ajout role kea + s-kea1-ps.yml

goss/s-kea1.yaml

@@ -0,0 +1,90 @@
+file:
+  /etc/kea/kea-ctrl-agent.conf:
+    exists: true
+    mode: "0644"
+    size: 2470
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /etc/kea/kea-dhcp4.conf:
+    exists: true
+    mode: "0644"
+    size: 11346
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /tmp/kea4-ctrl-socket:
+    exists: true
+    mode: "0755"
+    size: 0
+    owner: _kea
+    group: _kea
+    filetype: socket
+    contains: []
+  /usr/local/lib/kea:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+package:
+  isc-kea-common:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-ctrl-agent:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-dhcp4:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-hooks:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  libmariadb3:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mariadb-common:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mysql-common:
+    installed: true
+    versions:
+    - 5.8+1.1.0
+port:
+  tcp:8000:
+    listening: true
+    ip:
+    - 172.16.64.20
+service:
+  isc-kea-ctrl-agent.service:
+    enabled: true
+    running: true
+  isc-kea-dhcp4-server.service:
+    enabled: true
+    running: true
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.20/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.20/24
+    mtu: 1500
+  enp0s9:
+    exists: true
+    addrs:
+    - 172.16.64.20/24
+    mtu: 1500

goss/s-kea2.yaml

@@ -0,0 +1,90 @@
+file:
+  /etc/kea/kea-ctrl-agent.conf:
+    exists: true
+    mode: "0644"
+    size: 2470
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /etc/kea/kea-dhcp4.conf:
+    exists: true
+    mode: "0644"
+    size: 11346
+    owner: _kea
+    group: root
+    filetype: file
+    contains: []
+  /tmp/kea4-ctrl-socket:
+    exists: true
+    mode: "0755"
+    size: 0
+    owner: _kea
+    group: _kea
+    filetype: socket
+    contains: []
+  /usr/local/lib/kea:
+    exists: true
+    mode: "0755"
+    size: 4096
+    owner: root
+    group: root
+    filetype: directory
+    contains: []
+package:
+  isc-kea-common:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-ctrl-agent:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-dhcp4:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  isc-kea-hooks:
+    installed: true
+    versions:
+    - 2.4.1-isc20231123184533
+  libmariadb3:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mariadb-common:
+    installed: true
+    versions:
+    - 1:10.11.4-1~deb12u1
+  mysql-common:
+    installed: true
+    versions:
+    - 5.8+1.1.0
+port:
+  tcp:8000:
+    listening: true
+    ip:
+    - 172.16.64.21
+service:
+  isc-kea-ctrl-agent.service:
+    enabled: true
+    running: true
+  isc-kea-dhcp4-server.service:
+    enabled: true
+    running: true
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.99.21/24
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 172.16.0.21/24
+    mtu: 1500
+  enp0s9:
+    exists: true
+    addrs:
+    - 172.16.64.21/24
+    mtu: 1500

goss/s-nxc.yaml

@@ -2,118 +2,144 @@ file:
   /root/nxc:
     exists: true
     mode: "0755"
-    size: 4096
+      #size: 4096
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: directory
     contains: []
+
   /root/nxc/certs:
     exists: true
     mode: "0755"
-    size: 4096
+      #size: 4096
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: directory
     contains: []
+
   /root/nxc/config:
     exists: true
     mode: "0755"
-    size: 4096
+      #size: 4096
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: directory
     contains: []
+
   /root/nxc/config/dynamic.yml:
     exists: true
     mode: "0644"
-    size: 415
+      #size: 415
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /root/nxc/config/static.yml:
     exists: true
     mode: "0644"
-    size: 452
+      #size: 452
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /root/nxc/docker-compose.yml:
     exists: true
     mode: "0644"
-    size: 2135
+      #size: 2135
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /root/nxc/nxc-debug.sh:
     exists: true
     mode: "0755"
-    size: 64
+      #size: 64
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /root/nxc/nxc-prune.sh:
     exists: true
     mode: "0755"
-    size: 110
+      #size: 110
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /root/nxc/nxc-start.sh:
     exists: true
     mode: "0755"
-    size: 34
+      #size: 34
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /root/nxc/nxc-stop.sh:
     exists: true
     mode: "0755"
-    size: 32
+      #size: 32
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
   /usr/local/bin/mkcert:
     exists: true
     mode: "0755"
-    size: 4788866
+      #size: 4788866
-    owner: root
+      #owner: root
-    group: root
+      #group: root
     filetype: file
     contains: []
+
 addr:
-  tcp://s-nxc.gsb.lan:8081:
+  tcp://s-nxc.gsb.lan:443:
     reachable: true
     timeout: 500
+
 port:
   tcp:22:
     listening: true
     ip:
     - 0.0.0.0
+
   tcp:80:
     listening: true
     ip: []
+
   tcp:443:
     listening: true
     ip: []
-  tcp:8081:
+
-    listening: true
+      #tcp:8081:
-    ip:
+      #listening: true
-    - 0.0.0.0
+      #ip:
+      #- 0.0.0.0
+
 interface:
   enp0s3:
     exists: true
     addrs:
     - 192.168.99.7/24
     mtu: 1500
+
   enp0s8:
     exists: true
     addrs:
     - 172.16.0.7/24
     mtu: 1500
+
+http:
+  https://s-nxc.gsb.lan:
+    status: 200
+    allow-insecure: true
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+      - Nextcloud

roles/docker/tasks/main.yml

@@ -7,7 +7,7 @@
 - name: on verifie si docker est installe
   stat:
     path: /usr/bin/docker
-# command: which docker
+  #command: which docker
   register: docker_present
 
 - name: Execution du script getdocker si docker n'est pas deja installe

roles/gotify/tasks/main.yml

@@ -0,0 +1,50 @@
+---
+    - name: Mise a jour apt cache
+      apt:
+        update_cache: yes
+
+    - name: Creation /etc/gotify
+      ansible.builtin.file:
+        path: /etc/gotify
+        state: directory
+        mode: '0755'
+
+    - name: Creation /opt/gotify
+      ansible.builtin.file:
+        path: /opt/gotify
+        state: directory
+        mode: '0755'
+
+    - name: installation de gotify
+      get_url:
+        url: "https://github.com/gotify/server/releases/latest/download/gotify-linux-amd64.zip"
+        dest: "/tmp/gotify.zip"
+
+    - name: Extraction de Gotify
+      ansible.builtin.unarchive:
+        src: "/tmp/gotify.zip"
+        dest: "/opt/gotify"
+      become: yes
+
+    - name: Creation du fichier systemd
+      template:
+        src: "gotify.service.j2"
+        dest: "/etc/systemd/system/gotify.service"
+      become: yes
+
+    - name: Reload systemd
+      systemd:
+        daemon_reload: yes
+
+    - name: Creation du fichier conf gotify
+      template:
+        src: "config.yml.j2"
+        dest: "/etc/gotify/config.yml"
+      become: yes
+
+    - name: Demarage du gotify
+      systemd:
+        name: gotify
+        state: started
+        enabled: yes
+

roles/gotify/templates/config.yml.j2

@@ -0,0 +1,4 @@
+server:
+  keepaliveperiodseconds: 0
+  listenaddr: "" # the address to bind on, leave empty to bind on all addresses
+  port: 8008

roles/gotify/templates/gotify.service.j2

@@ -0,0 +1,13 @@
+[Unit]
+Description=Gotify Server
+After=network.target
+
+[Service]
+Type=simple
+User=root
+ExecStart=/opt/gotify/gotify-linux-amd64
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+

roles/kea/README.md

@@ -0,0 +1,14 @@
+# Rôle Kea
+***
+Rôle du Kea pour la haute disponibilité dhcp
+
+## Tables des matières
+    1. [Que fait le rôle Kea ?]
+
+
+## Que fait le rôle Kea ?
+Il permet de configurer les serveur kea en mode haute disponibilité.
+
+### Installation et configuration de kea
+
+Le rôle kea va installer les packets kea dhcp4, hook, admin une fois les packets installer. Nous allons configurer les 2 serveurs kea pour qu'il distribut les ip de n-user et soit en haute disponibilité.

roles/kea/default/main.yml

@@ -0,0 +1,8 @@
+#variable kea
+ kea_ver: "2.4.1"
+  kea_dbname: ""
+  kaa_dbuser: ""
+  kea_dbpasswd: ""
+  kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf"
+  kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf"
+

roles/kea/files/kea-ctrl-agent.conf

@@ -6,7 +6,7 @@
     {
         // We need to specify where the agent should listen to incoming HTTP
         // queries.
-        "http-host": "172.16.64.1",
+        "http-host": "172.16.0.20",
 
         // This specifies the port CA will listen on.
         "http-port": 8000,
@@ -18,7 +18,7 @@
             {
                 "comment": "socket to DHCPv4 server",
                 "socket-type": "unix",
-                "socket-name": "/tm/kea4-ctrl-socket"
+                "socket-name": "/tmp/kea4-ctrl-socket"
             },
 
             // Location of the DHCPv6 command channel socket.

roles/kea/files/kea-dhcp4.conf

@@ -22,7 +22,7 @@
         // The DHCPv4 server listens on this interface. When changing this to
         // the actual name of your interface, make sure to also update the
         // interface parameter in the subnet definition below.
-        "interfaces": [ "enp0s8" ]
+        "interfaces": [ "enp0s9" ]
     },
 
     // Control socket is required for communication between the Control
@@ -88,7 +88,7 @@
                 "high-availability": [ {
                     // This parameter points to this server instance. The respective
                     // HA peers must have this parameter set to their own names.
-                    "this-server-name": "kea1",
+                    "this-server-name": "s-kea1.gsb.lan",
                     // The HA mode is set to hot-standby. In this mode, the active server handles
                     // all the traffic. The standby takes over if the primary becomes unavailable.
                     "mode": "hot-standby",
@@ -116,24 +116,24 @@
                     "peers": [
                         // This is the configuration of this server instance.
                         {
-                            "name": "kea1",
+                            "name": "s-kea1.gsb.lan",
                             // This specifies the URL of this server instance. The
                             // Control Agent must run along with this DHCPv4 server
                             // instance and the "http-host" and "http-port" must be
                             // set to the corresponding values.
-                            "url": "http://172.16.64.1:8000/",
+                            "url": "http://172.16.64.20:8000/",
                             // This server is primary. The other one must be
                             // secondary.
                             "role": "primary"
                         },
                         // This is the configuration of the secondary server.
                         {
-                            "name": "kea2",
+                            "name": "s-kea2.gsb.lan",
                             // Specifies the URL on which the partner's control
                             // channel can be reached. The Control Agent is required
                             // to run on the partner's machine with "http-host" and
                             // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.64.2:8000/",
+                            "url": "http://172.16.64.21:8000/",
                             // The other server is secondary. This one must be
                             // primary.
                             "role": "standby"
@@ -152,7 +152,7 @@
 
             // There are no relays in this network, so we need to tell Kea that this subnet
             // is reachable directly via the specified interface.
-            "interface": "enp0s8",
+            "interface": "enp0s9",
 
             // Specify a dynamic address pool.
             "pools": [
@@ -171,7 +171,7 @@
                 {
                     // For each IPv4 subnet you typically need to specify at least one router.
                     "name": "routers",
-                    "data": "172.16.64.1"
+                    "data": "172.16.64.254"
                 },
                 {
                     // Using cloudflare or Quad9 is a reasonable option. Change this
@@ -179,7 +179,7 @@
                     // choice is 8.8.8.8, owned by Google. Using third party DNS
                     // service raises some privacy concerns.
                     "name": "domain-name-servers",
-                    "data": "172.16.64.1"
+                    "data": "172.16.0.1"
                 }
             ],
 

roles/kea/handlers/main.yml

@@ -0,0 +1,12 @@
+---  
+- name: Restart isc-kea-dhcp4-server
+  ansible.builtin.service:
+    name: isc-kea-dhcp4-server.service
+    state: restarted
+    enabled: yes
+
+- name: Restart isc-kea-ctrl-agent
+  ansible.builtin.service:
+    name: isc-kea-ctrl-agent.service
+    state: restarted
+    enabled: yes

roles/kea/tasks/main.yml

@@ -0,0 +1,43 @@
+---  
+
+- name: Preparation  
+  shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
+
+- name: Update apt
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Installation paquet isc-kea-common
+  ansible.builtin.apt:
+    deb: isc-kea-common
+    state: present
+
+- name: Installation isc-kea-dhcp4
+  ansible.builtin.apt:
+    name: isc-kea-dhcp4-server
+    state: present
+
+- name: Installation isc-kea-ctrl-agent
+  ansible.builtin.apt:
+    name: isc-kea-ctrl-agent
+    state: present
+
+- name: Installation isc-kea-hooks
+  ansible.builtin.apt:
+    name: isc-kea-hooks
+    state: present
+
+- name: Generation du fichier de configuration kea-ctrl-agent
+  ansible.builtin.copy:
+    src: kea-ctrl-agent.conf.j2
+    dest: /etc/kea/kea-ctrl-agent.conf
+  notify:
+    - Restart isc-kea-ctrl-agent
+
+- name: Generation du fichier de configuration kea-dhcp4.conf
+  ansible.builtin.template:
+    src: kea-dhcp4.conf.j2
+    dest: /etc/kea/kea-dhcp4.conf
+  notify:
+    - Restart isc-kea-dhcp4-server
+

roles/kea/templates/kea-ctrl-agent.conf.j2

@@ -6,7 +6,7 @@
     {
         // We need to specify where the agent should listen to incoming HTTP
         // queries.
-        "http-host": "172.16.64.1",
+        "http-host": "{{ kea_ctrl_address }}",
 
         // This specifies the port CA will listen on.
         "http-port": 8000,
@@ -18,7 +18,7 @@
             {
                 "comment": "socket to DHCPv4 server",
                 "socket-type": "unix",
-                "socket-name": "/tm/kea4-ctrl-socket"
+                "socket-name": "/tmp/kea4-ctrl-socket"
             },
 
             // Location of the DHCPv6 command channel socket.

roles/kea/templates/kea-dhcp4.conf.j2

@@ -22,7 +22,7 @@
         // The DHCPv4 server listens on this interface. When changing this to
         // the actual name of your interface, make sure to also update the
         // interface parameter in the subnet definition below.
-        "interfaces": [ "enp0s8" ]
+        "interfaces": {{ kea_dhcp_interfaces }}
     },
 
     // Control socket is required for communication between the Control
@@ -88,7 +88,7 @@
                 "high-availability": [ {
                     // This parameter points to this server instance. The respective
                     // HA peers must have this parameter set to their own names.
-                    "this-server-name": "kea1",
+                    "this-server-name": "{{ kea_this_server }}",
                     // The HA mode is set to hot-standby. In this mode, the active server handles
                     // all the traffic. The standby takes over if the primary becomes unavailable.
                     "mode": "hot-standby",
@@ -116,24 +116,24 @@
                     "peers": [
                         // This is the configuration of this server instance.
                         {
-                            "name": "kea1",
+                            "name": "{{ kea_srv1 }}",
                             // This specifies the URL of this server instance. The
                             // Control Agent must run along with this DHCPv4 server
                             // instance and the "http-host" and "http-port" must be
                             // set to the corresponding values.
-                            "url": "http://172.16.64.1:8000/",
+                            "url": "http://{{ kea_ctrl_address1 }}:8000/",
                             // This server is primary. The other one must be
                             // secondary.
                             "role": "primary"
                         },
                         // This is the configuration of the secondary server.
                         {
-                            "name": "kea2",
+                            "name": "{{ kea_srv2 }}",
                             // Specifies the URL on which the partner's control
                             // channel can be reached. The Control Agent is required
                             // to run on the partner's machine with "http-host" and
                             // "http-port" values set to the corresponding values.
-                            "url": "http://172.16.64.2:8000/",
+                            "url": "http://{{ kea_ctrl_address2 }}:8000/",
                             // The other server is secondary. This one must be
                             // primary.
                             "role": "standby"
@@ -152,7 +152,7 @@
 
             // There are no relays in this network, so we need to tell Kea that this subnet
             // is reachable directly via the specified interface.
-            "interface": "enp0s8",
+            "interface": "enp0s9",
 
             // Specify a dynamic address pool.
             "pools": [
@@ -171,7 +171,7 @@
                 {
                     // For each IPv4 subnet you typically need to specify at least one router.
                     "name": "routers",
-                    "data": "172.16.64.1"
+                    "data": "172.16.64.254"
                 },
                 {
                     // Using cloudflare or Quad9 is a reasonable option. Change this
@@ -179,7 +179,7 @@
                     // choice is 8.8.8.8, owned by Google. Using third party DNS
                     // service raises some privacy concerns.
                     "name": "domain-name-servers",
-                    "data": "172.16.64.1"
+                    "data": "172.16.0.1"
                 }
             ],
 

roles/wireguard-r/README.md

@@ -24,7 +24,10 @@ bash r-vp1-post.sh
 ```
 ## Sur **r-vp2**:
 
-Lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
+Lancer le playbook : *ansible-playbook -i localhost, -c local* r-vp2.yml sur **r-vp2**
+
+Puis lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
+
 ### 🛠️ Lancer le script
 ```bash
 cd /tools/ansible/gsb2023/Scripts
@@ -34,7 +37,11 @@ bash r-vp2-post.sh
 ```
 ## Fin
 
-redemarer les machines
+Pour finir redemarer les machines.
 ```bash
 reboot
 ```
+Veuillez maintenant vous rendre dans le dossier du role ferm : 
+*gsb2024/roles/fw-ferm*
+
+*Modification : jm*

roles/zabbix-cli/defaults/main.yml

@@ -1,2 +1,3 @@
 SERVER: "127.0.0.1"
-SERVERACTIVE: "172.16.0.8"
+SERVERACTIVE: "192.168.99.8"
+TOKENAPI: "f72473b7e5402a5247773e456f3709dcdd5e41792360108fc3451bbfeed8eafe"

roles/zabbix-cli/tasks/main.yml

@@ -28,6 +28,11 @@
         state: restarted
         enabled: yes
 
-    - name: remonter les machines 
+    - name: mise ne place script hostcreate
-      command: curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "s-adm","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "a44e2a4977d61a869437739cb6086ae42f4b9937fbb96aed24bbad028469a1cf","id": 1}' http://192.168.99.8/zabbix/api_jsonrpc.php
+      template:
+        src: hostcreate.sh.j2
+        dest: /tmp/hostcreate.sh
+
+    - name: lancement script hostcreate
+      command: bash /tmp/hostcreate.sh
 

roles/zabbix-cli/templates/hostcreate.sh.j2

@@ -0,0 +1 @@
+curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "{{ ansible_hostname }}","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "{{ TOKENAPI }}","id": 1}' http://{{ SERVERACTIVE }}/zabbix/api_jsonrpc.php

s-backup.yml

@@ -7,6 +7,7 @@
     - goss
 #   - proxy3
     - zabbix-cli
+    - gotify
 #   - ssh-cli
     # - syslog-cli
     - smb-backup

s-kea1-ps.yml

@@ -0,0 +1,21 @@
+---
+- hosts: localhost
+  connection: local
+  vars:
+    kea_this_server: "s-kea1"
+    kea_srv1: "s-kea1"
+    kea_srv2: "s-kea2"
+    kea_ctrl_address_this: "172.16.0.20"
+    kea_ctrl_address1: "172.16.0.20"
+    kea_ctrl_address2: "172.16.0.21"
+    kea_dhcp_int: ["enp0s9"]
+
+  roles:
+        - base
+       - goss
+      # - ssh-cli
+    - kea
+      # - zabbix-cli
+      # - journald-snd
+      # - snmp-agent
+          - post