maj goss r-vp2.yaml

README.md

@@ -90,8 +90,8 @@ bash chname <nouveau_nom_de_machine>` , puis redémarrer
     cd gsb2024/pre
     bash inst-depl
     cd /root/tools/ansible/gsb2024/pre
-    bash gsbboot
-    cd .. ; bash pull-config
+    DEPL=192.168.99.99 bash gsbboot
+    cd ../.. ; bash pull-config
 ```
   - redémarrer
   - la machine **s-adm** doit etre opérationnelle
@@ -121,8 +121,7 @@ mkdir -p tools/ansible ; cd tools/ansible
 git clone https://gitea.lyc-lecastel.fr/gsb/gsb2024.git
 cd gsb2024/pre
 DEPL=192.168.99.99 bash gsbboot
-cd ../..
-bash pull-config
+cd ../.. ; bash pull-config
 ```
 
 #### Etape 3

goss/r-vp1.yaml

@@ -1,21 +1,20 @@
 file:
   /etc/wireguard/wg0.conf:
     exists: true
-    mode: "0644"
+    mode: "0600"
     owner: root
     group: root
     filetype: file
-    contains:
-    - AllowedIPs = 10.0.0.2/32, 172.16.128.0/24
+    contains: []
 package:
   wireguard:
     installed: true
     versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1
   wireguard-tools:
     installed: true
     versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1+b1
 service:
   wg-quick@wg0:
     enabled: true

goss/r-vp2.yaml

@@ -1,7 +1,8 @@
 file:
   /etc/wireguard/wg0.conf:
     exists: true
-    mode: "0644"
+    mode: "0600"
+    size: 374
     owner: root
     group: root
     filetype: file
@@ -10,11 +11,11 @@ package:
   wireguard:
     installed: true
     versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1
   wireguard-tools:
     installed: true
     versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1+b1
 service:
   isc-dhcp-server:
     enabled: true

roles/base/templates/hosts.j2

@@ -22,6 +22,8 @@
 192.168.99.14	s-nas.gsb.adm
 192.168.99.15	s-san.gsb.adm
 192.168.99.16	s-fog.gsb.adm
+192.168.99.20	s-kea1.gsb.adm
+192.168.99.21	s-kea2.gsb.adm
 192.168.99.50	s-lb-bd.gsb.adm
 192.168.99.101	s-lb-web1.gsb.adm
 192.168.99.102	s-lb-web2.gsb.adm

roles/base/templates/hosts.s-proxy.j2

@@ -21,6 +21,8 @@
 192.168.99.12	r-int.gsb.adm
 192.168.99.13	r-ext.gsb.adm
 192.168.99.14	s-nas.gsb.adm
+192.168.99.20	s-kea1.gsb.adm
+192.168.99.21	s-kea2.gsb.adm
 192.168.99.50	s-lb-bd.gsb.adm
 192.168.99.101	s-lb-web1.gsb.adm
 192.168.99.102	s-lb-web2.gsb.adm

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023051000      ; Serial
+                        2024011500      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -27,6 +27,8 @@ s-mon    	IN      A       172.16.0.8
 s-itil		IN	A	172.16.0.9
 s-elk		IN	A	172.16.0.11
 s-gestsup	IN	A	172.16.0.17
+s-kea1		IN	A	172.16.0.20
+s-kea2		IN	A	172.16.0.21
 r-int    	IN      A       172.16.0.254
 r-int-lnk    	IN      A       192.168.200.254
 r-ext  		IN      A       192.168.200.253

roles/dns-master/files/db.gsb.lan.rev

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023040501      ; Serial
+                        2024011500      ; Serial
                         7200            ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -21,10 +21,12 @@ $TTL    604800
 7.0       IN      PTR     s-nxc.gsb.lan.
 8.0       IN      PTR     s-mon.gsb.lan.
 9.0	  IN	  PTR	  s-itil.gsb.lan.
+20.0	  IN	  PTR	  s-kea1.gsb.lan.
+21.0	  IN	  PTR	  s-kea2.gsb.lan.
 101.1     IN      PTR     s-web1
 101.2     IN      PTR     s-web2
 100.10   IN      PTR      s-lb
 100.10   IN      PTR      s-lb.gsb.lan
 11.0	  IN	  PTR	  s-elk.gsb.lan.
 17.0	  IN	  PTR	  s-gestsup.lan
-254.0     IN      PTR     r-int.gsb.lan.
+254.0     IN      PTR     r-int.gsb.lan.

roles/fog/files/fogsettings

@@ -42,7 +42,7 @@ tftpAdvOpts=''
 sslpath='/opt/fog/snapins/ssl/'
 backupPath='/home/'
 armsupport='0'
-php_ver='8.2'
+php_ver='7.4'
 #php_verAdds='-7.4'
 sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
 sendreports='Y'

roles/journald-rcv/README.md

@@ -4,7 +4,7 @@
 
 Ce role a pour objectif d'installer et d'éditer les fichiers de configuration de systemd journal remote afin que les machines lançant ce rôle puissent recevoir les logs des autres machine du parc.
 
-##  Opérations réaliser par le role:
+##  Opérations réalisées par le role:
 Le role réalise les opération suivante:
 * installation du paquet **systemd-journal-remote**.
 * Démarrage et activation (au démarrage) du service **systemd-journal-remote.socket.

roles/post/files/interfaces.s-kea1

@@ -0,0 +1,26 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# cote N-adm
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.99.20
+	netmask 255.255.255.0
+	gateway 192.168.99.99
+	
+
+# cote N-infra
+allow-hotplug enp0s8
+iface enp0s8 inet static
+	address 172.16.0.20
+	netmask 255.255.255.0
+
+#cote N-user
+allow-hotplug enp0s9
+iface enp0s9 inet static
+	address 172.16.64.20
+	netmask 255.255.255.0

roles/post/files/interfaces.s-kea2

@@ -0,0 +1,26 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# cote N-adm
+allow-hotplug enp0s3
+iface enp0s3 inet static
+	address 192.168.99.21
+	netmask 255.255.255.0
+	gateway 192.168.99.99
+	
+
+# cote N-infra
+allow-hotplug enp0s8
+iface enp0s8 inet static
+	address 172.16.0.21
+	netmask 255.255.255.0
+
+#cote N-user
+allow-hotplug enp0s9
+iface enp0s9 inet static
+	address 172.16.64.21
+	netmask 255.255.255.0

roles/zabbix-cli/tasks/main.yml

@@ -18,25 +18,19 @@
         state: present
 
     - name: Enable Zabbix agent service
-      systemd:
+      service:
         name: zabbix-agent
         state: restarted
         enabled: yes
         
-    - name: Rm package
-      file:
-        path: "/tmp/zabbix-release_6.4-1+debian12_all.deb"
-        state: absent
-
-    - name: config
-      template:
-        src: zabbix_agentd.conf.temp
-        dest: /etc/zabbix/zabbix_agentd.conf
-      vars:
-        PidFile: "/run/zabbix/zabbix_agentd.pid"
-        LogFile: "/var/log/zabbix/zabbix_agentd.log"
-        LogFileSize: "0"
-        Server: "127.0.0.1"
-        ServerActive: "192.168.99.8"
-        Hostname: "{{ ansible_hostname }}"
-        Include: "/etc/zabbix/zabbix_agentd.d/*.conf"
+    - name: Replace Zabbix agent config
+      replace:
+        path: /etc/zabbix/zabbix_agentd.conf
+        regexp: '{{ item.regexp }}'
+        replace: '{{ item.replace }}'
+        backup: true
+      loop:
+        - { regexp: '^(Server\s*=\s*).*$', replace: 'Server = 127.0.0.1' }
+        - { regexp: '^(ServerActive\s*=\s*).*$', replace: 'ServerActive = 192.168.99.8' }
+        - { regexp: '^(Hostname\s*=\s*).*$', replace: 'Hostname = {{ ansible_hostname }}' }
+        - { regexp: '^(Include\s*=\s*).*$', replace: 'Include = /etc/zabbix/zabbix_agentd.d/*.conf' }

roles/zabbix-cli/templates/zabbix_agentd.conf.temp

@@ -1,7 +0,0 @@
-PidFile={{ PidFile }}
-LogFile={{ LogFile }}
-LogFileSize={{ LogFileSize }}
-Server={{ Server }}
-ServerActive={{ ServerActive }}
-Hostname={{ Hostname }}
-Include={{ Include }}

s-adm.yml

@@ -8,7 +8,7 @@
     - dnsmasq
     - squid
 #    - local-store
-#    - zabbix-cli
+#    #- zabbix-cli
     ## - syslog-cli
     - post
 #    - goss

s-appli.yml

@@ -8,7 +8,7 @@
     - appli
     - ssh-cli
     # - syslog-cli
-    - zabbix-cli
+    #- zabbix-cli
     - ssl-apache
     - post
 

s-backup.yml

@@ -6,7 +6,7 @@
     - base
     - goss
 #   - proxy3
-    - zabbix-cli
+    #- zabbix-cli
 #   - ssh-cli
     # - syslog-cli
     - smb-backup

s-fog.yml

@@ -5,10 +5,10 @@
   roles:
     - base
     - goss
-    - dhcp-fog
-    - ssh-cli
-    - snmp-agent
+      #- dhcp-fog
+      #    - ssh-cli
+#    - snmp-agent
     # - syslog-cli
     #    - fog
--   - journald-snd  
+    #-   - journald-snd  
     - post

s-infra.yml

@@ -4,7 +4,7 @@
   #  include: config.yml
   roles:
     - base
-    - zabbix-cli 
+    #- zabbix-cli 
     - goss  
     - dns-master
     - webautoconf

s-proxy.yml

@@ -6,7 +6,7 @@
     - base
     - goss
     - squid
-    - zabbix-cli
+    #- zabbix-cli
     - ssh-cli
     # - syslog-cli
     - post

scripts/mkvm

@@ -1,19 +1,21 @@
 #!/bin/bash
 
-mkvmrelease="v1.3.1"
+mkvmrelease="v1.3.2"
 
 ovarelease="2023c"
 ovafogrelease="2024a"
 #ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova"
 ovafile="$HOME/Téléchargements/debian-bookworm-gsb-${ovarelease}.ova"
 ovafilefog="$HOME/Téléchargements/debian-bullseye-gsb-${ovafogrelease}.ova"
+startmode=0
 deletemode=0
 
 usage () {
 	echo "$0 - version ${mkvmrelease} - Ova version ${ovarelease}"
 	echo "$0 : creation VM et parametrage interfaces"
-	echo "usage : $0 [-r] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog>"
-	echo "       option -r : efface vm existante avant creation nouvelle"
+	echo "usage : $0 [-r] [-s] <s-adm|s-infra|r-int|r-ext|s-proxy|s-mon|s-appli|s-backup|s-itil|s-ncx|s-fog>"
+	echo "       option -r : efface VM existante avant creation nouvelle"
+	echo "       option -s : start VM apres creation"
 	exit 1
 }
 
@@ -59,12 +61,19 @@ fi
 if [[ $1 == "--help" ]] || [[ $1 == "-h" ]] || [[ $1 == "-V" ]] ; then
 	usage
 fi
-if [[ $1 == "-r" ]] ; then
-	deletemode=1
-	shift
-fi
-vm="$1"
-
+while [[ -n "$1" ]] ; do
+	if [[ "$1" == "-s" ]] ; then
+		startmode=1
+		shift
+	elif [[ "$1" == "-r" ]] ; then
+		deletemode=1
+		shift
+	else
+		parm=$1
+		shift
+	fi
+done
+vm="${parm}"
 create_vm "${vm}"
 if [[ "${vm}" == "s-adm" ]] ; then
 	bash addint.s-adm
@@ -91,6 +100,10 @@ elif [[ "${vm}" == "s-nxc" ]] ; then
         create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-fog" ]] ; then
         create_if "${vm}" "n-adm" "n-infra" "n-user"
+elif [[ "${vm}" == "s-kea1" ]] ; then
+        create_if "${vm}" "n-adm" "n-infra" "n-user"
+elif [[ "${vm}" == "s-kea2" ]] ; then
+        create_if "${vm}" "n-adm" "n-infra" "n-user"
 elif [[ "${vm}" == "s-dns-ext" ]] ; then
         create_if "${vm}" "n-adm" "n-dmz"
 elif [[ "${vm}" == "s-web-ext" ]] ; then
@@ -123,3 +136,6 @@ else
 	echo "$0 : vm ${vm} non prevue "
         exit 2	
 fi	
+if [[ $startmode == 1 ]] ; then
+	vboxmanage startvm "${vm}" --type headless
+fi

scripts/mkvm.ps1

@@ -102,6 +102,22 @@ elseif ($args[0] -eq "s-fog") {
 	create_if $args[0] "int" 3 "n-user"
 }
 
+elseif ($args[0] -eq "s-kea1") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	create_if $args[0] "int" 3 "n-user"
+}
+
+elseif ($args[0] -eq "s-kea2") {
+
+	create_vm $args[0]
+	create_if $args[0] "int" 1 "n-adm"
+	create_if $args[0] "int" 2 "n-infra"
+	create_if $args[0] "int" 3 "n-user"
+}
+
 elseif ($args[0] -eq "s-agence") {
 
 	create_vm $args[0]