maj lb-front-ssl pour une version fonctionnelle

Maj version ova README.md
Mef 2
2024-06-04 15:49:33 +02:00 · 2024-05-23 16:15:40 +02:00 · 2024-05-23 16:13:12 +02:00 · 2024-05-23 16:11:47 +02:00 · 2024-05-23 16:08:27 +02:00 · 2024-05-23 11:26:02 +02:00
8 changed files with 48 additions and 21 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,8 @@
 # gsb2024

-2024-04-12  8h55 ps
-2024-01-19 11h45 ps
+  * 2024-05-23 16h07 ps
+  * 2024-04-12  8h55 ps
+  * 2024-01-19 11h45 ps

 Environnement et playbooks **ansible** pour le projet **GSB 2024**

@ -12,7 +13,7 @@ Prérequis :
  * VirtualBox
  * git 
  * fichier machines virtuelles **ova** :
-    * **debian-bookworm-gsb-2024a.ova**
+    * **debian-bookworm-gsb-2024b.ova**
    * **debian-bullseye-gsb-2024b.ova**


@ -50,7 +51,7 @@ Il existe un playbook ansible pour chaque machine à installer, nommé comme la
 ## Installation

 On utilisera les images de machines virtuelle suivantes : 
-  * **debian-bookworm-gsb-2024a.ova** (2024-04-11)
+  * **debian-bookworm-gsb-2024b.ova** (2024-05-23)
    * Debian Bookworm 12.5 - 2 cartes - 1 Go - Stockage 20 Go

 et pour **s-fog** : 
--- a/roles/awx-user/tasks/main.yml
+++ b/roles/awx-user/tasks/main.yml
@ -7,11 +7,11 @@
    shell: /bin/bash
    generate_ssh_key: yes

- name: Creation mdp user awx 
-  ansible.builtin.user:
-    name: 
-      user: awx
-      password: '$5$1POIEvs/Q.DHI4/6$RT6nl42XkekxTPKA/dktbnCMxL8Rfk8GAK7NxqL9D70'
+      #- name: Creation mdp user awx 
+      #  ansible.builtin.user:
+      #name: 
+      #user: awx
+#      password: '$5$1POIEvs/Q.DHI4/6$RT6nl42XkekxTPKA/dktbnCMxL8Rfk8GAK7NxqL9D70'

 - name: Copie cle publique dans gsbstore
  copy:
--- a/roles/lb-front-ssl/tasks/main.yml
+++ b/roles/lb-front-ssl/tasks/main.yml
@ -3,12 +3,38 @@
    name: haproxy
    state: present

+- name: Creer le repertoire du certificat
+  file:
+    path: /etc/haproxy/crt
+    state: directory
+    mode: '0755'
+
+- name: Creer le repertoire de la cle privee
+  file:
+    path: /etc/haproxy/crt/private
+    state: directory
+    mode: '0755'
+
+- name: Generer une clee privee avec les valeurs par defaut (4096 bits, RSA)
+  openssl_privatekey:
+    path: /etc/haproxy/crt/private/haproxy.pem.key
+    size: 4096
+    type: RSA
+    state: present
+
 - name: creer un certificat auto-signé
  openssl_certificate:
-    path: /etc/haproxy/crt/haproxy.crt
-    privatekey_path: /etc/haproxy/crt/private/haproxy.pem
-    csr_path: /etc/haproxy/crt/csr/haproxy.csr
+    path: /etc/haproxy/crt/private/haproxy.pem
+    privatekey_path: /etc/haproxy/crt/private/haproxy.pem.key
    provider: selfsigned
+    state: present
+
+- name: s'assurer que le certificat a les bonnes permissions
+  file:
+    path: /etc/haproxy/crt/private/haproxy.pem
+    owner: root
+    group: haproxy
+    mode: '0640'

 - name: parametre global
  blockinfile:
@ -31,7 +57,7 @@
    block: |
      frontend proxypublic
        bind 192.168.100.10:80
-        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/pritvate/haproxy.pem
+        bind 192.168.100.10:443 ssl crt /etc/haproxy/crt/private/haproxy.pem
        http-request redirect scheme https unless { ssl_fc }
        default_backend fermeweb
      
--- a/s-adm.yml
+++ b/s-adm.yml
@ -7,12 +7,12 @@
  roles:
    - base
    - s-ssh
+    #- zabbix-cli
    - dnsmasq
    - squid
    - ssh-backup-key-gen
-    - awx-user
+    # awx-user
 #    - local-store
-#  - zabbix-cli
    ## - syslog-cli
    - post
 #    - goss
--- a/s-infra.yml
+++ b/s-infra.yml
@ -6,13 +6,13 @@
  
  roles:
    - base
-    - zabbix-cli
+    #- zabbix-cli
    - goss
    - dns-master
    - webautoconf
      #    - elk-filebeat-cli
    - journald-snd
    - ssh-cli
-    - awx-user-cli
+    #- awx-user-cli
    - post

--- a/s-lb.yml
+++ b/s-lb.yml
@ -5,8 +5,8 @@
   roles:
     - base
     - goss
-     - lb-front
-       #- lb-front-ssl
+       #- lb-front
+     - lb-front-ssl
       #- zabbix-cli
     - ssh-cli
     - post
--- a/scripts/mkvm
+++ b/scripts/mkvm
@ -2,7 +2,7 @@

 mkvmrelease="v1.3.3"

-ovarelease="2024a"
+ovarelease="2024b"
 ovafogrelease="2024b"
 #ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova"
 ovafile="$HOME/Téléchargements/debian-bookworm-gsb-${ovarelease}.ova"
--- a/scripts/mkvm.ps1
+++ b/scripts/mkvm.ps1
@ -4,7 +4,7 @@
 #mkvm pour toutes les vms

 $mkvmrelease="v1.3.1"
-$ovarelease="2024a"
+$ovarelease="2024b"
 $ovafogrelease="2024b"
 $ovafile="$HOME\Downloads\debian-bookworm-gsb-${ovarelease}.ova"
 $ovafilefog="$HOME\Downloads\debian-bullseye-gsb-${ovafogrelease}.ova"
Author	SHA1	Message	Date
bbbb	45e4401dcc	maj lb-front-ssl pour une version fonctionnelle	2024-06-04 15:49:33 +02:00
sio user	dc50059f19	Maj version ova README.md	2024-05-23 16:15:40 +02:00
sio user	ada657401f	Mef 2	2024-05-23 16:13:12 +02:00
sio user	b126e7f9e3	Mef README.md	2024-05-23 16:11:47 +02:00
sio user	f9f3e8da8e	Maj version debian-bookworm-gsb-2024a -> b	2024-05-23 16:08:27 +02:00
Jimmy Chevanne	be4f3b9030	maj mkvm	2024-05-23 11:26:02 +02:00
root	c590edb875	maj role zabbix-cli et awx-user sur s-adm et s-infra	2024-05-02 09:49:05 +02:00
root	3cd52a230e	maj awx	2024-05-02 08:39:34 +02:00