modif s-backup.yml

modif cle priv
maj zabbix-srv
2024-01-25 11:11:56 +01:00 · 2024-01-25 11:09:25 +01:00 · 2024-01-25 11:01:02 +01:00 · 2024-01-25 10:49:53 +01:00 · 2024-01-25 10:10:50 +01:00 · 2024-01-25 10:03:20 +01:00
46 changed files with 669 additions and 353 deletions
--- a/goss.yaml
+++ b/goss.yaml
@ -0,0 +1,25 @@
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:22:
    listening: true
    ip:
    - '::'
 service:
  sshd:
    enabled: true
    running: true
 user:
  sshd:
    exists: true
    uid: 101
    gid: 65534
    groups:
    - nogroup
    home: /run/sshd
    shell: /usr/sbin/nologin
 process:
  sshd:
    running: true
--- a/goss/s-kea1.yaml
+++ b/goss/s-kea1.yaml
@ -1,90 +1,93 @@
 file:
-  /etc/kea/kea-ctrl-agent.conf:
+    /etc/kea/kea-ctrl-agent.conf:
-    exists: true
+        exists: true
-    mode: "0644"
+        mode: "0644"
-    size: 2470
+        owner: _kea
-    owner: _kea
+        group: root
-    group: root
+        filetype: file
-    filetype: file
+        contents: []
-    contains: []
+    /etc/kea/kea-dhcp4.conf:
-  /etc/kea/kea-dhcp4.conf:
+        exists: true
-    exists: true
+        mode: "0644"
-    mode: "0644"
+        owner: _kea
-    size: 11346
+        group: root
-    owner: _kea
+        filetype: file
-    group: root
+        contents: []
-    filetype: file
+    /tmp/kea4-ctrl-socket:
-    contains: []
+        exists: true
-  /tmp/kea4-ctrl-socket:
+        mode: "0755"
-    exists: true
+        size: 0
-    mode: "0755"
+        owner: _kea
-    size: 0
+        group: _kea
-    owner: _kea
+        filetype: socket
-    group: _kea
+        contains: []
-    filetype: socket
+        contents: null
-    contains: []
+    /usr/lib/x86_64-linux-gnu/kea:
-  /usr/local/lib/kea:
+        exists: true
-    exists: true
+        mode: "0755"
-    mode: "0755"
+        owner: root
-    size: 4096
+        group: root
-    owner: root
+        filetype: directory
-    group: root
+        contents: []
    filetype: directory
    contains: []
 package:
-  isc-kea-common:
+    isc-kea-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-ctrl-agent:
+    isc-kea-ctrl-agent:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-dhcp4:
+    isc-kea-dhcp4:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-hooks:
+    isc-kea-hooks:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  libmariadb3:
+    libmariadb3:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mariadb-common:
+    mariadb-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mysql-common:
+    mysql-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 5.8+1.1.0
+            - 5.8+1.1.0
 addr:
    udp://172.16.64.254:67:
        local-address: 127.0.0.1
        reachable: true
        timeout: 500
 port:
-  tcp:8000:
+    tcp:8000:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 172.16.64.20
+            - 172.16.0.20
 service:
-  isc-kea-ctrl-agent.service:
+    isc-kea-ctrl-agent.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  isc-kea-dhcp4-server.service:
+    isc-kea-dhcp4-server.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.20/24
+            - 192.168.99.20/24
-    mtu: 1500
+        mtu: 1500
-  enp0s8:
+    enp0s8:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.0.20/24
+            - 172.16.0.20/24
-    mtu: 1500
+        mtu: 1500
-  enp0s9:
+    enp0s9:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.64.20/24
+            - 172.16.64.20/24
-    mtu: 1500
+        mtu: 1500
--- a/goss/s-kea2.yaml
+++ b/goss/s-kea2.yaml
@ -1,90 +1,93 @@
 file:
-  /etc/kea/kea-ctrl-agent.conf:
+    /etc/kea/kea-ctrl-agent.conf:
-    exists: true
+        exists: true
-    mode: "0644"
+        mode: "0644"
-    size: 2470
+        owner: _kea
-    owner: _kea
+        group: root
-    group: root
+        filetype: file
-    filetype: file
+        contents: []
-    contains: []
+    /etc/kea/kea-dhcp4.conf:
-  /etc/kea/kea-dhcp4.conf:
+        exists: true
-    exists: true
+        mode: "0644"
-    mode: "0644"
+        owner: _kea
-    size: 11346
+        group: root
-    owner: _kea
+        filetype: file
-    group: root
+        contents: []
-    filetype: file
+    /tmp/kea4-ctrl-socket:
-    contains: []
+        exists: true
-  /tmp/kea4-ctrl-socket:
+        mode: "0755"
-    exists: true
+        size: 0
-    mode: "0755"
+        owner: _kea
-    size: 0
+        group: _kea
-    owner: _kea
+        filetype: socket
-    group: _kea
+        contains: []
-    filetype: socket
+        contents: null
-    contains: []
+    /usr/lib/x86_64-linux-gnu/kea:
-  /usr/local/lib/kea:
+        exists: true
-    exists: true
+        mode: "0755"
-    mode: "0755"
+        owner: root
-    size: 4096
+        group: root
-    owner: root
+        filetype: directory
-    group: root
+        contents: []
    filetype: directory
    contains: []
 package:
-  isc-kea-common:
+    isc-kea-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-ctrl-agent:
+    isc-kea-ctrl-agent:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-dhcp4:
+    isc-kea-dhcp4:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-hooks:
+    isc-kea-hooks:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  libmariadb3:
+    libmariadb3:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mariadb-common:
+    mariadb-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mysql-common:
+    mysql-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 5.8+1.1.0
+            - 5.8+1.1.0
 addr:
    udp://172.16.64.254:67:
        local-address: 127.0.0.1
        reachable: true
        timeout: 500
 port:
-  tcp:8000:
+    tcp:8000:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 172.16.64.21
+            - 172.16.0.21
 service:
-  isc-kea-ctrl-agent.service:
+    isc-kea-ctrl-agent.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  isc-kea-dhcp4-server.service:
+    isc-kea-dhcp4-server.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.21/24
+            - 192.168.99.21/24
-    mtu: 1500
+        mtu: 1500
-  enp0s8:
+    enp0s8:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.0.21/24
+            - 172.16.0.21/24
-    mtu: 1500
+        mtu: 1500
-  enp0s9:
+    enp0s9:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.64.21/24
+            - 172.16.64.21/24
-    mtu: 1500
+        mtu: 1500
--- a/goss/s-nxc.yaml
+++ b/goss/s-nxc.yaml
@ -98,10 +98,10 @@ file:
    filetype: file
    contains: []
-addr:
+      #addr:
-  tcp://s-nxc.gsb.lan:443:
+      #tcp://s-nxc.gsb.lan:443:
-    reachable: true
+      #reachable: true
-    timeout: 500
+      #timeout: 500
 port:
  tcp:22:
@ -117,10 +117,10 @@ port:
    listening: true
    ip: []
-      #tcp:8081:
+    #tcp:8081:
-      #listening: true
+    #listening: true
-      #ip:
+    #ip:
-      #- 0.0.0.0
+    #- 0.0.0.0
 interface:
  enp0s3:
--- a/roles/fw-ferm/README.md
+++ b/roles/fw-ferm/README.md
@ -1,6 +1,76 @@
 Configuration de ferm
 # [Ferm](http://ferm.foo-projects.org/)
-Modifier l'execution d'iptables [plus d'info ici](https://wiki.debian.org/iptables)
+Modifier l'execution d'iptables [plus d'info ici#!/bin/bash
 set -u
 set -e
 # Version Site to Site 
 AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard cote A
 EndpointA=192.168.0.51  # Adresse extremite A
 PortA=51820  # Port ecoute extremite A
 NetworkA=192.168.1.0/24 # reseau cote A
 NetworkC=192.168.200.0/24 #reseau cote A
 NetworkD=172.16.0.0/24 #reseau cote A
 AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard cote B
 EndpointB=192.168.0.52 # Adresse extremite B
 PortB=51820  # Port ecoute extremite B
 NetworkB=172.16.128.0/24 # reseau cote B
 umask 077
 wg genkey > endpoint-a.key
 wg pubkey < endpoint-a.key > endpoint-a.pub
 wg genkey > endpoint-b.key
 wg pubkey < endpoint-b.key > endpoint-b.pub
 PKA=$(cat endpoint-a.key)
 pKA=$(cat endpoint-a.pub)
 PKB=$(cat endpoint-b.key)
 pKB=$(cat endpoint-b.pub)
 cat <<FINI > wg0-a.conf
 # local settings for Endpoint A
 [Interface]
 PrivateKey = $PKA
 Address = $AddressAwg
 ListenPort = $PortA
 # IP forwarding
 PreUp = sysctl -w net.ipv4.ip_forward=1
 # remote settings for Endpoint B
 [Peer]
 PublicKey = $pKB
 Endpoint = ${EndpointB}:$PortB
 AllowedIPs = $AddressBwg, $NetworkB
 FINI
 cat <<FINI > wg0-b.conf
 # local settings for Endpoint B
 [Interface]
 PrivateKey = $PKB
 Address = $AddressBwg
 ListenPort = $PortB
 # IP forwarding
 PreUp = sysctl -w net.ipv4.ip_forward=1
 # remote settings for Endpoint A
 [Peer]
 PublicKey = $pKA
 Endpoint = ${EndpointA}:$PortA
 AllowedIPs = $AddressAwg, $NetworkA, $NetworkC, $NetworkD
 FINI
 echo "wg0-a.conf et wg0-b.conf sont generes ..."
 echo "copier wg0-b.conf sur la machine b et renommer les fichiers de configuration ..."](https://wiki.debian.org/iptables)
 ```shell
 update-alternatives --set iptables /usr/sbin/iptables-legacy
 ```
--- a/roles/kea/README.md
+++ b/roles/kea/README.md
@ -1,14 +1,21 @@
 # Rôle Kea
 ***
-Rôle du Kea pour la haute disponibilité dhcp
+Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
 ## Tables des matières
    1. [Que fait le rôle Kea ?]
    2. [Installation et configuration de ka]
    3. [Remarques]
 ## Que fait le rôle Kea ?
-Il permet de configurer les serveur kea en mode haute disponibilité.
+Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
 - Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
 - Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
 ### Installation et configuration de kea
-Le rôle kea va installer les packets kea dhcp4, hook, admin une fois les packets installer. Nous allons configurer les 2 serveurs kea pour qu'il distribut les ip de n-user et soit en haute disponibilité.
+Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
 ### Remarquees ###
 Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.
--- a/roles/kea/tasks/main.yml
+++ b/roles/kea/tasks/main.yml
@ -1,16 +1,16 @@
 ---  
 - name: Preparation  
-  shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
+  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/kea-2-4/setup.deb.sh' | sudo -E bash
 - name: Update apt
  ansible.builtin.apt:
    update_cache: yes
- name: Installation paquet isc-kea-common
+      #- name: Installation paquet isc-kea-common
-  ansible.builtin.apt:
+      #  ansible.builtin.apt:
-    deb: isc-kea-common
+      #    deb: isc-kea-common
-    state: present
+      #    state: present
 - name: Installation isc-kea-dhcp4
  ansible.builtin.apt:
@ -27,8 +27,8 @@
    name: isc-kea-hooks
    state: present
- name: Generation du fichier de configuration kea-ctrl-agent
+- name: Generation ---- du fichier de configuration kea-ctrl-agent
-  ansible.builtin.copy:
+  ansible.builtin.template:
    src: kea-ctrl-agent.conf.j2
    dest: /etc/kea/kea-ctrl-agent.conf
  notify:
--- a/roles/kea/templates/kea-ctrl-agent.conf.j2
+++ b/roles/kea/templates/kea-ctrl-agent.conf.j2
@ -1,66 +1,32 @@
-// This is an example of a configuration for Control-Agent (CA) listening
+{
-// for incoming HTTP traffic. This is necessary for handling API commands,
+    "Control-agent":
-// in particular lease update commands needed for HA setup.
+    {
-{
+        "http-host": "{{ kea_ctrl_address_this }}",
-    "Control-agent":
+        "http-port": 8000,
-    {
+        "control-sockets":
-        // We need to specify where the agent should listen to incoming HTTP
+        {
-        // queries.
+            "dhcp4":
-        "http-host": "{{ kea_ctrl_address }}",
+            {
-
+                "socket-type": "unix",
-        // This specifies the port CA will listen on.
+                "socket-name": "/tmp/kea4-ctrl-socket"
-        "http-port": 8000,
+            },
-
+        },
-        "control-sockets":
+
-        {
+        "loggers": [
-            // This is how the Agent can communicate with the DHCPv4 server.
+            {
-            "dhcp4":
+                "name": "kea-ctrl-agent",
-            {
+                "output_options": [
-                "comment": "socket to DHCPv4 server",
+                    {
-                "socket-type": "unix",
+                        "output": "stdout",
-                "socket-name": "/tmp/kea4-ctrl-socket"
+                        "flush": true,
-            },
+                        "maxsize": 204800,
-
+                        "maxver": 4,
-            // Location of the DHCPv6 command channel socket.
+{% raw %}               "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n", {% endraw %}
-           # "dhcp6":
+                    }
-           # {
+                ],
-           #     "socket-type": "unix",
+                "severity": "INFO",
-           #     "socket-name": "/tmp/kea6-ctrl-socket"
+		"debuglevel": 0
-           # },
+            }
-
+        ]
-            // Location of the D2 command channel socket.
+    }
-           # "d2":
+}
           # {
           #     "socket-type": "unix",
           #     "socket-name": "/tmp/kea-ddns-ctrl-socket",
           #     "user-context": { "in-use": false }
           # }
        },
        // Similar to other Kea components, CA also uses logging.
        "loggers": [
            {
                "name": "kea-ctrl-agent",
                "output_options": [
                    {
                        "output": "stdout",
                        // Several additional parameters are possible in addition
                        // to the typical output. Flush determines whether logger
                        // flushes output to a file. Maxsize determines maximum
                        // filesize before the file is rotated. maxver
                        // specifies the maximum number of rotated files being
                        // kept.
                        "flush": true,
                        "maxsize": 204800,
                        "maxver": 4,
                        // We use pattern to specify custom log message layout
                        "pattern": "%d{%y.%m.%d %H:%M:%S.%q} %-5p [%c/%i] %m\n"
                    }
                ],
                "severity": "INFO",
                "debuglevel": 0 // debug level only applies when severity is set to DEBUG.
            }
        ]
    }
 }
--- a/roles/kea/templates/kea-dhcp4.conf.j2
+++ b/roles/kea/templates/kea-dhcp4.conf.j2
@ -22,7 +22,7 @@
        // The DHCPv4 server listens on this interface. When changing this to
        // the actual name of your interface, make sure to also update the
        // interface parameter in the subnet definition below.
-        "interfaces": {{ kea_dhcp_interfaces }}
+        "interfaces": ["{{ kea_dhcp_int }}"]
    },
    // Control socket is required for communication between the Control
@ -76,12 +76,12 @@
        // deliver lease updates to the server as well as synchronize the
        // lease database after failure.
        {
-            "library": "/usr/local/lib/kea/hooks/libdhcp_lease_cmds.so"
+            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
        },
        {
            // The HA hook library should be loaded.
-            "library": "/usr/local/lib/kea/hooks/libdhcp_ha.so",
+            "library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
            "parameters": {
                // Each server should have the same HA configuration, except for the
                // "this-server-name" parameter.
--- a/roles/lb-front/files/goss.yaml
+++ b/roles/lb-front/files/goss.yaml
@ -1,23 +0,0 @@
 port:
  tcp:80:
    listening: true
    ip:
    - 192.168.100.11
 service:
  haproxy:
    enabled: true
    running: true
  sshd:
    enabled: true
    running: true
 interface:
  enp0s8:
    exists: true
    addrs:
    - 192.168.100.11/24
    mtu: 1500
  enp0s9:
    exists: true
    addrs:
    - 192.168.101.254/24
    mtu: 1500
--- a/roles/lb-front/files/haproxy.cfg
+++ b/roles/lb-front/files/haproxy.cfg
@ -41,7 +41,7 @@ frontend proxypublic
 backend fermeweb
 	balance roundrobin
 	option httpclose
-	#option httpchk HEAD / HTTP/1.0
+	option httpchk HEAD / HTTP/1.0
 	server s-lb-web1 192.168.101.1:80 check
 	server s-lb-web2 192.168.101.2:80 check
--- a/roles/lb-front/tasks/main.yml
+++ b/roles/lb-front/tasks/main.yml
@ -14,7 +14,7 @@
      backend fermeweb
        balance roundrobin
        option httpclose
-        #option httpchk HEAD / HTTP/1.0
+        option httpchk HEAD / HTTP/1.0
        server s-lb-web1 192.168.101.1:80 check
        server s-lb-web2 192.168.101.2:80 check
--- a/roles/nxc-traefik/files/savenextcloud.sh
+++ b/roles/nxc-traefik/files/savenextcloud.sh
@ -0,0 +1,29 @@
 #!/bin/bash
 # Mettre le serveur NextCloud en mode maintenance
 docker compose exec -u www-data app php occ maintenance:mode --on
 # Extraire les dossiers de sauvegarde
 cd /root/nxc
 # Copie locale de la sauvegarde
 rsync -Aavx nextcloud/ nextcloud-dirbkp/
 # Base de données MySQL/MariaDB
 docker compose exec db mysqldump -u nextcloud -pAzerty1+ nextcloud > nextcloud-sqlbkp.bak
 # Sortir du mode maintenance
 docker compose exec -u www-data app php occ maintenance:mode --off
 # création d'une archive
 tar cvfz nxc.tgz nextcloud-sqlbkp.bak nextcloud-dirbkp
 # envoie sur s-backup
 BACKUP=/home/backup/s-nxc
 # Préparation des dossiers qui vont accueillir les données à sauvegarder (-e lance le répertoire si il existe)
 [[ -e "${BACKUP}" ]] || mkdir -p "${BACKUP}"
 # Sauvegarde du fichier nxc.tgz vers la machine s-backup
 scp root@s-nxc:/root/nxc/nxc.tgz "${BACKUP}/"
--- a/roles/old/kea-master/README.md
+++ b/roles/old/kea-master/README.md
--- a/roles/old/kea-master/default/main.yml
+++ b/roles/old/kea-master/default/main.yml
--- a/roles/old/kea-master/files/kea-ctrl-agent.conf
+++ b/roles/old/kea-master/files/kea-ctrl-agent.conf
--- a/roles/old/kea-master/files/kea-dhcp4.conf
+++ b/roles/old/kea-master/files/kea-dhcp4.conf
--- a/roles/old/kea-master/handlers/main.yml
+++ b/roles/old/kea-master/handlers/main.yml
--- a/roles/old/kea-master/tasks/main.yml
+++ b/roles/old/kea-master/tasks/main.yml
--- a/roles/old/kea-slave/README.md
+++ b/roles/old/kea-slave/README.md
--- a/roles/old/kea-slave/default/main.yml
+++ b/roles/old/kea-slave/default/main.yml
--- a/roles/old/kea-slave/files/kea-ctrl-agent.conf
+++ b/roles/old/kea-slave/files/kea-ctrl-agent.conf
--- a/roles/old/kea-slave/files/kea-dhcp4.conf
+++ b/roles/old/kea-slave/files/kea-dhcp4.conf
--- a/roles/old/kea-slave/handlers/main.yml
+++ b/roles/old/kea-slave/handlers/main.yml
--- a/roles/old/kea-slave/tasks/main.yml
+++ b/roles/old/kea-slave/tasks/main.yml
--- a/roles/ssh-backup-key-gen/README.md
+++ b/roles/ssh-backup-key-gen/README.md
@ -0,0 +1 @@
 ###Génération de clé publique et privée###
--- a/roles/ssh-backup-key-gen/tasks/main.yml
+++ b/roles/ssh-backup-key-gen/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - name: on genere une cle privee pour s-backup
  openssh_keypair:
    path: /root/id_rsa_sbackup
    type: rsa
    state: present
 - name: copie cle publique dans gsbstore
  copy:
    src: /root/id_rsa_sbackup.pub
    dest: /var/www/html/gsbstore
    mode: 0644
    remote_src: yes
 - name: copie cle privee dans gsbstore
  copy:
    src: /root/id_rsa_sbackup
    dest: /var/www/html/gsbstore
    mode: 0600
    remote_src: yes
--- a/roles/ssh-backup-key-private/tasks/main.yml
+++ b/roles/ssh-backup-key-private/tasks/main.yml
@ -0,0 +1,13 @@
 ---
 - name: creation .ssh
  file:
    path: ~/.ssh
    state: directory
    mode: 0700
 - name: recuperation de la cle privee generee par s-adm
  get_url:
    url: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup
    dest: /root/.ssh/id_rsa_sbackup
    mode: 0600
--- a/roles/ssh-backup-key-pub/tasks/main.yml
+++ b/roles/ssh-backup-key-pub/tasks/main.yml
@ -0,0 +1,6 @@
 ---
 - name: recuperation de la cle publique generee par s-adm
  ansible.posix.authorized_key:
    user: root
    state: present
    key: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup.pub
--- a/roles/stork-agent/README.md
+++ b/roles/stork-agent/README.md
@ -0,0 +1,21 @@
 # Rôle Kea
 ***
 Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
 ## Tables des matières
    1. [Que fait le rôle Kea ?]
    2. [Installation et configuration de ka]
    3. [Remarques]
 ## Que fait le rôle Kea ?
 Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
 - Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
 - Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
 ### Installation et configuration de kea
 Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
 ### Remarquees ###
 Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.
--- a/roles/stork-agent/handlers/main.yml
+++ b/roles/stork-agent/handlers/main.yml
@ -0,0 +1,7 @@
 ---  
 - name: Restart isc-stork-agent
  ansible.builtin.service:
    name: isc-stork-agent.service
    state: restarted
    enabled: yes
--- a/roles/stork-agent/tasks/main.yml
+++ b/roles/stork-agent/tasks/main.yml
@ -0,0 +1,21 @@
 ---  
 - name: Preparation  
  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash 
 - name: Update apt
  ansible.builtin.apt:
    update_cache: yes
 - name: Installation isc-stork-agent
  ansible.builtin.apt:
    name: isc-stork-agent
    state: present
 - name: Generation du fichier de configuration agent.env
  ansible.builtin.template:
    src: agent.env.j2
    dest: /etc/stork/agent.env
  notify:
    - Restart isc-stork-agent
--- a/roles/stork-agent/templates/agent.env.j2
+++ b/roles/stork-agent/templates/agent.env.j2
@ -0,0 +1,45 @@
 ### the IP or hostname to listen on for incoming Stork server connections
 STORK_AGENT_HOST={{ stork_host }}
 ### the TCP port to listen on for incoming Stork server connections
 STORK_AGENT_PORT={{ stork_port }}
 ### listen for commands from the Stork server only, but not for Prometheus requests
 # STORK_AGENT_LISTEN_STORK_ONLY=true
 ### listen for Prometheus requests only, but not for commands from the Stork server
 # STORK_AGENT_LISTEN_PROMETHEUS_ONLY=true
 ### settings for exporting stats to Prometheus
 ### the IP or hostname on which the agent exports Kea statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
 ### the port on which the agent exports Kea statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
 ### how often the agent collects stats from Kea, in seconds
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=
 ## enable or disable collecting per-subnet stats from Kea
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
 ### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
 ### the port on which the agent exports BIND 9 statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=
 ### how often the agent collects stats from BIND 9, in seconds
 # STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=
 ### Stork Server URL used by the agent to send REST commands to the server during agent registration
 STORK_AGENT_SERVER_URL=http://s-backup.gsb.lan:8080/
 ### skip TLS certificate verification when the Stork Agent connects
 ### to Kea over TLS and Kea uses self-signed certificates
 # STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
 ### Logging parameters
 ### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
 # STORK_LOG_LEVEL=DEBUG
 ### disable output colorization
 # CLICOLOR=false
 ### path to the hook directory
 # STORK_AGENT_HOOK_DIRECTORY=
--- a/roles/stork-server/README.md
+++ b/roles/stork-server/README.md
@ -0,0 +1,21 @@
 # Rôle Kea
 ***
 Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
 ## Tables des matières
    1. [Que fait le rôle Kea ?]
    2. [Installation et configuration de ka]
    3. [Remarques]
 ## Que fait le rôle Kea ?
 Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
 - Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
 - Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
 ### Installation et configuration de kea
 Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
 ### Remarquees ###
 Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.
--- a/roles/stork-server/default/main.yml
+++ b/roles/stork-server/default/main.yml
@ -0,0 +1,8 @@
 #variable kea
 kea_ver: "2.4.1"
  kea_dbname: ""
  kaa_dbuser: ""
  kea_dbpasswd: ""
  kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf"
  kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf"
--- a/roles/stork-server/handlers/main.yml
+++ b/roles/stork-server/handlers/main.yml
@ -0,0 +1,6 @@
 ---  
 - name: Restart isc-stork-server.service
  ansible.builtin.service:
    name: isc-stork-server.service
    state: restarted
    enabled: yes
--- a/roles/stork-server/tasks/main.yml
+++ b/roles/stork-server/tasks/main.yml
@ -0,0 +1,31 @@
 ---  
 - name: Preparation  
  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
 - name: Update apt
  ansible.builtin.apt:
    update_cache: yes
      #- name: Installation paquet isc-kea-common
      #  ansible.builtin.apt:
      #    deb: isc-kea-common
      #    state: present
 - name: Installation isc-stork-server postgresql 
  ansible.builtin.apt:
    pkg:
    - isc-stork-server
    - postgresql-15
 - name: lancer la commande de création de la base de donnees stork
  ansible.builtin.shell: su postgres --command "stork-tool db-create --db-name {{ stork_db_name }} --db-user {{ stork_db_user }} --db-password {{ stork_db_passwd }}"
 - name: Generation ---- du fichier de configuration server.env
  ansible.builtin.template:
    src: server.env.j2
    dest: /etc/stork/server.env
  notify:
    - Restart isc-stork-server.service
--- a/roles/stork-server/templates/server.env.j2
+++ b/roles/stork-server/templates/server.env.j2
@ -0,0 +1,52 @@
 ### database settings
 ### the address of a PostgreSQL database
 STORK_DATABASE_HOST=localhost
 ### the port of a PostgreSQL database
 STORK_DATABASE_PORT=5432
 ### the name of a database
 STORK_DATABASE_NAME={{ stork_db_name }}
 ### the username for connecting to the database
 STORK_DATABASE_USER_NAME={{ stork_db_user }}
 ### the SSL mode for connecting to the database
 ### possible values: disable, require, verify-ca, or verify-full
 # STORK_DATABASE_SSLMODE=
 ### the location of the SSL certificate used by the server to connect to the database
 # STORK_DATABASE_SSLCERT=
 ### the location of the SSL key used by the server to connect to the database
 # STORK_DATABASE_SSLKEY=
 ### the location of the root certificate file used to verify the database server's certificate
 # STORK_DATABASE_SSLROOTCERT=
 ### the password for the username connecting to the database
 ### empty password is set to avoid prompting a user for database password
 STORK_DATABASE_PASSWORD={{stork_db_passwd }}
 ### REST API settings
 ### the IP address on which the server listens
 # STORK_REST_HOST=
 ### the port number on which the server listens
 # STORK_REST_PORT=
 ### the file with a certificate to use for secure connections
 # STORK_REST_TLS_CERTIFICATE=
 ### the file with a private key to use for secure connections
 # STORK_REST_TLS_PRIVATE_KEY=
 ### the certificate authority file used for mutual TLS authentication
 # STORK_REST_TLS_CA_CERTIFICATE=
 ### the directory with static files served in the UI
 STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
 ### the base URL of the UI - to be used only if the UI is served from a subdirectory
 # STORK_REST_BASE_URL=
 ### enable Prometheus /metrics HTTP endpoint for exporting metrics from
 ### the server to Prometheus. It is recommended to secure this endpoint
 ### (e.g. using HTTP proxy).
 # STORK_SERVER_ENABLE_METRICS=true
 ### Logging parameters
 ### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
 # STORK_LOG_LEVEL=DEBUG
 ### disable output colorization
 # CLICOLOR=false
 ### path to the hook directory
 # STORK_SERVER_HOOK_DIRECTORY=
--- a/roles/zabbix-cli/tasks/main.yml
+++ b/roles/zabbix-cli/tasks/main.yml
@ -28,11 +28,11 @@
        state: restarted
        enabled: yes
-    - name: mise ne place script hostcreate
+    - name: mise en place script hostcreate
      template:
        src: hostcreate.sh.j2
        dest: /tmp/hostcreate.sh
-    - name: lancement script hostcreate
+          #- name: lancement script hostcreate
-      command: bash /tmp/hostcreate.sh
+          #command: bash /tmp/hostcreate.sh
--- a/roles/zabbix-srv/tasks/main.yml
+++ b/roles/zabbix-srv/tasks/main.yml
@ -29,65 +29,41 @@
      name: mariadb
      state: started
-  - name: 6. Créer la base de données
+  - name: 6. Modifier la variable trust function creators pour importer la base données
    community.mysql.mysql_db:
      name: zabbix
      encoding: utf8mb4
      collation: utf8mb4_bin
      state: present
      login_unix_socket: /var/run/mysqld/mysqld.sock
  - name: 7. Creer un utilisateur et  lui attribuer tous les droits
    community.mysql.mysql_user:
      name: zabbix
      password: password
      priv: '*.*:ALL,GRANT'
      state: present
      login_unix_socket: /var/run/mysqld/mysqld.sock
  - name: 8. Modifier une variable pour importer un schema
    community.mysql.mysql_variables:
      variable: log_bin_trust_function_creators
      value: 1
      mode: global
      login_unix_socket: /var/run/mysqld/mysqld.sock
-  - name: 9. Importer le schema initial
+  - name: 7. Importer la base de données
    community.mysql.mysql_db:
      state: import
      name: zabbix
      encoding: utf8mb4
-      login_user: zabbix
+      target: http://s-adm.gsb.adm/gsbstore/zabbix.sql.gz
      login_password: password
      target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
      login_unix_socket: /var/run/mysqld/mysqld.sock
-  - name: 10. Modifier la variable pour le schema
+  - name: 8. Remettre a zero la variable trust function creators
    community.mysql.mysql_variables:
      variable: log_bin_trust_function_creators
      value: 0
      mode: global
      login_unix_socket: /var/run/mysqld/mysqld.sock
-  - name: 11. Configurer le mdp de la db
+  - name: 9. Lancer le service zabbix-server
    replace:
     path: /etc/zabbix/zabbix_server.conf
     regexp: '^# DBPassword='
     replace: 'DBPassword=password'
  - name: 12. Lancer le service zabbix-server
    service:
     name: zabbix-server
     state: restarted
     enabled: yes
-  - name: 13. Lancer le service zabbix-agent
+  - name: 10. Lancer le service zabbix-agent
    service:
     name: zabbix-agent
     state: restarted
     enabled: yes
-  - name: 14. Lancer le service apache2
+  - name: 11. Lancer le service apache2
    service:
     name: apache2
     state: restarted
--- a/s-adm.yml
+++ b/s-adm.yml
@ -7,6 +7,7 @@
    - s-ssh
    - dnsmasq
    - squid
    - ssh-backup-key-gen
 #    - local-store
    - zabbix-cli
    ## - syslog-cli
--- a/s-backup.yml
+++ b/s-backup.yml
@ -1,15 +1,20 @@
 ---
 - hosts: localhost
  connection: local
  vars:
    stork_db_user: "stork-server"
    stork_db_passwd: "Azerty1+"
    stork_db_name: "stork"
  roles:
    - base
    - goss
 #   - proxy3
    - zabbix-cli
    - gotify
-#   - ssh-cli
+    - stork-server
-    # - syslog-cli
+    - ssh-cli
      #- syslog-cli
    - smb-backup
    - dns-slave
    - post
    - ssh-backup-key-private
--- a/s-kea1-ps.yml
+++ b/s-kea1-ps.yml
@ -1,21 +0,0 @@
 ---
 - hosts: localhost
  connection: local
  vars:
    kea_this_server: "s-kea1"
    kea_srv1: "s-kea1"
    kea_srv2: "s-kea2"
    kea_ctrl_address_this: "172.16.0.20"
    kea_ctrl_address1: "172.16.0.20"
    kea_ctrl_address2: "172.16.0.21"
    kea_dhcp_int: ["enp0s9"]
  roles:
        - base
       - goss
      # - ssh-cli
    - kea
      # - zabbix-cli
      # - journald-snd
      # - snmp-agent
          - post
--- a/s-kea1.yml
+++ b/s-kea1.yml
@ -1,13 +1,24 @@
 ---
 - hosts: localhost
  connection: local
  vars:
    kea_this_server: "s-kea1"
    kea_srv1: "s-kea1"
    kea_srv2: "s-kea2"
    kea_ctrl_address_this: "172.16.0.20"
    kea_ctrl_address1: "172.16.0.20"
    kea_ctrl_address2: "172.16.0.21"
    kea_dhcp_int: "enp0s9"
    stork_host: "s-kea1.gsb.lan"
    stork_port: "8081"
  roles:
    - base
-      #- goss
+    - goss
-      #- ssh-cli
+    - ssh-cli
-    - kea-master
+    - kea
-      #- zabbix-cli
+    - stork-agent
-      #- journald-snd
+    - zabbix-cli
-      #- snmp-agent
+    - journald-snd
    - snmp-agent
    - post
--- a/s-kea2.yml
+++ b/s-kea2.yml
@ -1,13 +1,24 @@
 ---
 - hosts: localhost
  connection: local
  vars:
    kea_this_server: "s-kea2"
    kea_srv1: "s-kea1"
    kea_srv2: "s-kea2"
    kea_ctrl_address_this: "172.16.0.21"
    kea_ctrl_address1: "172.16.0.20"
    kea_ctrl_address2: "172.16.0.21"
    kea_dhcp_int: "enp0s9"
    stork_host: "s-kea2.gsb.lan"
    stork_port: "8081"
  roles:
    - base
-   # - goss
+    - goss
-   # - ssh-cli
+    - ssh-cli
-    - kea-slave
+    - kea
-   # - zabbix-cli
+    - stork-agent
-   # - journald-snd
+    - zabbix-cli
-   # - snmp-agent
+    - journald-snd
    - snmp-agent
    - post
--- a/s-nxc.yml
+++ b/s-nxc.yml
@ -10,3 +10,4 @@
    # - syslog-cli
    - snmp-agent
    - post
    - ssh-backup-key-pub
Author	SHA1	Message	Date
root	d88745e741	modif s-backup.yml	2024-01-25 11:11:56 +01:00
root	fffcb22db8	modif cle priv	2024-01-25 11:09:25 +01:00
Jimmy Chevanne	abb8c15028	maj zabbix-srv	2024-01-25 11:01:02 +01:00
root	73b4560dd9	modif cle privee	2024-01-25 10:49:53 +01:00
root	91d8b57029	modif role	2024-01-25 10:10:50 +01:00
root	37bbbad9dd	script recup cle pub	2024-01-25 10:03:20 +01:00
root	84215f502b	generate cle publique et privee	2024-01-25 09:53:45 +01:00
flo	2606cd19b0	maj zabbix-srv	2024-01-25 09:51:35 +01:00
root	b27ce2a372	maj goss s-nxc	2024-01-25 08:31:06 +01:00
root	18ce1f65ad	maj goss s-nxc	2024-01-25 08:19:51 +01:00
root	116b84d230	ajout role stork-agent	2024-01-24 23:56:15 +01:00
root	c92a7654d3	ajout role stork-server	2024-01-24 19:22:14 +01:00
root	02c7f3dffd	script saveNextcloud	2024-01-23 11:22:40 +01:00
root	5a8558d701	modif script save	2024-01-22 17:54:29 +01:00
root	7d6b15844a	script de sauvegarde de nextcloud	2024-01-22 17:07:05 +01:00
root	2653221559	MAJ role KEA MAJ test goss KEA	2024-01-22 16:49:58 +01:00
Jimmy Chevanne	3100ba51e2	maj role lb-front	2024-01-22 16:26:02 +01:00
gsb	bbe58dbb01	Actualiser roles/fw-ferm/README.md	2024-01-22 15:27:26 +01:00
root	7124d8aaff	type kea-ctrl-agent.conf.j2	2024-01-21 01:03:02 +01:00
root	0afa2c3596	corrections diverses template kea-ctrl pb avec jinja2	2024-01-21 00:54:39 +01:00
		`@ -0,0 +1 @@`
							`###Génération de clé publique et privée###`