s-fog.yaml et fogsettings single interface

Creation role kea a continuer
maj s-mon : become
2024-01-16 15:34:41 +01:00 · 2024-01-16 12:41:50 +01:00 · 2024-01-16 12:06:22 +01:00 · 2024-01-16 11:39:57 +01:00 · 2024-01-16 11:03:44 +01:00 · 2024-01-16 10:38:55 +01:00
19 changed files with 243 additions and 25 deletions
--- a/goss/r-vp1.yaml
+++ b/goss/r-vp1.yaml
@ -1,21 +1,20 @@
 file:
  /etc/wireguard/wg0.conf:
    exists: true
-    mode: "0644"
+    mode: "0600"
    owner: root
    group: root
    filetype: file
-    contains:
+    contains: []
    - AllowedIPs = 10.0.0.2/32, 172.16.128.0/24
 package:
  wireguard:
    installed: true
    versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1
  wireguard-tools:
    installed: true
    versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1+b1
 service:
  wg-quick@wg0:
    enabled: true
--- a/goss/r-vp2.yaml
+++ b/goss/r-vp2.yaml
@ -1,7 +1,8 @@
 file:
  /etc/wireguard/wg0.conf:
    exists: true
-    mode: "0644"
+    mode: "0600"
    size: 374
    owner: root
    group: root
    filetype: file
@ -10,11 +11,11 @@ package:
  wireguard:
    installed: true
    versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1
  wireguard-tools:
    installed: true
    versions:
-    - 1.0.20210223-1
+    - 1.0.20210914-1+b1
 service:
  isc-dhcp-server:
    enabled: true
--- a/roles/base/templates/hosts.j2
+++ b/roles/base/templates/hosts.j2
@ -22,6 +22,8 @@
 192.168.99.14	s-nas.gsb.adm
 192.168.99.15	s-san.gsb.adm
 192.168.99.16	s-fog.gsb.adm
 192.168.99.20	s-kea1.gsb.adm
 192.168.99.21	s-kea2.gsb.adm
 192.168.99.50	s-lb-bd.gsb.adm
 192.168.99.101	s-lb-web1.gsb.adm
 192.168.99.102	s-lb-web2.gsb.adm
--- a/roles/base/templates/hosts.s-proxy.j2
+++ b/roles/base/templates/hosts.s-proxy.j2
@ -21,6 +21,8 @@
 192.168.99.12	r-int.gsb.adm
 192.168.99.13	r-ext.gsb.adm
 192.168.99.14	s-nas.gsb.adm
 192.168.99.20	s-kea1.gsb.adm
 192.168.99.21	s-kea2.gsb.adm
 192.168.99.50	s-lb-bd.gsb.adm
 192.168.99.101	s-lb-web1.gsb.adm
 192.168.99.102	s-lb-web2.gsb.adm
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@ -5,7 +5,7 @@
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023051000      ; Serial
+                        2024011500      ; Serial
                        7200	        ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
@ -27,6 +27,8 @@ s-mon    	IN      A       172.16.0.8
 s-itil		IN	A	172.16.0.9
 s-elk		IN	A	172.16.0.11
 s-gestsup	IN	A	172.16.0.17
 s-kea1		IN	A	172.16.0.20
 s-kea2		IN	A	172.16.0.21
 r-int    	IN      A       172.16.0.254
 r-int-lnk    	IN      A       192.168.200.254
 r-ext  		IN      A       192.168.200.253
--- a/roles/dns-master/files/db.gsb.lan.rev
+++ b/roles/dns-master/files/db.gsb.lan.rev
@ -5,7 +5,7 @@
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2023040501      ; Serial
+                        2024011500      ; Serial
                        7200            ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
@ -21,6 +21,8 @@ $TTL    604800
 7.0       IN      PTR     s-nxc.gsb.lan.
 8.0       IN      PTR     s-mon.gsb.lan.
 9.0	  IN	  PTR	  s-itil.gsb.lan.
 20.0	  IN	  PTR	  s-kea1.gsb.lan.
 21.0	  IN	  PTR	  s-kea2.gsb.lan.
 101.1     IN      PTR     s-web1
 101.2     IN      PTR     s-web2
 100.10   IN      PTR      s-lb
--- a/roles/fog/files/.fogsettings.single-if
+++ b/roles/fog/files/.fogsettings.single-if
@ -0,0 +1,46 @@
 ## Start of FOG Settings
 ## Created by the FOG Installer
 ## Find more information about this file in the FOG Project wiki:
 ##     https://wiki.fogproject.org/wiki/index.php?title=.fogsettings
 ## Version: 1.5.10
 ## Install time: mar. 16 janv. 2024 15:27:57
 ipaddress='192.168.99.100'
 copybackold='0'
 interface='enp0s3'
 submask='255.255.255.0'
 hostname='s-fog.gsb.lan'
 routeraddress='192.168.99.99'
 plainrouter='192.168.99.99'
 dnsaddress='192.168.99.99'
 username='fogproject'
 password='zbSw#FaGPS7O1bJ5tpfj'
 osid='2'
 osname='Debian'
 dodhcp='Y'
 bldhcp='0'
 dhcpd='isc-dhcp-server'
 blexports='1'
 installtype='N'
 snmysqluser='fogmaster'
 snmysqlpass='cbZjO*gCONbbldV4a6l1'
 snmysqlhost='localhost'
 mysqldbname='fog'
 installlang='0'
 storageLocation='/images'
 fogupdateloaded=1
 docroot='/var/www/html/'
 webroot='/fog/'
 caCreated='yes'
 httpproto='http'
 startrange=''
 endrange=''
 packages='apache2 bc build-essential cpp curl g++ gawk gcc genisoimage git gzip htmldoc isolinux lftp libapache2-mod-php libc6 libcurl4 liblzma-dev m4 mariadb-client mariadb-server net-tools nfs-kernel-server openssh-server php php-bcmath php-cli php-curl php-fpm php-gd php-json php-ldap php-mbstring php-mysql tar tftpd-hpa tftp-hpa unzip vsftpd wget zlib1g'
 noTftpBuild=''
 tftpAdvOpts=''
 sslpath='/opt/fog/snapins/ssl/'
 backupPath='/home/'
 armsupport=''
 php_ver='7.4'
 sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
 sendreports='Y'
 ## End of FOG Settings
--- a/roles/fog/files/fogsettings
+++ b/roles/fog/files/fogsettings
@ -42,7 +42,7 @@ tftpAdvOpts=''
 sslpath='/opt/fog/snapins/ssl/'
 backupPath='/home/'
 armsupport='0'
-php_ver='8.2'
+php_ver='7.4'
 #php_verAdds='-7.4'
 sslprivkey='/opt/fog/snapins/ssl//.srvprivate.key'
 sendreports='Y'
--- a/roles/fog/tasks/main.yml
+++ b/roles/fog/tasks/main.yml
@ -42,8 +42,8 @@
    src: "/tmp/{{ depl_fog }}"
    dest: "/tmp/"
- name: Exécution du script d'installation Fog
+      #- name: Exécution du script d'installation Fog
-  ansible.builtin.shell: sudo bash /tmp/fogproject-1.5.10/bin/installfog.sh --recreate-keys -f /tmp/fogsettings -y
+      #  ansible.builtin.shell: sudo bash /tmp/fogproject-1.5.10/bin/installfog.sh --recreate-keys -f /tmp/fogsettings -y
-  args:
+      #  args:
-    chdir: "/tmp/fogproject-1.5.10/"
+      #    chdir: "/tmp/fogproject-1.5.10/"
--- a/roles/kea/README.md
+++ b/roles/kea/README.md
@ -0,0 +1,14 @@
 # Rôle Kea
 ***
 Rôle du Kea pour la haute disponibilité dhcp
 ## Tables des matières
    1. [Que fait le rôle Kea ?]
 ## Que fait le rôle Kea ?
 Il permet de configurer les serveur kea en mode haute disponibilité.
 ### Installation et configuration de kea
 Le rôle kea va installer les packets kea dhcp4, hook, admin une fois les packets installer. Nous allons configurer les 2 serveurs kea pour qu'il distribut les ip de n-user et soit en haute disponibilité.
--- a/roles/kea/default/main.yml
+++ b/roles/kea/default/main.yml
@ -0,0 +1,8 @@
 #variable kea
 kea_ver: "2.4.1"
 kea_dbname: ""
 kea_dbuser: ""
 kea_dbpasswd: ""
 kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf"
 kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf"
--- a/roles/kea/handlers/main.yml
+++ b/roles/kea/handlers/main.yml
@ -0,0 +1,5 @@
 - name: restart zabbix agent
   service:
     name: zabbix-agent
     state: restarted
     enabled: yes
--- a/roles/kea/tasks/main.yml
+++ b/roles/kea/tasks/main.yml
@ -0,0 +1,65 @@
    - name: installation des dépendances
      apt:
        name:
        - liblog4cplus-2.0.5
        - libmariadb3
        - libpq5
        - mariadb-common
        - mysql-common
        state: present
    - name: telechargemement du paquet isc-kea-common 
      get_url:
        url: "https://dl.cloudsmith.io/public/isc/kea-2-4/deb/debian/pool/bookworm/main/i/is/isc-kea-common_2.4.1-isc20231123184533/isc-kea-common_2.4.1-isc20231123184533_amd64.deb" 
        dest: "/tmp"
    - name: telechargement du paquet isc-kea-dhcp4
      get_url:
        url: "https://dl.cloudsmith.io/public/isc/kea-2-4/deb/debian/pool/bookworm/main/i/is/isc-kea-dhcp4_2.4.1-isc20231123184533/isc-kea-dhcp4_2.4.1-isc20231123184533_amd64.deb" 
        dest: "/tmp"
    - name: telechargement du paquet isc-kea-ctrl-agent
      get_url:
        url: "https://dl.cloudsmith.io/public/isc/kea-2-4/deb/debian/pool/bookworm/main/i/is/isc-kea-ctrl-agent_2.4.1-isc20231123184533/isc-kea-ctrl-agent_2.4.1-isc20231123184533_amd64.deb" 
        dest: "/tmp"
    - name: telechargement du  paquet isc-kea-hooks
      get_url:
        url: "https://dl.cloudsmith.io/public/isc/kea-2-4/deb/debian/pool/bookworm/main/i/is/isc-kea-hooks_2.4.1-isc20231123184533/isc-kea-hooks_2.4.1-isc20231123184533_amd64.deb" 
        dest: "/tmp"
    - name: Update apt
      apt:
        update_cache: yes
    - name: Installation paquet isc-kea-common
      apt:
        deb: "/tmp/isc-kea-common_2.4.1-isc20231123184533_amd64.deb"
        state: present
    - name: Installation isc-kea-dhcp4
      apt:
        deb: "/tmp/isc-kea-dhcp4_2.4.1-isc20231123184533_amd64.deb"
        state: present
    - name: Installation isc-kea-ctrl-agent
      apt:
        deb: "/tmp/isc-kea-ctrl-agent_2.4.1-isc20231123184533_amd64.deb"
        state: present
    - name: Installation isc-kea-ctrl-agent
      apt:
        deb: "/tmp/isc-kea-ctrl-agent_2.4.1-isc20231123184533_amd64.deb"
        state: present
    - name: Installation isc-kea-hooks
      apt:
        deb: "/tmp/isc-kea-ctrl-agent_2.4.1-isc20231123184533_amd64.deb"
        state: present
    - name: Installation isc-kea-hooks
      apt:
        deb: "/tmp/isc-kea-ctrl-agent_2.4.1-isc20231123184533_amd64.deb"
        state: present
--- a/roles/post/files/interfaces.s-kea1
+++ b/roles/post/files/interfaces.s-kea1
@ -0,0 +1,26 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 # The loopback network interface
 auto lo
 iface lo inet loopback
 # cote N-adm
 allow-hotplug enp0s3
 iface enp0s3 inet static
 	address 192.168.99.20
 	netmask 255.255.255.0
 	gateway 192.168.99.99
 # cote N-infra
 allow-hotplug enp0s8
 iface enp0s8 inet static
 	address 172.16.0.20
 	netmask 255.255.255.0
 #cote N-user
 allow-hotplug enp0s9
 iface enp0s9 inet static
 	address 172.16.64.20
 	netmask 255.255.255.0
--- a/roles/post/files/interfaces.s-kea2
+++ b/roles/post/files/interfaces.s-kea2
@ -0,0 +1,26 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
 # The loopback network interface
 auto lo
 iface lo inet loopback
 # cote N-adm
 allow-hotplug enp0s3
 iface enp0s3 inet static
 	address 192.168.99.21
 	netmask 255.255.255.0
 	gateway 192.168.99.99
 # cote N-infra
 allow-hotplug enp0s8
 iface enp0s8 inet static
 	address 172.16.0.21
 	netmask 255.255.255.0
 #cote N-user
 allow-hotplug enp0s9
 iface enp0s9 inet static
 	address 172.16.64.21
 	netmask 255.255.255.0
--- a/s-fog.yml
+++ b/s-fog.yml
@ -5,10 +5,10 @@
  roles:
    - base
    - goss
-    - dhcp-fog
+      #- dhcp-fog
-    - ssh-cli
+      #    - ssh-cli
-    - snmp-agent
+#    - snmp-agent
    # - syslog-cli
-    #    - fog
+    - fog
-   - journald-snd  
+    #-   - journald-snd  
-    - post
+    #- post
--- a/s-mon.yml
+++ b/s-mon.yml
@ -1,8 +1,8 @@
 ---
 - name: Zabbix
-  hosts: all
+  hosts: localhost
-  #  become: yes
+  become: yes
-  #  become_method: sudo
+  become_method: sudo
  #  become_user: root
  #  vars:
  #  access: "Restricted Nagios4 Access"
--- a/scripts/mkvm
+++ b/scripts/mkvm
@ -100,6 +100,10 @@ elif [[ "${vm}" == "s-nxc" ]] ; then
        create_if "${vm}" "n-adm" "n-infra"
 elif [[ "${vm}" == "s-fog" ]] ; then
        create_if "${vm}" "n-adm" "n-infra" "n-user"
 elif [[ "${vm}" == "s-kea1" ]] ; then
        create_if "${vm}" "n-adm" "n-infra" "n-user"
 elif [[ "${vm}" == "s-kea2" ]] ; then
        create_if "${vm}" "n-adm" "n-infra" "n-user"
 elif [[ "${vm}" == "s-dns-ext" ]] ; then
        create_if "${vm}" "n-adm" "n-dmz"
 elif [[ "${vm}" == "s-web-ext" ]] ; then
--- a/scripts/mkvm.ps1
+++ b/scripts/mkvm.ps1
@ -102,6 +102,22 @@ elseif ($args[0] -eq "s-fog") {
 	create_if $args[0] "int" 3 "n-user"
 }
 elseif ($args[0] -eq "s-kea1") {
 	create_vm $args[0]
 	create_if $args[0] "int" 1 "n-adm"
 	create_if $args[0] "int" 2 "n-infra"
 	create_if $args[0] "int" 3 "n-user"
 }
 elseif ($args[0] -eq "s-kea2") {
 	create_vm $args[0]
 	create_if $args[0] "int" 1 "n-adm"
 	create_if $args[0] "int" 2 "n-infra"
 	create_if $args[0] "int" 3 "n-user"
 }
 elseif ($args[0] -eq "s-agence") {
 	create_vm $args[0]
Author	SHA1	Message	Date
root	b5237811e1	s-fog.yaml et fogsettings single interface	2024-01-16 15:34:41 +01:00
Jimmy Chevanne	25bb47afd3	Creation role kea a continuer	2024-01-16 12:41:50 +01:00
root	addabae478	maj s-mon : become	2024-01-16 12:06:22 +01:00
root	a57998f5de	maj goss r-vp2.yaml	2024-01-16 11:39:57 +01:00
root	262b7bdb13	maj goss r-vp2	2024-01-16 11:03:44 +01:00
Alhassane Kone	c45dc50d12	maj mvkm.ps1: ajout kea1 et kea2	2024-01-16 10:38:55 +01:00
Jimmy Chevanne	d1116a91c3	update	2024-01-16 10:32:09 +01:00
Jimmy Chevanne	9c8dca44c9	mise à jour mkvm	2024-01-16 10:24:04 +01:00
root	ce3b6e0a77	nettoyage s-fog	2024-01-15 21:47:44 +01:00
phil	a03298ed54	php version dans fogsettings	2024-01-15 21:34:04 +01:00
sio user	80b54a50df	ajout entrée dnas base, post et dns-master pour s-kea1 et s-kea2	2024-01-15 17:54:31 +01:00