maj role lb-front

roles/fw-ferm/README.md

@@ -1,6 +1,76 @@
+Configuration de ferm
+
 # [Ferm](http://ferm.foo-projects.org/)
 
-Modifier l'execution d'iptables [plus d'info ici](https://wiki.debian.org/iptables)
+Modifier l'execution d'iptables [plus d'info ici#!/bin/bash
+set -u
+set -e
+# Version Site to Site 
+ 
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard cote A
+EndpointA=192.168.0.51  # Adresse extremite A
+PortA=51820  # Port ecoute extremite A
+NetworkA=192.168.1.0/24 # reseau cote A
+NetworkC=192.168.200.0/24 #reseau cote A
+NetworkD=172.16.0.0/24 #reseau cote A
+
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard cote B
+EndpointB=192.168.0.52 # Adresse extremite B
+PortB=51820  # Port ecoute extremite B
+NetworkB=172.16.128.0/24 # reseau cote B
+ 
+umask 077
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+ 
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+ 
+ 
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+ 
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA
+Address = $AddressAwg
+ListenPort = $PortA
+ 
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+ 
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB
+Endpoint = ${EndpointB}:$PortB
+AllowedIPs = $AddressBwg, $NetworkB
+ 
+FINI
+ 
+ 
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB
+Address = $AddressBwg
+ListenPort = $PortB
+ 
+# IP forwarding
+PreUp = sysctl -w net.ipv4.ip_forward=1
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg, $NetworkA, $NetworkC, $NetworkD
+ 
+FINI
+ 
+echo "wg0-a.conf et wg0-b.conf sont generes ..."
+echo "copier wg0-b.conf sur la machine b et renommer les fichiers de configuration ..."](https://wiki.debian.org/iptables)
 ```shell
 update-alternatives --set iptables /usr/sbin/iptables-legacy
 ```

roles/kea/tasks/main.yml

@@ -1,16 +1,16 @@
 ---  
 
 - name: Preparation  
-  shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
+  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
 
 - name: Update apt
   ansible.builtin.apt:
     update_cache: yes
 
-- name: Installation paquet isc-kea-common
+      #- name: Installation paquet isc-kea-common
-  ansible.builtin.apt:
+      #  ansible.builtin.apt:
-    deb: isc-kea-common
+      #    deb: isc-kea-common
-    state: present
+      #    state: present
 
 - name: Installation isc-kea-dhcp4
   ansible.builtin.apt:
@@ -27,8 +27,8 @@
     name: isc-kea-hooks
     state: present
 
-- name: Generation du fichier de configuration kea-ctrl-agent
+- name: Generation ---- du fichier de configuration kea-ctrl-agent
-  ansible.builtin.copy:
+  ansible.builtin.template:
     src: kea-ctrl-agent.conf.j2
     dest: /etc/kea/kea-ctrl-agent.conf
   notify:

roles/kea/templates/kea-ctrl-agent.conf.j2

@@ -1,65 +1,30 @@
-// This is an example of a configuration for Control-Agent (CA) listening
-// for incoming HTTP traffic. This is necessary for handling API commands,
-// in particular lease update commands needed for HA setup.
 {
     "Control-agent":
     {
-        // We need to specify where the agent should listen to incoming HTTP
+        "http-host": "{{ kea_ctrl_address_this }}",
-        // queries.
-        "http-host": "{{ kea_ctrl_address }}",
-
-        // This specifies the port CA will listen on.
         "http-port": 8000,
-
         "control-sockets":
         {
-            // This is how the Agent can communicate with the DHCPv4 server.
             "dhcp4":
             {
-                "comment": "socket to DHCPv4 server",
                 "socket-type": "unix",
                 "socket-name": "/tmp/kea4-ctrl-socket"
             },
-
-            // Location of the DHCPv6 command channel socket.
-           # "dhcp6":
-           # {
-           #     "socket-type": "unix",
-           #     "socket-name": "/tmp/kea6-ctrl-socket"
-           # },
-
-            // Location of the D2 command channel socket.
-           # "d2":
-           # {
-           #     "socket-type": "unix",
-           #     "socket-name": "/tmp/kea-ddns-ctrl-socket",
-           #     "user-context": { "in-use": false }
-           # }
         },
 
-        // Similar to other Kea components, CA also uses logging.
         "loggers": [
             {
                 "name": "kea-ctrl-agent",
                 "output_options": [
                     {
                         "output": "stdout",
-
-                        // Several additional parameters are possible in addition
-                        // to the typical output. Flush determines whether logger
-                        // flushes output to a file. Maxsize determines maximum
-                        // filesize before the file is rotated. maxver
-                        // specifies the maximum number of rotated files being
-                        // kept.
                         "flush": true,
                         "maxsize": 204800,
                         "maxver": 4,
-                        // We use pattern to specify custom log message layout
+{% raw %}               "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n", {% endraw %}
-                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
                     }
                 ],
                 "severity": "INFO",
-                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
             }
         ]
     }

roles/kea/templates/kea-dhcp4.conf.j2

@@ -22,7 +22,7 @@
         // The DHCPv4 server listens on this interface. When changing this to
         // the actual name of your interface, make sure to also update the
         // interface parameter in the subnet definition below.
-        "interfaces": {{ kea_dhcp_interfaces }}
+        "interfaces": "{{ kea_dhcp_int }}"
     },
 
     // Control socket is required for communication between the Control
@@ -76,12 +76,12 @@
         // deliver lease updates to the server as well as synchronize the
         // lease database after failure.
         {
-            "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
+            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
         },
 
         {
             // The HA hook library should be loaded.
-            "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
+            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
             "parameters": {
                 // Each server should have the same HA configuration, except for the
                 // "this-server-name" parameter.

roles/lb-front/files/goss.yaml

@@ -1,23 +0,0 @@
-port:
-  tcp:80:
-    listening: true
-    ip:
-    - 192.168.100.11
-service:
-  haproxy:
-    enabled: true
-    running: true
-  sshd:
-    enabled: true
-    running: true
-interface:
-  enp0s8:
-    exists: true
-    addrs:
-    - 192.168.100.11/24
-    mtu: 1500
-  enp0s9:
-    exists: true
-    addrs:
-    - 192.168.101.254/24
-    mtu: 1500

roles/lb-front/files/haproxy.cfg

@@ -41,7 +41,7 @@ frontend proxypublic
 backend fermeweb
 	balance roundrobin
 	option httpclose
-	#option httpchk HEAD / HTTP/1.0
+	option httpchk HEAD / HTTP/1.0
 	server s-lb-web1 192.168.101.1:80 check
 	server s-lb-web2 192.168.101.2:80 check
 

roles/lb-front/tasks/main.yml

@@ -14,7 +14,7 @@
       backend fermeweb
         balance roundrobin
         option httpclose
-        #option httpchk HEAD / HTTP/1.0
+        option httpchk HEAD / HTTP/1.0
         server s-lb-web1 192.168.101.1:80 check
         server s-lb-web2 192.168.101.2:80 check