pb mkzone

README.md

@@ -1,8 +1,9 @@
 # vagrant
 
-le 2023-01-19
+le 2023-01-29
 
 Ce dépôt héberge des **Vagrantfile** dont
+  * **dns** : Vagrantfile pour 2 serveurs **Bind9** (1 maitre et un esclave), tests **goss** chainés  
   * **docker**
   * **docker-wordpress**
   * **docker-glpi**

divers/bind/mkzone

@@ -1,29 +1,49 @@
-#/bin/bash
+#!/usr/bin/env bash
-set -u
+
-set -e
+set -Eeuo pipefail
+trap cleanup SIGINT SIGTERM ERR EXIT
+
 # cree les fichiers de configuration bind9 
 #  - ficher de zone directe
 #  - ficher de zone inverse
 #
-readonly zone="domaine.lan"
+
+version="1.1a"
+zone="domaine.lan"
+slave=0
+
+
+cleanup() {
+  trap - SIGINT SIGTERM ERR EXIT
+  # script cleanup here
+}
+
+initialize () {
 readonly zonenet="192.168.56"
 readonly zonerev="56.168.192.in-addr.arpa"
+
+# NS1
 readonly nsname="srv1"
 readonly nsip="${zonenet}.10"
 readonly nsiprev=$(echo ${nsip}|cut -d. -f4) # dernier octet pour classe C
+
+# NS2 
 readonly nsname2="srv2"
 readonly nsip2="${zonenet}.11"
 readonly nsiprev2=$(echo ${nsip2}|cut -d. -f4)
 readonly ttl="86400"
 
+# Global
 readonly nsfqdn="${nsname}.${zone}"
 readonly nsfqdnp="${nsfqdn}."
 readonly zonep="${zone}."
 readonly date=$(date +%Y%m%d00)
+}
 
-
+mkconflocal () {
+if [[ "${slave}" != 1 ]] ; then
+echo "Generation fichier named.conf.local ..."
 cat <<EOT > "named.conf.local"
-
 # fichier zone ${zone}
 # le $(date)
 
@@ -34,12 +54,34 @@ zone "${zone}" {
 
 zone "${zonerev}" {
     type master;
-    file "/etc/bind/db.${zone}.rev";  # zone inverse 
+    file "/etc/bind/db.${zone}.rev"; # zone directe
+};
+EOT
+else 
+echo "Generation fichier named.conf.local ..."
+cat <<EOT > "named.conf.local"
+# fichier zone ${zone}
+# le $(date)
+
+zone "${zone}" {
+    type slave;
+    file "/var/cache/bind/db.${zone}"; # zone directe
+    masters { ${nsip} ; };
+};
+
+zone "${zonerev}" {
+    type slave;
+    file "/var/cache/bind/db.${zone}.rev"; # zone directe
+    masters { ${nsip} ; };
 };
 
 EOT
+fi
+}
 
-
+mkzdirect () {
+# fichier de zone directe 
+echo "Generation fichier de zone directe db.${zone} ..."
 cat <<EOT > "db.${zone}"
 ; fichier zone ${zone}
 ; le $(date)
@@ -67,12 +109,14 @@ ${nsname2}         IN   A     ${nsip2}
                    IN   AAAA  2001:DB8:BEEF:100::22
 
 EOT
+}
 
+mkzreverse () {
+echo "Generation fichier de zone inverse db.${zone}.rev ..."
 cat <<EOT > "db.${zone}.rev"
 ; fichier zone inverse ${zone}
 ; le $(date)
 \$TTL ${ttl} ; (1 day)
-#\$ORIGIN ${zonep}
 @ IN SOA ${nsfqdnp} root.${nsfqdnp} (
                 ${date} ; serial YYYYMMDDnn
                 14400      ; refresh (4 hours)
@@ -81,12 +125,120 @@ cat <<EOT > "db.${zone}.rev"
                 3600       ; minimum (1 hour)
                 )
  
-@                 IN   NS    ${nsname}
+@                 IN   NS    ${nsname}.${zone}.
-@                 IN   NS    ${nsname2}
+@                 IN   NS    ${nsname2}.${zone}.
  
  
-${nsiprev}	 IN   PTR     ${nsname}
+${nsiprev}	 IN   PTR     ${nsname}.${zone}.
-${nsiprev2}      IN   PTR     ${nsname2}
+${nsiprev2}      IN   PTR     ${nsname2}.${zone}.
 
 EOT
 
+}
+
+mkresolv () {
+echo "Generation fichier /etc/resolv.conf ..."
+cat <<EOT > "/etc/resolv.conf"
+
+# fichier resolv.conf ${zone}
+# le $(date)
+domain ${zone}
+search ${zone}
+nameserver 127.0.0.1
+EOT
+}
+
+script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P)
+
+usage() {
+  cat <<EOF # remove the space between << and EOF, this is due to web plugin issue
+Usage: $(basename "${BASH_SOURCE[0]}") [-h] [-v] [-f] -p param_value zone [arg2...]
+
+Script description here.
+
+Available options:
+
+-h, --help      Print this help and exit
+-v, --verbose   Print script debug info
+-s, --slave      Some flag description
+-p, --param     Some param description
+EOF
+  exit
+}
+
+cleanup() {
+  trap - SIGINT SIGTERM ERR EXIT
+  # script cleanup here
+}
+
+setup_colors() {
+  if [[ -t 2 ]] && [[ -z "${NO_COLOR-}" ]] && [[ "${TERM-}" != "dumb" ]]; then
+    NOFORMAT='\033[0m' RED='\033[0;31m' GREEN='\033[0;32m' ORANGE='\033[0;33m' BLUE='\033[0;34m' PURPLE='\033[0;35m' CYAN='\033[0;36m' YELLOW='\033[1;33m'
+  else
+    NOFORMAT='' RED='' GREEN='' ORANGE='' BLUE='' PURPLE='' CYAN='' YELLOW=''
+  fi
+}
+
+msg() {
+  echo >&2 -e "${1-}"
+}
+
+die() {
+  local msg=$1
+  local code=${2-1} # default exit status 1
+  msg "$msg"
+  exit "$code"
+}
+
+parse_params() {
+  # default values of variables set from params
+  flag=0
+  param=''
+
+  while :; do
+    case "${1-}" in
+    -h | --help) usage ;;
+    --no-color) NO_COLOR=1 ;;
+    -s | --slave) flag=1 ;; # example flag
+#    -p | --param) # example named parameter
+#      param="${2-}"
+#      shift
+#      ;;
+    -?*) die "Unknown option: $1" ;;
+    *) break ;;
+    esac
+    shift
+  done
+
+  args=("$@")
+
+  # check required params and arguments
+#  [[ -z "${param-}" ]] && die "Missing required parameter: param"
+  [[ ${#args[@]} -eq 0 ]] && die "Missing script arguments"
+
+  return 0
+}
+
+parse_params "$@"
+setup_colors
+
+# script logic here
+
+#msg "${RED}Read parameters:${NOFORMAT}"
+#msg "- flag: ${flag}"
+#msg "- param: ${param}"
+#msg "- arguments: ${args[*]-}"
+
+zone="${args[0]-}"
+slave="${flag}"
+initialize
+if [[ ${flag} != 1 ]] ; then
+	mkconflocal
+	mkzdirect
+	mkzreverse
+	mkresolv
+else
+	mkconflocal
+	mkresolv
+fi
+exit 0

dns/Vagrantfile

@@ -0,0 +1,53 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # Base VM OS configuration.
+  config.vm.box = "debian/bullseye64"
+  config.ssh.insert_key = false
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
+  # General VirtualBox VM configuration.
+  config.vm.provider :virtualbox do |v|
+    v.memory = 512
+    v.cpus = 1
+    v.linked_clone = true
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # srv1 master.
+  config.vm.define "srv1" do |srv1|
+    srv1.vm.hostname = "srv1"
+    srv1.vm.network :private_network, ip: "192.168.56.10"
+    srv1.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    srv1.vm.provision "shell", path: "provision/setup-master.sh"
+  end
+
+
+  # srv2 slave.
+  config.vm.define "srv2" do |srv2|
+    srv2.vm.hostname = "srv2"
+    srv2.vm.network :private_network, ip: "192.168.56.11"
+    srv2.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    srv2.vm.provision "shell", path: "provision/setup-slave.sh"
+  end
+
+  # cli.
+  config.vm.define "cli" do |cli|
+    cli.vm.hostname = "cli"
+    cli.vm.network :private_network, ip: "192.168.56.30"
+    cli.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    cli.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    cli.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-cli.sh"
+    end
+  end
+
+end
+

dns/provision/setup-master.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -eu
+
+mondomaine=domaine.lan
+apt-get install -y  bind9 bind9-doc bind9-host 
+wget -nc https://gitea.lyc-lecastel.fr/gadmin/vagrant/raw/branch/main/divers/bind/mkzone
+bash mkzone "${mondomaine}"
+cp db.${mondomaine}* /etc/bind
+cp named.conf.local  /etc/bind
+sudo named-checkconf /etc/bind/named.conf
+sudo named-checkzone "${mondomaine}" "/etc/bind/db.${mondomaine}"
+sudo systemctl restart bind9
+host srv1
+host srv2
+host -t soa "${mondomaine}"
+host -l "${mondomaine}"
+curl -fsSL https://goss.rocks/install |sh
+goss add command "host ${mondomaine}"
+goss add command "host -t soa ${mondomaine}"
+goss add command "host -t ns ${mondomaine}"
+goss add command "host srv1.${mondomaine}"
+goss add command "host srv1"
+goss add command "host www"
+goss add command "host srv2.${mondomaine}"
+goss add command "host srv2"
+goss add command "host 192.168.56.10"
+goss add command "host 192.168.56.11"
+goss v -f tap

dns/provision/setup-slave.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -eu
+
+mondomaine=domaine.lan
+apt-get install -y  bind9 bind9-doc bind9-host 
+wget -nc https://gitea.lyc-lecastel.fr/gadmin/vagrant/raw/branch/main/divers/bind/mkzone
+bash mkzone -s "${mondomaine}"
+cp named.conf.local  /etc/bind
+sudo named-checkconf /etc/bind/named.conf
+sudo named-checkzone "${mondomaine}" "/etc/bind/db.${mondomaine}"
+sudo systemctl restart bind9
+host srv1
+host srv2
+host -t soa "${mondomaine}"
+host -l "${mondomaine}"

docker-traefik-nextcloud/Vagrantfile

@@ -64,95 +64,8 @@ Vagrant.configure("2") do |config|
   # Enable provisioning with a shell script. Additional provisioners such as
   # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
   # documentation for more information about their specific syntax and use.
-   config.vm.provision "shell", inline: <<-SHELL
+   config.vm.provision "shell",
-     apt-get update
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
-     apt install -y wget curl git vim
+   config.vm.provision "shell", path: "provision/setup.sh"
-     if ! which docker ; then
-       curl -s -o getdocker.sh https://get.docker.com
-       bash getdocker.sh
-       gpasswd -a vagrant docker
-     fi
-     mkdir -p nextcloud && cd nextcloud
-cat > traefik.yml  <<-'EOT'
-version: '3'
-
-networks:
-  proxy:
-    external: true
-
-services:
-  reverse-proxy:
-    # The official v2 Traefik docker image
-    image: traefik:v2.9
-    container_name: traefik
-    # Enables the web UI and tells Traefik to listen to docker
-    command: --api.insecure=true --providers.docker
-    ports:
-      # The HTTP port
-      - "80:80"
-      # The Web UI (enabled by --api.insecure=true)
-      - "8080:8080"
-    volumes:
-      # So that Traefik can listen to the Docker events
-      - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-      - proxy
-
-'EOT'
-cat > nextcloud.yml  <<-'EOT'
-version: '2'
-
-volumes:
-  nextcloud:
-  db:
-
-networks:
-  proxy:
-    external: true
-  nxc:
-    external: false
-
-services:
-  db:
-    image: mariadb:10.5
-    container_name: db
-    restart: always
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - db:/var/lib/mysql
-    networks:
-      - nxc
-    environment:
-      - MYSQL_ROOT_PASSWORD=Azerty1+
-      - MYSQL_PASSWORD=Azerty1+
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  app:
-    image: nextcloud
-    container_name: app
-    restart: always
-      #    ports:
-      #      - 8081:80
-    links:
-      - db
-    volumes:
-      - nextcloud:/var/www/html
-    networks:
-      - proxy
-      - nxc
-    labels:
-      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
-    environment:
-      - MYSQL_PASSWORD=Azerty1+
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db
-'EOT'
-  docker network create proxy
-  docker compose -f traefik.yml up -d 
-  docker compose -f nextcloud.yml up -d 
-  ip -br a 
-   SHELL
 end
 

docker-traefik-nextcloud/provision/docker-compose.yml

@@ -0,0 +1,82 @@
+version: '3'
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+  
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+    ports:
+      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+#      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+        #      - "traefik.http.routers.app.entrypoints=websecure"
+        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+
+

docker-traefik-nextcloud/provision/setup.sh

@@ -0,0 +1,161 @@
+#!/bin/bash
+apt-get update
+apt-get install -y wget curl git vim
+if ! which docker ; then
+   curl -s -o getdocker.sh https://get.docker.com
+   bash getdocker.sh
+   gpasswd -a vagrant docker
+fi
+mkdir -p nextcloud && cd nextcloud
+wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
+chmod +x mkcert
+mv mkcert /usr/local/bin
+sudo apt-get install -y libnss3-tools
+mkdir certs config
+mkcert -install
+mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "mon.nxc" "*.mon.nxc"
+cat > traefik.yml  <<EOT
+version: '3'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+EOT
+
+cat > ./config/static.yml <<EOT
+global:
+  sendAnonymousUsage: false
+api:
+  dashboard: true
+  insecure: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    watch: true
+    exposedByDefault: false
+  file:
+    filename: /etc/traefik/dynamic.yml
+    watch: true
+
+log:
+  level: INFO
+  format: common
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+EOT
+
+cat > ./config/dynamic.yml <<EOT
+http:
+  routers:
+    traefik:
+      rule: "Host(`traefik.docker.localhost`)"
+      service: "api@internal"
+      tls:
+        domains:
+          - main: "docker.localhost"
+            sans:
+              - "*.docker.localhost"
+          - main: "mon.nxc"
+            sans:
+              - "*.mon.nxc"
+
+tls:
+  certificates:
+    - certFile: "/etc/certs/local-cert.pem"
+      keyFile: "/etc/certs/local-key.pem"
+EOT
+
+
+cat > nextcloud.yml  <<'EOT'
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+      #    ports:
+      #      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+'EOT'
+
+docker network create proxy
+docker compose -f traefik.yml up -d 
+docker compose -f nextcloud.yml up -d 
+ip -br a 
+