modif reseau proxy

maj role fw
mise a jour role kea-master et kea-slave modif des fichiers de config
2024-01-18 11:19:52 +01:00 · 2024-01-18 11:11:34 +01:00 · 2024-01-18 10:59:19 +01:00 · 2024-01-18 10:36:06 +01:00
13 changed files with 20 additions and 16 deletions
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@ -4,7 +4,6 @@
@def $DEV_PRIVATE = enp0s8;
@def $DEV_WORLD = enp0s9;
@def $DEV_WORLD = enp0s9;
@def $DEV_VPN= wg0;
@def $NET_PRIVATE = 172.16.0.0/24;
@ -32,7 +31,7 @@ table filter {
        # well-known internet hosts
        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
-        # we provide DNS and SMTP services for the internal net
+        # we provide DNS services for the internal net
        interface $DEV_PRIVATE saddr $NET_PRIVATE {
            proto (udp tcp) dport domain ACCEPT;
            proto udp dport bootps ACCEPT;
--- a/roles/fw-ferm/files/ferm.conf.r-vp2
+++ b/roles/fw-ferm/files/ferm.conf.r-vp2
@ -29,7 +29,7 @@ table filter {
        # well-known internet hosts
        saddr ($NET_PRIVATE) proto tcp dport ssh ACCEPT;
-        # we provide DNS and SMTP services for the internal net
+        # we provide DNS services for the internal net
        interface $DEV_PRIVATE saddr $NET_PRIVATE {
            proto (udp tcp) dport domain ACCEPT;
            proto udp dport bootps ACCEPT;
--- a/roles/kea-master/files/kea-ctrl-agent.conf
+++ b/roles/kea-master/files/kea-ctrl-agent.conf
@ -6,7 +6,7 @@
    {
        // We need to specify where the agent should listen to incoming HTTP
        // queries.
-        "http-host": "172.16.0.20",
+        "http-host": "172.16.64.20",
        // This specifies the port CA will listen on.
        "http-port": 8000,
--- a/roles/kea-master/files/kea-dhcp4.conf
+++ b/roles/kea-master/files/kea-dhcp4.conf
@ -121,7 +121,7 @@
                            // Control Agent must run along with this DHCPv4 server
                            // instance and the "http-host" and "http-port" must be
                            // set to the corresponding values.
-                            "url": "http://172.16.0.20:8000/",
+                            "url": "http://172.16.64.20:8000/",
                            // This server is primary. The other one must be
                            // secondary.
                            "role": "primary"
@ -133,7 +133,7 @@
                            // channel can be reached. The Control Agent is required
                            // to run on the partner's machine with "http-host" and
                            // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.0.21:8000/",
+                            "url": "http://172.16.64.21:8000/",
                            // The other server is secondary. This one must be
                            // primary.
                            "role": "standby"
--- a/roles/kea-slave/files/kea-ctrl-agent.conf
+++ b/roles/kea-slave/files/kea-ctrl-agent.conf
@ -6,7 +6,7 @@
    {
        // We need to specify where the agent should listen to incoming HTTP
        // queries.
-        "http-host": "172.16.0.21",
+        "http-host": "172.16.64.21",
        // This specifies the port CA will listen on.
        "http-port": 8000,
--- a/roles/kea-slave/files/kea-dhcp4.conf
+++ b/roles/kea-slave/files/kea-dhcp4.conf
@ -121,7 +121,7 @@
                            // Control Agent must run along with this DHCPv4 server
                            // instance and the "http-host" and "http-port" must be
                            // set to the corresponding values.
-                            "url": "http://172.16.0.20:8000/",
+                            "url": "http://172.16.64.20:8000/",
                            // This server is primary. The other one must be
                            // secondary.
                            "role": "primary"
@ -133,7 +133,7 @@
                            // channel can be reached. The Control Agent is required
                            // to run on the partner's machine with "http-host" and
                            // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.0.21:8000/",
+                            "url": "http://172.16.64.21:8000/",
                            // The other server is secondary. This one must be
                            // primary.
                            "role": "standby"
--- a/roles/nxc-traefik/tasks/main.yml
+++ b/roles/nxc-traefik/tasks/main.yml
@ -69,8 +69,13 @@
  args:
    chdir: /root/nxc
- name: Creation reseau docker proxy
+- name: vérification si le réseau proxy existe
  command: docker network ls --filter name=proxy
  register:  net_proxy
 - name: création du réseau proxy
  command: docker network create proxy
  when: net_proxy.stdout.find('proxy') == -1
    #- name: Démarrage du docker-compose...
    #command: /bin/bash docker-compose up -d
--- a/s-lb-bd.yml
+++ b/s-lb-bd.yml
@ -9,5 +9,5 @@
    - goss
    - lb-bd
    - post
-    - zabbix-cli
+      #- zabbix-cli
    - ssh-cli
--- a/s-lb-web1.yml
+++ b/s-lb-web1.yml
@ -6,6 +6,6 @@
    - base
    - post-lb
    - lb-web
-    - zabbix-cli
+      # - zabbix-cli
    - ssh-cli
--- a/s-lb-web2.yml
+++ b/s-lb-web2.yml
@ -6,6 +6,6 @@
    - base
    - post-lb
    - lb-web
-    - zabbix-cli
+      # - zabbix-cli
    - ssh-cli
--- a/s-lb.yml
+++ b/s-lb.yml
@ -6,7 +6,7 @@
     - base
     - goss
     - lb-front
-     - zabbix-cli
+       #- zabbix-cli
     - ssh-cli
     - post
--- a/s-nas.yml
+++ b/s-nas.yml
@ -9,7 +9,7 @@
  roles:
    - base
-    - zabbix-cli
+      #- zabbix-cli
    - lb-nfs-server
    - ssh-cli
    # - syslog-cli
--- a/wireguard/ping-sinfra.sh
+++ b/wireguard/ping-sinfra.sh
@ -18,4 +18,4 @@ echo ping  r-vp2 interface interface interne
 ping -c3 172.16.128.254
 echo ping  s-agence
-ping -c3 172.16.128.11
+ping -c3 172.16.128.10
Author	SHA1	Message	Date
root	3b88857c0b	modif reseau proxy	2024-01-18 11:19:52 +01:00
root	72c5498e64	maj role fw	2024-01-18 11:11:34 +01:00
root	e1cc021ee2	mise a jour role kea-master et kea-slave modif des fichiers de config	2024-01-18 10:59:19 +01:00
Jimmy Chevanne	76528fad6f	maj playbooks lb	2024-01-18 10:36:06 +01:00