modif s-backup.yml

modif cle priv
maj zabbix-srv
2024-01-25 11:11:56 +01:00 · 2024-01-25 11:09:25 +01:00 · 2024-01-25 11:01:02 +01:00 · 2024-01-25 10:49:53 +01:00 · 2024-01-25 10:10:50 +01:00 · 2024-01-25 10:03:20 +01:00
17 changed files with 190 additions and 47 deletions
--- a/goss.yaml
+++ b/goss.yaml
@ -0,0 +1,25 @@
 port:
  tcp:22:
    listening: true
    ip:
    - 0.0.0.0
  tcp6:22:
    listening: true
    ip:
    - '::'
 service:
  sshd:
    enabled: true
    running: true
 user:
  sshd:
    exists: true
    uid: 101
    gid: 65534
    groups:
    - nogroup
    home: /run/sshd
    shell: /usr/sbin/nologin
 process:
  sshd:
    running: true
--- a/goss/s-nxc.yaml
+++ b/goss/s-nxc.yaml
@ -98,10 +98,10 @@ file:
    filetype: file
    contains: []
-addr:
+      #addr:
-  tcp://s-nxc.gsb.lan:443:
+      #tcp://s-nxc.gsb.lan:443:
-    reachable: true
+      #reachable: true
-    timeout: 500
+      #timeout: 500
 port:
  tcp:22:
@ -117,10 +117,10 @@ port:
    listening: true
    ip: []
-      #tcp:8081:
+    #tcp:8081:
-      #listening: true
+    #listening: true
-      #ip:
+    #ip:
-      #- 0.0.0.0
+    #- 0.0.0.0
 interface:
  enp0s3:
--- a/roles/ssh-backup-key-gen/README.md
+++ b/roles/ssh-backup-key-gen/README.md
@ -0,0 +1 @@
 ###Génération de clé publique et privée###
--- a/roles/ssh-backup-key-gen/tasks/main.yml
+++ b/roles/ssh-backup-key-gen/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - name: on genere une cle privee pour s-backup
  openssh_keypair:
    path: /root/id_rsa_sbackup
    type: rsa
    state: present
 - name: copie cle publique dans gsbstore
  copy:
    src: /root/id_rsa_sbackup.pub
    dest: /var/www/html/gsbstore
    mode: 0644
    remote_src: yes
 - name: copie cle privee dans gsbstore
  copy:
    src: /root/id_rsa_sbackup
    dest: /var/www/html/gsbstore
    mode: 0600
    remote_src: yes
--- a/roles/ssh-backup-key-private/tasks/main.yml
+++ b/roles/ssh-backup-key-private/tasks/main.yml
@ -0,0 +1,13 @@
 ---
 - name: creation .ssh
  file:
    path: ~/.ssh
    state: directory
    mode: 0700
 - name: recuperation de la cle privee generee par s-adm
  get_url:
    url: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup
    dest: /root/.ssh/id_rsa_sbackup
    mode: 0600
--- a/roles/ssh-backup-key-pub/tasks/main.yml
+++ b/roles/ssh-backup-key-pub/tasks/main.yml
@ -0,0 +1,6 @@
 ---
 - name: recuperation de la cle publique generee par s-adm
  ansible.posix.authorized_key:
    user: root
    state: present
    key: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup.pub
--- a/roles/stork-agent/README.md
+++ b/roles/stork-agent/README.md
@ -0,0 +1,21 @@
 # Rôle Kea
 ***
 Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
 ## Tables des matières
    1. [Que fait le rôle Kea ?]
    2. [Installation et configuration de ka]
    3. [Remarques]
 ## Que fait le rôle Kea ?
 Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
 - Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
 - Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
 ### Installation et configuration de kea
 Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
 ### Remarquees ###
 Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.
--- a/roles/stork-agent/handlers/main.yml
+++ b/roles/stork-agent/handlers/main.yml
@ -0,0 +1,7 @@
 ---  
 - name: Restart isc-stork-agent
  ansible.builtin.service:
    name: isc-stork-agent.service
    state: restarted
    enabled: yes
--- a/roles/stork-agent/tasks/main.yml
+++ b/roles/stork-agent/tasks/main.yml
@ -0,0 +1,21 @@
 ---  
 - name: Preparation  
  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash 
 - name: Update apt
  ansible.builtin.apt:
    update_cache: yes
 - name: Installation isc-stork-agent
  ansible.builtin.apt:
    name: isc-stork-agent
    state: present
 - name: Generation du fichier de configuration agent.env
  ansible.builtin.template:
    src: agent.env.j2
    dest: /etc/stork/agent.env
  notify:
    - Restart isc-stork-agent
--- a/roles/stork-agent/templates/agent.env.j2
+++ b/roles/stork-agent/templates/agent.env.j2
@ -0,0 +1,45 @@
 ### the IP or hostname to listen on for incoming Stork server connections
 STORK_AGENT_HOST={{ stork_host }}
 ### the TCP port to listen on for incoming Stork server connections
 STORK_AGENT_PORT={{ stork_port }}
 ### listen for commands from the Stork server only, but not for Prometheus requests
 # STORK_AGENT_LISTEN_STORK_ONLY=true
 ### listen for Prometheus requests only, but not for commands from the Stork server
 # STORK_AGENT_LISTEN_PROMETHEUS_ONLY=true
 ### settings for exporting stats to Prometheus
 ### the IP or hostname on which the agent exports Kea statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
 ### the port on which the agent exports Kea statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
 ### how often the agent collects stats from Kea, in seconds
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=
 ## enable or disable collecting per-subnet stats from Kea
 # STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
 ### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
 ### the port on which the agent exports BIND 9 statistics to Prometheus
 # STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=
 ### how often the agent collects stats from BIND 9, in seconds
 # STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=
 ### Stork Server URL used by the agent to send REST commands to the server during agent registration
 STORK_AGENT_SERVER_URL=http://s-backup.gsb.lan:8080/
 ### skip TLS certificate verification when the Stork Agent connects
 ### to Kea over TLS and Kea uses self-signed certificates
 # STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
 ### Logging parameters
 ### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
 # STORK_LOG_LEVEL=DEBUG
 ### disable output colorization
 # CLICOLOR=false
 ### path to the hook directory
 # STORK_AGENT_HOOK_DIRECTORY=
--- a/roles/zabbix-cli/tasks/main.yml
+++ b/roles/zabbix-cli/tasks/main.yml
@ -28,11 +28,11 @@
        state: restarted
        enabled: yes
-    - name: mise ne place script hostcreate
+    - name: mise en place script hostcreate
      template:
        src: hostcreate.sh.j2
        dest: /tmp/hostcreate.sh
-    - name: lancement script hostcreate
+          #- name: lancement script hostcreate
-      command: bash /tmp/hostcreate.sh
+          #command: bash /tmp/hostcreate.sh
--- a/roles/zabbix-srv/tasks/main.yml
+++ b/roles/zabbix-srv/tasks/main.yml
@ -29,65 +29,41 @@
      name: mariadb
      state: started
-  - name: 6. Créer la base de données
+  - name: 6. Modifier la variable trust function creators pour importer la base données
    community.mysql.mysql_db:
      name: zabbix
      encoding: utf8mb4
      collation: utf8mb4_bin
      state: present
      login_unix_socket: /var/run/mysqld/mysqld.sock
  - name: 7. Creer un utilisateur et  lui attribuer tous les droits
    community.mysql.mysql_user:
      name: zabbix
      password: password
      priv: '*.*:ALL,GRANT'
      state: present
      login_unix_socket: /var/run/mysqld/mysqld.sock
  - name: 8. Modifier une variable pour importer un schema
    community.mysql.mysql_variables:
      variable: log_bin_trust_function_creators
      value: 1
      mode: global
      login_unix_socket: /var/run/mysqld/mysqld.sock
-  - name: 9. Importer le schema initial
+  - name: 7. Importer la base de données
    community.mysql.mysql_db:
      state: import
      name: zabbix
      encoding: utf8mb4
-      login_user: zabbix
+      target: http://s-adm.gsb.adm/gsbstore/zabbix.sql.gz
      login_password: password
      target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
      login_unix_socket: /var/run/mysqld/mysqld.sock
-  - name: 10. Modifier la variable pour le schema
+  - name: 8. Remettre a zero la variable trust function creators
    community.mysql.mysql_variables:
      variable: log_bin_trust_function_creators
      value: 0
      mode: global
      login_unix_socket: /var/run/mysqld/mysqld.sock
-  - name: 11. Configurer le mdp de la db
+  - name: 9. Lancer le service zabbix-server
    replace:
     path: /etc/zabbix/zabbix_server.conf
     regexp: '^# DBPassword='
     replace: 'DBPassword=password'
  - name: 12. Lancer le service zabbix-server
    service:
     name: zabbix-server
     state: restarted
     enabled: yes
-  - name: 13. Lancer le service zabbix-agent
+  - name: 10. Lancer le service zabbix-agent
    service:
     name: zabbix-agent
     state: restarted
     enabled: yes
-  - name: 14. Lancer le service apache2
+  - name: 11. Lancer le service apache2
    service:
     name: apache2
     state: restarted
--- a/s-adm.yml
+++ b/s-adm.yml
@ -7,6 +7,7 @@
    - s-ssh
    - dnsmasq
    - squid
    - ssh-backup-key-gen
 #    - local-store
    - zabbix-cli
    ## - syslog-cli
--- a/s-backup.yml
+++ b/s-backup.yml
@ -4,17 +4,17 @@
  vars:
    stork_db_user: "stork-server"
    stork_db_passwd: "Azerty1+"
-    stork_db_name: "stork" 
+    stork_db_name: "stork"
  roles:
    - base
    - goss
    - proxy3
    - zabbix-cli
    - gotify
    - stork-server
    - ssh-cli
-    - syslog-cli
+      #- syslog-cli
    - smb-backup
    - dns-slave
    - post
    - ssh-backup-key-private
--- a/s-kea1.yml
+++ b/s-kea1.yml
@ -9,13 +9,16 @@
    kea_ctrl_address1: "172.16.0.20"
    kea_ctrl_address2: "172.16.0.21"
    kea_dhcp_int: "enp0s9"
    stork_host: "s-kea1.gsb.lan"
    stork_port: "8081"
  roles:
    - base
    - goss
    - ssh-cli
    - kea
-      # - zabbix-cli
+    - stork-agent
    - zabbix-cli
    - journald-snd
    - snmp-agent
    - post
--- a/s-kea2.yml
+++ b/s-kea2.yml
@ -9,13 +9,16 @@
    kea_ctrl_address1: "172.16.0.20"
    kea_ctrl_address2: "172.16.0.21"
    kea_dhcp_int: "enp0s9"
    stork_host: "s-kea2.gsb.lan"
    stork_port: "8081"
  roles:
    - base
    - goss
    - ssh-cli
    - kea
-      # - zabbix-cli
+    - stork-agent
    - zabbix-cli
    - journald-snd
    - snmp-agent
    - post
--- a/s-nxc.yml
+++ b/s-nxc.yml
@ -10,3 +10,4 @@
    # - syslog-cli
    - snmp-agent
    - post
    - ssh-backup-key-pub
Author	SHA1	Message	Date
root	d88745e741	modif s-backup.yml	2024-01-25 11:11:56 +01:00
root	fffcb22db8	modif cle priv	2024-01-25 11:09:25 +01:00
Jimmy Chevanne	abb8c15028	maj zabbix-srv	2024-01-25 11:01:02 +01:00
root	73b4560dd9	modif cle privee	2024-01-25 10:49:53 +01:00
root	91d8b57029	modif role	2024-01-25 10:10:50 +01:00
root	37bbbad9dd	script recup cle pub	2024-01-25 10:03:20 +01:00
root	84215f502b	generate cle publique et privee	2024-01-25 09:53:45 +01:00
flo	2606cd19b0	maj zabbix-srv	2024-01-25 09:51:35 +01:00
root	b27ce2a372	maj goss s-nxc	2024-01-25 08:31:06 +01:00
root	18ce1f65ad	maj goss s-nxc	2024-01-25 08:19:51 +01:00
root	116b84d230	ajout role stork-agent	2024-01-24 23:56:15 +01:00
		`@ -0,0 +1 @@`
							`###Génération de clé publique et privée###`