Compare commits
11 Commits
v0.0.5f-ch
...
v0.0.5l-ps
Author | SHA1 | Date | |
---|---|---|---|
38602033b3 | |||
1c1993021b | |||
b146170467 | |||
df9d3c6c1c | |||
d75f4ffb3f | |||
eaf75de89e | |||
02fc23d224 | |||
bdc71bbb3c | |||
308504062e | |||
c3ad470fd1 | |||
2d3067d67b |
90
goss/s-kea1.yaml
Normal file
90
goss/s-kea1.yaml
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
file:
|
||||||
|
/etc/kea/kea-ctrl-agent.conf:
|
||||||
|
exists: true
|
||||||
|
mode: "0644"
|
||||||
|
size: 2470
|
||||||
|
owner: _kea
|
||||||
|
group: root
|
||||||
|
filetype: file
|
||||||
|
contains: []
|
||||||
|
/etc/kea/kea-dhcp4.conf:
|
||||||
|
exists: true
|
||||||
|
mode: "0644"
|
||||||
|
size: 11346
|
||||||
|
owner: _kea
|
||||||
|
group: root
|
||||||
|
filetype: file
|
||||||
|
contains: []
|
||||||
|
/tmp/kea4-ctrl-socket:
|
||||||
|
exists: true
|
||||||
|
mode: "0755"
|
||||||
|
size: 0
|
||||||
|
owner: _kea
|
||||||
|
group: _kea
|
||||||
|
filetype: socket
|
||||||
|
contains: []
|
||||||
|
/usr/local/lib/kea:
|
||||||
|
exists: true
|
||||||
|
mode: "0755"
|
||||||
|
size: 4096
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
filetype: directory
|
||||||
|
contains: []
|
||||||
|
package:
|
||||||
|
isc-kea-common:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
isc-kea-ctrl-agent:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
isc-kea-dhcp4:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
isc-kea-hooks:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
libmariadb3:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 1:10.11.4-1~deb12u1
|
||||||
|
mariadb-common:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 1:10.11.4-1~deb12u1
|
||||||
|
mysql-common:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 5.8+1.1.0
|
||||||
|
port:
|
||||||
|
tcp:8000:
|
||||||
|
listening: true
|
||||||
|
ip:
|
||||||
|
- 172.16.64.20
|
||||||
|
service:
|
||||||
|
isc-kea-ctrl-agent.service:
|
||||||
|
enabled: true
|
||||||
|
running: true
|
||||||
|
isc-kea-dhcp4-server.service:
|
||||||
|
enabled: true
|
||||||
|
running: true
|
||||||
|
interface:
|
||||||
|
enp0s3:
|
||||||
|
exists: true
|
||||||
|
addrs:
|
||||||
|
- 192.168.99.20/24
|
||||||
|
mtu: 1500
|
||||||
|
enp0s8:
|
||||||
|
exists: true
|
||||||
|
addrs:
|
||||||
|
- 172.16.0.20/24
|
||||||
|
mtu: 1500
|
||||||
|
enp0s9:
|
||||||
|
exists: true
|
||||||
|
addrs:
|
||||||
|
- 172.16.64.20/24
|
||||||
|
mtu: 1500
|
90
goss/s-kea2.yaml
Normal file
90
goss/s-kea2.yaml
Normal file
@ -0,0 +1,90 @@
|
|||||||
|
file:
|
||||||
|
/etc/kea/kea-ctrl-agent.conf:
|
||||||
|
exists: true
|
||||||
|
mode: "0644"
|
||||||
|
size: 2470
|
||||||
|
owner: _kea
|
||||||
|
group: root
|
||||||
|
filetype: file
|
||||||
|
contains: []
|
||||||
|
/etc/kea/kea-dhcp4.conf:
|
||||||
|
exists: true
|
||||||
|
mode: "0644"
|
||||||
|
size: 11346
|
||||||
|
owner: _kea
|
||||||
|
group: root
|
||||||
|
filetype: file
|
||||||
|
contains: []
|
||||||
|
/tmp/kea4-ctrl-socket:
|
||||||
|
exists: true
|
||||||
|
mode: "0755"
|
||||||
|
size: 0
|
||||||
|
owner: _kea
|
||||||
|
group: _kea
|
||||||
|
filetype: socket
|
||||||
|
contains: []
|
||||||
|
/usr/local/lib/kea:
|
||||||
|
exists: true
|
||||||
|
mode: "0755"
|
||||||
|
size: 4096
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
filetype: directory
|
||||||
|
contains: []
|
||||||
|
package:
|
||||||
|
isc-kea-common:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
isc-kea-ctrl-agent:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
isc-kea-dhcp4:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
isc-kea-hooks:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 2.4.1-isc20231123184533
|
||||||
|
libmariadb3:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 1:10.11.4-1~deb12u1
|
||||||
|
mariadb-common:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 1:10.11.4-1~deb12u1
|
||||||
|
mysql-common:
|
||||||
|
installed: true
|
||||||
|
versions:
|
||||||
|
- 5.8+1.1.0
|
||||||
|
port:
|
||||||
|
tcp:8000:
|
||||||
|
listening: true
|
||||||
|
ip:
|
||||||
|
- 172.16.64.21
|
||||||
|
service:
|
||||||
|
isc-kea-ctrl-agent.service:
|
||||||
|
enabled: true
|
||||||
|
running: true
|
||||||
|
isc-kea-dhcp4-server.service:
|
||||||
|
enabled: true
|
||||||
|
running: true
|
||||||
|
interface:
|
||||||
|
enp0s3:
|
||||||
|
exists: true
|
||||||
|
addrs:
|
||||||
|
- 192.168.99.21/24
|
||||||
|
mtu: 1500
|
||||||
|
enp0s8:
|
||||||
|
exists: true
|
||||||
|
addrs:
|
||||||
|
- 172.16.0.21/24
|
||||||
|
mtu: 1500
|
||||||
|
enp0s9:
|
||||||
|
exists: true
|
||||||
|
addrs:
|
||||||
|
- 172.16.64.21/24
|
||||||
|
mtu: 1500
|
102
goss/s-nxc.yaml
102
goss/s-nxc.yaml
@ -2,118 +2,144 @@ file:
|
|||||||
/root/nxc:
|
/root/nxc:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 4096
|
#size: 4096
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: directory
|
filetype: directory
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/certs:
|
/root/nxc/certs:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 4096
|
#size: 4096
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: directory
|
filetype: directory
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/config:
|
/root/nxc/config:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 4096
|
#size: 4096
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: directory
|
filetype: directory
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/config/dynamic.yml:
|
/root/nxc/config/dynamic.yml:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
size: 415
|
#size: 415
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/config/static.yml:
|
/root/nxc/config/static.yml:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
size: 452
|
#size: 452
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/docker-compose.yml:
|
/root/nxc/docker-compose.yml:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
size: 2135
|
#size: 2135
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/nxc-debug.sh:
|
/root/nxc/nxc-debug.sh:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 64
|
#size: 64
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/nxc-prune.sh:
|
/root/nxc/nxc-prune.sh:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 110
|
#size: 110
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/nxc-start.sh:
|
/root/nxc/nxc-start.sh:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 34
|
#size: 34
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/root/nxc/nxc-stop.sh:
|
/root/nxc/nxc-stop.sh:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 32
|
#size: 32
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
/usr/local/bin/mkcert:
|
/usr/local/bin/mkcert:
|
||||||
exists: true
|
exists: true
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
size: 4788866
|
#size: 4788866
|
||||||
owner: root
|
#owner: root
|
||||||
group: root
|
#group: root
|
||||||
filetype: file
|
filetype: file
|
||||||
contains: []
|
contains: []
|
||||||
|
|
||||||
addr:
|
addr:
|
||||||
tcp://s-nxc.gsb.lan:8081:
|
tcp://s-nxc.gsb.lan:443:
|
||||||
reachable: true
|
reachable: true
|
||||||
timeout: 500
|
timeout: 500
|
||||||
|
|
||||||
port:
|
port:
|
||||||
tcp:22:
|
tcp:22:
|
||||||
listening: true
|
listening: true
|
||||||
ip:
|
ip:
|
||||||
- 0.0.0.0
|
- 0.0.0.0
|
||||||
|
|
||||||
tcp:80:
|
tcp:80:
|
||||||
listening: true
|
listening: true
|
||||||
ip: []
|
ip: []
|
||||||
|
|
||||||
tcp:443:
|
tcp:443:
|
||||||
listening: true
|
listening: true
|
||||||
ip: []
|
ip: []
|
||||||
tcp:8081:
|
|
||||||
listening: true
|
#tcp:8081:
|
||||||
ip:
|
#listening: true
|
||||||
- 0.0.0.0
|
#ip:
|
||||||
|
#- 0.0.0.0
|
||||||
|
|
||||||
interface:
|
interface:
|
||||||
enp0s3:
|
enp0s3:
|
||||||
exists: true
|
exists: true
|
||||||
addrs:
|
addrs:
|
||||||
- 192.168.99.7/24
|
- 192.168.99.7/24
|
||||||
mtu: 1500
|
mtu: 1500
|
||||||
|
|
||||||
enp0s8:
|
enp0s8:
|
||||||
exists: true
|
exists: true
|
||||||
addrs:
|
addrs:
|
||||||
- 172.16.0.7/24
|
- 172.16.0.7/24
|
||||||
mtu: 1500
|
mtu: 1500
|
||||||
|
|
||||||
|
http:
|
||||||
|
https://s-nxc.gsb.lan:
|
||||||
|
status: 200
|
||||||
|
allow-insecure: true
|
||||||
|
no-follow-redirects: false
|
||||||
|
timeout: 5000
|
||||||
|
body:
|
||||||
|
- Nextcloud
|
||||||
|
BIN
roles/docker/tasks/glpi-10.0.11.tgz
Normal file
BIN
roles/docker/tasks/glpi-10.0.11.tgz
Normal file
Binary file not shown.
@ -7,7 +7,7 @@
|
|||||||
- name: on verifie si docker est installe
|
- name: on verifie si docker est installe
|
||||||
stat:
|
stat:
|
||||||
path: /usr/bin/docker
|
path: /usr/bin/docker
|
||||||
# command: which docker
|
#command: which docker
|
||||||
register: docker_present
|
register: docker_present
|
||||||
|
|
||||||
- name: Execution du script getdocker si docker n'est pas deja installe
|
- name: Execution du script getdocker si docker n'est pas deja installe
|
||||||
|
50
roles/gotify/tasks/main.yml
Normal file
50
roles/gotify/tasks/main.yml
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
---
|
||||||
|
- name: Mise a jour apt cache
|
||||||
|
apt:
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Creation /etc/gotify
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/gotify
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Creation /opt/gotify
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /opt/gotify
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: installation de gotify
|
||||||
|
get_url:
|
||||||
|
url: "https://github.com/gotify/server/releases/latest/download/gotify-linux-amd64.zip"
|
||||||
|
dest: "/tmp/gotify.zip"
|
||||||
|
|
||||||
|
- name: Extraction de Gotify
|
||||||
|
ansible.builtin.unarchive:
|
||||||
|
src: "/tmp/gotify.zip"
|
||||||
|
dest: "/opt/gotify"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Creation du fichier systemd
|
||||||
|
template:
|
||||||
|
src: "gotify.service.j2"
|
||||||
|
dest: "/etc/systemd/system/gotify.service"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Reload systemd
|
||||||
|
systemd:
|
||||||
|
daemon_reload: yes
|
||||||
|
|
||||||
|
- name: Creation du fichier conf gotify
|
||||||
|
template:
|
||||||
|
src: "config.yml.j2"
|
||||||
|
dest: "/etc/gotify/config.yml"
|
||||||
|
become: yes
|
||||||
|
|
||||||
|
- name: Demarage du gotify
|
||||||
|
systemd:
|
||||||
|
name: gotify
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
4
roles/gotify/templates/config.yml.j2
Normal file
4
roles/gotify/templates/config.yml.j2
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
server:
|
||||||
|
keepaliveperiodseconds: 0
|
||||||
|
listenaddr: "" # the address to bind on, leave empty to bind on all addresses
|
||||||
|
port: 8008
|
13
roles/gotify/templates/gotify.service.j2
Normal file
13
roles/gotify/templates/gotify.service.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Gotify Server
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=root
|
||||||
|
ExecStart=/opt/gotify/gotify-linux-amd64
|
||||||
|
Restart=on-failure
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
Binary file not shown.
Binary file not shown.
14
roles/kea/README.md
Normal file
14
roles/kea/README.md
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
# Rôle Kea
|
||||||
|
***
|
||||||
|
Rôle du Kea pour la haute disponibilité dhcp
|
||||||
|
|
||||||
|
## Tables des matières
|
||||||
|
1. [Que fait le rôle Kea ?]
|
||||||
|
|
||||||
|
|
||||||
|
## Que fait le rôle Kea ?
|
||||||
|
Il permet de configurer les serveur kea en mode haute disponibilité.
|
||||||
|
|
||||||
|
### Installation et configuration de kea
|
||||||
|
|
||||||
|
Le rôle kea va installer les packets kea dhcp4, hook, admin une fois les packets installer. Nous allons configurer les 2 serveurs kea pour qu'il distribut les ip de n-user et soit en haute disponibilité.
|
8
roles/kea/default/main.yml
Normal file
8
roles/kea/default/main.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
#variable kea
|
||||||
|
kea_ver: "2.4.1"
|
||||||
|
kea_dbname: ""
|
||||||
|
kaa_dbuser: ""
|
||||||
|
kea_dbpasswd: ""
|
||||||
|
kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf"
|
||||||
|
kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf"
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
{
|
{
|
||||||
// We need to specify where the agent should listen to incoming HTTP
|
// We need to specify where the agent should listen to incoming HTTP
|
||||||
// queries.
|
// queries.
|
||||||
"http-host": "172.16.64.1",
|
"http-host": "172.16.0.20",
|
||||||
|
|
||||||
// This specifies the port CA will listen on.
|
// This specifies the port CA will listen on.
|
||||||
"http-port": 8000,
|
"http-port": 8000,
|
||||||
@ -18,7 +18,7 @@
|
|||||||
{
|
{
|
||||||
"comment": "socket to DHCPv4 server",
|
"comment": "socket to DHCPv4 server",
|
||||||
"socket-type": "unix",
|
"socket-type": "unix",
|
||||||
"socket-name": "/tm/kea4-ctrl-socket"
|
"socket-name": "/tmp/kea4-ctrl-socket"
|
||||||
},
|
},
|
||||||
|
|
||||||
// Location of the DHCPv6 command channel socket.
|
// Location of the DHCPv6 command channel socket.
|
@ -22,7 +22,7 @@
|
|||||||
// The DHCPv4 server listens on this interface. When changing this to
|
// The DHCPv4 server listens on this interface. When changing this to
|
||||||
// the actual name of your interface, make sure to also update the
|
// the actual name of your interface, make sure to also update the
|
||||||
// interface parameter in the subnet definition below.
|
// interface parameter in the subnet definition below.
|
||||||
"interfaces": [ "enp0s8" ]
|
"interfaces": [ "enp0s9" ]
|
||||||
},
|
},
|
||||||
|
|
||||||
// Control socket is required for communication between the Control
|
// Control socket is required for communication between the Control
|
||||||
@ -88,7 +88,7 @@
|
|||||||
"high-availability": [ {
|
"high-availability": [ {
|
||||||
// This parameter points to this server instance. The respective
|
// This parameter points to this server instance. The respective
|
||||||
// HA peers must have this parameter set to their own names.
|
// HA peers must have this parameter set to their own names.
|
||||||
"this-server-name": "kea1",
|
"this-server-name": "s-kea1.gsb.lan",
|
||||||
// The HA mode is set to hot-standby. In this mode, the active server handles
|
// The HA mode is set to hot-standby. In this mode, the active server handles
|
||||||
// all the traffic. The standby takes over if the primary becomes unavailable.
|
// all the traffic. The standby takes over if the primary becomes unavailable.
|
||||||
"mode": "hot-standby",
|
"mode": "hot-standby",
|
||||||
@ -116,24 +116,24 @@
|
|||||||
"peers": [
|
"peers": [
|
||||||
// This is the configuration of this server instance.
|
// This is the configuration of this server instance.
|
||||||
{
|
{
|
||||||
"name": "kea1",
|
"name": "s-kea1.gsb.lan",
|
||||||
// This specifies the URL of this server instance. The
|
// This specifies the URL of this server instance. The
|
||||||
// Control Agent must run along with this DHCPv4 server
|
// Control Agent must run along with this DHCPv4 server
|
||||||
// instance and the "http-host" and "http-port" must be
|
// instance and the "http-host" and "http-port" must be
|
||||||
// set to the corresponding values.
|
// set to the corresponding values.
|
||||||
"url": "http://172.16.64.1:8000/",
|
"url": "http://172.16.64.20:8000/",
|
||||||
// This server is primary. The other one must be
|
// This server is primary. The other one must be
|
||||||
// secondary.
|
// secondary.
|
||||||
"role": "primary"
|
"role": "primary"
|
||||||
},
|
},
|
||||||
// This is the configuration of the secondary server.
|
// This is the configuration of the secondary server.
|
||||||
{
|
{
|
||||||
"name": "kea2",
|
"name": "s-kea2.gsb.lan",
|
||||||
// Specifies the URL on which the partner's control
|
// Specifies the URL on which the partner's control
|
||||||
// channel can be reached. The Control Agent is required
|
// channel can be reached. The Control Agent is required
|
||||||
// to run on the partner's machine with "http-host" and
|
// to run on the partner's machine with "http-host" and
|
||||||
// "http-port" values set to the corresponding values.
|
// "http-port" values set to the corresponding values.
|
||||||
"url": "http://172.16.64.2:8000/",
|
"url": "http://172.16.64.21:8000/",
|
||||||
// The other server is secondary. This one must be
|
// The other server is secondary. This one must be
|
||||||
// primary.
|
// primary.
|
||||||
"role": "standby"
|
"role": "standby"
|
||||||
@ -152,7 +152,7 @@
|
|||||||
|
|
||||||
// There are no relays in this network, so we need to tell Kea that this subnet
|
// There are no relays in this network, so we need to tell Kea that this subnet
|
||||||
// is reachable directly via the specified interface.
|
// is reachable directly via the specified interface.
|
||||||
"interface": "enp0s8",
|
"interface": "enp0s9",
|
||||||
|
|
||||||
// Specify a dynamic address pool.
|
// Specify a dynamic address pool.
|
||||||
"pools": [
|
"pools": [
|
||||||
@ -171,7 +171,7 @@
|
|||||||
{
|
{
|
||||||
// For each IPv4 subnet you typically need to specify at least one router.
|
// For each IPv4 subnet you typically need to specify at least one router.
|
||||||
"name": "routers",
|
"name": "routers",
|
||||||
"data": "172.16.64.1"
|
"data": "172.16.64.254"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// Using cloudflare or Quad9 is a reasonable option. Change this
|
// Using cloudflare or Quad9 is a reasonable option. Change this
|
||||||
@ -179,7 +179,7 @@
|
|||||||
// choice is 8.8.8.8, owned by Google. Using third party DNS
|
// choice is 8.8.8.8, owned by Google. Using third party DNS
|
||||||
// service raises some privacy concerns.
|
// service raises some privacy concerns.
|
||||||
"name": "domain-name-servers",
|
"name": "domain-name-servers",
|
||||||
"data": "172.16.64.1"
|
"data": "172.16.0.1"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
12
roles/kea/handlers/main.yml
Normal file
12
roles/kea/handlers/main.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Restart isc-kea-dhcp4-server
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: isc-kea-dhcp4-server.service
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Restart isc-kea-ctrl-agent
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: isc-kea-ctrl-agent.service
|
||||||
|
state: restarted
|
||||||
|
enabled: yes
|
43
roles/kea/tasks/main.yml
Normal file
43
roles/kea/tasks/main.yml
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Preparation
|
||||||
|
shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
|
||||||
|
|
||||||
|
- name: Update apt
|
||||||
|
ansible.builtin.apt:
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Installation paquet isc-kea-common
|
||||||
|
ansible.builtin.apt:
|
||||||
|
deb: isc-kea-common
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Installation isc-kea-dhcp4
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: isc-kea-dhcp4-server
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Installation isc-kea-ctrl-agent
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: isc-kea-ctrl-agent
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Installation isc-kea-hooks
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: isc-kea-hooks
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Generation du fichier de configuration kea-ctrl-agent
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: kea-ctrl-agent.conf.j2
|
||||||
|
dest: /etc/kea/kea-ctrl-agent.conf
|
||||||
|
notify:
|
||||||
|
- Restart isc-kea-ctrl-agent
|
||||||
|
|
||||||
|
- name: Generation du fichier de configuration kea-dhcp4.conf
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: kea-dhcp4.conf.j2
|
||||||
|
dest: /etc/kea/kea-dhcp4.conf
|
||||||
|
notify:
|
||||||
|
- Restart isc-kea-dhcp4-server
|
||||||
|
|
@ -6,7 +6,7 @@
|
|||||||
{
|
{
|
||||||
// We need to specify where the agent should listen to incoming HTTP
|
// We need to specify where the agent should listen to incoming HTTP
|
||||||
// queries.
|
// queries.
|
||||||
"http-host": "172.16.64.1",
|
"http-host": "{{ kea_ctrl_address }}",
|
||||||
|
|
||||||
// This specifies the port CA will listen on.
|
// This specifies the port CA will listen on.
|
||||||
"http-port": 8000,
|
"http-port": 8000,
|
||||||
@ -18,7 +18,7 @@
|
|||||||
{
|
{
|
||||||
"comment": "socket to DHCPv4 server",
|
"comment": "socket to DHCPv4 server",
|
||||||
"socket-type": "unix",
|
"socket-type": "unix",
|
||||||
"socket-name": "/tm/kea4-ctrl-socket"
|
"socket-name": "/tmp/kea4-ctrl-socket"
|
||||||
},
|
},
|
||||||
|
|
||||||
// Location of the DHCPv6 command channel socket.
|
// Location of the DHCPv6 command channel socket.
|
@ -22,7 +22,7 @@
|
|||||||
// The DHCPv4 server listens on this interface. When changing this to
|
// The DHCPv4 server listens on this interface. When changing this to
|
||||||
// the actual name of your interface, make sure to also update the
|
// the actual name of your interface, make sure to also update the
|
||||||
// interface parameter in the subnet definition below.
|
// interface parameter in the subnet definition below.
|
||||||
"interfaces": [ "enp0s8" ]
|
"interfaces": {{ kea_dhcp_interfaces }}
|
||||||
},
|
},
|
||||||
|
|
||||||
// Control socket is required for communication between the Control
|
// Control socket is required for communication between the Control
|
||||||
@ -88,7 +88,7 @@
|
|||||||
"high-availability": [ {
|
"high-availability": [ {
|
||||||
// This parameter points to this server instance. The respective
|
// This parameter points to this server instance. The respective
|
||||||
// HA peers must have this parameter set to their own names.
|
// HA peers must have this parameter set to their own names.
|
||||||
"this-server-name": "kea1",
|
"this-server-name": "{{ kea_this_server }}",
|
||||||
// The HA mode is set to hot-standby. In this mode, the active server handles
|
// The HA mode is set to hot-standby. In this mode, the active server handles
|
||||||
// all the traffic. The standby takes over if the primary becomes unavailable.
|
// all the traffic. The standby takes over if the primary becomes unavailable.
|
||||||
"mode": "hot-standby",
|
"mode": "hot-standby",
|
||||||
@ -116,24 +116,24 @@
|
|||||||
"peers": [
|
"peers": [
|
||||||
// This is the configuration of this server instance.
|
// This is the configuration of this server instance.
|
||||||
{
|
{
|
||||||
"name": "kea1",
|
"name": "{{ kea_srv1 }}",
|
||||||
// This specifies the URL of this server instance. The
|
// This specifies the URL of this server instance. The
|
||||||
// Control Agent must run along with this DHCPv4 server
|
// Control Agent must run along with this DHCPv4 server
|
||||||
// instance and the "http-host" and "http-port" must be
|
// instance and the "http-host" and "http-port" must be
|
||||||
// set to the corresponding values.
|
// set to the corresponding values.
|
||||||
"url": "http://172.16.64.1:8000/",
|
"url": "http://{{ kea_ctrl_address1 }}:8000/",
|
||||||
// This server is primary. The other one must be
|
// This server is primary. The other one must be
|
||||||
// secondary.
|
// secondary.
|
||||||
"role": "primary"
|
"role": "primary"
|
||||||
},
|
},
|
||||||
// This is the configuration of the secondary server.
|
// This is the configuration of the secondary server.
|
||||||
{
|
{
|
||||||
"name": "kea2",
|
"name": "{{ kea_srv2 }}",
|
||||||
// Specifies the URL on which the partner's control
|
// Specifies the URL on which the partner's control
|
||||||
// channel can be reached. The Control Agent is required
|
// channel can be reached. The Control Agent is required
|
||||||
// to run on the partner's machine with "http-host" and
|
// to run on the partner's machine with "http-host" and
|
||||||
// "http-port" values set to the corresponding values.
|
// "http-port" values set to the corresponding values.
|
||||||
"url": "http://172.16.64.2:8000/",
|
"url": "http://{{ kea_ctrl_address2 }}:8000/",
|
||||||
// The other server is secondary. This one must be
|
// The other server is secondary. This one must be
|
||||||
// primary.
|
// primary.
|
||||||
"role": "standby"
|
"role": "standby"
|
||||||
@ -152,7 +152,7 @@
|
|||||||
|
|
||||||
// There are no relays in this network, so we need to tell Kea that this subnet
|
// There are no relays in this network, so we need to tell Kea that this subnet
|
||||||
// is reachable directly via the specified interface.
|
// is reachable directly via the specified interface.
|
||||||
"interface": "enp0s8",
|
"interface": "enp0s9",
|
||||||
|
|
||||||
// Specify a dynamic address pool.
|
// Specify a dynamic address pool.
|
||||||
"pools": [
|
"pools": [
|
||||||
@ -171,7 +171,7 @@
|
|||||||
{
|
{
|
||||||
// For each IPv4 subnet you typically need to specify at least one router.
|
// For each IPv4 subnet you typically need to specify at least one router.
|
||||||
"name": "routers",
|
"name": "routers",
|
||||||
"data": "172.16.64.1"
|
"data": "172.16.64.254"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
// Using cloudflare or Quad9 is a reasonable option. Change this
|
// Using cloudflare or Quad9 is a reasonable option. Change this
|
||||||
@ -179,7 +179,7 @@
|
|||||||
// choice is 8.8.8.8, owned by Google. Using third party DNS
|
// choice is 8.8.8.8, owned by Google. Using third party DNS
|
||||||
// service raises some privacy concerns.
|
// service raises some privacy concerns.
|
||||||
"name": "domain-name-servers",
|
"name": "domain-name-servers",
|
||||||
"data": "172.16.64.1"
|
"data": "172.16.0.1"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
@ -24,7 +24,10 @@ bash r-vp1-post.sh
|
|||||||
```
|
```
|
||||||
## Sur **r-vp2**:
|
## Sur **r-vp2**:
|
||||||
|
|
||||||
Lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
|
Lancer le playbook : *ansible-playbook -i localhost, -c local* r-vp2.yml sur **r-vp2**
|
||||||
|
|
||||||
|
Puis lancer le script r-vp2-post.sh pour récuperer le fichier de configuration et activer l'interface wg0.
|
||||||
|
|
||||||
### 🛠️ Lancer le script
|
### 🛠️ Lancer le script
|
||||||
```bash
|
```bash
|
||||||
cd /tools/ansible/gsb2023/Scripts
|
cd /tools/ansible/gsb2023/Scripts
|
||||||
@ -34,7 +37,11 @@ bash r-vp2-post.sh
|
|||||||
```
|
```
|
||||||
## Fin
|
## Fin
|
||||||
|
|
||||||
redemarer les machines
|
Pour finir redemarer les machines.
|
||||||
```bash
|
```bash
|
||||||
reboot
|
reboot
|
||||||
```
|
```
|
||||||
|
Veuillez maintenant vous rendre dans le dossier du role ferm :
|
||||||
|
*gsb2024/roles/fw-ferm*
|
||||||
|
|
||||||
|
*Modification : jm*
|
@ -1,2 +1,3 @@
|
|||||||
SERVER: "127.0.0.1"
|
SERVER: "127.0.0.1"
|
||||||
SERVERACTIVE: "172.16.0.8"
|
SERVERACTIVE: "192.168.99.8"
|
||||||
|
TOKENAPI: "f72473b7e5402a5247773e456f3709dcdd5e41792360108fc3451bbfeed8eafe"
|
||||||
|
@ -28,6 +28,11 @@
|
|||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
- name: remonter les machines
|
- name: mise ne place script hostcreate
|
||||||
command: curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "s-adm","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "a44e2a4977d61a869437739cb6086ae42f4b9937fbb96aed24bbad028469a1cf","id": 1}' http://192.168.99.8/zabbix/api_jsonrpc.php
|
template:
|
||||||
|
src: hostcreate.sh.j2
|
||||||
|
dest: /tmp/hostcreate.sh
|
||||||
|
|
||||||
|
- name: lancement script hostcreate
|
||||||
|
command: bash /tmp/hostcreate.sh
|
||||||
|
|
||||||
|
1
roles/zabbix-cli/templates/hostcreate.sh.j2
Normal file
1
roles/zabbix-cli/templates/hostcreate.sh.j2
Normal file
@ -0,0 +1 @@
|
|||||||
|
curl -X POST -H "Content-Type: application/json" -d '{ "jsonrpc":"2.0","method":"host.create","params": {"host": "{{ ansible_hostname }}","groups": [{"groupid": "6"}],"templates": [{"templateid": "10343"}],"inventory_mode": 0,"inventory": {"type": 0}},"auth": "{{ TOKENAPI }}","id": 1}' http://{{ SERVERACTIVE }}/zabbix/api_jsonrpc.php
|
@ -7,6 +7,7 @@
|
|||||||
- goss
|
- goss
|
||||||
# - proxy3
|
# - proxy3
|
||||||
- zabbix-cli
|
- zabbix-cli
|
||||||
|
- gotify
|
||||||
# - ssh-cli
|
# - ssh-cli
|
||||||
# - syslog-cli
|
# - syslog-cli
|
||||||
- smb-backup
|
- smb-backup
|
||||||
|
21
s-kea1-ps.yml
Normal file
21
s-kea1-ps.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
connection: local
|
||||||
|
vars:
|
||||||
|
kea_this_server: "s-kea1"
|
||||||
|
kea_srv1: "s-kea1"
|
||||||
|
kea_srv2: "s-kea2"
|
||||||
|
kea_ctrl_address_this: "172.16.0.20"
|
||||||
|
kea_ctrl_address1: "172.16.0.20"
|
||||||
|
kea_ctrl_address2: "172.16.0.21"
|
||||||
|
kea_dhcp_int: ["enp0s9"]
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- base
|
||||||
|
- goss
|
||||||
|
# - ssh-cli
|
||||||
|
- kea
|
||||||
|
# - zabbix-cli
|
||||||
|
# - journald-snd
|
||||||
|
# - snmp-agent
|
||||||
|
- post
|
Reference in New Issue
Block a user