maj README

README.md

@@ -1,13 +1,13 @@
 # vagrant
 
-le 2025-02-02 11h30 - ps
+le 2025-12-21 16h30 - ps
 
 Ce dépôt héberge des **Vagrantfile** dont : 
   * **dns** : Vagrantfile pour 2 serveurs **Bind9** (1 maitre et un esclave), tests **goss** chainés  
   * **divers/logs** : Vagrantfile pour serveur et client **rsyslog**  sans journald  
   * **docker**
   * **docker-wordpress**
-  * **docker-glpi**
+  * **docker-glpi** : Vagrantfile pour GLPI 11.0 avec docker - VM Debian 12
   * **docker-elk**
   * **docker-traefik-nextcloud**
   * **docker-traefik-nextcloud-ss-tls**
@@ -17,6 +17,7 @@ Ce dépôt héberge des **Vagrantfile** dont :
   * **glpi** : Vagrantfile pour VM Debian 11 GLPI 10.0.7
   * **guacamole** : Vagrantfile pour Apache Guacamole dockerise sans frontal
   * **jenkins** : Vagrantfile et script d'installation de Jenkins sur Debian 12 
+  * **journald-remote** : Vagrantfile pour centralisation des logs système avec **jounald-remote**  
   * **k8s** : kubernetes 1.26.00 + playbook pour master **k8s-master** et 2 noeuds **node-1** et **node-2**
   * **k3s-awx** : Vagrantfile + script **inst-awx** pour installation  **Ansible AWX** sur **k3s** avec **awx-on-k3s**
   * **kea-dhcp-ha** : Vagrantfile pour serveur DHCP kea - HA avec serveur stork - machines **kea1**, **kea2** et **stork** 
@@ -24,9 +25,11 @@ Ce dépôt héberge des **Vagrantfile** dont :
   * **lldap2** : Vagrantfile pour serveur LDAP en mode service **lldap** - integration pour Proxmox
   * **minione** : Vagrantfile pour Opennebula All In One
   * **netbox** : Vagrantfile pour Netbox dockerisée
+  * **opentofu** : sccript d'installation de **OpenTofu** et d'utilisation avec **bpg/proxmox**
   * **rundeck** : Vagrantfile + playbook pour installation avec Mariadb
   * **samba-ad-dc** : Vagrantfile + playbook pour **Samba 4.17 ad-dc** sur **Debian 12 Bookworm**
   * **wazuh** : Vagrantfile + playbook pour serveur **wazuh** 4.10 et client Debian
   * **wp-lb** : Wordpress web1 et web2, lb HaProxy, nfs, db Mariadb - Vagrantfile + playbooks
   * **zabbix** : Vagrantfile pour VM Debian 12 **zabbix7** Srv et VM Debian 12 **web1** apache, zabbix agent2
+  * **zabbix-docker** : Vagrantfile pour VM Debian 12 **zabbix** Srv avec docker et VM Debian 12 **web1** apache, zabbix agent2
 

docker-glpi/Vagrantfile

@@ -12,7 +12,7 @@ Vagrant.configure("2") do |config|
 
   # Every Vagrant development environment requires a box. You can search for
   # boxes at https://vagrantcloud.com/search.
-  config.vm.box = "debian/bullseye64"
+  config.vm.box = "debian/bookworm64"
   config.vm.hostname = "glpi"
 
   # Disable automatic box update checking. If you disable this, then
@@ -65,6 +65,7 @@ Vagrant.configure("2") do |config|
   # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
   # documentation for more information about their specific syntax and use.
    config.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
      apt-get update
      apt install -y wget curl git vim
      if ! which docker ; then
@@ -73,44 +74,54 @@ Vagrant.configure("2") do |config|
        gpasswd -a vagrant docker
      fi
      mkdir -p docker/glpi && cd docker/glpi
-cat > docker-compose.yml  <<-EOT
-version: "3.2"
-
+cat > compose.yml  <<-EOT
 services:
-#MariaDB Container
-  mariadb:
-    image: mariadb:10.7
-    container_name: mariadb
-    hostname: mariadb
-    volumes:
-      - ./mysql:/var/lib/mysql
-    env_file:
-      - ./mariadb.env
-    restart: always
-
-#GLPI Container
   glpi:
-    image: diouxx/glpi
-    container_name: glpi
-    hostname: glpi
+    image: "glpi/glpi:latest"
+    restart: "unless-stopped"
+    volumes:
+      - "./storage/glpi:/var/glpi:rw"
+    env_file: .env # Pass environment variables from .env file to the container
+    depends_on:
+      db:
+        condition: service_healthy
     ports:
       - "80:80"
-    volumes:
-      - /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
-      - /var/www/html/glpi/:/var/www/html/glpi
     environment:
       - TIMEZONE=Europe/Paris
-    restart: always
+
+  db:
+    image: "mariadb"
+    restart: "unless-stopped"
+    volumes:
+      - "./storage/mysql:/var/lib/mysql"
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
+      MYSQL_DATABASE: ${GLPI_DB_NAME}
+      MYSQL_USER: ${GLPI_DB_USER}
+      MYSQL_PASSWORD: ${GLPI_DB_PASSWORD}
+    healthcheck:
+      #test: mariadbadmin ping -h 127.0.0.1 -u $$MYSQL_USER --password=$$MYSQL_PASSWORD
+      test: ["CMD", "healthcheck.sh", "--connect", "--innodb_initialized"]
+      start_period: 5s
+      interval: 5s
+      timeout: 5s
+      retries: 10
+    expose:
+      - "3306"
 EOT
-cat > mariadb.env  <<-EOT
-MARIADB_ROOT_PASSWORD=diouxx
-MARIADB_DATABASE=glpidb
-MARIADB_USER=glpi_user
-MARIADB_PASSWORD=glpi
+
+cat > .env  <<-EOT
+GLPI_DB_HOST=db
+GLPI_DB_PORT=3306
+GLPI_DB_NAME=glpi
+GLPI_DB_USER=glpi
+GLPI_DB_PASSWORD=glpi
 EOT
   docker compose up -d
   ip -br a 
-   SHELL
+  SHELL
 end
 

docker-traefik-nextcloud/provision/setup.sh

@@ -14,38 +14,6 @@ sudo apt-get install -y libnss3-tools
 mkdir certs config
 mkcert -install
 mkcert -cert-file certs/local-cert.pem -key-file certs/local-key.pem "mon.nxc" "*.mon.nxc"
-cat > traefik.yml  <<EOT
-version: '3'
-
-networks:
-  proxy:
-    external: true
-
-services:
-  reverse-proxy:
-    # The official v2 Traefik docker image
-    image: traefik:latest
-    container_name: traefik
-    # Enables the web UI and tells Traefik to listen to docker
-    command: --api.insecure=true --providers.docker
-    ports:
-      # The HTTP port
-      - "80:80"
-      - "443:443"
-      # The Web UI (enabled by --api.insecure=true)
-      - "8080:8080"
-    volumes:
-      # So that Traefik can listen to the Docker events
-      - /var/run/docker.sock:/var/run/docker.sock:ro
-      # Map the static configuration into the container
-      - ./config/static.yml:/etc/traefik/traefik.yml:ro
-      # Map the dynamic configuration into the container
-      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
-      # Map the certificats into the container
-      - ./certs:/etc/certs:ro
-    networks:
-      - proxy
-EOT
 
 cat > ./config/static.yml <<EOT
 global:
@@ -100,22 +68,34 @@ tls:
 EOT
 
 
-cat > nextcloud.yml  <<EOT
-version: '2'
-
-volumes:
-  nextcloud:
-  db:
-
-networks:
-  proxy:
-    external: true
-  nxc:
-    external: false
-
+cat > compose.yml  <<EOT
 services:
+  reverse-proxy:
+    # The official V3 Traefik docker image
+    image: traefik:latest
+    container_name: traefik
+    # Enables the web UI and tells Traefik to listen to docker
+    command: --api.insecure=true --providers.docker
+    ports:
+      # The HTTP port
+      - "80:80"
+      - "443:443"
+      # The Web UI (enabled by --api.insecure=true)
+      - "8080:8080"
+    volumes:
+      # So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      # Map the static configuration into the container
+      - ./config/static.yml:/etc/traefik/traefik.yml:ro
+      # Map the dynamic configuration into the container
+      - ./config/dynamic.yml:/etc/traefik/dynamic.yml:ro
+      # Map the certificats into the container
+      - ./certs:/etc/certs:ro
+    networks:
+      - proxy
+
   db:
-    image: mariadb:10.5
+    image: mariadb
     container_name: db
     restart: always
     command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
@@ -133,9 +113,6 @@ services:
     image: nextcloud
     container_name: app
     restart: always
-      #    ports:
-      #      - 8081:80
-    #links:
     depends_on:
       - db
     volumes:
@@ -145,17 +122,30 @@ services:
       - nxc
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.app.rule=Host(\`mon.nxc\`)"
+      - "traefik.http.routers.app.rule=Host(`mon.nxc`)"
       - "traefik.http.routers.app.tls=true"
+      - "traefik.docker.network=proxy"
+      - "traefik.http.routers.app.service=app-service"
+      - "traefik.http.services.app-service.loadbalancer.server.port=80"
     environment:
       - MYSQL_PASSWORD=Azerty1+
       - MYSQL_DATABASE=nextcloud
       - MYSQL_USER=nextcloud
       - MYSQL_HOST=db
+
+volumes:
+  nextcloud:
+  db:
+
+networks:
+  proxy:
+    external: true
+  nxc:
+    external: false
+
 EOT
 
 docker network create proxy
-docker compose -f traefik.yml up -d 
-docker compose -f nextcloud.yml up -d 
+docker compose up -d 
 ip -br a 
 

jenkins/README.md

@@ -2,11 +2,11 @@
 
 ## Présentation
 
-Le script ''install-jenkins.sh'' installe l'application CI/CD **jenkins** sur Debian 12 avec openJDK 17 à partir du dépot jenkins.
+Le script **install-jenkins.sh** installe l'application CI/CD **jenkins** sur Debian 12 avec openJDK 17 à partir du dépot jenkins.
 
 Il installe également les applications **git** et **ansible**.
 
 Jenkins est accessible  sur le port 8080 
 
-Le script fonctione sur une VM KVM ou sur un conteneur LXC.
+Le script fonctionne sur une VM KVM ou sur un conteneur LXC.
 

jenkins/jenkins-proxy.d2

@@ -0,0 +1,9 @@
+direction: right
+client.shape: cloud
+client -> jenkins: " :443"
+jenkins: {
+  caddy
+  jenkins
+  caddy -> jenkins: ":8080"
+}
+

jenkins/provision/install-jenkins.sh

@@ -3,9 +3,6 @@
 sudo apt-get update
 sudo apt-get install -y  gnupg openjdk-17-jdk
 
-#wget -q -O - https://pkg.jenkins.io/debian-stable/jenkins.io.key | sudo apt-key add -
-#sudo sh -c 'echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list'
-
 curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \   /usr/share/keyrings/jenkins-keyring.asc > /dev/null
 
 echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \   https://pkg.jenkins.io/debian-stable binary/ | sudo tee \   /etc/apt/sources.list.d/jenkins.list > /dev/null

opentofu/credential.auto.tfvars

@@ -0,0 +1,3 @@
+proxmox_endpoint  = "https://px2.sio.lan:8006/"
+proxmox_api_token = "tofuer@pve!tofu=123456c0-xxxx-yyyy-zzzz-abcdef37eb7a"
+

opentofu/crtoken.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+#
+#
+tfR=TofuUser
+tfU=tofuer
+tk=tofu
+
+pveum role add "${tfR}" -privs "\
+  Datastore.Allocate \
+  Datastore.AllocateSpace \
+  Datastore.Audit \
+  Pool.Allocate \
+  Pool.Audit \
+  Sys.Audit \
+  Sys.Console \
+  Sys.Modify \
+  Sys.Syslog \
+  VM.Allocate \
+  VM.Audit \
+  VM.Clone \
+  VM.Config.CDROM \
+  VM.Config.Cloudinit \
+  VM.Config.CPU \
+  VM.Config.Disk \
+  VM.Config.HWType \
+  VM.Config.Memory \
+  VM.Config.Network \
+  VM.Config.Options \
+  VM.Console \
+  VM.Migrate \
+  VM.GuestAgent.Audit \
+  VM.GuestAgent.FileRead \
+  VM.GuestAgent.FileWrite \
+  VM.GuestAgent.FileSystemMgmt \
+  VM.GuestAgent.Unrestricted \
+  VM.PowerMgmt \
+  Mapping.Audit \
+  Mapping.Use \
+  SDN.Audit \
+  SDN.Use"
+
+
+pveum user add "${tfU}@pve" --password 'Azerty1+-'
+
+pveum aclmod / -user "${tfU}@pve" -role "${tfR}"
+
+pveum user token add "${tfU}@pve" "$tk" -expire 0 -privsep 0 -comment "Tofu token"|tee "tk-${tk}.txt"
+

opentofu/inst-toku.sh

@@ -0,0 +1,20 @@
+#!§bin/bash
+#echo "Installation d'OpenTofu
+#
+## Download the installer script:
+curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
+## Alternatively: wget --secure-protocol=TLSv1_2 --https-only https://get.opentofu.org/install-opentofu.sh -O install-opentofu.sh
+# 
+# # Give it execution permissions:
+ chmod +x install-opentofu.sh
+#  
+# Please inspect the downloaded script
+#   
+# Run the installer:
+./install-opentofu.sh --install-method deb
+#    
+# Remove the installer:
+rm -f install-opentofu.sh
+
+tofu version
+#

opentofu/main.tf

@@ -0,0 +1,114 @@
+# Retrieve VM templates available in Proxmox that match the specified name
+data "proxmox_virtual_environment_vms" "template" {
+  filter {
+    name   = "name"
+    values = ["${var.vm_template}"] # The name of the template to clone from
+  }
+}
+
+# Create a cloud-init configuration file as a Proxmox snippet
+resource "proxmox_virtual_environment_file" "cloud_config" {
+  content_type = "snippets"        # Cloud-init files are stored as snippets in Proxmox
+  datastore_id = "local"           # Local datastore used to store the snippet
+  node_name    = var.node_name     # The Proxmox node where the file will be uploaded
+
+  source_raw {
+    file_name = "vm.cloud-config.yaml" # The name of the snippet file
+    data      = <<-EOF
+    #cloud-config
+    hostname: ${var.vm_name}
+    package_update: true
+    package_upgrade: true
+    packages:
+      - qemu-guest-agent           # Ensures the guest agent is installed
+    users:
+      - default
+      - name: ${var.vm_user}
+        groups: sudo
+        shell: /bin/bash
+        ssh-authorized-keys:
+          - "${var.vm_user_sshkey}" # Inject user's SSH key
+        sudo: ALL=(ALL) NOPASSWD:ALL
+    runcmd:
+      - systemctl enable qemu-guest-agent 
+      - systemctl start qemu-guest-agent
+      - echo "done" > /tmp/cloud-config.done
+      #- reboot                     # Reboot the VM after provisioning
+    EOF
+  }
+}
+
+# Define and provision a new VM by cloning the template and applying initialization
+resource "proxmox_virtual_environment_vm" "vm" {
+  name      = var.vm_name           # VM name
+  node_name = var.node_name         # Proxmox node to deploy the VM
+  tags      = var.vm_tags           # Optional VM tags for categorization
+  vm_id     = var.vm_id
+
+  agent {
+    enabled = true                  # Enable the QEMU guest agent
+  }
+
+  stop_on_destroy = true            # Ensure VM is stopped gracefully when destroyed
+
+  clone {
+    vm_id     = data.proxmox_virtual_environment_vms.template.vms[0].vm_id     # ID of the source template
+    node_name = data.proxmox_virtual_environment_vms.template.vms[0].node_name # Node of the source template
+  }
+
+  bios    = var.vm_bios             # BIOS type (e.g., seabios or ovmf)
+  machine = var.vm_machine          # Machine type (e.g., q35)
+
+  cpu {
+    cores = var.vm_cpu              # Number of CPU cores
+    type  = "host"                  # Use host CPU type for best compatibility/performance
+  }
+
+  memory {
+    dedicated = var.vm_ram          # RAM in MB
+  }
+
+  disk {
+    datastore_id = var.node_datastore # Datastore to hold the disk
+    interface    = "scsi0"             # Primary disk interface
+    size         = 4                   # Disk size in GB
+  }
+
+  initialization {
+    user_data_file_id = proxmox_virtual_environment_file.cloud_config.id # Link the cloud-init file
+    datastore_id      = var.node_datastore
+    interface         = "scsi1"             # Separate interface for cloud-init
+    ip_config {
+      ipv4 {
+        address = var.vm_address            # CIDR
+        gateway = var.vm_gateway            # Get IP via DHCP
+      }
+    }
+  }
+
+  network_device {
+    bridge  = "vmbr0"               # Use the default bridge
+    #vlan_id = var.vm_vlan           # VLAN tagging if used
+  }
+
+  operating_system {
+    type = "l26"                    # Linux 2.6+ kernel
+  }
+
+  vga {
+    type = "std"                    # Standard VGA type
+  }
+
+  lifecycle {
+    ignore_changes = [              # Ignore initialization section after first depoloyment for idempotency
+      initialization
+    ]
+  }
+}
+
+# Output the assigned IP address of the VM after provisioning
+#output "vm_ip" {
+#  value       = proxmox_virtual_environment_vm.vm.ipv4_addresses[1][0] # Second network interface's first IP
+#  description = "VM IP"
+#}
+

opentofu/provider.tf

@@ -0,0 +1,23 @@
+# Define the required Terraform provider block
+terraform {
+  required_providers {
+    proxmox = {
+      source = "bpg/proxmox" # Use the community Proxmox provider from the bpg namespace
+    }
+  }
+}
+
+# Configure the Proxmox provider with API and SSH access
+provider "proxmox" {
+  endpoint  = var.proxmox_endpoint  # Proxmox API URL (e.g., https://proxmox.local:8006/api2/json)
+  api_token = var.proxmox_api_token # API token for authentication (should have appropriate permissions)
+  insecure  = true                 # Reject self-signed or invalid TLS certificates (set to true only in trusted/test environments)
+
+  # Optional SSH settings used for VM customization via SSH
+  ssh {
+    agent       = true                        # Do not use the local SSH agent; use key file instead
+#    private_key = file("~/.ssh/id_ed25519")    # Load SSH private key from the local file system
+    username    = "root"                       # SSH username for connecting to the Proxmox host
+  }
+}
+

opentofu/terraform.tfvars

@@ -0,0 +1,8 @@
+node_name = "px2"     # Name of the Proxmox node where the VM will be deployed
+vm_name   = "infra4"  # Desired name for the new virtual machine
+vm_id     = "2001"    # Desired Id for the new virtual machine
+vm_cpu    = 1            # Number of CPU cores to allocate to the VM
+vm_ram    = 1024         # Amount of RAM in MB (2 GB)
+#vm_vlan   = 66           # VLAN ID for network segmentation
+vm_address = "10.121.38.43/24"
+vm_gateway = "10.121.38.254"

opentofu/token.txt

@@ -0,0 +1,10 @@
+┌──────────────┬─────────────────────────────────────────────────────┐
+│ key          │ value                                               │
+╞══════════════╪═════════════════════════════════════════════════════╡
+│ full-tokenid │ tofuer@pve!tofu                                     │
+├──────────────┼─────────────────────────────────────────────────────┤
+│ info         │ {"comment":"Tofu token","expire":"0","privsep":"0"} │
+├──────────────┼─────────────────────────────────────────────────────┤
+│ value        │ 4b1234c0-1239-4563-789c-abcdef12eb7a                │
+└──────────────┴─────────────────────────────────────────────────────┘
+

opentofu/variables.tf

@@ -0,0 +1,99 @@
+variable "proxmox_endpoint" {
+  description = "Proxmox URL endpoint"
+  type        = string
+}
+
+variable "proxmox_api_token" {
+  description = "Proxmox API token"
+  type        = string
+  sensitive   = true
+}
+
+variable "node_name" {
+  description = "Proxmox host for the VM"
+  type        = string
+}
+
+variable "node_datastore" {
+  description = "Datastore used for VM storage"
+  type        = string
+  default     = "local-lvm"
+}
+
+variable "vm_template" {
+  description = "Template of the VM"
+  type        = string
+  #default     = "ubuntu-cloud"
+  default     = "Debian-12-Template"
+}
+
+variable "vm_name" {
+  description = "Hostname of the VM"
+  type        = string
+}
+
+variable "vm_user" {
+  description = "Admin user of the VM"
+  type        = string
+  default     = "debian"
+}
+
+variable "vm_user_sshkey" {
+  description = "Admin user SSH key of the VM"
+  type        = string
+  default     = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd97G/Uw3zlnhVByjpHZFw9FDa88phFUMtYfstTq7wYlUOJB2rdLPpU0bAjIpvpYmHOmBNseWYKaOT7EXNdxWPWJGuoen23tqdSzhnOV0LJz8zbCIA0Ykz/XOqRyJkq6qUw+L3atDxVC5pSSSY279yJtuQ2nmVld2KWDY4lnyZzZT5eQsrxCbT57hVMLCKcMKNb4QnYlLgnyHW8DyWHGG5GEWF9skFSPlmwY5s5H3OYg3u8ijuGjenjDTzLfRUzFltGJ2kBYbIn1iailArKpCiasmJyyja+YuYn3WwaNcl8Tpqa8eI52/LtOXDMwUKzvRJ6D6INEr/1duGYP/fQSEH root@ansible"
+}
+
+variable "vm_cpu" {
+  description = "Number of CPU cores of the VM"
+  type        = number
+  default     = 1
+}
+
+variable "vm_ram" {
+  description = "Number of RAM (MB) of the VM"
+  type        = number
+  default     = 1024
+}
+
+variable "vm_bios" {
+  description = "Type of BIOS used for the VM"
+  type        = string
+  default     = "ovmf"
+}
+
+variable "vm_machine" {
+  description = "Type of machine used for the VM"
+  type        = string
+  default     = "q35"
+}
+
+#variable "vm_vlan" {
+#  description = "VLAN of the VM"
+#  type        = number
+#  #default     = 66
+#}
+
+variable "vm_tags" {
+  description = "Tags for the VM"
+  type        = list(any)
+  default     = ["test"]
+}
+
+variable "vm_address" {
+  description = "IP v4 address for the VM - CIDR format"
+  type        = string
+#  default     = "q35"
+}
+
+variable "vm_gateway" {
+  description = "Gateway IP v4 address for the VM"
+  type        = string
+  default     = "10.121.38.254"
+}
+
+
+variable "vm_id" {
+  description = "VM identifier"
+  type        = string
+}

payara/Vagrantfile

@@ -0,0 +1,86 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+  config.vm.hostname = "paya"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+   config.vm.network "forwarded_port", guest: 8080, host: 8080
+   config.vm.network "forwarded_port", guest: 4848, host: 4848
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above.
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+   config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   config.vm.provision "shell", inline: <<-SHELL
+     apt-get update
+     apt-get install -y vim wget curl 
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+
+     SHELL
+end

payara/compose.yml

@@ -0,0 +1,27 @@
+services:
+  payara:
+    image: payara/server-full:6.2025.9-jdk17
+    container_name: payara
+    ports:
+      - "8080:8080"
+      - "4848:4848"
+    env_file:
+      - "variables.env"
+        #environment:
+        #SCRIPT_DIR: ""
+        #    volumes:
+        #- ./data/payara:/opt/payara
+        #- ./payara/apps:/opt/payara/deployments
+        #    depends_on:
+        # - db
+  db:
+    image: mariadb
+    container_name: db
+    ports:
+      - "3336:3306"
+    env_file:
+      - "variables.env"
+    volumes:
+      - ./data/db_data:/var/lib/mysql
+      - ./init:/docker-entrypoint-initdb.d  
+

payara/init/bdclient.sql

@@ -0,0 +1,80 @@
+-- phpMyAdmin SQL Dump
+-- version 5.2.1deb1+deb12u1
+-- https://www.phpmyadmin.net/
+--
+-- Hôte : localhost:3306
+-- Généré le : sam. 04 oct. 2025 à 13:39
+-- Version du serveur : 10.11.14-MariaDB-0+deb12u2
+-- Version de PHP : 8.2.29
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+START TRANSACTION;
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8mb4 */;
+
+--
+-- Base de données : `bdclient`
+--
+CREATE DATABASE IF NOT EXISTS `bdclient` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
+USE `bdclient`;
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `client`
+--
+
+CREATE TABLE IF NOT EXISTS `client` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `nom` varchar(25) NOT NULL,
+  `prenom` varchar(25) NOT NULL,
+  `mail` varchar(25) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+--
+-- Déchargement des données de la table `client`
+--
+
+INSERT INTO `client` (`id`, `nom`, `prenom`, `mail`) VALUES
+(1, 'Thevenot', 'Delphine', ''),
+(2, 'Sevre', 'Philippe', ''),
+(3, 'Dupuis', 'JM', ''),
+(4, 'thevenot', 'Eric', 'eric@gmail.com'),
+(5, 'chabert', 'thomas', '');
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `salarie`
+--
+
+CREATE TABLE IF NOT EXISTS `salarie` (
+  `idSal` int(11) NOT NULL AUTO_INCREMENT,
+  `login` varchar(25) NOT NULL,
+  `mdp` varchar(25) NOT NULL,
+  `estAdmin` tinyint(1) NOT NULL,
+  PRIMARY KEY (`idSal`)
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
+
+--
+-- Déchargement des données de la table `salarie`
+--
+
+INSERT INTO `salarie` (`idSal`, `login`, `mdp`, `estAdmin`) VALUES
+(1, 'dthevenot', 'dt', 1),
+(2, 'mdavid', 'md', 0);
+COMMIT;
+
+DROP USER 'adminBDClient'@'%'; 
+CREATE USER 'adminBDClient' IDENTIFIED BY "mdpBDClient";
+GRANT ALL PRIVILEGES ON bdclient.* TO 'adminBDClient'@'%' WITH GRANT OPTION;
+
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

payara/variables.env

@@ -0,0 +1,9 @@
+MYSQL_DATABASE=bdclient
+MYSQL_HOST=db
+MYSQL_PORT=3306
+MYSQL_USER=adminBDClient
+MYSQL_PASSWORD=mdpBDClient
+MYSQL_ROOT_PASSWORD=dbpwd
+#JDBC_RESOURCE_NAME=jdbc/cesibigapp
+#JMS_RESOURCE_NAME=jms/cesibigapp
+

zabbix-docker/README.md

@@ -0,0 +1,22 @@
+# Zabbix-docker
+
+## Présentation 
+
+
+Cette Vagrantfile :
+  * créée la VM **zabbix**, installe **docker**, et un fichier **compose.yml**   
+  * créée la VM **web1**, installe **apache2** ainsi que **zabbix-agent2** (mode active) et l'inscrit sur **zabbix**
+
+
+## Mode opératoire
+```
+vagrant up zabbix
+vagrant up web1
+```
+  * une fois connecté à zabbix (Admin/zabbix)
+    * ajouter l'hote avec son adresse IP 192.168.56.10 et les templates :
+       linux serveur 
+       serveur web apache zabbix-agent 2
+
+## Documentation
+  * cf https://www.virtualizationhowto.com/2025/11/why-i-switched-to-zabbix-for-monitoring-my-docker-containers/

zabbix-docker/Vagrantfile

@@ -0,0 +1,165 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.define "zabbix" do |zabbix|
+    zabbix.vm.box = "debian/bookworm64"
+    zabbix.vm.hostname = "zabbix"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+  # config.vm.network "forwarded_port", guest: 80, host: 8080
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine and only allow access
+  # via 127.0.0.1 to disable public access
+  # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+  #   zabbix.vm.network "private_network", ip: "192.168.56.10"
+
+        zabbix.vm.network "private_network", ip: "192.168.56.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+   #zabbix.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Disable the default share of the current code directory. Doing this
+  # provides improved isolation between the vagrant box and your host
+  # by making sure your Vagrantfile isn't accessible to the vagrant box.
+  # If you use this you may want to enable additional shared subfolders as
+  # shown above
+  # config.vm.synced_folder ".", "/vagrant", disabled: true
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  zabbix.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+     vb.memory = "2048"
+   end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Ansible, Chef, Docker, Puppet and Salt are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+   zabbix.vm.provision "shell", inline: <<-SHELL
+     timedatectl set-timezone Europe/Paris
+     apt-get update && apt upgrade -y
+     apt-get install -y wget curl git vim
+     if ! which docker ; then
+       curl -s -o getdocker.sh https://get.docker.com
+       bash getdocker.sh
+       gpasswd -a vagrant docker
+     fi
+     mkdir zabbix && cd zabbix
+cat > compose.yml <<EOT
+services:
+  mysql-server:
+    image: mysql:8.0
+    container_name: zabbix-mysql
+    restart: unless-stopped
+    environment:
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      MYSQL_ROOT_PASSWORD: root_password
+    volumes:
+      - ./zabbix/mysql:/var/lib/mysql
+    command:
+      - mysqld
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_bin
+
+  zabbix-server:
+    image: zabbix/zabbix-server-mysql:latest
+    container_name: zabbix-server
+    restart: unless-stopped
+    environment:
+      DB_SERVER_HOST: mysql-server
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      MYSQL_ROOT_PASSWORD: root_password
+    ports:
+      - "10051:10051"
+    volumes:
+      - ./zabbix/server:/var/lib/zabbix
+    depends_on:
+      - mysql-server
+
+  zabbix-web:
+    image: zabbix/zabbix-web-nginx-mysql:latest
+    container_name: zabbix-web
+    restart: unless-stopped
+    environment:
+      DB_SERVER_HOST: mysql-server
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      ZBX_SERVER_HOST: zabbix-server
+      PHP_TZ: Europe/Paris
+    ports:
+      - "8080:8080"
+    depends_on:
+      - mysql-server
+      - zabbix-server
+EOT
+
+docker compose up
+   SHELL
+  end
+
+  config.vm.define "web1" do |srv| #VM No'1
+        srv.vm.box = "debian/bookworm64" #Setting machine type
+        srv.vm.hostname = "web1" #Setting machine type
+        srv.vm.network "private_network", ip: "192.168.56.11"
+        srv.vm.provision "shell", inline: <<-SHELL
+         timedatectl set-timezone Europe/Paris
+         apt-get update
+         apt-get install -y wget curl vim apache2
+         wget https://repo.zabbix.com/zabbix/7.4/release/debian/pool/main/z/zabbix-release/zabbix-release_latest_7.4+debian12_all.deb
+         dpkg -i zabbix-release_latest_7.4+debian12_all.deb
+         apt update
+         apt install -y zabbix-agent2
+         echo "Server=192.168.56.10" >> /etc/zabbix/zabbix_agent2.conf
+         echo "ServerActive=192.168.56.10" >> /etc/zabbix/zabbix_agent2.conf
+         echo "Hostname=web1" >> /etc/zabbix/zabbix_agent2.conf
+         systemctl restart zabbix-agent2
+         SHELL
+      end
+
+
+end

zabbix-docker/compose.yml

@@ -0,0 +1,53 @@
+services:
+  mysql-server:
+    image: mariadb
+    container_name: zabbix-mysql
+    restart: unless-stopped
+    environment:
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      MYSQL_ROOT_PASSWORD: root_password
+    volumes:
+      - ./zabbix/mysql:/var/lib/mysql
+    command:
+      #- mysqld
+        mysqld --character-set-server=utf8mb4 --collation-server=utf8mb4_bin
+#      - mariadb
+#      - --character-set-server=utf8mb4
+#      - --collation-server=utf8mb4_bin
+
+  zabbix-server:
+    image: zabbix/zabbix-server-mysql:latest
+    container_name: zabbix-server
+    restart: unless-stopped
+    environment:
+      DB_SERVER_HOST: mysql-server
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      MYSQL_ROOT_PASSWORD: root_password
+    ports:
+      - "10051:10051"
+    volumes:
+      - ./zabbix/server:/var/lib/zabbix
+    depends_on:
+      - mysql-server
+
+  zabbix-web:
+    image: zabbix/zabbix-web-nginx-mysql:latest
+    container_name: zabbix-web
+    restart: unless-stopped
+    environment:
+      DB_SERVER_HOST: mysql-server
+      MYSQL_DATABASE: zabbix
+      MYSQL_USER: zabbix
+      MYSQL_PASSWORD: zabbix_password
+      ZBX_SERVER_HOST: zabbix-server
+      PHP_TZ: Europe/Paris
+    ports:
+      - "8080:8080"
+    depends_on:
+      - mysql-server
+      - zabbix-server
+

zabbix/README.md

@@ -10,8 +10,9 @@ Cette Vagrantfile :
 ## Mode opératoire
   - vagrant up zabbix7
   - vagrant up web1
-  - une fois connecté à zabbix7 (Admin/zabbix)
-      ajouter l'hote avec son adresse IP 192.168.56.10 et les templates :
-       linux serveur 
-       serveur web apache zabbix-agent 2
+  - une fois connecté à **zabbix7** (Admin/zabbix)
+      ajouter l'hote **web1** avec son adresse IP 192.168.56.10 et les templates suivantes :
+       * *linux serveur* 
+       * *serveur web apache* 
+       * *zabbix-agent 2*