maj goss fichier

README.md

@@ -1,6 +1,6 @@
 # gsb2024
 
-2024-01-17 18h04 ps
+2024-01-19 11h45 ps
 
 Environnement et playbooks **ansible** pour le projet **GSB 2024**
 
@@ -23,8 +23,8 @@ Prérequis :
   * **r-ext** : routage, NAT
   * **s-proxy** : proxy **squid**
   * **s-itil** : serveur GLPI
-  * **s-backup** : DNS esclave + sauvegarde s-win (SMB)
-  * **s-mon** : supervision avec **Nagios4**, notifications et syslog
+  * **s-backup** : DNS esclave + sauvegarde s-win (SMB), Stork et Gotify
+  * **s-mon** : supervision avec **Nagios4/Zabbix**, notifications et journald
   * **s-fog** : deploiement postes de travail avec **FOG**
   * **s-win** : Windows Server 2019, AD, DNS, DHCP, partage fichiers
   * **s-nxc** : NextCloud avec **docker** via proxy inverse **traefik** et certificat auto-signé

goss/s-lb-bd.yaml

@@ -1,21 +1,38 @@
-package:
-  mysql-server:
-    installed: true
-    versions:
-    - 5.5.54-0+deb8u1
-command:
-  egrep "#bind-address" /etc/mysql/my.cnf:
-    exit-status: 0
-    stdout:
-    - "#bind-address\t\t= 127.0.0.1"
-    stderr: []
-    timeout: 10000
+addr:
+    tcp://192.168.102.1:80:
+        reachable: true
+        timeout: 500
+    tcp://192.168.102.2:80:
+        reachable: true
+        timeout: 500
+service:
+    mariadb:
+        enabled: true
+        running: true
+    mysql:
+        enabled: true
+        running: true
+user:
+    mysql:
+        exists: true
+        uid: 104
+        gid: 111
+        groups:
+            - mysql
+        home: /nonexistent
+        shell: /bin/false
+group:
+    mysql:
+        exists: true
+        gid: 111
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.13/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.102.50/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.154/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.102.254/24
+        mtu: 1500

goss/s-lb-web1.yaml

@@ -1,63 +1,62 @@
 package:
-  apache2:
-    installed: true
-    versions:
-    - 2.4.10-10+deb8u7
-  php5:
-    installed: true
-    versions:
-    - 5.6.29+dfsg-0+deb8u1
+    apache2:
+        installed: true
+        versions:
+            - 2.4.57-2
+    nfs-common:
+        installed: true
+        versions:
+            - 1:2.6.2-4
 port:
-  tcp:22:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp6:22:
-    listening: true
-    ip:
-    - '::'
-  tcp6:80:
-    listening: true
-    ip:
-    - '::'
+    tcp6:80:
+        listening: true
+        ip:
+            - '::'
 service:
-  apache2:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
-user:
-  sshd:
-    exists: true
-    uid: 105
-    gid: 65534
-    groups:
-    - nogroup
-    home: /var/run/sshd
-    shell: /usr/sbin/nologin
-command:
-  egrep 192.168.102.14:/export/www /etc/fstab:
-    exit-status: 0
-    stdout:
-    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
-    stderr: []
-    timeout: 10000
+    apache2:
+        enabled: true
+        running: true
+    nfs-common:
+        enabled: false
+        running: false
 process:
-  apache2:
-    running: true
-  sshd:
-    running: true
+    apache2:
+        running: true
+mount:
+    /var/www/html:
+        exists: true
+        opts:
+            - rw
+            - relatime
+        vfs-opts:
+            - rw
+            - vers=4.2
+            - rsize=131072
+            - wsize=131072
+            - namlen=255
+            - hard
+            - proto=tcp
+            - timeo=600
+            - retrans=2
+            - sec=sys
+            - clientaddr=192.168.102.1
+            - local_lock=none
+            - addr=192.168.102.253
+        source: 192.168.102.253:/home/wordpress
+        filesystem: nfs4
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.11/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.101.1/24
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.102.1/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.101/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.101.1/24
+        mtu: 1500
+    enp0s9:
+        exists: true
+        addrs:
+            - 192.168.102.1/24
+        mtu: 1500

goss/s-lb-web2.yaml

@@ -1,63 +1,62 @@
 package:
-  apache2:
-    installed: true
-    versions:
-    - 2.4.10-10+deb8u7
-  php5:
-    installed: true
-    versions:
-    - 5.6.29+dfsg-0+deb8u1
+    apache2:
+        installed: true
+        versions:
+            - 2.4.57-2
+    nfs-common:
+        installed: true
+        versions:
+            - 1:2.6.2-4
 port:
-  tcp:22:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp6:22:
-    listening: true
-    ip:
-    - '::'
-  tcp6:80:
-    listening: true
-    ip:
-    - '::'
+    tcp6:80:
+        listening: true
+        ip:
+            - '::'
 service:
-  apache2:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
-user:
-  sshd:
-    exists: true
-    uid: 105
-    gid: 65534
-    groups:
-    - nogroup
-    home: /var/run/sshd
-    shell: /usr/sbin/nologin
-command:
-  egrep 192.168.102.14:/export/www /etc/fstab:
-    exit-status: 0
-    stdout:
-    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
-    stderr: []
-    timeout: 10000
+    apache2:
+        enabled: true
+        running: true
+    nfs-common:
+        enabled: false
+        running: false
 process:
-  apache2:
-    running: true
-  sshd:
-    running: true
+    apache2:
+        running: true
+mount:
+    /var/www/html:
+        exists: true
+        opts:
+            - rw
+            - relatime
+        vfs-opts:
+            - rw
+            - vers=4.2
+            - rsize=131072
+            - wsize=131072
+            - namlen=255
+            - hard
+            - proto=tcp
+            - timeo=600
+            - retrans=2
+            - sec=sys
+            - clientaddr=192.168.102.2
+            - local_lock=none
+            - addr=192.168.102.253
+        source: 192.168.102.253:/home/wordpress
+        filesystem: nfs4
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.12/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.101.2/24
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.102.2/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.102/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.101.2/24
+        mtu: 1500
+    enp0s9:
+        exists: true
+        addrs:
+            - 192.168.102.2/24
+        mtu: 1500

goss/s-lb.yaml

@@ -1,28 +1,55 @@
+package:
+    haproxy:
+        installed: true
+        versions:
+            - 2.6.12-1+deb12u1
+addr:
+    tcp://192.168.101.1:80:
+        reachable: true
+        timeout: 500
+    tcp://192.168.101.2:80:
+        reachable: true
+        timeout: 500
 port:
-  tcp:80:
-    listening: true
-    ip:
-    - 192.168.100.11
+    tcp:80:
+        listening: true
+        ip:
+            - 192.168.100.10
 service:
-  haproxy:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
+    haproxy:
+        enabled: true
+        running: true
+user:
+    haproxy:
+        exists: true
+        uid: 104
+        gid: 111
+        groups:
+            - haproxy
+        home: /var/lib/haproxy
+        shell: /usr/sbin/nologin
+group:
+    haproxy:
+        exists: true
+        gid: 111
+process:
+    haproxy:
+        running: true
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.100/24
-    mtu: 1500
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.100.11/24
-    mtu: 1500
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.101.254/24
-    mtu: 1500
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.100/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.100.10/24
+        mtu: 1500
+http:
+    http://192.168.100.10/:
+        status: 200
+        allow-insecure: false
+        no-follow-redirects: false
+        timeout: 5000
+        body: []

goss/s-nas.yaml

@@ -0,0 +1,55 @@
+file:
+    /home/wordpress:
+        exists: true
+        mode: "0755"
+        owner: www-data
+        group: www-data
+        filetype: directory
+        contents: []
+package:
+    file:
+        installed: true
+        versions:
+            - 1:5.44-3
+    nfs-common:
+        installed: true
+        versions:
+            - 1:2.6.2-4
+    nfs-kernel-server:
+        installed: true
+        versions:
+            - 1:2.6.2-4
+addr:
+    tcp://192.168.102.1:80:
+        reachable: true
+        timeout: 500
+    tcp://192.168.102.2:80:
+        reachable: true
+        timeout: 500
+service:
+    nfs-common:
+        enabled: false
+        running: false
+    nfs-kernel-server:
+        enabled: true
+        running: true
+    nfs-mountd:
+        enabled: true
+        running: true
+    nfs-server:
+        enabled: true
+        running: true
+    nfs-utils:
+        enabled: true
+        running: false
+interface:
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.153/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.102.253/24
+        mtu: 1500

goss/s-nxc.yaml

@@ -0,0 +1,119 @@
+file:
+  /root/nxc:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+  /root/nxc/certs:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+  /root/nxc/config:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+  /root/nxc/config/dynamic.yml:
+    exists: true
+    mode: "0644"
+    size: 415
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/config/static.yml:
+    exists: true
+    mode: "0644"
+    size: 452
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/docker-compose.yml:
+    exists: true
+    mode: "0644"
+    size: 2135
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-debug.sh:
+    exists: true
+    mode: "0755"
+    size: 64
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-prune.sh:
+    exists: true
+    mode: "0755"
+    size: 110
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-start.sh:
+    exists: true
+    mode: "0755"
+    size: 34
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-stop.sh:
+    exists: true
+    mode: "0755"
+    size: 32
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /usr/local/bin/mkcert:
+    exists: true
+    mode: "0755"
+    size: 4788866
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+addr:
+  tcp://s-nxc.gsb.lan:8081:
+    reachable: true
+    timeout: 500
+port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:80:
+    listening: true
+    ip: []
+  tcp:443:
+    listening: true
+    ip: []
+  tcp:8081:
+    listening: true
+    ip:
+    - 0.0.0.0
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.7/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.7/24
+    mtu: 1500

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011800      ; Serial
+                        2024011900      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -16,9 +16,11 @@ $TTL    604800
 @      	        IN      A       127.0.0.1
 @       	IN      AAAA    ::1
 s-infra  	IN      A       172.16.0.1
-s-backup        IN      A	172.16.0.4
 s-proxy         IN      A       172.16.0.2
 s-appli    	IN      A       172.16.0.3
+s-backup        IN      A	172.16.0.4
+s-stork         IN      A	172.16.0.4
+s-gotify        IN      A	172.16.0.4
 s-win    	IN      A       172.16.0.6
 s-mess   	IN      A       172.16.0.7
 s-nxc		IN	A	172.16.0.7

s-lb-web1.yml

@@ -4,6 +4,7 @@
 
   roles:
     - base
+    - goss
     - post-lb
     - lb-web
       # - zabbix-cli

s-lb-web2.yml

@@ -4,6 +4,7 @@
 
   roles:
     - base
+    - goss
     - post-lb
     - lb-web
       # - zabbix-cli

s-nas.yml

@@ -9,6 +9,7 @@
     
   roles:
     - base
+    - goss
       #- zabbix-cli
     - lb-nfs-server
     - ssh-cli

s-nxc.yaml

@@ -0,0 +1,55 @@
+command:
+  ls -l .:
+    exit-status: 0
+    stdout:
+    - total 200
+    - -rwxr-xr-x  1 root root  232 15 janv. 17:38 agoss
+    - -rw-r--r--  1 root root  212 15 janv. 17:38 changelog
+    - drwxr-xr-x  3 root root 4096 15 janv. 17:38 doc
+    - drwxr-xr-x  2 root root 4096 19 janv. 10:50 goss
+    - -rwxr-xr-x  1 root root  209 15 janv. 17:38 gsbchk
+    - -rwxr-xr-x  1 root root 7174 15 janv. 17:38 gsbstart
+    - -rwxr-xr-x  1 root root  728 15 janv. 17:38 gsbstartl
+    - -rw-r--r--  1 root root  289 15 janv. 17:38 lisezmoi.txt
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 old
+    - drwxr-xr-x  2 root root 4096 19 janv. 09:16 pre
+    - -rw-r--r--  1 root root  477 19 janv. 09:16 pull-config
+    - -rw-r--r--  1 root root 5070 19 janv. 09:16 README.md
+    - -rw-r--r--  1 root root  141 15 janv. 17:38 r-ext.yml
+    - -rw-r--r--  1 root root  151 15 janv. 17:38 r-int.yml
+    - drwxr-xr-x 55 root root 4096 19 janv. 09:16 roles
+    - -rw-r--r--  1 root root  177 15 janv. 17:38 r-vp1-fw.yml
+    - -rw-r--r--  1 root root  259 15 janv. 17:38 r-vp1.yml
+    - -rw-r--r--  1 root root  173 15 janv. 17:38 r-vp2-fw.yml
+    - -rw-r--r--  1 root root  305 15 janv. 17:38 r-vp2.yml
+    - -rw-r--r--  1 root root  181 19 janv. 09:16 s-adm.yml
+    - -rw-r--r--  1 root root  119 15 janv. 17:38 s-agence.yml
+    - -rw-r--r--  1 root root  166 19 janv. 09:16 s-appli.yml
+    - -rw-r--r--  1 root root  182 19 janv. 09:16 s-backup.yml
+    - drwxr-xr-x  3 root root 4096 19 janv. 09:16 scripts
+    - -rw-r--r--  1 root root  213 15 janv. 17:38 s-docker.yml
+    - -rw-r--r--  1 root root  144 15 janv. 17:38 s-elk.yml
+    - -rw-r--r--  1 root root  178 19 janv. 09:16 s-fog-post.yml
+    - -rw-r--r--  1 root root  162 19 janv. 09:16 s-fog.yml
+    - -rw-r--r--  1 root root  199 19 janv. 09:16 s-infra.yml
+    - -rw-r--r--  1 root root  351 15 janv. 17:38 s-itil.yml
+    - -rw-r--r--  1 root root  185 19 janv. 09:16 s-kea1.yml
+    - -rw-r--r--  1 root root  174 19 janv. 09:16 s-kea2.yml
+    - -rw-r--r--  1 root root  131 19 janv. 09:16 s-lb-bd.yml
+    - -rw-r--r--  1 root root  127 19 janv. 09:16 s-lb-web1.yml
+    - -rw-r--r--  1 root root  127 19 janv. 09:16 s-lb-web2.yml
+    - -rw-r--r--  1 root root  145 19 janv. 09:16 s-lb.yml
+    - -rw-r--r--  1 root root  148 19 janv. 09:16 s-mess.yml
+    - -rw-r--r--  1 root root  241 19 janv. 09:16 s-mon.yml
+    - -rw-r--r--  1 root root  290 19 janv. 09:16 s-nas.yml
+    - -rw-r--r--  1 root root  156 15 janv. 17:38 s-nxc.yml
+    - -rw-r--r--  1 root root  140 15 janv. 17:38 s-peertube.yml
+    - -rw-r--r--  1 root root  148 19 janv. 09:16 s-proxy.yml
+    - -rw-r--r--  1 root root  161 15 janv. 17:38 s-test.yml
+    - drwxr-xr-x  3 root root 4096 15 janv. 17:38 sv
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 tests
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 vagrant
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 windows
+    - drwxr-xr-x  7 root root 4096 19 janv. 09:16 wireguard
+    stderr: []
+    timeout: 10000