actualisation test goss s-itil

README.md

@@ -1,6 +1,6 @@
 # gsb2024
 
-2024-01-19 11h45 ps
+2024-01-17 18h04 ps
 
 Environnement et playbooks **ansible** pour le projet **GSB 2024**
 
@@ -23,8 +23,8 @@ Prérequis :
   * **r-ext** : routage, NAT
   * **s-proxy** : proxy **squid**
   * **s-itil** : serveur GLPI
-  * **s-backup** : DNS esclave + sauvegarde s-win (SMB), Stork et Gotify
+  * **s-backup** : DNS esclave + sauvegarde s-win (SMB)
-  * **s-mon** : supervision avec **Nagios4/Zabbix**, notifications et journald
+  * **s-mon** : supervision avec **Nagios4**, notifications et syslog
   * **s-fog** : deploiement postes de travail avec **FOG**
   * **s-win** : Windows Server 2019, AD, DNS, DHCP, partage fichiers
   * **s-nxc** : NextCloud avec **docker** via proxy inverse **traefik** et certificat auto-signé

goss/s-itil.yaml

@@ -70,18 +70,3 @@ service:
     zabbix-agent:
         enabled: true
         running: true
-http:
-    http://s-itil.gsb.lan/:
-        status: 200
-        allow-insecure: false
-        no-follow-redirects: false
-        timeout: 5000
-        body: []
-        username: glpi
-        password: glpi
-    http://s-itil.gsb.lan/glpicli:
-        status: 200
-        allow-insecure: false
-        no-follow-redirects: false
-        timeout: 5000
-        body: []

goss/s-lb-bd.yaml

@@ -1,38 +1,21 @@
-addr:
+package:
-    tcp://192.168.102.1:80:
+  mysql-server:
-        reachable: true
+    installed: true
-        timeout: 500
+    versions:
-    tcp://192.168.102.2:80:
+    - 5.5.54-0+deb8u1
-        reachable: true
+command:
-        timeout: 500
+  egrep "#bind-address" /etc/mysql/my.cnf:
-service:
+    exit-status: 0
-    mariadb:
+    stdout:
-        enabled: true
+    - "#bind-address\t\t= 127.0.0.1"
-        running: true
+    stderr: []
-    mysql:
+    timeout: 10000
-        enabled: true
-        running: true
-user:
-    mysql:
-        exists: true
-        uid: 104
-        gid: 111
-        groups:
-            - mysql
-        home: /nonexistent
-        shell: /bin/false
-group:
-    mysql:
-        exists: true
-        gid: 111
 interface:
   enp0s3:
     exists: true
     addrs:
-            - 192.168.99.154/24
+    - 192.168.99.13/24
-        mtu: 1500
   enp0s8:
     exists: true
     addrs:
-            - 192.168.102.254/24
+    - 192.168.102.50/24
-        mtu: 1500

goss/s-lb-web1.yaml

@@ -2,12 +2,20 @@ package:
   apache2:
     installed: true
     versions:
-            - 2.4.57-2
+    - 2.4.10-10+deb8u7
-    nfs-common:
+  php5:
     installed: true
     versions:
-            - 1:2.6.2-4
+    - 5.6.29+dfsg-0+deb8u1
 port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp6:22:
+    listening: true
+    ip:
+    - '::'
   tcp6:80:
     listening: true
     ip:
@@ -16,47 +24,40 @@ service:
   apache2:
     enabled: true
     running: true
-    nfs-common:
+  sshd:
-        enabled: false
+    enabled: true
-        running: false
+    running: true
+user:
+  sshd:
+    exists: true
+    uid: 105
+    gid: 65534
+    groups:
+    - nogroup
+    home: /var/run/sshd
+    shell: /usr/sbin/nologin
+command:
+  egrep 192.168.102.14:/export/www /etc/fstab:
+    exit-status: 0
+    stdout:
+    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
+    stderr: []
+    timeout: 10000
 process:
   apache2:
     running: true
-mount:
+  sshd:
-    /var/www/html:
+    running: true
-        exists: true
-        opts:
-            - rw
-            - relatime
-        vfs-opts:
-            - rw
-            - vers=4.2
-            - rsize=131072
-            - wsize=131072
-            - namlen=255
-            - hard
-            - proto=tcp
-            - timeo=600
-            - retrans=2
-            - sec=sys
-            - clientaddr=192.168.102.1
-            - local_lock=none
-            - addr=192.168.102.253
-        source: 192.168.102.253:/home/wordpress
-        filesystem: nfs4
 interface:
   enp0s3:
     exists: true
     addrs:
-            - 192.168.99.101/24
+    - 192.168.99.11/24
-        mtu: 1500
   enp0s8:
     exists: true
     addrs:
     - 192.168.101.1/24
-        mtu: 1500
   enp0s9:
     exists: true
     addrs:
     - 192.168.102.1/24
-        mtu: 1500

goss/s-lb-web2.yaml

@@ -2,12 +2,20 @@ package:
   apache2:
     installed: true
     versions:
-            - 2.4.57-2
+    - 2.4.10-10+deb8u7
-    nfs-common:
+  php5:
     installed: true
     versions:
-            - 1:2.6.2-4
+    - 5.6.29+dfsg-0+deb8u1
 port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp6:22:
+    listening: true
+    ip:
+    - '::'
   tcp6:80:
     listening: true
     ip:
@@ -16,47 +24,40 @@ service:
   apache2:
     enabled: true
     running: true
-    nfs-common:
+  sshd:
-        enabled: false
+    enabled: true
-        running: false
+    running: true
+user:
+  sshd:
+    exists: true
+    uid: 105
+    gid: 65534
+    groups:
+    - nogroup
+    home: /var/run/sshd
+    shell: /usr/sbin/nologin
+command:
+  egrep 192.168.102.14:/export/www /etc/fstab:
+    exit-status: 0
+    stdout:
+    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
+    stderr: []
+    timeout: 10000
 process:
   apache2:
     running: true
-mount:
+  sshd:
-    /var/www/html:
+    running: true
-        exists: true
-        opts:
-            - rw
-            - relatime
-        vfs-opts:
-            - rw
-            - vers=4.2
-            - rsize=131072
-            - wsize=131072
-            - namlen=255
-            - hard
-            - proto=tcp
-            - timeo=600
-            - retrans=2
-            - sec=sys
-            - clientaddr=192.168.102.2
-            - local_lock=none
-            - addr=192.168.102.253
-        source: 192.168.102.253:/home/wordpress
-        filesystem: nfs4
 interface:
   enp0s3:
     exists: true
     addrs:
-            - 192.168.99.102/24
+    - 192.168.99.12/24
-        mtu: 1500
   enp0s8:
     exists: true
     addrs:
     - 192.168.101.2/24
-        mtu: 1500
   enp0s9:
     exists: true
     addrs:
     - 192.168.102.2/24
-        mtu: 1500

goss/s-lb.yaml

@@ -1,39 +1,14 @@
-package:
-    haproxy:
-        installed: true
-        versions:
-            - 2.6.12-1+deb12u1
-addr:
-    tcp://192.168.101.1:80:
-        reachable: true
-        timeout: 500
-    tcp://192.168.101.2:80:
-        reachable: true
-        timeout: 500
 port:
   tcp:80:
     listening: true
     ip:
-            - 192.168.100.10
+    - 192.168.100.11
 service:
   haproxy:
     enabled: true
     running: true
-user:
+  sshd:
-    haproxy:
+    enabled: true
-        exists: true
-        uid: 104
-        gid: 111
-        groups:
-            - haproxy
-        home: /var/lib/haproxy
-        shell: /usr/sbin/nologin
-group:
-    haproxy:
-        exists: true
-        gid: 111
-process:
-    haproxy:
     running: true
 interface:
   enp0s3:
@@ -44,12 +19,10 @@ interface:
   enp0s8:
     exists: true
     addrs:
-            - 192.168.100.10/24
+    - 192.168.100.11/24
+    mtu: 1500
+  enp0s9:
+    exists: true
+    addrs:
+    - 192.168.101.254/24
     mtu: 1500
-http:
-    http://192.168.100.10/:
-        status: 200
-        allow-insecure: false
-        no-follow-redirects: false
-        timeout: 5000
-        body: []

goss/s-nas.yaml

@@ -1,55 +0,0 @@
-file:
-    /home/wordpress:
-        exists: true
-        mode: "0755"
-        owner: www-data
-        group: www-data
-        filetype: directory
-        contents: []
-package:
-    file:
-        installed: true
-        versions:
-            - 1:5.44-3
-    nfs-common:
-        installed: true
-        versions:
-            - 1:2.6.2-4
-    nfs-kernel-server:
-        installed: true
-        versions:
-            - 1:2.6.2-4
-addr:
-    tcp://192.168.102.1:80:
-        reachable: true
-        timeout: 500
-    tcp://192.168.102.2:80:
-        reachable: true
-        timeout: 500
-service:
-    nfs-common:
-        enabled: false
-        running: false
-    nfs-kernel-server:
-        enabled: true
-        running: true
-    nfs-mountd:
-        enabled: true
-        running: true
-    nfs-server:
-        enabled: true
-        running: true
-    nfs-utils:
-        enabled: true
-        running: false
-interface:
-    enp0s3:
-        exists: true
-        addrs:
-            - 192.168.99.153/24
-        mtu: 1500
-    enp0s8:
-        exists: true
-        addrs:
-            - 192.168.102.253/24
-        mtu: 1500

roles/dns-master/files/db.gsb.lan

@@ -5,7 +5,7 @@
 ;
 $TTL    604800
 @       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011900      ; Serial
+                        2024011800      ; Serial
                         7200	        ; Refresh
                         86400           ; Retry
                         8419200         ; Expire
@@ -16,11 +16,9 @@ $TTL    604800
 @      	        IN      A       127.0.0.1
 @       	IN      AAAA    ::1
 s-infra  	IN      A       172.16.0.1
+s-backup        IN      A	172.16.0.4
 s-proxy         IN      A       172.16.0.2
 s-appli    	IN      A       172.16.0.3
-s-backup        IN      A	172.16.0.4
-s-stork         IN      A	172.16.0.4
-s-gotify        IN      A	172.16.0.4
 s-win    	IN      A       172.16.0.6
 s-mess   	IN      A       172.16.0.7
 s-nxc		IN	A	172.16.0.7

roles/docker/tasks/main.yml

@@ -5,12 +5,9 @@
     dest: /usr/local/bin
 
 - name: on verifie si docker est installe
-  stat:
+  command: which docker
-    path: /usr/bin/docker
-# command: which docker
   register: docker_present
 
 - name: Execution du script getdocker si docker n'est pas deja installe
   shell: bash /usr/local/bin/getdocker.sh
-  #when: docker_present.stdout.find('/usr/bin/docker') == -1
+  when: docker_present.stdout.find('/usr/bin/docker') == -1
-  when: not docker_present.stat.exists

roles/nxc-traefik/tasks/main.yml

@@ -75,8 +75,7 @@
 
 - name: création du réseau proxy
   command: docker network create proxy
-#  when: net_proxy.stdout.find('proxy') == -1
+  when: net_proxy.stdout.find('proxy') == -1
-  when: "'proxy' not in net_proxy.stdout"
 
     #- name: Démarrage du docker-compose...
     #command: /bin/bash docker-compose up -d

s-lb-web1.yml

@@ -4,7 +4,6 @@
 
   roles:
     - base
-    - goss
     - post-lb
     - lb-web
       # - zabbix-cli

s-lb-web2.yml

@@ -4,7 +4,6 @@
 
   roles:
     - base
-    - goss
     - post-lb
     - lb-web
       # - zabbix-cli

s-nas.yml

@@ -9,7 +9,6 @@
     
   roles:
     - base
-    - goss
       #- zabbix-cli
     - lb-nfs-server
     - ssh-cli

scripts/r-vp1-post.sh

@@ -1,32 +1,5 @@
-!/bin/bash
+#!/bin/bash
-
-#Ancien scipt 2023
 #stoper le fw
-#systemctl stop ferm
-#ouverture du service web pour copie distante
-#cd /root/confwg/ && python3 -m http.server 8000 &
-
-
-
-#Script 2024
-
-# Fonction pour arrêter le serveur web
-stop_server() {
-    echo "Arrêt du serveur et démarrage de ferm..."
-    pkill -f "python3 -m http.server"
-}
-
-# Stopper le ferm
 systemctl stop ferm
-
+#ouverture du service web pour copie distante
-# Ouverture du service web pour copie distante
 cd /root/confwg/ && python3 -m http.server 8000 &
-
-echo "Ouverture du serveur"
-
-# Timer pour récupéré le fichier avant de fermer le serveur python
-sleep 120
-
-#Appel de la fonction stop-serveur
-stop_server
-