modif cle priv

goss.yaml

@@ -0,0 +1,25 @@
+port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp6:22:
+    listening: true
+    ip:
+    - '::'
+service:
+  sshd:
+    enabled: true
+    running: true
+user:
+  sshd:
+    exists: true
+    uid: 101
+    gid: 65534
+    groups:
+    - nogroup
+    home: /run/sshd
+    shell: /usr/sbin/nologin
+process:
+  sshd:
+    running: true

goss/s-kea1.yaml

@@ -1,90 +1,93 @@
 file:
-  /etc/kea/kea-ctrl-agent.conf:
+    /etc/kea/kea-ctrl-agent.conf:
-    exists: true
+        exists: true
-    mode: "0644"
+        mode: "0644"
-    size: 2470
+        owner: _kea
-    owner: _kea
+        group: root
-    group: root
+        filetype: file
-    filetype: file
+        contents: []
-    contains: []
+    /etc/kea/kea-dhcp4.conf:
-  /etc/kea/kea-dhcp4.conf:
+        exists: true
-    exists: true
+        mode: "0644"
-    mode: "0644"
+        owner: _kea
-    size: 11346
+        group: root
-    owner: _kea
+        filetype: file
-    group: root
+        contents: []
-    filetype: file
+    /tmp/kea4-ctrl-socket:
-    contains: []
+        exists: true
-  /tmp/kea4-ctrl-socket:
+        mode: "0755"
-    exists: true
+        size: 0
-    mode: "0755"
+        owner: _kea
-    size: 0
+        group: _kea
-    owner: _kea
+        filetype: socket
-    group: _kea
+        contains: []
-    filetype: socket
+        contents: null
-    contains: []
+    /usr/lib/x86_64-linux-gnu/kea:
-  /usr/local/lib/kea:
+        exists: true
-    exists: true
+        mode: "0755"
-    mode: "0755"
+        owner: root
-    size: 4096
+        group: root
-    owner: root
+        filetype: directory
-    group: root
+        contents: []
-    filetype: directory
-    contains: []
 package:
-  isc-kea-common:
+    isc-kea-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-ctrl-agent:
+    isc-kea-ctrl-agent:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-dhcp4:
+    isc-kea-dhcp4:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-hooks:
+    isc-kea-hooks:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  libmariadb3:
+    libmariadb3:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mariadb-common:
+    mariadb-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mysql-common:
+    mysql-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 5.8+1.1.0
+            - 5.8+1.1.0
+addr:
+    udp://172.16.64.254:67:
+        local-address: 127.0.0.1
+        reachable: true
+        timeout: 500
 port:
-  tcp:8000:
+    tcp:8000:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 172.16.64.20
+            - 172.16.0.20
 service:
-  isc-kea-ctrl-agent.service:
+    isc-kea-ctrl-agent.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  isc-kea-dhcp4-server.service:
+    isc-kea-dhcp4-server.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.20/24
+            - 192.168.99.20/24
-    mtu: 1500
+        mtu: 1500
-  enp0s8:
+    enp0s8:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.0.20/24
+            - 172.16.0.20/24
-    mtu: 1500
+        mtu: 1500
-  enp0s9:
+    enp0s9:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.64.20/24
+            - 172.16.64.20/24
-    mtu: 1500
+        mtu: 1500

goss/s-kea2.yaml

@@ -1,90 +1,93 @@
 file:
-  /etc/kea/kea-ctrl-agent.conf:
+    /etc/kea/kea-ctrl-agent.conf:
-    exists: true
+        exists: true
-    mode: "0644"
+        mode: "0644"
-    size: 2470
+        owner: _kea
-    owner: _kea
+        group: root
-    group: root
+        filetype: file
-    filetype: file
+        contents: []
-    contains: []
+    /etc/kea/kea-dhcp4.conf:
-  /etc/kea/kea-dhcp4.conf:
+        exists: true
-    exists: true
+        mode: "0644"
-    mode: "0644"
+        owner: _kea
-    size: 11346
+        group: root
-    owner: _kea
+        filetype: file
-    group: root
+        contents: []
-    filetype: file
+    /tmp/kea4-ctrl-socket:
-    contains: []
+        exists: true
-  /tmp/kea4-ctrl-socket:
+        mode: "0755"
-    exists: true
+        size: 0
-    mode: "0755"
+        owner: _kea
-    size: 0
+        group: _kea
-    owner: _kea
+        filetype: socket
-    group: _kea
+        contains: []
-    filetype: socket
+        contents: null
-    contains: []
+    /usr/lib/x86_64-linux-gnu/kea:
-  /usr/local/lib/kea:
+        exists: true
-    exists: true
+        mode: "0755"
-    mode: "0755"
+        owner: root
-    size: 4096
+        group: root
-    owner: root
+        filetype: directory
-    group: root
+        contents: []
-    filetype: directory
-    contains: []
 package:
-  isc-kea-common:
+    isc-kea-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-ctrl-agent:
+    isc-kea-ctrl-agent:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-dhcp4:
+    isc-kea-dhcp4:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  isc-kea-hooks:
+    isc-kea-hooks:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 2.4.1-isc20231123184533
+            - 2.4.1-isc20231123184533
-  libmariadb3:
+    libmariadb3:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mariadb-common:
+    mariadb-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 1:10.11.4-1~deb12u1
+            - 1:10.11.4-1~deb12u1
-  mysql-common:
+    mysql-common:
-    installed: true
+        installed: true
-    versions:
+        versions:
-    - 5.8+1.1.0
+            - 5.8+1.1.0
+addr:
+    udp://172.16.64.254:67:
+        local-address: 127.0.0.1
+        reachable: true
+        timeout: 500
 port:
-  tcp:8000:
+    tcp:8000:
-    listening: true
+        listening: true
-    ip:
+        ip:
-    - 172.16.64.21
+            - 172.16.0.21
 service:
-  isc-kea-ctrl-agent.service:
+    isc-kea-ctrl-agent.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
-  isc-kea-dhcp4-server.service:
+    isc-kea-dhcp4-server.service:
-    enabled: true
+        enabled: true
-    running: true
+        running: true
 interface:
-  enp0s3:
+    enp0s3:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 192.168.99.21/24
+            - 192.168.99.21/24
-    mtu: 1500
+        mtu: 1500
-  enp0s8:
+    enp0s8:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.0.21/24
+            - 172.16.0.21/24
-    mtu: 1500
+        mtu: 1500
-  enp0s9:
+    enp0s9:
-    exists: true
+        exists: true
-    addrs:
+        addrs:
-    - 172.16.64.21/24
+            - 172.16.64.21/24
-    mtu: 1500
+        mtu: 1500

goss/s-nxc.yaml

@@ -98,10 +98,10 @@ file:
     filetype: file
     contains: []
 
-addr:
+      #addr:
-  tcp://s-nxc.gsb.lan:443:
+      #tcp://s-nxc.gsb.lan:443:
-    reachable: true
+      #reachable: true
-    timeout: 500
+      #timeout: 500
 
 port:
   tcp:22:
@@ -117,10 +117,10 @@ port:
     listening: true
     ip: []
 
-      #tcp:8081:
+    #tcp:8081:
-      #listening: true
+    #listening: true
-      #ip:
+    #ip:
-      #- 0.0.0.0
+    #- 0.0.0.0
 
 interface:
   enp0s3:

roles/kea/README.md

@@ -1,14 +1,21 @@
 # Rôle Kea
 ***
-Rôle du Kea pour la haute disponibilité dhcp
+Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
 
 ## Tables des matières
     1. [Que fait le rôle Kea ?]
+    2. [Installation et configuration de ka]
+    3. [Remarques]
 
 
 ## Que fait le rôle Kea ?
-Il permet de configurer les serveur kea en mode haute disponibilité.
+Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
+- Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
+- Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
 
 ### Installation et configuration de kea
 
-Le rôle kea va installer les packets kea dhcp4, hook, admin une fois les packets installer. Nous allons configurer les 2 serveurs kea pour qu'il distribut les ip de n-user et soit en haute disponibilité.
+Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
+
+### Remarquees ###
+Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.

roles/kea/templates/kea-ctrl-agent.conf.j2

@@ -25,6 +25,7 @@
                     }
                 ],
                 "severity": "INFO",
+		"debuglevel": 0
             }
         ]
     }

roles/kea/templates/kea-dhcp4.conf.j2

@@ -22,7 +22,7 @@
         // The DHCPv4 server listens on this interface. When changing this to
         // the actual name of your interface, make sure to also update the
         // interface parameter in the subnet definition below.
-        "interfaces": "{{ kea_dhcp_int }}"
+        "interfaces": ["{{ kea_dhcp_int }}"]
     },
 
     // Control socket is required for communication between the Control

roles/nxc-traefik/files/savenextcloud.sh

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Mettre le serveur NextCloud en mode maintenance
+docker compose exec -u www-data app php occ maintenance:mode --on
+
+# Extraire les dossiers de sauvegarde
+cd /root/nxc
+
+# Copie locale de la sauvegarde
+rsync -Aavx nextcloud/ nextcloud-dirbkp/
+
+# Base de données MySQL/MariaDB
+docker compose exec db mysqldump -u nextcloud -pAzerty1+ nextcloud > nextcloud-sqlbkp.bak
+
+# Sortir du mode maintenance
+docker compose exec -u www-data app php occ maintenance:mode --off
+
+# création d'une archive
+tar cvfz nxc.tgz nextcloud-sqlbkp.bak nextcloud-dirbkp
+
+# envoie sur s-backup
+BACKUP=/home/backup/s-nxc
+
+# Préparation des dossiers qui vont accueillir les données à sauvegarder (-e lance le répertoire si il existe)
+[[ -e "${BACKUP}" ]] || mkdir -p "${BACKUP}"
+
+# Sauvegarde du fichier nxc.tgz vers la machine s-backup
+scp root@s-nxc:/root/nxc/nxc.tgz "${BACKUP}/"
+

roles/ssh-backup-key-gen/README.md

@@ -0,0 +1 @@
+###Génération de clé publique et privée###

roles/ssh-backup-key-gen/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: on genere une cle privee pour s-backup
+  openssh_keypair:
+    path: /root/id_rsa_sbackup
+    type: rsa
+    state: present
+
+- name: copie cle publique dans gsbstore
+  copy:
+    src: /root/id_rsa_sbackup.pub
+    dest: /var/www/html/gsbstore
+    mode: 0644
+    remote_src: yes
+
+- name: copie cle privee dans gsbstore
+  copy:
+    src: /root/id_rsa_sbackup
+    dest: /var/www/html/gsbstore
+    mode: 0600
+    remote_src: yes

roles/ssh-backup-key-private/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: creation .ssh
+  file:
+    path: ~/.ssh
+    state: directory
+    mode: 0700
+
+- name: recuperation de la cle privee generee par s-adm
+  get_url:
+    url: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup
+    dest: /root/.ssh/id_rsa_sbackup
+    mode: 0600
+

roles/ssh-backup-key-pub/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: recuperation de la cle publique generee par s-adm
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup.pub

roles/stork-agent/README.md

@@ -0,0 +1,21 @@
+# Rôle Kea
+***
+Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
+
+## Tables des matières
+    1. [Que fait le rôle Kea ?]
+    2. [Installation et configuration de ka]
+    3. [Remarques]
+
+
+## Que fait le rôle Kea ?
+Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
+- Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
+- Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
+
+### Installation et configuration de kea
+
+Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
+
+### Remarquees ###
+Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.

roles/stork-agent/handlers/main.yml

@@ -0,0 +1,7 @@
+---  
+- name: Restart isc-stork-agent
+  ansible.builtin.service:
+    name: isc-stork-agent.service
+    state: restarted
+    enabled: yes
+

roles/stork-agent/tasks/main.yml

@@ -0,0 +1,21 @@
+---  
+
+- name: Preparation  
+  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash 
+
+- name: Update apt
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Installation isc-stork-agent
+  ansible.builtin.apt:
+    name: isc-stork-agent
+    state: present
+
+- name: Generation du fichier de configuration agent.env
+  ansible.builtin.template:
+    src: agent.env.j2
+    dest: /etc/stork/agent.env
+  notify:
+    - Restart isc-stork-agent
+

roles/stork-agent/templates/agent.env.j2

@@ -0,0 +1,45 @@
+### the IP or hostname to listen on for incoming Stork server connections
+STORK_AGENT_HOST={{ stork_host }}
+
+### the TCP port to listen on for incoming Stork server connections
+STORK_AGENT_PORT={{ stork_port }}
+
+### listen for commands from the Stork server only, but not for Prometheus requests
+# STORK_AGENT_LISTEN_STORK_ONLY=true
+
+### listen for Prometheus requests only, but not for commands from the Stork server
+# STORK_AGENT_LISTEN_PROMETHEUS_ONLY=true
+
+### settings for exporting stats to Prometheus
+### the IP or hostname on which the agent exports Kea statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
+### the port on which the agent exports Kea statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
+### how often the agent collects stats from Kea, in seconds
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=
+## enable or disable collecting per-subnet stats from Kea
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
+### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
+### the port on which the agent exports BIND 9 statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=
+### how often the agent collects stats from BIND 9, in seconds
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=
+
+### Stork Server URL used by the agent to send REST commands to the server during agent registration
+STORK_AGENT_SERVER_URL=http://s-backup.gsb.lan:8080/
+
+### skip TLS certificate verification when the Stork Agent connects
+### to Kea over TLS and Kea uses self-signed certificates
+# STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
+
+
+### Logging parameters
+
+### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
+# STORK_LOG_LEVEL=DEBUG
+### disable output colorization
+# CLICOLOR=false
+
+### path to the hook directory
+# STORK_AGENT_HOOK_DIRECTORY=

roles/stork-server/README.md

@@ -0,0 +1,21 @@
+# Rôle Kea
+***
+Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
+
+## Tables des matières
+    1. [Que fait le rôle Kea ?]
+    2. [Installation et configuration de ka]
+    3. [Remarques]
+
+
+## Que fait le rôle Kea ?
+Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
+- Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
+- Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
+
+### Installation et configuration de kea
+
+Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
+
+### Remarquees ###
+Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.

roles/stork-server/default/main.yml

@@ -0,0 +1,8 @@
+#variable kea
+ kea_ver: "2.4.1"
+  kea_dbname: ""
+  kaa_dbuser: ""
+  kea_dbpasswd: ""
+  kea_dhcp4_dir: "/etc/kea/kea-dhcp4.conf"
+  kea_ctrl_dir: "/etc/kea/kea-ctrl-agent.conf"
+

roles/stork-server/handlers/main.yml

@@ -0,0 +1,6 @@
+---  
+- name: Restart isc-stork-server.service
+  ansible.builtin.service:
+    name: isc-stork-server.service
+    state: restarted
+    enabled: yes

roles/stork-server/tasks/main.yml

@@ -0,0 +1,31 @@
+---  
+
+- name: Preparation  
+  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash
+
+- name: Update apt
+  ansible.builtin.apt:
+    update_cache: yes
+
+      #- name: Installation paquet isc-kea-common
+      #  ansible.builtin.apt:
+      #    deb: isc-kea-common
+      #    state: present
+
+- name: Installation isc-stork-server postgresql 
+  ansible.builtin.apt:
+    pkg:
+    - isc-stork-server
+    - postgresql-15
+
+- name: lancer la commande de création de la base de donnees stork
+  ansible.builtin.shell: su postgres --command "stork-tool db-create --db-name {{ stork_db_name }} --db-user {{ stork_db_user }} --db-password {{ stork_db_passwd }}"
+
+- name: Generation ---- du fichier de configuration server.env
+  ansible.builtin.template:
+    src: server.env.j2
+    dest: /etc/stork/server.env
+  notify:
+    - Restart isc-stork-server.service
+
+

roles/stork-server/templates/server.env.j2

@@ -0,0 +1,52 @@
+### database settings
+### the address of a PostgreSQL database
+STORK_DATABASE_HOST=localhost
+### the port of a PostgreSQL database
+STORK_DATABASE_PORT=5432
+### the name of a database
+STORK_DATABASE_NAME={{ stork_db_name }}
+### the username for connecting to the database
+STORK_DATABASE_USER_NAME={{ stork_db_user }}
+### the SSL mode for connecting to the database
+### possible values: disable, require, verify-ca, or verify-full
+# STORK_DATABASE_SSLMODE=
+### the location of the SSL certificate used by the server to connect to the database
+# STORK_DATABASE_SSLCERT=
+### the location of the SSL key used by the server to connect to the database
+# STORK_DATABASE_SSLKEY=
+### the location of the root certificate file used to verify the database server's certificate
+# STORK_DATABASE_SSLROOTCERT=
+### the password for the username connecting to the database
+### empty password is set to avoid prompting a user for database password
+STORK_DATABASE_PASSWORD={{stork_db_passwd }}
+
+### REST API settings
+### the IP address on which the server listens
+# STORK_REST_HOST=
+### the port number on which the server listens
+# STORK_REST_PORT=
+### the file with a certificate to use for secure connections
+# STORK_REST_TLS_CERTIFICATE=
+### the file with a private key to use for secure connections
+# STORK_REST_TLS_PRIVATE_KEY=
+### the certificate authority file used for mutual TLS authentication
+# STORK_REST_TLS_CA_CERTIFICATE=
+### the directory with static files served in the UI
+STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
+### the base URL of the UI - to be used only if the UI is served from a subdirectory
+# STORK_REST_BASE_URL=
+
+### enable Prometheus /metrics HTTP endpoint for exporting metrics from
+### the server to Prometheus. It is recommended to secure this endpoint
+### (e.g. using HTTP proxy).
+# STORK_SERVER_ENABLE_METRICS=true
+
+### Logging parameters
+
+### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
+# STORK_LOG_LEVEL=DEBUG
+### disable output colorization
+# CLICOLOR=false
+
+### path to the hook directory
+# STORK_SERVER_HOOK_DIRECTORY=

roles/zabbix-cli/tasks/main.yml

@@ -28,11 +28,11 @@
         state: restarted
         enabled: yes
 
-    - name: mise ne place script hostcreate
+    - name: mise en place script hostcreate
       template:
         src: hostcreate.sh.j2
         dest: /tmp/hostcreate.sh
 
-    - name: lancement script hostcreate
+          #- name: lancement script hostcreate
-      command: bash /tmp/hostcreate.sh
+          #command: bash /tmp/hostcreate.sh
 

roles/zabbix-srv/tasks/main.yml

@@ -29,65 +29,41 @@
       name: mariadb
       state: started
 
-  - name: 6. Créer la base de données
+  - name: 6. Modifier la variable trust function creators pour importer la base données
-    community.mysql.mysql_db:
-      name: zabbix
-      encoding: utf8mb4
-      collation: utf8mb4_bin
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  - name: 7. Creer un utilisateur et  lui attribuer tous les droits
-    community.mysql.mysql_user:
-      name: zabbix
-      password: password
-      priv: '*.*:ALL,GRANT'
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  - name: 8. Modifier une variable pour importer un schema
     community.mysql.mysql_variables:
       variable: log_bin_trust_function_creators
       value: 1
       mode: global
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 9. Importer le schema initial
+  - name: 7. Importer la base de données
     community.mysql.mysql_db:
       state: import
       name: zabbix
       encoding: utf8mb4
-      login_user: zabbix
+      target: http://s-adm.gsb..adm/gsbstore/zabbix.sql.gz
-      login_password: password
-      target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 10. Modifier la variable pour le schema
+  - name: 8. Remettre a zero la variable trust function creators
     community.mysql.mysql_variables:
       variable: log_bin_trust_function_creators
       value: 0
       mode: global
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 11. Configurer le mdp de la db
+  - name: 9. Lancer le service zabbix-server
-    replace:
-     path: /etc/zabbix/zabbix_server.conf
-     regexp: '^# DBPassword='
-     replace: 'DBPassword=password'
-
-  - name: 12. Lancer le service zabbix-server
     service:
      name: zabbix-server
      state: restarted
      enabled: yes
 
-  - name: 13. Lancer le service zabbix-agent
+  - name: 10. Lancer le service zabbix-agent
     service:
      name: zabbix-agent
      state: restarted
      enabled: yes
 
-  - name: 14. Lancer le service apache2
+  - name: 11. Lancer le service apache2
     service:
      name: apache2
      state: restarted

s-adm.yml

@@ -7,6 +7,7 @@
     - s-ssh
     - dnsmasq
     - squid
+    - ssh-backup-key-gen
 #    - local-store
     - zabbix-cli
     ## - syslog-cli

s-backup.yml

@@ -1,15 +1,20 @@
 ---
 - hosts: localhost
   connection: local
+  vars:
+    stork_db_user: "stork-server"
+    stork_db_passwd: "Azerty1+"
+    stork_db_name: "stork" 
 
   roles:
     - base
     - goss
-#   - proxy3
     - zabbix-cli
     - gotify
-#   - ssh-cli
+    - stork-server
-    # - syslog-cli
+    - ssh-cli
+      #- syslog-cli
     - smb-backup
     - dns-slave
     - post
+    - ssh-backup-key-private

s-kea1-ps.yml

@@ -1,21 +0,0 @@
----
-- hosts: localhost
-  connection: local
-  vars:
-    kea_this_server: "s-kea1"
-    kea_srv1: "s-kea1"
-    kea_srv2: "s-kea2"
-    kea_ctrl_address_this: "172.16.0.20"
-    kea_ctrl_address1: "172.16.0.20"
-    kea_ctrl_address2: "172.16.0.21"
-    kea_dhcp_int: ["enp0s9"]
-
-  roles:
-    - base
-    - goss
-      # - ssh-cli
-    - kea
-      # - zabbix-cli
-      # - journald-snd
-      # - snmp-agent
-    - post

s-kea1.yml

@@ -1,13 +1,24 @@
 ---
 - hosts: localhost
   connection: local
+  vars:
+    kea_this_server: "s-kea1"
+    kea_srv1: "s-kea1"
+    kea_srv2: "s-kea2"
+    kea_ctrl_address_this: "172.16.0.20"
+    kea_ctrl_address1: "172.16.0.20"
+    kea_ctrl_address2: "172.16.0.21"
+    kea_dhcp_int: "enp0s9"
+    stork_host: "s-kea1.gsb.lan"
+    stork_port: "8081"
 
   roles:
     - base
-      #- goss
+    - goss
-      #- ssh-cli
+    - ssh-cli
-    - kea-master
+    - kea
-      #- zabbix-cli
+    - stork-agent
-      #- journald-snd
+    - zabbix-cli
-      #- snmp-agent
+    - journald-snd
+    - snmp-agent
     - post

s-kea2.yml

@@ -1,13 +1,24 @@
 ---
 - hosts: localhost
   connection: local
+  vars:
+    kea_this_server: "s-kea2"
+    kea_srv1: "s-kea1"
+    kea_srv2: "s-kea2"
+    kea_ctrl_address_this: "172.16.0.21"
+    kea_ctrl_address1: "172.16.0.20"
+    kea_ctrl_address2: "172.16.0.21"
+    kea_dhcp_int: "enp0s9"
+    stork_host: "s-kea2.gsb.lan"
+    stork_port: "8081"
 
   roles:
     - base
-   # - goss
+    - goss
-   # - ssh-cli
+    - ssh-cli
-    - kea-slave
+    - kea
-   # - zabbix-cli
+    - stork-agent
-   # - journald-snd
+    - zabbix-cli
-   # - snmp-agent
+    - journald-snd
+    - snmp-agent
     - post

s-nxc.yml

@@ -10,3 +10,4 @@
     # - syslog-cli
     - snmp-agent
     - post
+    - ssh-backup-key-pub