actualisation test goss s-itil

2024-01-19 09:37:10 +01:00
19 changed files with 261 additions and 574 deletions
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # gsb2024
-2024-01-19 11h45 ps
+2024-01-17 18h04 ps
 Environnement et playbooks **ansible** pour le projet **GSB 2024**
@@ -23,8 +23,8 @@ Prérequis :
  * **r-ext** : routage, NAT
  * **s-proxy** : proxy **squid**
  * **s-itil** : serveur GLPI
-  * **s-backup** : DNS esclave + sauvegarde s-win (SMB), Stork et Gotify
+  * **s-backup** : DNS esclave + sauvegarde s-win (SMB)
-  * **s-mon** : supervision avec **Nagios4/Zabbix**, notifications et journald
+  * **s-mon** : supervision avec **Nagios4**, notifications et syslog
  * **s-fog** : deploiement postes de travail avec **FOG**
  * **s-win** : Windows Server 2019, AD, DNS, DHCP, partage fichiers
  * **s-nxc** : NextCloud avec **docker** via proxy inverse **traefik** et certificat auto-signé
--- a/goss/s-itil.yaml
+++ b/goss/s-itil.yaml
@@ -70,18 +70,3 @@ service:
    zabbix-agent:
        enabled: true
        running: true
 http:
    http://s-itil.gsb.lan/:
        status: 200
        allow-insecure: false
        no-follow-redirects: false
        timeout: 5000
        body: []
        username: glpi
        password: glpi
    http://s-itil.gsb.lan/glpicli:
        status: 200
        allow-insecure: false
        no-follow-redirects: false
        timeout: 5000
        body: []
--- a/goss/s-lb-bd.yaml
+++ b/goss/s-lb-bd.yaml
@@ -1,38 +1,21 @@
-addr:
+package:
-    tcp://192.168.102.1:80:
+  mysql-server:
-        reachable: true
+    installed: true
-        timeout: 500
+    versions:
-    tcp://192.168.102.2:80:
+    - 5.5.54-0+deb8u1
-        reachable: true
+command:
-        timeout: 500
+  egrep "#bind-address" /etc/mysql/my.cnf:
-service:
+    exit-status: 0
-    mariadb:
+    stdout:
-        enabled: true
+    - "#bind-address\t\t= 127.0.0.1"
-        running: true
+    stderr: []
-    mysql:
+    timeout: 10000
        enabled: true
        running: true
 user:
    mysql:
        exists: true
        uid: 104
        gid: 111
        groups:
            - mysql
        home: /nonexistent
        shell: /bin/false
 group:
    mysql:
        exists: true
        gid: 111
 interface:
  enp0s3:
    exists: true
    addrs:
-            - 192.168.99.154/24
+    - 192.168.99.13/24
        mtu: 1500
  enp0s8:
    exists: true
    addrs:
-            - 192.168.102.254/24
+    - 192.168.102.50/24
        mtu: 1500
--- a/goss/s-lb-web1.yaml
+++ b/goss/s-lb-web1.yaml
@@ -2,12 +2,20 @@ package:
  apache2:
    installed: true
    versions:
-            - 2.4.57-2
+    - 2.4.10-10+deb8u7
-    nfs-common:
+  php5:
    installed: true
    versions:
-            - 1:2.6.2-4
+    - 5.6.29+dfsg-0+deb8u1
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:22:
    listening: true
    ip:
    - '::'
  tcp6:80:
    listening: true
    ip:
@@ -16,47 +24,40 @@ service:
  apache2:
    enabled: true
    running: true
-    nfs-common:
+  sshd:
-        enabled: false
+    enabled: true
-        running: false
+    running: true
 user:
  sshd:
    exists: true
    uid: 105
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
 command:
  egrep 192.168.102.14:/export/www /etc/fstab:
    exit-status: 0
    stdout:
    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
    stderr: []
    timeout: 10000
 process:
  apache2:
    running: true
-mount:
+  sshd:
-    /var/www/html:
+    running: true
        exists: true
        opts:
            - rw
            - relatime
        vfs-opts:
            - rw
            - vers=4.2
            - rsize=131072
            - wsize=131072
            - namlen=255
            - hard
            - proto=tcp
            - timeo=600
            - retrans=2
            - sec=sys
            - clientaddr=192.168.102.1
            - local_lock=none
            - addr=192.168.102.253
        source: 192.168.102.253:/home/wordpress
        filesystem: nfs4
 interface:
  enp0s3:
    exists: true
    addrs:
-            - 192.168.99.101/24
+    - 192.168.99.11/24
        mtu: 1500
  enp0s8:
    exists: true
    addrs:
    - 192.168.101.1/24
        mtu: 1500
  enp0s9:
    exists: true
    addrs:
    - 192.168.102.1/24
        mtu: 1500
--- a/goss/s-lb-web2.yaml
+++ b/goss/s-lb-web2.yaml
@@ -2,12 +2,20 @@ package:
  apache2:
    installed: true
    versions:
-            - 2.4.57-2
+    - 2.4.10-10+deb8u7
-    nfs-common:
+  php5:
    installed: true
    versions:
-            - 1:2.6.2-4
+    - 5.6.29+dfsg-0+deb8u1
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:22:
    listening: true
    ip:
    - '::'
  tcp6:80:
    listening: true
    ip:
@@ -16,47 +24,40 @@ service:
  apache2:
    enabled: true
    running: true
-    nfs-common:
+  sshd:
-        enabled: false
+    enabled: true
-        running: false
+    running: true
 user:
  sshd:
    exists: true
    uid: 105
    gid: 65534
    groups:
    - nogroup
    home: /var/run/sshd
    shell: /usr/sbin/nologin
 command:
  egrep 192.168.102.14:/export/www /etc/fstab:
    exit-status: 0
    stdout:
    - 192.168.102.14:/export/www /var/www/html nfs _netdev rw 0 0
    stderr: []
    timeout: 10000
 process:
  apache2:
    running: true
-mount:
+  sshd:
-    /var/www/html:
+    running: true
        exists: true
        opts:
            - rw
            - relatime
        vfs-opts:
            - rw
            - vers=4.2
            - rsize=131072
            - wsize=131072
            - namlen=255
            - hard
            - proto=tcp
            - timeo=600
            - retrans=2
            - sec=sys
            - clientaddr=192.168.102.2
            - local_lock=none
            - addr=192.168.102.253
        source: 192.168.102.253:/home/wordpress
        filesystem: nfs4
 interface:
  enp0s3:
    exists: true
    addrs:
-            - 192.168.99.102/24
+    - 192.168.99.12/24
        mtu: 1500
  enp0s8:
    exists: true
    addrs:
    - 192.168.101.2/24
        mtu: 1500
  enp0s9:
    exists: true
    addrs:
    - 192.168.102.2/24
        mtu: 1500
--- a/goss/s-lb.yaml
+++ b/goss/s-lb.yaml
@@ -1,39 +1,14 @@
 package:
    haproxy:
        installed: true
        versions:
            - 2.6.12-1+deb12u1
 addr:
    tcp://192.168.101.1:80:
        reachable: true
        timeout: 500
    tcp://192.168.101.2:80:
        reachable: true
        timeout: 500
 port:
  tcp:80:
    listening: true
    ip:
-            - 192.168.100.10
+    - 192.168.100.11
 service:
  haproxy:
    enabled: true
    running: true
-user:
+  sshd:
-    haproxy:
+    enabled: true
        exists: true
        uid: 104
        gid: 111
        groups:
            - haproxy
        home: /var/lib/haproxy
        shell: /usr/sbin/nologin
 group:
    haproxy:
        exists: true
        gid: 111
 process:
    haproxy:
    running: true
 interface:
  enp0s3:
@@ -44,12 +19,10 @@ interface:
  enp0s8:
    exists: true
    addrs:
-            - 192.168.100.10/24
+    - 192.168.100.11/24
    mtu: 1500
  enp0s9:
    exists: true
    addrs:
    - 192.168.101.254/24
    mtu: 1500
 http:
    http://192.168.100.10/:
        status: 200
        allow-insecure: false
        no-follow-redirects: false
        timeout: 5000
        body: []
--- a/goss/s-mon.yaml
+++ b/goss/s-mon.yaml
@@ -1,61 +1,91 @@
 file:
    /etc/systemd/system/systemd-journal-remote.service:
        exists: true
        mode: "0644"
        owner: root
        group: root
        filetype: file
        contents: []
    /var/log/journal/remote:
        exists: true
        mode: "0755"
        owner: systemd-journal-remote
        group: systemd-journal-remote
        filetype: directory
        contents: []
 package:
  apache2:
    installed: true
-        versions:
+  zabbix-server-mysql:
-            - 2.4.57-2
+    installed: true
  zabbix-frontend-php:
    installed: true
  zabbix-apache-conf:
    installed: true
  zabbix-sql-scripts:
    installed: true
  zabbix-agent:
    installed: true
  mariadb-server:
    installed: true
-        versions:
+  python3-pymysql:
-            - 1:10.11.4-1~deb12u1
+    installed: true
  systemd-journal-remote:
    installed: true
-        versions:
+file:
-            - 252.19-1~deb12u1
+  /etc/systemd/system/systemd-journal-remote.service:
    exist: true
    mode: "0777"
    filetype: directory
  /var/log/journal/remote:
    exist: true
    mode: "0777"
    filetype: directory
 port:
  tcp:80:
    listening: true
    ip:
    - 0.0.0.0
  tcp:3306:
    listening: true
    ip:
    - 127.0.0.1
  tcp:10050:
    listening: true
    ip:
    - 0.0.0.0
  tcp:10051:
    listening: true
    ip:
    - 0.0.0.0
  tcp:19532:
    listening: true
    ip:
      - '*'
 service:
  apache2:
    enabled: true
    running: true
-    mariadb.service:
+  zabbix-server:
        enabled: true
        running: true
    systemd-journal-remote.socket:
    enabled: true
    running: true
  zabbix-agent:
    enabled: true
    running: true
-    zabbix-server:
+  systemd-journal-remote.socket:
    enabled: true
    running: true
 command:
  sysctl net.ipv4.ip_forward:
    exit-status: 0
    stdout:
    - net.ipv4.ip_forward = 0
    stderr: []
    timeout: 10000
 process:
  apache2:
    running: true
  zabbix_server:
    running: true
  mariadb:
    running: true
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.8/24
        mtu: 1500
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.8/24
        mtu: 1500
 http:
-    http://s-mon.gsb.lan/zabbix:
+  http://localhost/zabbix:
-        status: 200
+    status: 401
    allow-insecure: false
    no-follow-redirects: false
    timeout: 5000
--- a/goss/s-nas.yaml
+++ b/goss/s-nas.yaml
@@ -1,55 +0,0 @@
 file:
    /home/wordpress:
        exists: true
        mode: "0755"
        owner: www-data
        group: www-data
        filetype: directory
        contents: []
 package:
    file:
        installed: true
        versions:
            - 1:5.44-3
    nfs-common:
        installed: true
        versions:
            - 1:2.6.2-4
    nfs-kernel-server:
        installed: true
        versions:
            - 1:2.6.2-4
 addr:
    tcp://192.168.102.1:80:
        reachable: true
        timeout: 500
    tcp://192.168.102.2:80:
        reachable: true
        timeout: 500
 service:
    nfs-common:
        enabled: false
        running: false
    nfs-kernel-server:
        enabled: true
        running: true
    nfs-mountd:
        enabled: true
        running: true
    nfs-server:
        enabled: true
        running: true
    nfs-utils:
        enabled: true
        running: false
 interface:
    enp0s3:
        exists: true
        addrs:
            - 192.168.99.153/24
        mtu: 1500
    enp0s8:
        exists: true
        addrs:
            - 192.168.102.253/24
        mtu: 1500
--- a/goss/s-nxc.yaml
+++ b/goss/s-nxc.yaml
@@ -1,119 +0,0 @@
 file:
  /root/nxc:
    exists: true
    mode: "0755"
    size: 4096
    owner: root
    group: root
    filetype: directory
    contains: []
  /root/nxc/certs:
    exists: true
    mode: "0755"
    size: 4096
    owner: root
    group: root
    filetype: directory
    contains: []
  /root/nxc/config:
    exists: true
    mode: "0755"
    size: 4096
    owner: root
    group: root
    filetype: directory
    contains: []
  /root/nxc/config/dynamic.yml:
    exists: true
    mode: "0644"
    size: 415
    owner: root
    group: root
    filetype: file
    contains: []
  /root/nxc/config/static.yml:
    exists: true
    mode: "0644"
    size: 452
    owner: root
    group: root
    filetype: file
    contains: []
  /root/nxc/docker-compose.yml:
    exists: true
    mode: "0644"
    size: 2135
    owner: root
    group: root
    filetype: file
    contains: []
  /root/nxc/nxc-debug.sh:
    exists: true
    mode: "0755"
    size: 64
    owner: root
    group: root
    filetype: file
    contains: []
  /root/nxc/nxc-prune.sh:
    exists: true
    mode: "0755"
    size: 110
    owner: root
    group: root
    filetype: file
    contains: []
  /root/nxc/nxc-start.sh:
    exists: true
    mode: "0755"
    size: 34
    owner: root
    group: root
    filetype: file
    contains: []
  /root/nxc/nxc-stop.sh:
    exists: true
    mode: "0755"
    size: 32
    owner: root
    group: root
    filetype: file
    contains: []
  /usr/local/bin/mkcert:
    exists: true
    mode: "0755"
    size: 4788866
    owner: root
    group: root
    filetype: file
    contains: []
 addr:
  tcp://s-nxc.gsb.lan:8081:
    reachable: true
    timeout: 500
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp:80:
    listening: true
    ip: []
  tcp:443:
    listening: true
    ip: []
  tcp:8081:
    listening: true
    ip:
    - 0.0.0.0
 interface:
  enp0s3:
    exists: true
    addrs:
    - 192.168.99.7/24
    mtu: 1500
  enp0s8:
    exists: true
    addrs:
    - 172.16.0.7/24
    mtu: 1500
--- a/roles/dns-master/files/db.gsb.lan
+++ b/roles/dns-master/files/db.gsb.lan
@@ -5,7 +5,7 @@
 ;
 $TTL    604800
@       IN      SOA     s-infra.gsb.lan. root.s-infra.gsb.lan. (
-                        2024011900      ; Serial
+                        2024011800      ; Serial
                        7200	        ; Refresh
                        86400           ; Retry
                        8419200         ; Expire
@@ -16,11 +16,9 @@ $TTL    604800
@      	        IN      A       127.0.0.1
@       	IN      AAAA    ::1
 s-infra  	IN      A       172.16.0.1
 s-backup        IN      A	172.16.0.4
 s-proxy         IN      A       172.16.0.2
 s-appli    	IN      A       172.16.0.3
 s-backup        IN      A	172.16.0.4
 s-stork         IN      A	172.16.0.4
 s-gotify        IN      A	172.16.0.4
 s-win    	IN      A       172.16.0.6
 s-mess   	IN      A       172.16.0.7
 s-nxc		IN	A	172.16.0.7
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -5,12 +5,9 @@
    dest: /usr/local/bin
 - name: on verifie si docker est installe
-  stat:
+  command: which docker
    path: /usr/bin/docker
 # command: which docker
  register: docker_present
 - name: Execution du script getdocker si docker n'est pas deja installe
  shell: bash /usr/local/bin/getdocker.sh
-  #when: docker_present.stdout.find('/usr/bin/docker') == -1
+  when: docker_present.stdout.find('/usr/bin/docker') == -1
  when: not docker_present.stat.exists
--- a/roles/nxc-traefik/tasks/main.yml
+++ b/roles/nxc-traefik/tasks/main.yml
@@ -75,8 +75,7 @@
 - name: création du réseau proxy
  command: docker network create proxy
-#  when: net_proxy.stdout.find('proxy') == -1
+  when: net_proxy.stdout.find('proxy') == -1
  when: "'proxy' not in net_proxy.stdout"
    #- name: Démarrage du docker-compose...
    #command: /bin/bash docker-compose up -d
--- a/roles/zabbix-cli/tasks/main.yml
+++ b/roles/zabbix-cli/tasks/main.yml
@@ -28,6 +28,3 @@
        state: restarted
        enabled: yes
    - name: remonter les machines 
      command: curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "s-adm","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "a44e2a4977d61a869437739cb6086ae42f4b9937fbb96aed24bbad028469a1cf","id": 1}' http://192.168.99.8/zabbix/api_jsonrpc.php
--- a/s-lb-web1.yml
+++ b/s-lb-web1.yml
@@ -4,7 +4,6 @@
  roles:
    - base
    - goss
    - post-lb
    - lb-web
      # - zabbix-cli
--- a/s-lb-web2.yml
+++ b/s-lb-web2.yml
@@ -4,7 +4,6 @@
  roles:
    - base
    - goss
    - post-lb
    - lb-web
      # - zabbix-cli
--- a/s-nas.yml
+++ b/s-nas.yml
@@ -9,7 +9,6 @@
  roles:
    - base
    - goss
      #- zabbix-cli
    - lb-nfs-server
    - ssh-cli
--- a/s-nxc.yaml
+++ b/s-nxc.yaml
@@ -1,55 +0,0 @@
 command:
  ls -l .:
    exit-status: 0
    stdout:
    - total 200
    - -rwxr-xr-x  1 root root  232 15 janv. 17:38 agoss
    - -rw-r--r--  1 root root  212 15 janv. 17:38 changelog
    - drwxr-xr-x  3 root root 4096 15 janv. 17:38 doc
    - drwxr-xr-x  2 root root 4096 19 janv. 10:50 goss
    - -rwxr-xr-x  1 root root  209 15 janv. 17:38 gsbchk
    - -rwxr-xr-x  1 root root 7174 15 janv. 17:38 gsbstart
    - -rwxr-xr-x  1 root root  728 15 janv. 17:38 gsbstartl
    - -rw-r--r--  1 root root  289 15 janv. 17:38 lisezmoi.txt
    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 old
    - drwxr-xr-x  2 root root 4096 19 janv. 09:16 pre
    - -rw-r--r--  1 root root  477 19 janv. 09:16 pull-config
    - -rw-r--r--  1 root root 5070 19 janv. 09:16 README.md
    - -rw-r--r--  1 root root  141 15 janv. 17:38 r-ext.yml
    - -rw-r--r--  1 root root  151 15 janv. 17:38 r-int.yml
    - drwxr-xr-x 55 root root 4096 19 janv. 09:16 roles
    - -rw-r--r--  1 root root  177 15 janv. 17:38 r-vp1-fw.yml
    - -rw-r--r--  1 root root  259 15 janv. 17:38 r-vp1.yml
    - -rw-r--r--  1 root root  173 15 janv. 17:38 r-vp2-fw.yml
    - -rw-r--r--  1 root root  305 15 janv. 17:38 r-vp2.yml
    - -rw-r--r--  1 root root  181 19 janv. 09:16 s-adm.yml
    - -rw-r--r--  1 root root  119 15 janv. 17:38 s-agence.yml
    - -rw-r--r--  1 root root  166 19 janv. 09:16 s-appli.yml
    - -rw-r--r--  1 root root  182 19 janv. 09:16 s-backup.yml
    - drwxr-xr-x  3 root root 4096 19 janv. 09:16 scripts
    - -rw-r--r--  1 root root  213 15 janv. 17:38 s-docker.yml
    - -rw-r--r--  1 root root  144 15 janv. 17:38 s-elk.yml
    - -rw-r--r--  1 root root  178 19 janv. 09:16 s-fog-post.yml
    - -rw-r--r--  1 root root  162 19 janv. 09:16 s-fog.yml
    - -rw-r--r--  1 root root  199 19 janv. 09:16 s-infra.yml
    - -rw-r--r--  1 root root  351 15 janv. 17:38 s-itil.yml
    - -rw-r--r--  1 root root  185 19 janv. 09:16 s-kea1.yml
    - -rw-r--r--  1 root root  174 19 janv. 09:16 s-kea2.yml
    - -rw-r--r--  1 root root  131 19 janv. 09:16 s-lb-bd.yml
    - -rw-r--r--  1 root root  127 19 janv. 09:16 s-lb-web1.yml
    - -rw-r--r--  1 root root  127 19 janv. 09:16 s-lb-web2.yml
    - -rw-r--r--  1 root root  145 19 janv. 09:16 s-lb.yml
    - -rw-r--r--  1 root root  148 19 janv. 09:16 s-mess.yml
    - -rw-r--r--  1 root root  241 19 janv. 09:16 s-mon.yml
    - -rw-r--r--  1 root root  290 19 janv. 09:16 s-nas.yml
    - -rw-r--r--  1 root root  156 15 janv. 17:38 s-nxc.yml
    - -rw-r--r--  1 root root  140 15 janv. 17:38 s-peertube.yml
    - -rw-r--r--  1 root root  148 19 janv. 09:16 s-proxy.yml
    - -rw-r--r--  1 root root  161 15 janv. 17:38 s-test.yml
    - drwxr-xr-x  3 root root 4096 15 janv. 17:38 sv
    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 tests
    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 vagrant
    - drwxr-xr-x  2 root root 4096 15 janv. 17:38 windows
    - drwxr-xr-x  7 root root 4096 19 janv. 09:16 wireguard
    stderr: []
    timeout: 10000
--- a/scripts/r-vp1-post.sh
+++ b/scripts/r-vp1-post.sh
@@ -1,32 +1,5 @@
-!/bin/bash
+#!/bin/bash
 #Ancien scipt 2023
 #stoper le fw
 #systemctl stop ferm
 #ouverture du service web pour copie distante
 #cd /root/confwg/ && python3 -m http.server 8000 &
 #Script 2024
 # Fonction pour arrêter le serveur web
 stop_server() {
    echo "Arrêt du serveur et démarrage de ferm..."
    pkill -f "python3 -m http.server"
 }
 # Stopper le ferm
 systemctl stop ferm
-
+#ouverture du service web pour copie distante
 # Ouverture du service web pour copie distante
 cd /root/confwg/ && python3 -m http.server 8000 &
 echo "Ouverture du serveur"
 # Timer pour récupéré le fichier avant de fermer le serveur python
 sleep 120
 #Appel de la fonction stop-serveur
 stop_server
--- a/wireguard/README.md
+++ b/wireguard/README.md
@@ -1,18 +0,0 @@
 # **Explication :** 
 Le dossier Wireguard comprend tous les tests de ping à effectuer une fois l'installation complète complète de wireguard. 
 Les dossiers présent dans ce dossier contiennent les routes qui doivent être présent sur nos différentes machines. Vous pouvez comparer les interface avec un "ip a" en cas de disfonctionnement. 
 # **Etapes pour lancer les tests:**
 Pour tester le bon fonctionnement du VPN et faire la phase de test, rendez vous sur la machine ou vous voulez faire les tests de ping (nous allons prendre ping-sinfra.sh comme exemple)
 * Mettez vous dans le dossier tools/ansible/gsb2024/wireguard
 * Lancer le script de s-infra : bash ping-sinfra.sh 
 Une fois lancer une série de ping vont se lancer automatiquement, si tout est bon le scipt devrait arrivé à sa fin. 
 Si toutefois un ping ne passe pas, le scipt vaa bloquer sur le ping qui est en cours d'éxécution ! 
 *Modification : jm*