pb mkzone

README.md

@@ -1,8 +1,9 @@
 # vagrant
 
-le 2023-01-19
+le 2023-01-29
 
 Ce dépôt héberge des **Vagrantfile** dont
+  * **dns** : Vagrantfile pour 2 serveurs **Bind9** (1 maitre et un esclave), tests **goss** chainés  
   * **docker**
   * **docker-wordpress**
   * **docker-glpi**

divers/bind/mkzone

@@ -8,7 +8,7 @@ trap cleanup SIGINT SIGTERM ERR EXIT
 #  - ficher de zone inverse
 #
 
-version="1.1"
+version="1.1a"
 zone="domaine.lan"
 slave=0
 
@@ -54,6 +54,7 @@ zone "${zone}" {
 
 zone "${zonerev}" {
     type master;
+    file "/etc/bind/db.${zone}.rev"; # zone directe
 };
 EOT
 else 
@@ -78,7 +79,7 @@ EOT
 fi
 }
 
-mkzdirrect () {
+mkzdirect () {
 # fichier de zone directe 
 echo "Generation fichier de zone directe db.${zone} ..."
 cat <<EOT > "db.${zone}"

dns/Vagrantfile

@@ -0,0 +1,53 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  # Base VM OS configuration.
+  config.vm.box = "debian/bullseye64"
+  config.ssh.insert_key = false
+  config.vm.synced_folder '.', '/vagrant', disabled: true
+
+  # General VirtualBox VM configuration.
+  config.vm.provider :virtualbox do |v|
+    v.memory = 512
+    v.cpus = 1
+    v.linked_clone = true
+    v.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
+    v.customize ["modifyvm", :id, "--ioapic", "on"]
+  end
+
+  # srv1 master.
+  config.vm.define "srv1" do |srv1|
+    srv1.vm.hostname = "srv1"
+    srv1.vm.network :private_network, ip: "192.168.56.10"
+    srv1.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    srv1.vm.provision "shell", path: "provision/setup-master.sh"
+  end
+
+
+  # srv2 slave.
+  config.vm.define "srv2" do |srv2|
+    srv2.vm.hostname = "srv2"
+    srv2.vm.network :private_network, ip: "192.168.56.11"
+    srv2.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    srv2.vm.provision "shell", path: "provision/setup-slave.sh"
+  end
+
+  # cli.
+  config.vm.define "cli" do |cli|
+    cli.vm.hostname = "cli"
+    cli.vm.network :private_network, ip: "192.168.56.30"
+    cli.vm.provider :virtualbox do |v|
+      v.customize ["modifyvm", :id, "--memory", 512]
+    end
+    cli.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+    cli.vm.provision "ansible" do |ansible|
+      ansible.playbook = "provision/setup-cli.sh"
+    end
+  end
+
+end
+

dns/provision/setup-master.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+set -eu
+
+mondomaine=domaine.lan
+apt-get install -y  bind9 bind9-doc bind9-host 
+wget -nc https://gitea.lyc-lecastel.fr/gadmin/vagrant/raw/branch/main/divers/bind/mkzone
+bash mkzone "${mondomaine}"
+cp db.${mondomaine}* /etc/bind
+cp named.conf.local  /etc/bind
+sudo named-checkconf /etc/bind/named.conf
+sudo named-checkzone "${mondomaine}" "/etc/bind/db.${mondomaine}"
+sudo systemctl restart bind9
+host srv1
+host srv2
+host -t soa "${mondomaine}"
+host -l "${mondomaine}"
+curl -fsSL https://goss.rocks/install |sh
+goss add command "host ${mondomaine}"
+goss add command "host -t soa ${mondomaine}"
+goss add command "host -t ns ${mondomaine}"
+goss add command "host srv1.${mondomaine}"
+goss add command "host srv1"
+goss add command "host www"
+goss add command "host srv2.${mondomaine}"
+goss add command "host srv2"
+goss add command "host 192.168.56.10"
+goss add command "host 192.168.56.11"
+goss v -f tap

dns/provision/setup-slave.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -eu
+
+mondomaine=domaine.lan
+apt-get install -y  bind9 bind9-doc bind9-host 
+wget -nc https://gitea.lyc-lecastel.fr/gadmin/vagrant/raw/branch/main/divers/bind/mkzone
+bash mkzone -s "${mondomaine}"
+cp named.conf.local  /etc/bind
+sudo named-checkconf /etc/bind/named.conf
+sudo named-checkzone "${mondomaine}" "/etc/bind/db.${mondomaine}"
+sudo systemctl restart bind9
+host srv1
+host srv2
+host -t soa "${mondomaine}"
+host -l "${mondomaine}"

docker-traefik-nextcloud/Vagrantfile

@@ -64,95 +64,8 @@ Vagrant.configure("2") do |config|
   # Enable provisioning with a shell script. Additional provisioners such as
   # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
   # documentation for more information about their specific syntax and use.
-   config.vm.provision "shell", inline: <<-SHELL
-     apt-get update
-     apt install -y wget curl git vim
-     if ! which docker ; then
-       curl -s -o getdocker.sh https://get.docker.com
-       bash getdocker.sh
-       gpasswd -a vagrant docker
-     fi
-     mkdir -p nextcloud && cd nextcloud
-cat > traefik.yml  <<-'EOT'
-version: '3'
-
-networks:
-  proxy:
-    external: true
-
-services:
-  reverse-proxy:
-    # The official v2 Traefik docker image
-    image: traefik:v2.9
-    container_name: traefik
-    # Enables the web UI and tells Traefik to listen to docker
-    command: --api.insecure=true --providers.docker
-    ports:
-      # The HTTP port
-      - "80:80"
-      # The Web UI (enabled by --api.insecure=true)
-      - "8080:8080"
-    volumes:
-      # So that Traefik can listen to the Docker events
-      - /var/run/docker.sock:/var/run/docker.sock
-    networks:
-      - proxy
-
-'EOT'
-cat > nextcloud.yml  <<-'EOT'
-version: '2'
-
-volumes:
-  nextcloud:
-  db:
-
-networks:
-  proxy:
-    external: true
-  nxc:
-    external: false
-
-services:
-  db:
-    image: mariadb:10.5
-    container_name: db
-    restart: always
-    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
-    volumes:
-      - db:/var/lib/mysql
-    networks:
-      - nxc
-    environment:
-      - MYSQL_ROOT_PASSWORD=Azerty1+
-      - MYSQL_PASSWORD=Azerty1+
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-
-  app:
-    image: nextcloud
-    container_name: app
-    restart: always
-      #    ports:
-      #      - 8081:80
-    links:
-      - db
-    volumes:
-      - nextcloud:/var/www/html
-    networks:
-      - proxy
-      - nxc
-    labels:
-      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
-    environment:
-      - MYSQL_PASSWORD=Azerty1+
-      - MYSQL_DATABASE=nextcloud
-      - MYSQL_USER=nextcloud
-      - MYSQL_HOST=db
-'EOT'
-  docker network create proxy
-  docker compose -f traefik.yml up -d 
-  docker compose -f nextcloud.yml up -d 
-  ip -br a 
-   SHELL
+   config.vm.provision "shell",
+      inline: "sudo apt-get update ; sudo apt-get install -y vim curl wget"
+   config.vm.provision "shell", path: "provision/setup.sh"
 end
 

docker-traefik-nextcloud/provision/docker-compose.yml

@@ -0,0 +1,82 @@
+version: '3'
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+  
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+    ports:
+      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+#      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+      - "traefik.enable=true"
+      - "traefik.docker.network=proxy"
+        #      - "traefik.http.routers.app.entrypoints=websecure"
+        #      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+
+

docker-traefik-nextcloud/provision/setup.sh

@@ -0,0 +1,161 @@
+#!/bin/bash
+apt-get update
+apt-get install -y wget curl git vim
+if ! which docker ; then
+   curl -s -o getdocker.sh https://get.docker.com
+   bash getdocker.sh
+   gpasswd -a vagrant docker
+fi
+mkdir -p nextcloud && cd nextcloud
+wget -O mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.4/mkcert-v1.4.4-linux-amd64
+chmod +x mkcert
+mv mkcert /usr/local/bin
+sudo apt-get install -y libnss3-tools
+mkdir certs config
+mkcert -install
+mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "mon.nxc" "*.mon.nxc"
+cat > traefik.yml  <<EOT
+version: '3'
+
+networks:
+  proxy:
+    external: true
+
+services:
+  reverse-proxy:
+    # The official v2 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+EOT
+
+cat > ./config/static.yml <<EOT
+global:
+  sendAnonymousUsage: false
+api:
+  dashboard: true
+  insecure: true
+providers:
+  docker:
+    endpoint: "unix:///var/run/docker.sock"
+    watch: true
+    exposedByDefault: false
+  file:
+    filename: /etc/traefik/dynamic.yml
+    watch: true
+
+log:
+  level: INFO
+  format: common
+
+entryPoints:
+  http:
+    address: ":80"
+    http:
+      redirections:
+        entryPoint:
+          to: https
+          scheme: https
+  https:
+    address: ":443"
+EOT
+
+cat > ./config/dynamic.yml <<EOT
+http:
+  routers:
+    traefik:
+      rule: "Host(`traefik.docker.localhost`)"
+      service: "api@internal"
+      tls:
+        domains:
+          - main: "docker.localhost"
+            sans:
+              - "*.docker.localhost"
+          - main: "mon.nxc"
+            sans:
+              - "*.mon.nxc"
+
+tls:
+  certificates:
+    - certFile: "/etc/certs/local-cert.pem"
+      keyFile: "/etc/certs/local-key.pem"
+EOT
+
+
+cat > nextcloud.yml  <<'EOT'
+version: '2'
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
+services:
+  db:
+    image: mariadb:10.5
+    container_name: db
+    restart: always
+    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
+    volumes:
+      - db:/var/lib/mysql
+    networks:
+      - nxc
+    environment:
+      - MYSQL_ROOT_PASSWORD=Azerty1+
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+
+  app:
+    image: nextcloud
+    container_name: app
+    restart: always
+      #    ports:
+      #      - 8081:80
+    #links:
+    depends_on:
+      - db
+    volumes:
+      - nextcloud:/var/www/html
+    networks:
+      - proxy
+      - nxc
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
+      - "traefik.http.routers.app.tls=true"
+    environment:
+      - MYSQL_PASSWORD=Azerty1+
+      - MYSQL_DATABASE=nextcloud
+      - MYSQL_USER=nextcloud
+      - MYSQL_HOST=db
+'EOT'
+
+docker network create proxy
+docker compose -f traefik.yml up -d 
+docker compose -f nextcloud.yml up -d 
+ip -br a 
+