - Nettoie smb.conf
      file:
        path: "/etc/samba/smb.conf"
        state: absent
    - name: Samba - Configure DC
      command: samba-tool domain provision --realm={{ samba_dc_realm }} --domain {{ samba_dc_domain }} --server-role=dc
    - name: Samba - Mdp Administrator
      command:  samba-tool user setpassword administrator --newpassword={{ samba_dc_admin_password }}
    - name: Samba - Set dns forwarder .
      lineinfile:
        dest: "/etc/samba/smb.conf"
        regexp: "dns forwarder =.*"
        line: "dns forwarder = 9.9.9.9"
        state: present
    - name: Samba - set resolv.conf
      copy:
        content: |
          search {{ samba_dc_dns_domain }}
          nameserver 127.0.0.1
        dest: /etc/resolv.conf
    - name: Samba - rm krb5.conf dans samba
      file:
        path: /var/lib/samba/private/krb5.conf
        state: absent
    - name: Samba - ln krb5.conf de samba vers standard
      file:
        src: /etc/krb5.conf
        dest: /var/lib/samba/private/krb5.conf
        force: true
        state: link
    - name: SAmba - unmask and enable samba-ad-dc
      ansible.builtin.systemd:
        name: samba-ad-dc
        masked: false
        enabled: true
    - name: Samba - mask samba
      ansible.builtin.systemd:
        name: samba
        masked: true
        enabled: false
    - name: Samba - mask winbind
      ansible.builtin.systemd:
        name: winbind
        masked: true
        enabled: false
    - name: Samba - mask smbd
      ansible.builtin.systemd:
        name: smbd
        masked: true
        enabled: false
    - name: Samba - mask nmbd
      ansible.builtin.systemd:
        name: nmbd
        masked: true
        enabled: false
    - name: Samba - reboot
      reboot:
    - name: Samba - set resolv.conf
      copy:
        content: |
          search {{ samba_dc_dns_domain }}
          nameserver 127.0.0.1
        dest: /etc/resolv.conf
    - name: Samba - Test smbclient
      command: smbclient -L localhost -N
    - name: SAmba - test DNS SRV _ldap sur TCP 
      command: host -t SRV _ldap._tcp.{{ samba_dc_dns_domain }}
    - name: Samba - test DNS SRV _kerberos sur UDP
      command: host -t SRV _kerberos._udp.{{ samba_dc_dns_domain }}
    - name: Samba - test DNS A pour dc
      command:  host -t A {{ samba_dc_hostname }}
    - name: Chrony - configuration 
      ansible.builtin.blockinfile:
        path: /etc/chrony/chrony.conf
        block: |
          bindcmdaddress {{ samba_dc_ip }}
          # The source, where we are receiving the time from
          server 0.pool.ntp.org     iburst
          server 1.pool.ntp.org     iburst
          server 2.pool.ntp.org     iburst
          allow {{ samba_dc_net }}
    - name: Chrony - redemarrage
      service:
        name: chrony
        state: restarted
--- a/semaphore/Vagrantfile
+++ b/semaphore/Vagrantfile
@ -0,0 +1,75 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 # All Vagrant configuration is done below. The "2" in Vagrant.configure
 # configures the configuration version (we support older styles for
 # backwards compatibility). Please don't change it unless you know what
 # you're doing.
 Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.
  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "debian/bullseye64"
  config.vm.hostname = "semaphore"
  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080
  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"
  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  config.vm.network "public_network"
  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"
  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.
  # Enable provisioning with a shell script. Additional provisioners such as
  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
  # documentation for more information about their specific syntax and use.
   config.vm.provision "shell", inline: <<-SHELL
     apt-get update
     apt-get install -y vim wget curl
   SHELL
   config.vm.provision "ansible" do |ansible|
       ansible.playbook = "semaphore.yml"
   end
 end
--- a/semaphore/semaphore.yml
+++ b/semaphore/semaphore.yml
@ -0,0 +1,55 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: Installe paquets  git et ansible
    apt:
      name:
        - git
        - ansible
      state: present
  - name: Recupere paquet semaphore
    get_url:
      url: https://github.com/ansible-semaphore/semaphore/releases/download/v2.8.75/semaphore_2.8.75_linux_amd64.deb
      dest: /tmp/
  - name: Installie paquet semaphore
    apt:
      deb: semaphore_2.8.75_linux_amd64.deb
  - name: cree repert /etc/semaphore
    file:
      path: /etc/semaphore
      state: directory
      mode: '0755'
  - name: constitution fichier semaphore.service
    blockinfile:
      path: /etc/systemd/system/semaphore.service
      mode: '0644'
      create: yes
      block: |
        [Unit]
        Description=Semaphore Ansible
        Documentation=https://github.com/ansible-semaphore/semaphore
        Wants=network-online.target
        After=network-online.target
        [Service]
        Type=simple
        ExecReload=/bin/kill -HUP $MAINPID
        ExecStart=/usr/bin/semaphore service --config=/etc/semaphore/config.json
        SyslogIdentifier=semaphore
        Restart=always
        [Install]
        WantedBy=multi-user.target
  - name: reload daemon-reload
    service:
      name: semaphore
      state: started
      enabled: yes
--- a/wp-lb/Vagrantfile
+++ b/wp-lb/Vagrantfile
@ -0,0 +1,81 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 Vagrant.configure("2") do |config|
  # Base VM OS configuration.
  config.vm.box = "debian/bullseye64"
  config.ssh.insert_key = false
  config.vm.synced_folder '.', '/vagrant', disabled: true
  # General VirtualBox VM configuration.
  config.vm.provider :virtualbox do |v|
    v.memory = 512
    v.cpus = 1
    v.linked_clone = true
    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
    v.customize ["modifyvm", :id, "--ioapic", "on"]
  end
  # lb HAproxy.
  config.vm.define "lb" do |lb|
    lb.vm.hostname = "lb.test"
    lb.vm.network :private_network, ip: "192.168.56.2"
    lb.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    lb.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/setup-lb.yml"
    end
  end
  # NFS.
  config.vm.define "nfs" do |nfs|
    nfs.vm.hostname = "nfs.test"
    nfs.vm.network :private_network, ip: "192.168.56.6"
    nfs.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    nfs.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/setup-nfs.yml"
    end
  end
  # MySQL.
  config.vm.define "db" do |db|
    db.vm.hostname = "db.test"
    db.vm.network :private_network, ip: "192.168.56.5"
    db.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    db.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/setup-db.yml"
    end
  end
  # Apache web1.
  config.vm.define "web1" do |web1|
    web1.vm.hostname = "web1.test"
    web1.vm.network :private_network, ip: "192.168.56.3"
    web1.vm.provider :virtualbox do |v|
      v.customize ["modifyvm", :id, "--memory", 512]
    end
    web1.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    web1.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/setup-web.yml"
    end
  end
  # Apachei web2.
  config.vm.define "web2" do |web2|
    web2.vm.hostname = "web2.test"
    web2.vm.network :private_network, ip: "192.168.56.4"
    web2.vm.provider :virtualbox do |v|
      v.customize ["modifyvm", :id, "--memory", 512]
    end
    web2.vm.provision "shell",
      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
    web2.vm.provision "ansible" do |ansible|
      ansible.playbook = "provision/setup-web.yml"
    end
  end
 end
--- a/wp-lb/provision/setup-db.yml
+++ b/wp-lb/provision/setup-db.yml
@ -0,0 +1,43 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: modules python pour 
    apt:
      name: python3-pymysql
      state: present
  - name: install mariadb-server
    apt: 
     name: mariadb-server
     state: present
  - name: Cree Bd wordpress 
    mysql_db: 
      db: wordpressdb
      login_unix_socket: /var/run/mysqld/mysqld.sock  
      state: present
  - name: Ouvre port 3306 mariadb-server 
    replace: 
      path: /etc/mysql/mariadb.conf.d/50-server.cnf
      regexp: '^bind-address.*'
      replace: '#bind-adress = 127.0.0.1'
      backup: yes  
    notify: restart mariadb
  - name: Create MySQL user for wordpress.
    mysql_user:
      name: wordpressuser
      password: wordpresspasswd
      priv: "wordpressdb.*:ALL"
      host: '%'
      state: present
      login_unix_socket: /var/run/mysqld/mysqld.sock  
  handlers:
  - name: restart mariadb
    ansible.builtin.service:
      name: mariadb
      state: restarted
--- a/wp-lb/provision/setup-lb.yml
+++ b/wp-lb/provision/setup-lb.yml
@ -0,0 +1,29 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: install haproxy
    apt:
      name: haproxy
      state: present
  - name: parametre backend et fontend
    blockinfile:
      path: /etc/haproxy/haproxy.cfg
      block: |
        frontend proxypublic
          bind 192.168.56.2:80
          default_backend fermeweb
        backend fermeweb
          balance roundrobin
          option httpclose
          #option httpchk HEAD / HTTP/1.0
          server web1.test 192.168.56.3:80 check
          #server web2.test 192.168.56.4:80 check
  - name: redemarre haproxy
    service:
      name: haproxy
      state: restarted
      enabled: yes
--- a/wp-lb/provision/setup-nfs.yml
+++ b/wp-lb/provision/setup-nfs.yml
@ -0,0 +1,88 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: 00 - cree repertoire wordpress pour export nfs
    file:
      path: /exports/wordpress
      state: directory
  - name: 05 - Install nfs-server
    apt:
      name: nfs-server
      state: present
  - name: 10 - creation fichier exports nfs  
    ansible.builtin.blockinfile:
      path: /etc/exports
      block: |
        /exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check)
  - name: 15 - Recupere wordpress.tar.gz
    get_url: 
      url: "https://fr.wordpress.org/latest-fr_FR.tar.gz"
      dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz
  - name: 20 - decompresse wordpress 
    unarchive: 
      src: /tmp/wordpress-6.1.1-fr_FR.tar.gz
      dest: /exports/
      remote_src: yes  
  - name: 22 - change owner et group pour repertoire wordpress
    file:
      path: /exports/wordpress
      state: directory
      recurse: yes
      owner: www-data
      group: www-data
  - name: 25 - genere fichier de config wordpress 
    copy: 
      src: /exports/wordpress/wp-config-sample.php
      dest: /exports/wordpress/wp-config.php
      remote_src: yes  
  - name: 30 - genere fichier de config wordpress 
    copy: 
      src: /exports/wordpress/wp-config-sample.php
      dest: /exports/wordpress/wp-config.php
      remote_src: yes  
  - name: 35 - ajuste variable dbname dans fichier de config wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "votre_nom_de_bdd"
      replace: "wordpressdb"
      backup: yes
  - name: 40 ajuste variable dbusername dans fichier de config wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "votre_utilisateur_de_bdd"
      replace: "wordpressuser"
      backup: yes
  - name: 45 - ajuste variable mdp dans fichier de config wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "votre_mdp_de_bdd"
      replace: "wordpresspasswd"
      backup: yes
  - name: 50 - ajuste hostname fichier wp-config.php  
    replace: 
      path: /exports/wordpress/wp-config.php
      regexp: "localhost"
      replace: "192.168.56.5"
      backup: yes
  - name: 55 - relance nfs
    service:
      name: nfs-server
      state: restarted
      enabled: yes
--- a/wp-lb/provision/setup-web.yml
+++ b/wp-lb/provision/setup-web.yml
@ -0,0 +1,31 @@
 ---
 - hosts: all
  become: true
  tasks:
  - name: install apache ...
    apt: 
      name: 
        - apache2
        - php
        - php-mbstring
        - php-mysql
        - mariadb-client  
      state: present
  - name: install nfs-common ...
    apt: 
      name: nfs-common 
      state: present
  - name: montage nfs pour word press
    blockinfile:
      path: /etc/fstab
      block: |
        192.168.56.6:/exports/wordpress /var/www/html nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0
  - name: monte export wordpress
    ansible.posix.mount:
      path: /var/www/html
      state: mounted
      fstype: nfs
      src: 192.168.56.6:/exports/wordpress
Author	SHA1	Message	Date
phil	9a8cbf4d6c	typo diverses	2024-02-09 00:16:20 +01:00
phil	141730bc73	typo boxtype	2024-02-09 00:02:04 +01:00
phil	9c3a4a35be	gitea-docker-traefik	2024-02-09 00:00:00 +01:00
phil	66a51430ba	ajout gitea-docker	2024-02-08 22:10:16 +01:00
sio user	2fdb65421a	ajout Vagrantfile lamp-ds	2024-01-25 13:51:00 +01:00
phil	86e536ed0f	kea-dhcp4	2024-01-10 22:53:30 +01:00
phil	64276d1e2d	errur template kea-dhcp4	2024-01-10 16:02:37 +01:00
phil	d760120870	dhcp4-server template	2024-01-10 15:36:22 +01:00
phil	094ac5d468	dhcp4.conf	2024-01-10 15:32:58 +01:00
phil	eda471703b	dhcp4.conf	2024-01-10 13:44:32 +01:00
phil	d02c5e36c0	agent conf	2024-01-10 13:27:33 +01:00
phil	0ab0c2d74c	modifs de base	2024-01-10 12:23:26 +01:00
phil	a74a0f89d2	Ajout Vagarntfile et playbooks pour kea dhcp HA	2024-01-09 21:50:55 +01:00
phil	a00d01c8da	maj pour bookworm : plus d'authentification	2023-09-21 23:18:13 +02:00
phil	6206d9c866	modif Vagrantfile pour bookworm, tests non termines	2023-09-21 00:44:38 +02:00
phil	c97b7846ce	ajout samba-ad-dc pour debian 12	2023-06-25 00:51:10 +02:00
sio user	2e2ac16aa1	doc	2023-05-05 13:21:41 +02:00
sio user	c2591142bf	php-intl, ldap , divers	2023-05-05 11:46:33 +02:00
phil	a5c3cf3825	glpi + timezone	2023-05-05 00:04:54 +02:00
“Albert	e4164ffb7c	MAJ README.md	2023-05-04 11:47:46 +02:00
“Albert	b72b2c2aa5	ajout dvpt : lAMP + phpmyadmin	2023-05-04 11:43:27 +02:00
phil	67340419cb	ajout logs	2023-04-25 20:56:28 +02:00
phil	3526354c05	ajout k3s-awx	2023-04-25 20:32:51 +02:00
Your Name	13213e4bf7	ajout app docker LAMP	2023-03-30 22:03:38 +00:00
“Albert	43e8eb5911	typo ...	2023-02-03 13:56:12 +01:00
“Albert	b24ef44c4a	deplac. install goss	2023-02-03 13:45:22 +01:00
“Albert	e195c6b4c7	pb mkzone	2023-02-03 13:22:46 +01:00
“Albert	535675494a	typo mkzone	2023-02-03 13:12:57 +01:00
phil	ade43e2369	modif nxc ok avec TLS	2023-01-29 23:35:26 +01:00
phil	fc24e96ac6	ajout Vgarantfile DNS pour bind9	2023-01-29 00:27:58 +01:00
phil	16c177fa5b	opt -s : pour serveur slave	2023-01-28 21:26:34 +01:00
phil	ad18fb502e	typo ..	2023-01-28 19:36:29 +01:00
phil	46e2166943	typo	2023-01-28 19:35:19 +01:00
phil	874bbac6e7	divers params	2023-01-28 19:21:07 +01:00
phil	00da92bdf9	modif mkzone	2023-01-28 18:22:53 +01:00
phil	9dbde4a623	carcact. parasites	2023-01-21 16:26:08 +01:00
phil	076a48b0a2	ajout mkzone pour bind	2023-01-21 16:13:26 +01:00
phil	d97a266456	ajout Vagarntfile lb wordpress	2023-01-19 23:05:23 +01:00
“Albert	ecf4af3734	typo	2023-01-18 13:22:43 +01:00
phil	e3d60ad398	guacamole operationnel	2023-01-17 21:50:03 +01:00
“Albert	cb2aac8aa3	ajout guacamole : projet	2023-01-17 13:56:39 +01:00
phil	d8dc8a0227	ajout semaphore	2023-01-09 23:46:32 +01:00
phil	ef96a368f3	ajout journald-remote	2023-01-07 00:20:05 +01:00
phil	8a5a320a71	ajout gitweb : pb master -> main	2023-01-05 00:59:11 +01:00
phil	888ecec657	ajout test	2023-01-04 19:27:31 +01:00
phil	742e4561db	nettoyage : ok	2022-12-29 17:36:49 +01:00
phil	99ad1129b9	reorg avec common	2022-12-29 15:23:42 +01:00
phil	6c16426120	nettoyage	2022-12-28 00:10:57 +01:00
		`@ -1 +0,0 @@`
			`kubeadm join 192.168.56.10:6443 --token n91jl0.zc7bph3quqqgoxwl --discovery-token-ca-cert-hash sha256:d75fb0f9601165872ffefeb5a2211713a401015864648ece848416035d420040`