diff --git a/roles/stork-server/README.md b/roles/stork-server/README.md new file mode 100644 index 0000000..51cd0d9 --- /dev/null +++ b/roles/stork-server/README.md @@ -0,0 +1,21 @@ +# Rôle Kea +*** +Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité. + +## Tables des matières + 1. [Que fait le rôle Kea ?] + 2. [Installation et configuration de ka] + 3. [Remarques] + + +## Que fait le rôle Kea ? +Le rôle KEA permet de configurer 1 serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité. +- Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user. +- Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. + +### Installation et configuration de kea + +Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité. + +### Remarquees ### +Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST. diff --git a/roles/stork-server/default/main.yml b/roles/stork-server/default/main.yml new file mode 100644 index 0000000..3f3e879 --- /dev/null +++ b/roles/stork-server/default/main.yml @@ -0,0 +1,8 @@ +#variable kea + kea_ver: "2.4.1" + kea_dbname: "" + kaa_dbuser: "" + kea_dbpasswd: "" + kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf" + kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf" + diff --git a/roles/stork-server/handlers/main.yml b/roles/stork-server/handlers/main.yml new file mode 100644 index 0000000..e10ea87 --- /dev/null +++ b/roles/stork-server/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart isc-stork-server.service + ansible.builtin.service: + name: isc-stork-server.service + state: restarted + enabled: yes diff --git a/roles/stork-server/tasks/main.yml b/roles/stork-server/tasks/main.yml new file mode 100644 index 0000000..6b54ce7 --- /dev/null +++ b/roles/stork-server/tasks/main.yml @@ -0,0 +1,31 @@ +--- + +- name: Preparation + ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash + +- name: Update apt + ansible.builtin.apt: + update_cache: yes + + #- name: Installation paquet isc-kea-common + # ansible.builtin.apt: + # deb: isc-kea-common + # state: present + +- name: Installation isc-stork-server postgresql + ansible.builtin.apt: + pkg: + - isc-stork-server + - postgresql-15 + +- name: lancer la commande de création de la base de donnees stork + ansible.builtin.shell: su postgres --command "stork-tool db-create --db-name {{ stork_db_name }} --db-user {{ stork_db_user }} --db-password {{ stork_db_passwd }}" + +- name: Generation ---- du fichier de configuration server.env + ansible.builtin.template: + src: server.env.j2 + dest: /etc/stork/server.env + notify: + - Restart isc-stork-server.service + + diff --git a/roles/stork-server/templates/server.env.j2 b/roles/stork-server/templates/server.env.j2 new file mode 100644 index 0000000..d0fed70 --- /dev/null +++ b/roles/stork-server/templates/server.env.j2 @@ -0,0 +1,52 @@ +### database settings +### the address of a PostgreSQL database +STORK_DATABASE_HOST=localhost +### the port of a PostgreSQL database +STORK_DATABASE_PORT=5432 +### the name of a database +STORK_DATABASE_NAME={{ stork_db_name }} +### the username for connecting to the database +STORK_DATABASE_USER_NAME={{ stork_db_user }} +### the SSL mode for connecting to the database +### possible values: disable, require, verify-ca, or verify-full +# STORK_DATABASE_SSLMODE= +### the location of the SSL certificate used by the server to connect to the database +# STORK_DATABASE_SSLCERT= +### the location of the SSL key used by the server to connect to the database +# STORK_DATABASE_SSLKEY= +### the location of the root certificate file used to verify the database server's certificate +# STORK_DATABASE_SSLROOTCERT= +### the password for the username connecting to the database +### empty password is set to avoid prompting a user for database password +STORK_DATABASE_PASSWORD={{stork_db_passwd }} + +### REST API settings +### the IP address on which the server listens +# STORK_REST_HOST= +### the port number on which the server listens +# STORK_REST_PORT= +### the file with a certificate to use for secure connections +# STORK_REST_TLS_CERTIFICATE= +### the file with a private key to use for secure connections +# STORK_REST_TLS_PRIVATE_KEY= +### the certificate authority file used for mutual TLS authentication +# STORK_REST_TLS_CA_CERTIFICATE= +### the directory with static files served in the UI +STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www +### the base URL of the UI - to be used only if the UI is served from a subdirectory +# STORK_REST_BASE_URL= + +### enable Prometheus /metrics HTTP endpoint for exporting metrics from +### the server to Prometheus. It is recommended to secure this endpoint +### (e.g. using HTTP proxy). +# STORK_SERVER_ENABLE_METRICS=true + +### Logging parameters + +### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR +# STORK_LOG_LEVEL=DEBUG +### disable output colorization +# CLICOLOR=false + +### path to the hook directory +# STORK_SERVER_HOOK_DIRECTORY= diff --git a/s-backup.yml b/s-backup.yml index 772ccda..22a602d 100644 --- a/s-backup.yml +++ b/s-backup.yml @@ -1,15 +1,20 @@ --- - hosts: localhost connection: local + vars: + stork_db_user: "stork-server" + stork_db_passwd: "Azerty1+" + stork_db_name: "stork" roles: - base - goss -# - proxy3 + - proxy3 - zabbix-cli - gotify -# - ssh-cli - # - syslog-cli + - stork-server + - ssh-cli + - syslog-cli - smb-backup - dns-slave - post