Maj README.md

ajout entrees DNS s-stork et s-gotify
maj goss lb
2024-01-19 11:53:02 +01:00 · 2024-01-19 11:48:33 +01:00 · 2024-01-19 10:47:31 +01:00
10 changed files with 268 additions and 166 deletions
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # gsb2024
-2024-01-17 18h04 ps
+2024-01-19 11h45 ps
 Environnement et playbooks **ansible** pour le projet **GSB 2024**
@ -23,8 +23,8 @@ Prérequis :
  * **r-ext** : routage, NAT
  * **s-proxy** : proxy **squid**
  * **s-itil** : serveur GLPI
-  * **s-backup** : DNS esclave + sauvegarde s-win (SMB)
+  * **s-backup** : DNS esclave + sauvegarde s-win (SMB), Stork et Gotify
-  * **s-mon** : supervision avec **Nagios4**, notifications et syslog
+  * **s-mon** : supervision avec **Nagios4/Zabbix**, notifications et journald
  * **s-fog** : deploiement postes de travail avec **FOG**
  * **s-win** : Windows Server 2019, AD, DNS, DHCP, partage fichiers
  * **s-nxc** : NextCloud avec **docker** via proxy inverse **traefik** et certificat auto-signé
--- a/goss/s-lb-bd.yaml
+++ b/goss/s-lb-bd.yaml
@ -1,21 +1,38 @@
-package:
+addr:
-  mysql-server:
+    tcp://192.168.102.1:80:
-    installed: true
+        reachable: true
-    versions:
+        timeout: 500
-    - 5.5.54-0+deb8u1
+    tcp://192.168.102.2:80:
-command:
+        reachable: true
-  egrep "#bind-address" /etc/mysql/my.cnf:
+        timeout: 500
-    exit-status: 0
+service:
-    stdout:
+    mariadb:
-    - "#bind-address\t\t= 127.0.0.1"
+        enabled: true
-    stderr: []
+        running: true
-    timeout: 10000
+    mysql:
        enabled: true
        running: true
 user:
    mysql:
        exists: true
        uid: 104
        gid: 111
        groups:
            - mysql
        home: /nonexistent
        shell: /bin/false
 group:
    mysql:
        exists: true
        gid: 111
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.13/24
+            - 192.168.99.154/24
-  enp0s8:
+        mtu: 1500
-    exists: true
+    enp0s8:
-    addrs:
+        exists: true
-    - 192.168.102.50/24
+        addrs:
            - 192.168.102.254/24
        mtu: 1500
--- a/goss/s-lb-web1.yaml
+++ b/goss/s-lb-web1.yaml
@ -1,63 +1,62 @@
 package:
-  apache2:
+    apache2:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.10-10+deb8u7
+            - 2.4.57-2
-  php5:
+    nfs-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 5.6.29+dfsg-0+deb8u1
+            - 1:2.6.2-4
 port:
-  tcp:22:
+    tcp6:80:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 0.0.0.0
+            - '::'
  tcp6:22:
    listening: true
    ip:
    - '::'
  tcp6:80:
    listening: true
    ip:
    - '::'
 service:
-  apache2:
+    apache2:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  sshd:
+    nfs-common:
-    enabled: true
+        enabled: false
-    running: true
+        running: false
 user:
  sshd:
    exists: true
    uid: 105
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
 command:
  egrep 192.168.102.14:/export/www /etc/fstab:
    exit-status: 0
    stdout:
    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
    stderr: []
    timeout: 10000
 process:
-  apache2:
+    apache2:
-    running: true
+        running: true
-  sshd:
+mount:
-    running: true
+    /var/www/html:
        exists: true
        opts:
            - rw
            - relatime
        vfs-opts:
            - rw
            - vers=4.2
            - rsize=131072
            - wsize=131072
            - namlen=255
            - hard
            - proto=tcp
            - timeo=600
            - retrans=2
            - sec=sys
            - clientaddr=192.168.102.1
            - local_lock=none
            - addr=192.168.102.253
        source: 192.168.102.253:/home/wordpress
        filesystem: nfs4
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.11/24
+            - 192.168.99.101/24
-  enp0s8:
+        mtu: 1500
-    exists: true
+    enp0s8:
-    addrs:
+        exists: true
-    - 192.168.101.1/24
+        addrs:
-  enp0s9:
+            - 192.168.101.1/24
-    exists: true
+        mtu: 1500
-    addrs:
+    enp0s9:
-    - 192.168.102.1/24
+        exists: true
        addrs:
            - 192.168.102.1/24
        mtu: 1500
--- a/goss/s-lb-web2.yaml
+++ b/goss/s-lb-web2.yaml
@ -1,63 +1,62 @@
 package:
-  apache2:
+    apache2:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.10-10+deb8u7
+            - 2.4.57-2
-  php5:
+    nfs-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 5.6.29+dfsg-0+deb8u1
+            - 1:2.6.2-4
 port:
-  tcp:22:
+    tcp6:80:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 0.0.0.0
+            - '::'
  tcp6:22:
    listening: true
    ip:
    - '::'
  tcp6:80:
    listening: true
    ip:
    - '::'
 service:
-  apache2:
+    apache2:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  sshd:
+    nfs-common:
-    enabled: true
+        enabled: false
-    running: true
+        running: false
 user:
  sshd:
    exists: true
    uid: 105
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
 command:
  egrep 192.168.102.14:/export/www /etc/fstab:
    exit-status: 0
    stdout:
    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
    stderr: []
    timeout: 10000
 process:
-  apache2:
+    apache2:
-    running: true
+        running: true
-  sshd:
+mount:
-    running: true
+    /var/www/html:
        exists: true
        opts:
            - rw
            - relatime
        vfs-opts:
            - rw
            - vers=4.2
            - rsize=131072
            - wsize=131072
            - namlen=255
            - hard
            - proto=tcp
            - timeo=600
            - retrans=2
            - sec=sys
            - clientaddr=192.168.102.2
            - local_lock=none
            - addr=192.168.102.253
        source: 192.168.102.253:/home/wordpress
        filesystem: nfs4
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.12/24
+            - 192.168.99.102/24
-  enp0s8:
+        mtu: 1500
-    exists: true
+    enp0s8:
-    addrs:
+        exists: true
-    - 192.168.101.2/24
+        addrs:
-  enp0s9:
+            - 192.168.101.2/24
-    exists: true
+        mtu: 1500
-    addrs:
+    enp0s9:
-    - 192.168.102.2/24
+        exists: true
        addrs:
            - 192.168.102.2/24
        mtu: 1500
--- a/goss/s-lb.yaml
+++ b/goss/s-lb.yaml
@ -1,28 +1,55 @@
 package:
    haproxy:
        installed: true
        versions:
            - 2.6.12-1+deb12u1
 addr:
    tcp://192.168.101.1:80:
        reachable: true
        timeout: 500
    tcp://192.168.101.2:80:
        reachable: true
        timeout: 500
 port:
-  tcp:80:
+    tcp:80:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 192.168.100.11
+            - 192.168.100.10
 service:
-  haproxy:
+    haproxy:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  sshd:
+user:
-    enabled: true
+    haproxy:
-    running: true
+        exists: true
        uid: 104
        gid: 111
        groups:
            - haproxy
        home: /var/lib/haproxy
        shell: /usr/sbin/nologin
 group:
    haproxy:
        exists: true
        gid: 111
 process:
    haproxy:
        running: true
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.100/24
+            - 192.168.99.100/24
-    mtu: 1500
+        mtu: 1500
-  enp0s8:
+    enp0s8:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.100.11/24
+            - 192.168.100.10/24
-    mtu: 1500
+        mtu: 1500
-  enp0s9:
+http:
-    exists: true
+    http://192.168.100.10/:
-    addrs:
+        status: 200
-    - 192.168.101.254/24
+        allow-insecure: false
-    mtu: 1500
+        no-follow-redirects: false
        timeout: 5000
        body: []
--- a/goss/s-nas.yaml
+++ b/goss/s-nas.yaml
@ -0,0 +1,55 @@
 file:
    /home/wordpress:
        exists: true
        mode: "0755"
        owner: www-data
        group: www-data
        filetype: directory
        contents: []
 package:
    file:
        installed: true
        versions:
            - 1:5.44-3
    nfs-common:
        installed: true
        versions:
            - 1:2.6.2-4
    nfs-kernel-server:
        installed: true
        versions:
            - 1:2.6.2-4
 addr:
    tcp://192.168.102.1:80:
        reachable: true
        timeout: 500
    tcp://192.168.102.2:80:
        reachable: true
        timeout: 500
 service:
    nfs-common:
        enabled: false
        running: false
    nfs-kernel-server:
        enabled: true
        running: true
    nfs-mountd:
        enabled: true
        running: true
    nfs-server:
        enabled: true
        running: true
    nfs-utils:
        enabled: true
        running: false
 interface:
    enp0s3:
        exists: true
        addrs:
            - 192.168.99.153/24
        mtu: 1500
    enp0s8:
        exists: true
        addrs:
            - 192.168.102.253/24
        mtu: 1500
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@ -5,7 +5,7 @@
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011800      ; Serial
+                        2024011900      ; Serial
                        7200	        ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
@ -16,9 +16,11 @@ $TTL    604800
@      	        IN      A       127.0.0.1
@       	IN      AAAA    ::1
 s-infra  	IN      A       172.16.0.1
 s-backup        IN      A	172.16.0.4
 s-proxy         IN      A       172.16.0.2
 s-appli    	IN      A       172.16.0.3
 s-backup        IN      A	172.16.0.4
 s-stork         IN      A	172.16.0.4
 s-gotify        IN      A	172.16.0.4
 s-win    	IN      A       172.16.0.6
 s-mess   	IN      A       172.16.0.7
 s-nxc		IN	A	172.16.0.7
--- a/s-lb-web1.yml
+++ b/s-lb-web1.yml
@ -4,6 +4,7 @@
  roles:
    - base
    - goss
    - post-lb
    - lb-web
      # - zabbix-cli
--- a/s-lb-web2.yml
+++ b/s-lb-web2.yml
@ -4,6 +4,7 @@
  roles:
    - base
    - goss
    - post-lb
    - lb-web
      # - zabbix-cli
--- a/s-nas.yml
+++ b/s-nas.yml
@ -9,6 +9,7 @@
  roles:
    - base
    - goss
      #- zabbix-cli
    - lb-nfs-server
    - ssh-cli
Author	SHA1	Message	Date
sio user	21ee40ab59	Maj README.md	2024-01-19 11:53:02 +01:00
sio user	d393b1eebe	ajout entrees DNS s-stork et s-gotify	2024-01-19 11:48:33 +01:00
Jimmy Chevanne	bff32cd191	maj goss lb	2024-01-19 10:47:31 +01:00