Compare commits

...

8 Commits

Author SHA1 Message Date
bbbb
45e4401dcc maj lb-front-ssl pour une version fonctionnelle 2024-06-04 15:49:33 +02:00
sio user
dc50059f19 Maj version ova README.md 2024-05-23 16:15:40 +02:00
sio user
ada657401f Mef 2 2024-05-23 16:13:12 +02:00
sio user
b126e7f9e3 Mef README.md 2024-05-23 16:11:47 +02:00
sio user
f9f3e8da8e Maj version debian-bookworm-gsb-2024a -> b 2024-05-23 16:08:27 +02:00
Jimmy Chevanne
be4f3b9030 maj mkvm 2024-05-23 11:26:02 +02:00
c590edb875 maj role zabbix-cli et awx-user sur s-adm et s-infra 2024-05-02 09:49:05 +02:00
3cd52a230e maj awx 2024-05-02 08:39:34 +02:00
8 changed files with 48 additions and 21 deletions

View File

@ -1,7 +1,8 @@
# gsb2024
2024-04-12 8h55 ps
2024-01-19 11h45 ps
* 2024-05-23 16h07 ps
* 2024-04-12 8h55 ps
* 2024-01-19 11h45 ps
Environnement et playbooks **ansible** pour le projet **GSB 2024**
@ -12,7 +13,7 @@ Prérequis :
* VirtualBox
* git
* fichier machines virtuelles **ova** :
* **debian-bookworm-gsb-2024a.ova**
* **debian-bookworm-gsb-2024b.ova**
* **debian-bullseye-gsb-2024b.ova**
@ -50,7 +51,7 @@ Il existe un playbook ansible pour chaque machine à installer, nommé comme la
## Installation
On utilisera les images de machines virtuelle suivantes :
* **debian-bookworm-gsb-2024a.ova** (2024-04-11)
* **debian-bookworm-gsb-2024b.ova** (2024-05-23)
* Debian Bookworm 12.5 - 2 cartes - 1 Go - Stockage 20 Go
et pour **s-fog** :

View File

@ -7,11 +7,11 @@
shell: /bin/bash
generate_ssh_key: yes
- name: Creation mdp user awx
ansible.builtin.user:
name:
user: awx
password: '$5$1POIEvs/Q.DHI4/6$RT6nl42XkekxTPKA/dktbnCMxL8Rfk8GAK7NxqL9D70'
#- name: Creation mdp user awx
# ansible.builtin.user:
#name:
#user: awx
# password: '$5$1POIEvs/Q.DHI4/6$RT6nl42XkekxTPKA/dktbnCMxL8Rfk8GAK7NxqL9D70'
- name: Copie cle publique dans gsbstore
copy:

View File

@ -3,12 +3,38 @@
name: haproxy
state: present
- name: Creer le repertoire du certificat
file:
path: /etc/haproxy/crt
state: directory
mode: '0755'
- name: Creer le repertoire de la cle privee
file:
path: /etc/haproxy/crt/private
state: directory
mode: '0755'
- name: Generer une clee privee avec les valeurs par defaut (4096 bits, RSA)
openssl_privatekey:
path: /etc/haproxy/crt/private/haproxy.pem.key
size: 4096
type: RSA
state: present
- name: creer un certificat auto-signé
openssl_certificate:
path: /etc/haproxy/crt/haproxy.crt
privatekey_path: /etc/haproxy/crt/private/haproxy.pem
csr_path: /etc/haproxy/crt/csr/haproxy.csr
path: /etc/haproxy/crt/private/haproxy.pem
privatekey_path: /etc/haproxy/crt/private/haproxy.pem.key
provider: selfsigned
state: present
- name: s'assurer que le certificat a les bonnes permissions
file:
path: /etc/haproxy/crt/private/haproxy.pem
owner: root
group: haproxy
mode: '0640'
- name: parametre global
blockinfile:
@ -31,7 +57,7 @@
block: |
frontend proxypublic
bind 192.168.100.10:80
bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/pritvate/haproxy.pem
bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/private/haproxy.pem
http-request redirect scheme https unless { ssl_fc }
default_backend fermeweb

View File

@ -7,12 +7,12 @@
roles:
- base
- s-ssh
#- zabbix-cli
- dnsmasq
- squid
- ssh-backup-key-gen
- awx-user
# awx-user
# - local-store
# - zabbix-cli
## - syslog-cli
- post
# - goss

View File

@ -6,13 +6,13 @@
roles:
- base
- zabbix-cli
#- zabbix-cli
- goss
- dns-master
- webautoconf
# - elk-filebeat-cli
- journald-snd
- ssh-cli
- awx-user-cli
#- awx-user-cli
- post

View File

@ -5,8 +5,8 @@
roles:
- base
- goss
- lb-front
#- lb-front-ssl
#- lb-front
- lb-front-ssl
#- zabbix-cli
- ssh-cli
- post

View File

@ -2,7 +2,7 @@
mkvmrelease="v1.3.3"
ovarelease="2024a"
ovarelease="2024b"
ovafogrelease="2024b"
#ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova"
ovafile="$HOME/Téléchargements/debian-bookworm-gsb-${ovarelease}.ova"

View File

@ -4,7 +4,7 @@
#mkvm pour toutes les vms
$mkvmrelease="v1.3.1"
$ovarelease="2024a"
$ovarelease="2024b"
$ovafogrelease="2024b"
$ovafile="$HOME\Downloads\debian-bookworm-gsb-${ovarelease}.ova"
$ovafilefog="$HOME\Downloads\debian-bullseye-gsb-${ovafogrelease}.ova"