maj role kea

README.md

@@ -1,6 +1,6 @@
 # gsb2024
 
-2024-01-17 18h04 ps
+2024-01-19 11h45 ps
 
 Environnement et playbooks **ansible** pour le projet **GSB 2024**
 
@@ -23,8 +23,8 @@ Prérequis :
   * **r-ext** : routage, NAT
   * **s-proxy** : proxy **squid**
   * **s-itil** : serveur GLPI
-  * **s-backup** : DNS esclave + sauvegarde s-win (SMB)
-  * **s-mon** : supervision avec **Nagios4**, notifications et syslog
+  * **s-backup** : DNS esclave + sauvegarde s-win (SMB), Stork et Gotify
+  * **s-mon** : supervision avec **Nagios4/Zabbix**, notifications et journald
   * **s-fog** : deploiement postes de travail avec **FOG**
   * **s-win** : Windows Server 2019, AD, DNS, DHCP, partage fichiers
   * **s-nxc** : NextCloud avec **docker** via proxy inverse **traefik** et certificat auto-signé

goss/s-kea1.yaml

@@ -0,0 +1,90 @@
+file:
+  /etc/kea/kea-ctrl-agent.conf:
+    exists: true
+    mode: "0644"
+    size: 2470
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /etc/kea/kea-dhcp4.conf:
+    exists: true
+    mode: "0644"
+    size: 11346
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /tmp/kea4-ctrl-socket:
+    exists: true
+    mode: "0755"
+    size: 0
+    owner: _kea
+    group: _kea
+    filetype: socket
+    contains: []
+  /usr/local/lib/kea:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+package:
+  isc-kea-common:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-ctrl-agent:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-dhcp4:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-hooks:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  libmariadb3:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mariadb-common:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mysql-common:
+    installed: true
+    versions:
+    - 5.8+1.1.0
+port:
+  tcp:8000:
+    listening: true
+    ip:
+    - 172.16.64.20
+service:
+  isc-kea-ctrl-agent.service:
+    enabled: true
+    running: true
+  isc-kea-dhcp4-server.service:
+    enabled: true
+    running: true
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.20/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.20/24
+    mtu: 1500
+  enp0s9:
+    exists: true
+    addrs:
+    - 172.16.64.20/24
+    mtu: 1500

goss/s-kea2.yaml

@@ -0,0 +1,90 @@
+file:
+  /etc/kea/kea-ctrl-agent.conf:
+    exists: true
+    mode: "0644"
+    size: 2470
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /etc/kea/kea-dhcp4.conf:
+    exists: true
+    mode: "0644"
+    size: 11346
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /tmp/kea4-ctrl-socket:
+    exists: true
+    mode: "0755"
+    size: 0
+    owner: _kea
+    group: _kea
+    filetype: socket
+    contains: []
+  /usr/local/lib/kea:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+package:
+  isc-kea-common:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-ctrl-agent:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-dhcp4:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-hooks:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  libmariadb3:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mariadb-common:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mysql-common:
+    installed: true
+    versions:
+    - 5.8+1.1.0
+port:
+  tcp:8000:
+    listening: true
+    ip:
+    - 172.16.64.21
+service:
+  isc-kea-ctrl-agent.service:
+    enabled: true
+    running: true
+  isc-kea-dhcp4-server.service:
+    enabled: true
+    running: true
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.21/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.21/24
+    mtu: 1500
+  enp0s9:
+    exists: true
+    addrs:
+    - 172.16.64.21/24
+    mtu: 1500

goss/s-lb-bd.yaml

@@ -1,21 +1,38 @@
-package:
-  mysql-server:
-    installed: true
-    versions:
-    - 5.5.54-0+deb8u1
-command:
-  egrep "#bind-address" /etc/mysql/my.cnf:
-    exit-status: 0
-    stdout:
-    - "#bind-address\t\t= 127.0.0.1"
-    stderr: []
-    timeout: 10000
+addr:
+    tcp://192.168.102.1:80:
+        reachable: true
+        timeout: 500
+    tcp://192.168.102.2:80:
+        reachable: true
+        timeout: 500
+service:
+    mariadb:
+        enabled: true
+        running: true
+    mysql:
+        enabled: true
+        running: true
+user:
+    mysql:
+        exists: true
+        uid: 104
+        gid: 111
+        groups:
+            - mysql
+        home: /nonexistent
+        shell: /bin/false
+group:
+    mysql:
+        exists: true
+        gid: 111
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.13/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.102.50/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.154/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.102.254/24
+        mtu: 1500

goss/s-lb-web1.yaml

@@ -1,63 +1,62 @@
 package:
-  apache2:
-    installed: true
-    versions:
-    - 2.4.10-10+deb8u7
-  php5:
-    installed: true
-    versions:
-    - 5.6.29+dfsg-0+deb8u1
+    apache2:
+        installed: true
+        versions:
+            - 2.4.57-2
+    nfs-common:
+        installed: true
+        versions:
+            - 1:2.6.2-4
 port:
-  tcp:22:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp6:22:
-    listening: true
-    ip:
-    - '::'
-  tcp6:80:
-    listening: true
-    ip:
-    - '::'
+    tcp6:80:
+        listening: true
+        ip:
+            - '::'
 service:
-  apache2:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
-user:
-  sshd:
-    exists: true
-    uid: 105
-    gid: 65534
-    groups:
-    - nogroup
-    home: /var/run/sshd
-    shell: /usr/sbin/nologin
-command:
-  egrep 192.168.102.14:/export/www /etc/fstab:
-    exit-status: 0
-    stdout:
-    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
-    stderr: []
-    timeout: 10000
+    apache2:
+        enabled: true
+        running: true
+    nfs-common:
+        enabled: false
+        running: false
 process:
-  apache2:
-    running: true
-  sshd:
-    running: true
+    apache2:
+        running: true
+mount:
+    /var/www/html:
+        exists: true
+        opts:
+            - rw
+            - relatime
+        vfs-opts:
+            - rw
+            - vers=4.2
+            - rsize=131072
+            - wsize=131072
+            - namlen=255
+            - hard
+            - proto=tcp
+            - timeo=600
+            - retrans=2
+            - sec=sys
+            - clientaddr=192.168.102.1
+            - local_lock=none
+            - addr=192.168.102.253
+        source: 192.168.102.253:/home/wordpress
+        filesystem: nfs4
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.11/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.101.1/24
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.102.1/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.101/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.101.1/24
+        mtu: 1500
+    enp0s9:
+        exists: true
+        addrs:
+            - 192.168.102.1/24
+        mtu: 1500

goss/s-lb-web2.yaml

@@ -1,63 +1,62 @@
 package:
-  apache2:
-    installed: true
-    versions:
-    - 2.4.10-10+deb8u7
-  php5:
-    installed: true
-    versions:
-    - 5.6.29+dfsg-0+deb8u1
+    apache2:
+        installed: true
+        versions:
+            - 2.4.57-2
+    nfs-common:
+        installed: true
+        versions:
+            - 1:2.6.2-4
 port:
-  tcp:22:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp6:22:
-    listening: true
-    ip:
-    - '::'
-  tcp6:80:
-    listening: true
-    ip:
-    - '::'
+    tcp6:80:
+        listening: true
+        ip:
+            - '::'
 service:
-  apache2:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
-user:
-  sshd:
-    exists: true
-    uid: 105
-    gid: 65534
-    groups:
-    - nogroup
-    home: /var/run/sshd
-    shell: /usr/sbin/nologin
-command:
-  egrep 192.168.102.14:/export/www /etc/fstab:
-    exit-status: 0
-    stdout:
-    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
-    stderr: []
-    timeout: 10000
+    apache2:
+        enabled: true
+        running: true
+    nfs-common:
+        enabled: false
+        running: false
 process:
-  apache2:
-    running: true
-  sshd:
-    running: true
+    apache2:
+        running: true
+mount:
+    /var/www/html:
+        exists: true
+        opts:
+            - rw
+            - relatime
+        vfs-opts:
+            - rw
+            - vers=4.2
+            - rsize=131072
+            - wsize=131072
+            - namlen=255
+            - hard
+            - proto=tcp
+            - timeo=600
+            - retrans=2
+            - sec=sys
+            - clientaddr=192.168.102.2
+            - local_lock=none
+            - addr=192.168.102.253
+        source: 192.168.102.253:/home/wordpress
+        filesystem: nfs4
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.12/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.101.2/24
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.102.2/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.102/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.101.2/24
+        mtu: 1500
+    enp0s9:
+        exists: true
+        addrs:
+            - 192.168.102.2/24
+        mtu: 1500

goss/s-lb.yaml

@@ -1,28 +1,55 @@
+package:
+    haproxy:
+        installed: true
+        versions:
+            - 2.6.12-1+deb12u1
+addr:
+    tcp://192.168.101.1:80:
+        reachable: true
+        timeout: 500
+    tcp://192.168.101.2:80:
+        reachable: true
+        timeout: 500
 port:
-  tcp:80:
-    listening: true
-    ip:
-    - 192.168.100.11
+    tcp:80:
+        listening: true
+        ip:
+            - 192.168.100.10
 service:
-  haproxy:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
+    haproxy:
+        enabled: true
+        running: true
+user:
+    haproxy:
+        exists: true
+        uid: 104
+        gid: 111
+        groups:
+            - haproxy
+        home: /var/lib/haproxy
+        shell: /usr/sbin/nologin
+group:
+    haproxy:
+        exists: true
+        gid: 111
+process:
+    haproxy:
+        running: true
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.100/24
-    mtu: 1500
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.100.11/24
-    mtu: 1500
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.101.254/24
-    mtu: 1500
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.100/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.100.10/24
+        mtu: 1500
+http:
+    http://192.168.100.10/:
+        status: 200
+        allow-insecure: false
+        no-follow-redirects: false
+        timeout: 5000
+        body: []

goss/s-mon.yaml

@@ -1,92 +1,62 @@
-package:
-  apache2:
-    installed: true
-  zabbix-server-mysql:
-    installed: true
-  zabbix-frontend-php:
-    installed: true
-  zabbix-apache-conf:
-    installed: true
-  zabbix-sql-scripts:
-    installed: true
-  zabbix-agent:
-    installed: true
-  mariadb-server:
-    installed: true
-  python3-pymysql:
-    installed: true
-  systemd-journal-remote:
-    installed: true
 file:
-  /etc/systemd/system/systemd-journal-remote.service:
-    exist: true
-    mode: "0777"
-    filetype: directory
-  /var/log/journal/remote:
-    exist: true
-    mode: "0777"
-    filetype: directory
-port:
-  tcp:80:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp:3306:
-    listening: true
-    ip:
-    - 127.0.0.1
-  tcp:10050:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp:10051:
-    listening: true
-    ip:
-    - 0.0.0.0
-  tcp:19532:
-    listening: true
-    ip:
-      - '*'
+    /etc/systemd/system/systemd-journal-remote.service:
+        exists: true
+        mode: "0644"
+        owner: root
+        group: root
+        filetype: file
+        contents: []
+    /var/log/journal/remote:
+        exists: true
+        mode: "0755"
+        owner: systemd-journal-remote
+        group: systemd-journal-remote
+        filetype: directory
+        contents: []
+package:
+    apache2:
+        installed: true
+        versions:
+            - 2.4.57-2
+    mariadb-server:
+        installed: true
+        versions:
+            - 1:10.11.4-1~deb12u1
+    systemd-journal-remote:
+        installed: true
+        versions:
+            - 252.19-1~deb12u1
 service:
-  apache2:
-    enabled: true
-    running: true
-  zabbix-server:
-    enabled: true
-    running: true
-  zabbix-agent:
-    enabled: true
-    running: true
-  systemd-journal-remote.socket:
-    enabled: true
-    running: true
-command:
-  sysctl net.ipv4.ip_forward:
-    exit-status: 0
-    stdout:
-    - net.ipv4.ip_forward = 0
-    stderr: []
-    timeout: 10000
-process:
-  apache2:
-    running: true
-  zabbix_server:
-    running: true
-  mariadb:
-    running: true
+    apache2:
+        enabled: true
+        running: true
+    mariadb.service:
+        enabled: true
+        running: true
+    systemd-journal-remote.socket:
+        enabled: true
+        running: true
+    zabbix-agent:
+        enabled: true
+        running: true
+    zabbix-server:
+        enabled: true
+        running: true
 interface:
-  enp0s3:
-    exists: true
-    addrs:
-    - 192.168.99.8/24
-  enp0s8:
-    exists: true
-    addrs:
-    - 172.16.0.8/24
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.8/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 172.16.0.8/24
+        mtu: 1500
 http:
-  http://localhost/zabbix:
-    status: 401
-    allow-insecure: false
-    no-follow-redirects: false
-    timeout: 5000
-    body: []
+    http://s-mon.gsb.lan/zabbix:
+        status: 200
+        allow-insecure: false
+        no-follow-redirects: false
+        timeout: 5000
+        body: []

goss/s-nas.yaml

@@ -0,0 +1,55 @@
+file:
+    /home/wordpress:
+        exists: true
+        mode: "0755"
+        owner: www-data
+        group: www-data
+        filetype: directory
+        contents: []
+package:
+    file:
+        installed: true
+        versions:
+            - 1:5.44-3
+    nfs-common:
+        installed: true
+        versions:
+            - 1:2.6.2-4
+    nfs-kernel-server:
+        installed: true
+        versions:
+            - 1:2.6.2-4
+addr:
+    tcp://192.168.102.1:80:
+        reachable: true
+        timeout: 500
+    tcp://192.168.102.2:80:
+        reachable: true
+        timeout: 500
+service:
+    nfs-common:
+        enabled: false
+        running: false
+    nfs-kernel-server:
+        enabled: true
+        running: true
+    nfs-mountd:
+        enabled: true
+        running: true
+    nfs-server:
+        enabled: true
+        running: true
+    nfs-utils:
+        enabled: true
+        running: false
+interface:
+    enp0s3:
+        exists: true
+        addrs:
+            - 192.168.99.153/24
+        mtu: 1500
+    enp0s8:
+        exists: true
+        addrs:
+            - 192.168.102.253/24
+        mtu: 1500

goss/s-nxc.yaml

@@ -0,0 +1,127 @@
+file:
+  /root/nxc:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+  /root/nxc/certs:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+  /root/nxc/config:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+  /root/nxc/config/dynamic.yml:
+    exists: true
+    mode: "0644"
+    size: 415
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/config/static.yml:
+    exists: true
+    mode: "0644"
+    size: 452
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/docker-compose.yml:
+    exists: true
+    mode: "0644"
+    size: 2135
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-debug.sh:
+    exists: true
+    mode: "0755"
+    size: 64
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-prune.sh:
+    exists: true
+    mode: "0755"
+    size: 110
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-start.sh:
+    exists: true
+    mode: "0755"
+    size: 34
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /root/nxc/nxc-stop.sh:
+    exists: true
+    mode: "0755"
+    size: 32
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+  /usr/local/bin/mkcert:
+    exists: true
+    mode: "0755"
+    size: 4788866
+    owner: root
+    group: root
+    filetype: file
+    contains: []
+addr:
+  tcp://s-nxc.gsb.lan:8081:
+    reachable: true
+    timeout: 500
+port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:80:
+    listening: true
+    ip: []
+  tcp:443:
+    listening: true
+    ip: []
+  tcp:8081:
+    listening: true
+    ip:
+    - 0.0.0.0
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.7/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.7/24
+    mtu: 1500
+http:
+  https://s-nxc.gsb.lan:
+    status: 200
+    allow-insecure: true
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+      - Nextcloud

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011800      ; Serial
+                        2024011900      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -16,9 +16,11 @@ $TTL    604800
 @      	        IN      A       127.0.0.1
 @       	IN      AAAA    ::1
 s-infra  	IN      A       172.16.0.1
-s-backup        IN      A	172.16.0.4
 s-proxy         IN      A       172.16.0.2
 s-appli    	IN      A       172.16.0.3
+s-backup        IN      A	172.16.0.4
+s-stork         IN      A	172.16.0.4
+s-gotify        IN      A	172.16.0.4
 s-win    	IN      A       172.16.0.6
 s-mess   	IN      A       172.16.0.7
 s-nxc		IN	A	172.16.0.7

roles/kea-master/templates/kea-ctrl-agent-j1.conf

@@ -1,66 +0,0 @@
-// This is an example of a configuration for Control-Agent (CA) listening
-// for incoming HTTP traffic. This is necessary for handling API commands,
-// in particular lease update commands needed for HA setup.
-{
-    "Control-agent":
-    {
-        // We need to specify where the agent should listen to incoming HTTP
-        // queries.
-        "http-host": "172.16.64.1",
-
-        // This specifies the port CA will listen on.
-        "http-port": 8000,
-
-        "control-sockets":
-        {
-            // This is how the Agent can communicate with the DHCPv4 server.
-            "dhcp4":
-            {
-                "comment": "socket to DHCPv4 server",
-                "socket-type": "unix",
-                "socket-name": "/tm/kea4-ctrl-socket"
-            },
-
-            // Location of the DHCPv6 command channel socket.
-           # "dhcp6":
-           # {
-           #     "socket-type": "unix",
-           #     "socket-name": "/tmp/kea6-ctrl-socket"
-           # },
-
-            // Location of the D2 command channel socket.
-           # "d2":
-           # {
-           #     "socket-type": "unix",
-           #     "socket-name": "/tmp/kea-ddns-ctrl-socket",
-           #     "user-context": { "in-use": false }
-           # }
-        },
-
-        // Similar to other Kea components, CA also uses logging.
-        "loggers": [
-            {
-                "name": "kea-ctrl-agent",
-                "output_options": [
-                    {
-                        "output": "stdout",
-
-                        // Several additional parameters are possible in addition
-                        // to the typical output. Flush determines whether logger
-                        // flushes output to a file. Maxsize determines maximum
-                        // filesize before the file is rotated. maxver
-                        // specifies the maximum number of rotated files being
-                        // kept.
-                        "flush": true,
-                        "maxsize": 204800,
-                        "maxver": 4,
-                        // We use pattern to specify custom log message layout
-                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
-                    }
-                ],
-                "severity": "INFO",
-                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
-            }
-        ]
-    }
-}

roles/kea-master/templates/kea-dhcp4-j1.conf

@@ -1,226 +0,0 @@
-// This is an example configuration of the Kea DHCPv4 server 1:
-//
-// - uses High Availability hook library and Lease Commands hook library
-//   to enable High Availability function for the DHCP server. This config
-//   file is for the primary (the active) server.
-// - uses memfile, which stores lease data in a local CSV file
-// - it assumes a single /24 addressing over a link that is directly reachable
-//   (no DHCP relays)
-// - there is a handful of IP reservations
-//
-// It is expected to run with a standby (the passive) server, which has a very similar
-// configuration. The only difference is that "this-server-name" must be set to "server2" on the
-// other server. Also, the interface configuration depends on the network settings of the
-// particular machine.
-
-{
-
-"Dhcp4": {
-
-    // Add names of your network interfaces to listen on.
-    "interfaces-config": {
-        // The DHCPv4 server listens on this interface. When changing this to
-        // the actual name of your interface, make sure to also update the
-        // interface parameter in the subnet definition below.
-        "interfaces": [ "enp0s8" ]
-    },
-
-    // Control socket is required for communication between the Control
-    // Agent and the DHCP server. High Availability requires Control Agent
-    // to be running because lease updates are sent over the RESTful
-    // API between the HA peers.
-    "control-socket": {
-        "socket-type": "unix",
-        "socket-name": "/tmp/kea4-ctrl-socket"
-    },
-
-    // Use Memfile lease database backend to store leases in a CSV file.
-    // Depending on how Kea was compiled, it may also support SQL databases
-    // (MySQL and/or PostgreSQL). Those database backends require more
-    // parameters, like name, host and possibly user and password.
-    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
-    // Storage" for details.
-    "lease-database": {
-        // Memfile is the simplest and easiest backend to use. It's an in-memory
-        // database with data being written to a CSV file. It is very similar to
-        // what ISC DHCP does.
-        "type": "memfile"
-    },
-
-    // Let's configure some global parameters. The home network is not very dynamic
-    // and there's no shortage of addresses, so no need to recycle aggressively.
-    "valid-lifetime": 43200, // leases will be valid for 12h
-    "renew-timer": 21600, // clients should renew every 6h
-    "rebind-timer": 32400, // clients should start looking for other servers after 9h
-
-    // Kea will clean up its database of expired leases once per hour. However, it
-    // will keep the leases in expired state for 2 days. This greatly increases the
-    // chances for returning devices to get the same address again. To guarantee that,
-    // use host reservation.
-    // If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are
-    // not 0, when the client sends a release message the lease is expired
-    // instead of being deleted from lease storage.
-    "expired-leases-processing": {
-        "reclaim-timer-wait-time": 3600,
-        "hold-reclaimed-time": 172800,
-        "max-reclaim-leases": 0,
-        "max-reclaim-time": 0
-    },
-
-    // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
-    // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
-    // The latter implements high availability feature for Kea. Note the library name
-    // should be the same, but the path is OS specific.
-    "hooks-libraries": [
-        // The lease_cmds library must be loaded because HA makes use of it to
-        // deliver lease updates to the server as well as synchronize the
-        // lease database after failure.
-        {
-            "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
-        },
-
-        {
-            // The HA hook library should be loaded.
-            "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
-            "parameters": {
-                // Each server should have the same HA configuration, except for the
-                // "this-server-name" parameter.
-                "high-availability": [ {
-                    // This parameter points to this server instance. The respective
-                    // HA peers must have this parameter set to their own names.
-                    "this-server-name": "kea1",
-                    // The HA mode is set to hot-standby. In this mode, the active server handles
-                    // all the traffic. The standby takes over if the primary becomes unavailable.
-                    "mode": "hot-standby",
-                    // Heartbeat is to be sent every 10 seconds if no other control
-                    // commands are transmitted.
-                    "heartbeat-delay": 10000,
-                    // Maximum time for partner's response to a heartbeat, after which
-                    // failure detection is started. This is specified in milliseconds.
-                    // If we don't hear from the partner in 60 seconds, it's time to
-                    // start worrying.
-                    "max-response-delay": 30000,
-                    // The following parameters control how the server detects the
-                    // partner's failure. The ACK delay sets the threshold for the
-                    // 'secs' field of the received discovers. This is specified in
-                    // milliseconds.
-                    "max-ack-delay": 5000,
-                    // This specifies the number of clients which send messages to
-                    // the partner but appear to not receive any response.
-                    "max-unacked-clients": 0,
-                    // This specifies the maximum timeout (in milliseconds) for the server
-                    // to complete sync. If you have a large deployment (high tens or
-                    // hundreds of thousands of clients), you may need to increase it
-                    // further. The default value is 60000ms (60 seconds).
-                    "sync-timeout": 60000,
-                    "peers": [
-                        // This is the configuration of this server instance.
-                        {
-                            "name": "kea1",
-                            // This specifies the URL of this server instance. The
-                            // Control Agent must run along with this DHCPv4 server
-                            // instance and the "http-host" and "http-port" must be
-                            // set to the corresponding values.
-                            "url": "http://172.16.64.1:8000/",
-                            // This server is primary. The other one must be
-                            // secondary.
-                            "role": "primary"
-                        },
-                        // This is the configuration of the secondary server.
-                        {
-                            "name": "kea2",
-                            // Specifies the URL on which the partner's control
-                            // channel can be reached. The Control Agent is required
-                            // to run on the partner's machine with "http-host" and
-                            // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.64.2:8000/",
-                            // The other server is secondary. This one must be
-                            // primary.
-                            "role": "standby"
-                        }
-                    ]
-                } ]
-            }
-        }
-    ],
-
-    // This example contains a single subnet declaration.
-    "subnet4": [
-        {
-            // Subnet prefix.
-            "subnet": "172.16.64.0/24",
-
-            // There are no relays in this network, so we need to tell Kea that this subnet
-            // is reachable directly via the specified interface.
-            "interface": "enp0s8",
-
-            // Specify a dynamic address pool.
-            "pools": [
-                {
-                    "pool": "172.16.64.100-172.16.64.150"
-                }
-            ],
-
-            // These are options that are subnet specific. In most cases, you need to define at
-            // least routers option, as without this option your clients will not be able to reach
-            // their default gateway and will not have Internet connectivity. If you have many
-            // subnets and they share the same options (e.g. DNS servers typically is the same
-            // everywhere), you may define options at the global scope, so you don't repeat them
-            // for every network.
-            "option-data": [
-                {
-                    // For each IPv4 subnet you typically need to specify at least one router.
-                    "name": "routers",
-                    "data": "172.16.64.1"
-                },
-                {
-                    // Using cloudflare or Quad9 is a reasonable option. Change this
-                    // to your own DNS servers is you have them. Another popular
-                    // choice is 8.8.8.8, owned by Google. Using third party DNS
-                    // service raises some privacy concerns.
-                    "name": "domain-name-servers",
-                    "data": "172.16.64.1"
-                }
-            ],
-
-            // Some devices should get a static address. Since the .100 - .199 range is dynamic,
-            // let's use the lower address space for this. There are many ways how reservation
-            // can be defined, but using MAC address (hw-address) is by far the most popular one.
-            // You can use client-id, duid and even custom defined flex-id that may use whatever
-            // parts of the packet you want to use as identifiers. Also, there are many more things
-            // you can specify in addition to just an IP address: extra options, next-server, hostname,
-            // assign device to client classes etc. See the Kea ARM, Section 8.3 for details.
-            // The reservations are subnet specific.
-            #"reservations": [
-            #    {
-            #        "hw-address": "1a:1b:1c:1d:1e:1f",
-            #        "ip-address": "192.168.1.10"
-            #    },
-            #    {
-            #        "client-id": "01:11:22:33:44:55:66",
-            #        "ip-address": "192.168.1.11"
-            #    }
-            #]
-        }
-    ],
-	// fichier de logs
-     "loggers": [
-     {
-        // This section affects kea-dhcp4, which is the base logger for DHCPv4 component. It tells
-        // DHCPv4 server to write all log messages (on severity INFO or higher) to a file. The file
-        // will be rotated once it grows to 2MB and up to 4 files will be kept. The debuglevel
-        // (range 0 to 99) is used only when logging on DEBUG level.
-        "name": "kea-dhcp4",
-        "output_options": [
-            {
-                "output": "stdout",
-                "maxsize": 2048000,
-                "maxver": 4
-            }
-        ],
-        "severity": "INFO",
-        "debuglevel": 0
-    }
-  ]
-}
-}

roles/kea-slave/templates/kea-ctrl-agent-j1.conf

@@ -1,66 +0,0 @@
-// This is an example of a configuration for Control-Agent (CA) listening
-// for incoming HTTP traffic. This is necessary for handling API commands,
-// in particular lease update commands needed for HA setup.
-{
-    "Control-agent":
-    {
-        // We need to specify where the agent should listen to incoming HTTP
-        // queries.
-        "http-host": "172.16.64.1",
-
-        // This specifies the port CA will listen on.
-        "http-port": 8000,
-
-        "control-sockets":
-        {
-            // This is how the Agent can communicate with the DHCPv4 server.
-            "dhcp4":
-            {
-                "comment": "socket to DHCPv4 server",
-                "socket-type": "unix",
-                "socket-name": "/tm/kea4-ctrl-socket"
-            },
-
-            // Location of the DHCPv6 command channel socket.
-           # "dhcp6":
-           # {
-           #     "socket-type": "unix",
-           #     "socket-name": "/tmp/kea6-ctrl-socket"
-           # },
-
-            // Location of the D2 command channel socket.
-           # "d2":
-           # {
-           #     "socket-type": "unix",
-           #     "socket-name": "/tmp/kea-ddns-ctrl-socket",
-           #     "user-context": { "in-use": false }
-           # }
-        },
-
-        // Similar to other Kea components, CA also uses logging.
-        "loggers": [
-            {
-                "name": "kea-ctrl-agent",
-                "output_options": [
-                    {
-                        "output": "stdout",
-
-                        // Several additional parameters are possible in addition
-                        // to the typical output. Flush determines whether logger
-                        // flushes output to a file. Maxsize determines maximum
-                        // filesize before the file is rotated. maxver
-                        // specifies the maximum number of rotated files being
-                        // kept.
-                        "flush": true,
-                        "maxsize": 204800,
-                        "maxver": 4,
-                        // We use pattern to specify custom log message layout
-                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
-                    }
-                ],
-                "severity": "INFO",
-                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
-            }
-        ]
-    }
-}

roles/kea-slave/templates/kea-dhcp4-j1.conf

@@ -1,226 +0,0 @@
-// This is an example configuration of the Kea DHCPv4 server 1:
-//
-// - uses High Availability hook library and Lease Commands hook library
-//   to enable High Availability function for the DHCP server. This config
-//   file is for the primary (the active) server.
-// - uses memfile, which stores lease data in a local CSV file
-// - it assumes a single /24 addressing over a link that is directly reachable
-//   (no DHCP relays)
-// - there is a handful of IP reservations
-//
-// It is expected to run with a standby (the passive) server, which has a very similar
-// configuration. The only difference is that "this-server-name" must be set to "server2" on the
-// other server. Also, the interface configuration depends on the network settings of the
-// particular machine.
-
-{
-
-"Dhcp4": {
-
-    // Add names of your network interfaces to listen on.
-    "interfaces-config": {
-        // The DHCPv4 server listens on this interface. When changing this to
-        // the actual name of your interface, make sure to also update the
-        // interface parameter in the subnet definition below.
-        "interfaces": [ "enp0s8" ]
-    },
-
-    // Control socket is required for communication between the Control
-    // Agent and the DHCP server. High Availability requires Control Agent
-    // to be running because lease updates are sent over the RESTful
-    // API between the HA peers.
-    "control-socket": {
-        "socket-type": "unix",
-        "socket-name": "/tmp/kea4-ctrl-socket"
-    },
-
-    // Use Memfile lease database backend to store leases in a CSV file.
-    // Depending on how Kea was compiled, it may also support SQL databases
-    // (MySQL and/or PostgreSQL). Those database backends require more
-    // parameters, like name, host and possibly user and password.
-    // There are dedicated examples for each backend. See Section 7.2.2 "Lease
-    // Storage" for details.
-    "lease-database": {
-        // Memfile is the simplest and easiest backend to use. It's an in-memory
-        // database with data being written to a CSV file. It is very similar to
-        // what ISC DHCP does.
-        "type": "memfile"
-    },
-
-    // Let's configure some global parameters. The home network is not very dynamic
-    // and there's no shortage of addresses, so no need to recycle aggressively.
-    "valid-lifetime": 43200, // leases will be valid for 12h
-    "renew-timer": 21600, // clients should renew every 6h
-    "rebind-timer": 32400, // clients should start looking for other servers after 9h
-
-    // Kea will clean up its database of expired leases once per hour. However, it
-    // will keep the leases in expired state for 2 days. This greatly increases the
-    // chances for returning devices to get the same address again. To guarantee that,
-    // use host reservation.
-    // If both "flush-reclaimed-timer-wait-time" and "hold-reclaimed-time" are
-    // not 0, when the client sends a release message the lease is expired
-    // instead of being deleted from lease storage.
-    "expired-leases-processing": {
-        "reclaim-timer-wait-time": 3600,
-        "hold-reclaimed-time": 172800,
-        "max-reclaim-leases": 0,
-        "max-reclaim-time": 0
-    },
-
-    // HA requires two hook libraries to be loaded: libdhcp_lease_cmds.so and
-    // libdhcp_ha.so. The former handles incoming lease updates from the HA peers.
-    // The latter implements high availability feature for Kea. Note the library name
-    // should be the same, but the path is OS specific.
-    "hooks-libraries": [
-        // The lease_cmds library must be loaded because HA makes use of it to
-        // deliver lease updates to the server as well as synchronize the
-        // lease database after failure.
-        {
-            "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
-        },
-
-        {
-            // The HA hook library should be loaded.
-            "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
-            "parameters": {
-                // Each server should have the same HA configuration, except for the
-                // "this-server-name" parameter.
-                "high-availability": [ {
-                    // This parameter points to this server instance. The respective
-                    // HA peers must have this parameter set to their own names.
-                    "this-server-name": "kea1",
-                    // The HA mode is set to hot-standby. In this mode, the active server handles
-                    // all the traffic. The standby takes over if the primary becomes unavailable.
-                    "mode": "hot-standby",
-                    // Heartbeat is to be sent every 10 seconds if no other control
-                    // commands are transmitted.
-                    "heartbeat-delay": 10000,
-                    // Maximum time for partner's response to a heartbeat, after which
-                    // failure detection is started. This is specified in milliseconds.
-                    // If we don't hear from the partner in 60 seconds, it's time to
-                    // start worrying.
-                    "max-response-delay": 30000,
-                    // The following parameters control how the server detects the
-                    // partner's failure. The ACK delay sets the threshold for the
-                    // 'secs' field of the received discovers. This is specified in
-                    // milliseconds.
-                    "max-ack-delay": 5000,
-                    // This specifies the number of clients which send messages to
-                    // the partner but appear to not receive any response.
-                    "max-unacked-clients": 0,
-                    // This specifies the maximum timeout (in milliseconds) for the server
-                    // to complete sync. If you have a large deployment (high tens or
-                    // hundreds of thousands of clients), you may need to increase it
-                    // further. The default value is 60000ms (60 seconds).
-                    "sync-timeout": 60000,
-                    "peers": [
-                        // This is the configuration of this server instance.
-                        {
-                            "name": "kea1",
-                            // This specifies the URL of this server instance. The
-                            // Control Agent must run along with this DHCPv4 server
-                            // instance and the "http-host" and "http-port" must be
-                            // set to the corresponding values.
-                            "url": "http://172.16.64.1:8000/",
-                            // This server is primary. The other one must be
-                            // secondary.
-                            "role": "primary"
-                        },
-                        // This is the configuration of the secondary server.
-                        {
-                            "name": "kea2",
-                            // Specifies the URL on which the partner's control
-                            // channel can be reached. The Control Agent is required
-                            // to run on the partner's machine with "http-host" and
-                            // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.64.2:8000/",
-                            // The other server is secondary. This one must be
-                            // primary.
-                            "role": "standby"
-                        }
-                    ]
-                } ]
-            }
-        }
-    ],
-
-    // This example contains a single subnet declaration.
-    "subnet4": [
-        {
-            // Subnet prefix.
-            "subnet": "172.16.64.0/24",
-
-            // There are no relays in this network, so we need to tell Kea that this subnet
-            // is reachable directly via the specified interface.
-            "interface": "enp0s8",
-
-            // Specify a dynamic address pool.
-            "pools": [
-                {
-                    "pool": "172.16.64.100-172.16.64.150"
-                }
-            ],
-
-            // These are options that are subnet specific. In most cases, you need to define at
-            // least routers option, as without this option your clients will not be able to reach
-            // their default gateway and will not have Internet connectivity. If you have many
-            // subnets and they share the same options (e.g. DNS servers typically is the same
-            // everywhere), you may define options at the global scope, so you don't repeat them
-            // for every network.
-            "option-data": [
-                {
-                    // For each IPv4 subnet you typically need to specify at least one router.
-                    "name": "routers",
-                    "data": "172.16.64.1"
-                },
-                {
-                    // Using cloudflare or Quad9 is a reasonable option. Change this
-                    // to your own DNS servers is you have them. Another popular
-                    // choice is 8.8.8.8, owned by Google. Using third party DNS
-                    // service raises some privacy concerns.
-                    "name": "domain-name-servers",
-                    "data": "172.16.64.1"
-                }
-            ],
-
-            // Some devices should get a static address. Since the .100 - .199 range is dynamic,
-            // let's use the lower address space for this. There are many ways how reservation
-            // can be defined, but using MAC address (hw-address) is by far the most popular one.
-            // You can use client-id, duid and even custom defined flex-id that may use whatever
-            // parts of the packet you want to use as identifiers. Also, there are many more things
-            // you can specify in addition to just an IP address: extra options, next-server, hostname,
-            // assign device to client classes etc. See the Kea ARM, Section 8.3 for details.
-            // The reservations are subnet specific.
-            #"reservations": [
-            #    {
-            #        "hw-address": "1a:1b:1c:1d:1e:1f",
-            #        "ip-address": "192.168.1.10"
-            #    },
-            #    {
-            #        "client-id": "01:11:22:33:44:55:66",
-            #        "ip-address": "192.168.1.11"
-            #    }
-            #]
-        }
-    ],
-	// fichier de logs
-     "loggers": [
-     {
-        // This section affects kea-dhcp4, which is the base logger for DHCPv4 component. It tells
-        // DHCPv4 server to write all log messages (on severity INFO or higher) to a file. The file
-        // will be rotated once it grows to 2MB and up to 4 files will be kept. The debuglevel
-        // (range 0 to 99) is used only when logging on DEBUG level.
-        "name": "kea-dhcp4",
-        "output_options": [
-            {
-                "output": "stdout",
-                "maxsize": 2048000,
-                "maxver": 4
-            }
-        ],
-        "severity": "INFO",
-        "debuglevel": 0
-    }
-  ]
-}
-}

roles/nxc-traefik/files/docker-compose.yml

@@ -53,8 +53,8 @@ services:
     image: nextcloud
     container_name: app
     restart: always
-    ports:
-      - 8081:80
+      #ports:
+      #- 8081:80
     #links:
     depends_on:
       - db

roles/wireguard-r/README.md

@@ -24,7 +24,10 @@ bash r-vp1-post.sh
 ```
 ## Sur **r-vp2**:
 
-Lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
+Lancer le playbook : *ansible-playbook -i localhost, -c local* r-vp2.yml sur **r-vp2**
+
+Puis lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
+
 ### 🛠️ Lancer le script
 ```bash
 cd /tools/ansible/gsb2023/Scripts
@@ -34,7 +37,11 @@ bash r-vp2-post.sh
 ```
 ## Fin
 
-redemarer les machines
+Pour finir redemarer les machines.
 ```bash
 reboot
 ```
+Veuillez maintenant vous rendre dans le dossier du role ferm : 
+*gsb2024/roles/fw-ferm*
+
+*Modification : jm*

roles/zabbix-cli/tasks/main.yml

@@ -28,3 +28,6 @@
         state: restarted
         enabled: yes
 
+          #- name: remonter les machines 
+          #command: curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "s-itil","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "a44e2a4977d61a869437739cb6086ae42f4b9937fbb96aed24bbad028469a1cf","id": 1}' http://192.168.99.8/zabbix/api_jsonrpc.php
+

s-lb-web1.yml

@@ -4,6 +4,7 @@
 
   roles:
     - base
+    - goss
     - post-lb
     - lb-web
       # - zabbix-cli

s-lb-web2.yml

@@ -4,6 +4,7 @@
 
   roles:
     - base
+    - goss
     - post-lb
     - lb-web
       # - zabbix-cli

s-nas.yml

@@ -9,6 +9,7 @@
     
   roles:
     - base
+    - goss
       #- zabbix-cli
     - lb-nfs-server
     - ssh-cli

s-nxc.yaml

@@ -0,0 +1,55 @@
+command:
+  ls -l .:
+    exit-status: 0
+    stdout:
+    - total 200
+    - -rwxr-xr-x  1 root root  232 15 janv. 17:38 agoss
+    - -rw-r--r--  1 root root  212 15 janv. 17:38 changelog
+    - drwxr-xr-x  3 root root 4096 15 janv. 17:38 doc
+    - drwxr-xr-x  2 root root 4096 19 janv. 10:50 goss
+    - -rwxr-xr-x  1 root root  209 15 janv. 17:38 gsbchk
+    - -rwxr-xr-x  1 root root 7174 15 janv. 17:38 gsbstart
+    - -rwxr-xr-x  1 root root  728 15 janv. 17:38 gsbstartl
+    - -rw-r--r--  1 root root  289 15 janv. 17:38 lisezmoi.txt
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 old
+    - drwxr-xr-x  2 root root 4096 19 janv. 09:16 pre
+    - -rw-r--r--  1 root root  477 19 janv. 09:16 pull-config
+    - -rw-r--r--  1 root root 5070 19 janv. 09:16 README.md
+    - -rw-r--r--  1 root root  141 15 janv. 17:38 r-ext.yml
+    - -rw-r--r--  1 root root  151 15 janv. 17:38 r-int.yml
+    - drwxr-xr-x 55 root root 4096 19 janv. 09:16 roles
+    - -rw-r--r--  1 root root  177 15 janv. 17:38 r-vp1-fw.yml
+    - -rw-r--r--  1 root root  259 15 janv. 17:38 r-vp1.yml
+    - -rw-r--r--  1 root root  173 15 janv. 17:38 r-vp2-fw.yml
+    - -rw-r--r--  1 root root  305 15 janv. 17:38 r-vp2.yml
+    - -rw-r--r--  1 root root  181 19 janv. 09:16 s-adm.yml
+    - -rw-r--r--  1 root root  119 15 janv. 17:38 s-agence.yml
+    - -rw-r--r--  1 root root  166 19 janv. 09:16 s-appli.yml
+    - -rw-r--r--  1 root root  182 19 janv. 09:16 s-backup.yml
+    - drwxr-xr-x  3 root root 4096 19 janv. 09:16 scripts
+    - -rw-r--r--  1 root root  213 15 janv. 17:38 s-docker.yml
+    - -rw-r--r--  1 root root  144 15 janv. 17:38 s-elk.yml
+    - -rw-r--r--  1 root root  178 19 janv. 09:16 s-fog-post.yml
+    - -rw-r--r--  1 root root  162 19 janv. 09:16 s-fog.yml
+    - -rw-r--r--  1 root root  199 19 janv. 09:16 s-infra.yml
+    - -rw-r--r--  1 root root  351 15 janv. 17:38 s-itil.yml
+    - -rw-r--r--  1 root root  185 19 janv. 09:16 s-kea1.yml
+    - -rw-r--r--  1 root root  174 19 janv. 09:16 s-kea2.yml
+    - -rw-r--r--  1 root root  131 19 janv. 09:16 s-lb-bd.yml
+    - -rw-r--r--  1 root root  127 19 janv. 09:16 s-lb-web1.yml
+    - -rw-r--r--  1 root root  127 19 janv. 09:16 s-lb-web2.yml
+    - -rw-r--r--  1 root root  145 19 janv. 09:16 s-lb.yml
+    - -rw-r--r--  1 root root  148 19 janv. 09:16 s-mess.yml
+    - -rw-r--r--  1 root root  241 19 janv. 09:16 s-mon.yml
+    - -rw-r--r--  1 root root  290 19 janv. 09:16 s-nas.yml
+    - -rw-r--r--  1 root root  156 15 janv. 17:38 s-nxc.yml
+    - -rw-r--r--  1 root root  140 15 janv. 17:38 s-peertube.yml
+    - -rw-r--r--  1 root root  148 19 janv. 09:16 s-proxy.yml
+    - -rw-r--r--  1 root root  161 15 janv. 17:38 s-test.yml
+    - drwxr-xr-x  3 root root 4096 15 janv. 17:38 sv
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 tests
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 vagrant
+    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 windows
+    - drwxr-xr-x  7 root root 4096 19 janv. 09:16 wireguard
+    stderr: []
+    timeout: 10000

wireguard/README.md

@@ -0,0 +1,18 @@
+# **Explication :** 
+
+Le dossier Wireguard comprend tous les tests de ping à effectuer une fois l'installation complète complète de wireguard. 
+
+Les dossiers présent dans ce dossier contiennent les routes qui doivent être présent sur nos différentes machines. Vous pouvez comparer les interface avec un "ip a" en cas de disfonctionnement. 
+
+# **Etapes pour lancer les tests:**
+
+Pour tester le bon fonctionnement du VPN et faire la phase de test, rendez vous sur la machine ou vous voulez faire les tests de ping (nous allons prendre ping-sinfra.sh comme exemple)
+
+* Mettez vous dans le dossier tools/ansible/gsb2024/wireguard
+
+* Lancer le script de s-infra : bash ping-sinfra.sh 
+
+Une fois lancer une série de ping vont se lancer automatiquement, si tout est bon le scipt devrait arrivé à sa fin. 
+Si toutefois un ping ne passe pas, le scipt vaa bloquer sur le ping qui est en cours d'éxécution ! 
+
+*Modification : jm*