modif reseau proxy

roles/fw-ferm/files/ferm.conf.r-vp1

@@ -4,7 +4,6 @@
 
 @def $DEV_PRIVATE = enp0s8;
 @def $DEV_WORLD = enp0s9;
-@def $DEV_WORLD = enp0s9;
 @def $DEV_VPN= wg0;
 @def $NET_PRIVATE = 172.16.0.0/24;
 
@@ -32,7 +31,7 @@ table filter {
         # well-known internet hosts
         saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
-        # we provide DNS and SMTP services for the internal net
+        # we provide DNS services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;

roles/fw-ferm/files/ferm.conf.r-vp2

@@ -29,7 +29,7 @@ table filter {
         # well-known internet hosts
         saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
 
-        # we provide DNS and SMTP services for the internal net
+        # we provide DNS services for the internal net
         interface $DEV_PRIVATE saddr $NET_PRIVATE {
             proto (udp tcp) dport domain ACCEPT;
             proto udp dport bootps ACCEPT;

roles/kea-master/files/kea-ctrl-agent.conf

@@ -6,7 +6,7 @@
     {
         // We need to specify where the agent should listen to incoming HTTP
         // queries.
-        "http-host": "172.16.0.20",
+        "http-host": "172.16.64.20",
 
         // This specifies the port CA will listen on.
         "http-port": 8000,

roles/kea-master/files/kea-dhcp4.conf

@@ -121,7 +121,7 @@
                             // Control Agent must run along with this DHCPv4 server
                             // instance and the "http-host" and "http-port" must be
                             // set to the corresponding values.
-                            "url": "http://172.16.0.20:8000/",
+                            "url": "http://172.16.64.20:8000/",
                             // This server is primary. The other one must be
                             // secondary.
                             "role": "primary"
@@ -133,7 +133,7 @@
                             // channel can be reached. The Control Agent is required
                             // to run on the partner's machine with "http-host" and
                             // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.0.21:8000/",
+                            "url": "http://172.16.64.21:8000/",
                             // The other server is secondary. This one must be
                             // primary.
                             "role": "standby"

roles/kea-slave/files/kea-ctrl-agent.conf

@@ -6,7 +6,7 @@
     {
         // We need to specify where the agent should listen to incoming HTTP
         // queries.
-        "http-host": "172.16.0.21",
+        "http-host": "172.16.64.21",
 
         // This specifies the port CA will listen on.
         "http-port": 8000,

roles/kea-slave/files/kea-dhcp4.conf

@@ -121,7 +121,7 @@
                             // Control Agent must run along with this DHCPv4 server
                             // instance and the "http-host" and "http-port" must be
                             // set to the corresponding values.
-                            "url": "http://172.16.0.20:8000/",
+                            "url": "http://172.16.64.20:8000/",
                             // This server is primary. The other one must be
                             // secondary.
                             "role": "primary"
@@ -133,7 +133,7 @@
                             // channel can be reached. The Control Agent is required
                             // to run on the partner's machine with "http-host" and
                             // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.0.21:8000/",
+                            "url": "http://172.16.64.21:8000/",
                             // The other server is secondary. This one must be
                             // primary.
                             "role": "standby"

roles/nxc-traefik/tasks/main.yml

@@ -69,8 +69,13 @@
   args:
     chdir: /root/nxc
 
-- name: Creation reseau docker proxy
+- name: vérification si le réseau proxy existe
+  command: docker network ls --filter name=proxy
+  register:  net_proxy
+
+- name: création du réseau proxy
   command: docker network create proxy
+  when: net_proxy.stdout.find('proxy') == -1
 
     #- name: Démarrage du docker-compose...
     #command: /bin/bash docker-compose up -d

s-lb-bd.yml

@@ -9,5 +9,5 @@
     - goss
     - lb-bd
     - post
-    - zabbix-cli
+      #- zabbix-cli
     - ssh-cli

s-lb-web1.yml

@@ -6,6 +6,6 @@
     - base
     - post-lb
     - lb-web
-    - zabbix-cli
+      # - zabbix-cli
     - ssh-cli
 

s-lb-web2.yml

@@ -6,6 +6,6 @@
     - base
     - post-lb
     - lb-web
-    - zabbix-cli
+      # - zabbix-cli
     - ssh-cli
 

s-lb.yml

@@ -6,7 +6,7 @@
      - base
      - goss
      - lb-front
-     - zabbix-cli
+       #- zabbix-cli
      - ssh-cli
      - post
 

s-nas.yml

@@ -9,7 +9,7 @@
     
   roles:
     - base
-    - zabbix-cli
+      #- zabbix-cli
     - lb-nfs-server
     - ssh-cli
     # - syslog-cli

wireguard/ping-sinfra.sh

@@ -18,4 +18,4 @@ echo ping  r-vp2 interface interface interne
 ping -c3 172.16.128.254
 
 echo ping  s-agence
-ping -c3 172.16.128.11
+ping -c3 172.16.128.10