modif save

goss.yaml

@@ -0,0 +1,25 @@
+port:
+  tcp:22:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp6:22:
+    listening: true
+    ip:
+    - '::'
+service:
+  sshd:
+    enabled: true
+    running: true
+user:
+  sshd:
+    exists: true
+    uid: 101
+    gid: 65534
+    groups:
+    - nogroup
+    home: /run/sshd
+    shell: /usr/sbin/nologin
+process:
+  sshd:
+    running: true

goss/s-nxc.yaml

@@ -98,10 +98,10 @@ file:
     filetype: file
     contains: []
 
-addr:
-  tcp://s-nxc.gsb.lan:443:
-    reachable: true
-    timeout: 500
+      #addr:
+      #tcp://s-nxc.gsb.lan:443:
+      #reachable: true
+      #timeout: 500
 
 port:
   tcp:22:
@@ -117,10 +117,10 @@ port:
     listening: true
     ip: []
 
-      #tcp:8081:
-      #listening: true
-      #ip:
-      #- 0.0.0.0
+    #tcp:8081:
+    #listening: true
+    #ip:
+    #- 0.0.0.0
 
 interface:
   enp0s3:

roles/nxc-traefik/files/savenextcloud.sh

@@ -18,12 +18,5 @@ docker compose exec -u www-data app php occ maintenance:mode --off
 # création d'une archive
 tar cvfz nxc.tgz nextcloud-sqlbkp.bak nextcloud-dirbkp
 
-# envoie sur s-backup
-BACKUP=/home/backup/s-nxc
 
-# Préparation des dossiers qui vont accueillir les données à sauvegarder (-e lance le répertoire si il existe)
-[[ -e "${BACKUP}" ]] || mkdir -p "${BACKUP}"
-
-# Sauvegarde du fichier nxc.tgz vers la machine s-backup
-scp root@s-nxc:/root/nxc/nxc.tgz "${BACKUP}/"
 

roles/ssh-backup-key-gen/README.md

@@ -0,0 +1 @@
+###Génération de clé publique et privée###

roles/ssh-backup-key-gen/tasks/main.yml

@@ -0,0 +1,20 @@
+---
+- name: on genere une cle privee pour s-backup
+  openssh_keypair:
+    path: /root/id_rsa_sbackup
+    type: rsa
+    state: present
+
+- name: copie cle publique dans gsbstore
+  copy:
+    src: /root/id_rsa_sbackup.pub
+    dest: /var/www/html/gsbstore
+    mode: 0644
+    remote_src: yes
+
+- name: copie cle privee dans gsbstore
+  copy:
+    src: /root/id_rsa_sbackup
+    dest: /var/www/html/gsbstore
+    mode: 0600
+    remote_src: yes

roles/ssh-backup-key-private/tasks/main.yml

@@ -0,0 +1,13 @@
+---
+- name: creation .ssh
+  file:
+    path: ~/.ssh
+    state: directory
+    mode: 0700
+
+- name: recuperation de la cle privee generee par s-adm
+  get_url:
+    url: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup
+    dest: /root/.ssh/id_rsa_sbackup
+    mode: 0600
+

roles/ssh-backup-key-pub/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- name: recuperation de la cle publique generee par s-adm
+  ansible.posix.authorized_key:
+    user: root
+    state: present
+    key: http://s-adm.gsb.adm/gsbstore/id_rsa_sbackup.pub

roles/stork-agent/README.md

@@ -0,0 +1,21 @@
+# Rôle Kea
+***
+Rôle Kea: Configuration de 2 serveurs KEA en mode haute disponbilité.
+
+## Tables des matières
+    1. [Que fait le rôle Kea ?]
+    2. [Installation et configuration de ka]
+    3. [Remarques]
+
+
+## Que fait le rôle Kea ?
+Le rôle KEA permet de configurer 1  serveurs kea (s-kea1 et s-kea2) en mode haute disponibilité.
+- Le serveur **s-kea1** sera en mode **primary** il délivrera les baux DHCP sur le réseau n-user.
+- Le serveur **s-kea2**, sera en mode **stand-by** le service DHCP basculera donc sur **s-kea2** en cas disponibilité du serveur**s-kea1**. 
+
+### Installation et configuration de kea
+
+Le rôle kea installe les packets **kea dhcp4, hooks, admin** une fois les packets installer. Il configure un  serveur kea pour qu'il distribue les ips sur le réseau n-user et soit en haute disponibilité.
+
+### Remarquees ###
+Une fois le playbook **s-kea** correctement terminé et la machine **s-kea** redemarrée, redémarrée le service **isc-kea-dhcp4.service** afin de prendre en compte les modifications éfféctuées sur la couche réseau par le role POST.

roles/stork-agent/handlers/main.yml

@@ -0,0 +1,7 @@
+---  
+- name: Restart isc-stork-agent
+  ansible.builtin.service:
+    name: isc-stork-agent.service
+    state: restarted
+    enabled: yes
+

roles/stork-agent/tasks/main.yml

@@ -0,0 +1,21 @@
+---  
+
+- name: Preparation  
+  ansible.builtin.shell: curl -1sLf 'https://dl.cloudsmith.io/public/isc/stork/cfg/setup/bash.deb.sh' | sudo bash 
+
+- name: Update apt
+  ansible.builtin.apt:
+    update_cache: yes
+
+- name: Installation isc-stork-agent
+  ansible.builtin.apt:
+    name: isc-stork-agent
+    state: present
+
+- name: Generation du fichier de configuration agent.env
+  ansible.builtin.template:
+    src: agent.env.j2
+    dest: /etc/stork/agent.env
+  notify:
+    - Restart isc-stork-agent
+

roles/stork-agent/templates/agent.env.j2

@@ -0,0 +1,45 @@
+### the IP or hostname to listen on for incoming Stork server connections
+STORK_AGENT_HOST={{ stork_host }}
+
+### the TCP port to listen on for incoming Stork server connections
+STORK_AGENT_PORT={{ stork_port }}
+
+### listen for commands from the Stork server only, but not for Prometheus requests
+# STORK_AGENT_LISTEN_STORK_ONLY=true
+
+### listen for Prometheus requests only, but not for commands from the Stork server
+# STORK_AGENT_LISTEN_PROMETHEUS_ONLY=true
+
+### settings for exporting stats to Prometheus
+### the IP or hostname on which the agent exports Kea statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_ADDRESS=
+### the port on which the agent exports Kea statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PORT=
+### how often the agent collects stats from Kea, in seconds
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_INTERVAL=
+## enable or disable collecting per-subnet stats from Kea
+# STORK_AGENT_PROMETHEUS_KEA_EXPORTER_PER_SUBNET_STATS=true
+### the IP or hostname on which the agent exports BIND 9 statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_ADDRESS=
+### the port on which the agent exports BIND 9 statistics to Prometheus
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_PORT=
+### how often the agent collects stats from BIND 9, in seconds
+# STORK_AGENT_PROMETHEUS_BIND9_EXPORTER_INTERVAL=
+
+### Stork Server URL used by the agent to send REST commands to the server during agent registration
+STORK_AGENT_SERVER_URL=http://s-backup.gsb.lan:8080/
+
+### skip TLS certificate verification when the Stork Agent connects
+### to Kea over TLS and Kea uses self-signed certificates
+# STORK_AGENT_SKIP_TLS_CERT_VERIFICATION=true
+
+
+### Logging parameters
+
+### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
+# STORK_LOG_LEVEL=DEBUG
+### disable output colorization
+# CLICOLOR=false
+
+### path to the hook directory
+# STORK_AGENT_HOOK_DIRECTORY=

roles/zabbix-cli/tasks/main.yml

@@ -28,11 +28,11 @@
         state: restarted
         enabled: yes
 
-    - name: mise ne place script hostcreate
+    - name: mise en place script hostcreate
       template:
         src: hostcreate.sh.j2
         dest: /tmp/hostcreate.sh
 
-    - name: lancement script hostcreate
-      command: bash /tmp/hostcreate.sh
+          #- name: lancement script hostcreate
+          #command: bash /tmp/hostcreate.sh
 

roles/zabbix-srv/tasks/main.yml

@@ -29,65 +29,41 @@
       name: mariadb
       state: started
 
-  - name: 6. Créer la base de données
-    community.mysql.mysql_db:
-      name: zabbix
-      encoding: utf8mb4
-      collation: utf8mb4_bin
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  - name: 7. Creer un utilisateur et  lui attribuer tous les droits
-    community.mysql.mysql_user:
-      name: zabbix
-      password: password
-      priv: '*.*:ALL,GRANT'
-      state: present
-      login_unix_socket: /var/run/mysqld/mysqld.sock
-
-  - name: 8. Modifier une variable pour importer un schema
+  - name: 6. Modifier la variable trust function creators pour importer la base données
     community.mysql.mysql_variables:
       variable: log_bin_trust_function_creators
       value: 1
       mode: global
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 9. Importer le schema initial
+  - name: 7. Importer la base de données
     community.mysql.mysql_db:
       state: import
       name: zabbix
       encoding: utf8mb4
-      login_user: zabbix
-      login_password: password
-      target: /usr/share/zabbix-sql-scripts/mysql/server.sql.gz
+      target: http://s-adm.gsb.adm/gsbstore/zabbix.sql.gz
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 10. Modifier la variable pour le schema
+  - name: 8. Remettre a zero la variable trust function creators
     community.mysql.mysql_variables:
       variable: log_bin_trust_function_creators
       value: 0
       mode: global
       login_unix_socket: /var/run/mysqld/mysqld.sock
 
-  - name: 11. Configurer le mdp de la db
-    replace:
-     path: /etc/zabbix/zabbix_server.conf
-     regexp: '^# DBPassword='
-     replace: 'DBPassword=password'
-
-  - name: 12. Lancer le service zabbix-server
+  - name: 9. Lancer le service zabbix-server
     service:
      name: zabbix-server
      state: restarted
      enabled: yes
 
-  - name: 13. Lancer le service zabbix-agent
+  - name: 10. Lancer le service zabbix-agent
     service:
      name: zabbix-agent
      state: restarted
      enabled: yes
 
-  - name: 14. Lancer le service apache2
+  - name: 11. Lancer le service apache2
     service:
      name: apache2
      state: restarted

s-adm.yml

@@ -7,6 +7,7 @@
     - s-ssh
     - dnsmasq
     - squid
+    - ssh-backup-key-gen
 #    - local-store
     - zabbix-cli
     ## - syslog-cli

s-backup.yml

@@ -4,17 +4,17 @@
   vars:
     stork_db_user: "stork-server"
     stork_db_passwd: "Azerty1+"
-    stork_db_name: "stork" 
+    stork_db_name: "stork"
 
   roles:
     - base
     - goss
-    - proxy3
     - zabbix-cli
     - gotify
     - stork-server
     - ssh-cli
-    - syslog-cli
+      #- syslog-cli
     - smb-backup
     - dns-slave
     - post
+    - ssh-backup-key-private

s-kea1.yml

@@ -9,13 +9,16 @@
     kea_ctrl_address1: "172.16.0.20"
     kea_ctrl_address2: "172.16.0.21"
     kea_dhcp_int: "enp0s9"
+    stork_host: "s-kea1.gsb.lan"
+    stork_port: "8081"
 
   roles:
     - base
     - goss
     - ssh-cli
     - kea
-      # - zabbix-cli
+    - stork-agent
+    - zabbix-cli
     - journald-snd
     - snmp-agent
     - post

s-kea2.yml

@@ -9,13 +9,16 @@
     kea_ctrl_address1: "172.16.0.20"
     kea_ctrl_address2: "172.16.0.21"
     kea_dhcp_int: "enp0s9"
+    stork_host: "s-kea2.gsb.lan"
+    stork_port: "8081"
 
   roles:
     - base
     - goss
     - ssh-cli
     - kea
-      # - zabbix-cli
+    - stork-agent
+    - zabbix-cli
     - journald-snd
     - snmp-agent
     - post

s-nxc.yml

@@ -10,3 +10,4 @@
     # - syslog-cli
     - snmp-agent
     - post
+    - ssh-backup-key-pub