Ajout des derniers fichiers du TP sur Ansible, fonctionnel et validé.

Reviewed-on: #38

automate.sh

@@ -11,52 +11,24 @@ export https_proxy="http://10.121.38.1:8080/"
 echo "Voulez-vous récupérer les fichiers du dépôt ou effectuer un push sur le dépôt ? [1 = Pull, 2 = Push]"
 read answer
 
-echo "Quelle branche est concernée ? [1 = main, 2 = test]"
-read branch
-
-if [ $branch == 1 ] ; then
-	if [ $answer == 1 ] ; then
-		git checkout main
-		echo "Récupération des fichiers à jour, branche main..."
-		git pull -q origin main
-	else
-		git checkout main
-		echo "Ajout des fichiers au Gitea..."
-		sleep 1
-		git add .
-		echo "Commit en cours..."
-		sleep 1
-		git commit
-		echo "Entrez la version du tag:"
-		read tag
-		git tag $tag
-		echo "Push des fichiers au Gitea, branche main..."
-		sleep 1
-		git push -q origin main --tag
-	fi
-
-elif [ $branch == 2 ] ; then
-	if [ $answer == 1 ] ; then
-		git checkout test
-		echo "Récupération des fichiers à jour dans la branche test..."
-		git pull -q origin test
-	else
-		git checkout test
-		echo "Ajout des fichiers au Gitea, branche test..."
-		sleep 1
-		git add .
-		echo "Commit en cours..."
-		sleep 1
-		git commit
-		echo "Entrez la version du tag:"
-		read tag
-		git tag $tag
-		echo "Push des fichiers au Gitea, branche test..."
-		sleep 1
-		git push -q origin test --tag
-	fi
-
+if [ $answer == 1 ] ; then
+	git checkout main
+	echo "Récupération des fichiers à jour, branche main..."
+	git pull -q origin main
+	echo "Fichiers à jour récupérés."
 else
-	echo "Choisissez une branche et une option valide. Veuillez relancer le script"
-
-fi
+	git checkout main
+	echo "Ajout des fichiers au Gitea..."
+	sleep 1
+	git add .
+	echo "Commit en cours..."
+	sleep 1
+	git commit
+	git tag -l "v.0*" --sort="-v:refname"
+	echo "Entrez la version du tag: (Le plus récent est en haut)"
+	read tag
+	git tag $tag
+	echo "Push des fichiers au Gitea, branche main..."
+	sleep 1
+	git push -q origin main --tag
+fi

bts_annee_2/cyber2/vpn-ipsec/gw1/README.md

@@ -1 +1 @@
-Il faut renommer le fichier ipsec-gw1.conf en ipsec.conf et le placer dans '/etc/' .
+Il faut renommer le fichier ipsec-gw1.conf en ipsec.conf et le placer dans /etc/ .

bts_annee_2/cyber2/vpn-ipsec/gw2/README.md

@@ -1 +1 @@
-Il faut renommer le fichier ipsec-gw2.conf en ipsec.conf et le placer dans '/etc/' .
+Il faut renommer le fichier ipsec-gw2.conf en ipsec.conf et le placer dans /etc/ .

bts_annee_2/sisr2/README.md

@@ -1,2 +1,2 @@
 Dépôt de seconde année de SISR.
-Chaque dossier porte le numéro de la séance associée.
+Chaque dossier porte le nom du sujet associé.

bts_annee_2/sisr2/ansible/README.md

@@ -0,0 +1,2 @@
+Fichier hosts utilisé pour ansible lors du TP de la séance 16.
+Sont inclus les fichiers idempotents .yml d'ansible que j'ai fait, ainsi que le dossier avec tous les playbooks pour le DokuWiki.

bts_annee_2/sisr2/ansible/doku/README.md

@@ -0,0 +1 @@
+Dossier des playbooks DokuWiki.

bts_annee_2/sisr2/ansible/doku/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

bts_annee_2/sisr2/ansible/doku/local.yml

@@ -0,0 +1,4 @@
+- hosts: web
+  roles:
+  - web
+  - doku

bts_annee_2/sisr2/ansible/doku/main_doku.yml

@@ -0,0 +1,51 @@
+- name: 1. Récupération du tar.gz du DokuWiki
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: 2. Extraction de l'archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html
+    remote_src: yes
+
+- name: 3. Status des dossiers du Wiki
+  stat:
+    path: /var/www/html/dokuwiki-2024-02-06b
+  register: rept_stat
+
+- name: 4. On renomme les dossiers
+  command: mv /var/www/html/dokuwiki-2024-02-06b /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: 5. Changement des droits sur la racine
+  file:
+    path: /var/www/html/doku
+    owner: root
+    group: root
+
+- name: 6. Changement des droits sur le dossier data
+  file:
+    path: /var/www/html/doku/data
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 7. Changement des droits sur le dossier conf
+  file:
+    path: /var/www/html/doku/conf
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 8. Changement des droits sur le dossier lib
+  file:
+    path: /var/www/html/doku/lib
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 9. Redémarre Apache2
+  service:
+    name: apache2
+    state: restarted

bts_annee_2/sisr2/ansible/doku/main_web.yml

@@ -0,0 +1,10 @@
+- name: 1. Installe les paquets requis pour le DokuWiki 
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+     - apache2
+     - php
+     - php-mbstring
+     - php-gd
+     - php-xml

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:958cb3af-259b-4658-a68d-c1857a1e413e

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1728918924

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/box_meta

@@ -0,0 +1 @@
+{"name":"debian/bookworm64","version":"12.20240905.1","provider":"virtualbox","directory":"boxes/debian-VAGRANTSLASH-bookworm64/12.20240905.1/virtualbox"}

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+1010

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+958cb3af-259b-4658-a68d-c1857a1e413e

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+f61390876b004055816245659fd5bd63

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,8 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAA
+AAtzc2gtZWQyNTUxOQAAACCBZZKsafTtksM02cxu00M0JHuzu98jWAYjAE5g
+5nYQewAAAJAH27ajB9u2owAAAAtzc2gtZWQyNTUxOQAAACCBZZKsafTtksM0
+2cxu00M0JHuzu98jWAYjAE5g5nYQewAAAEC/FErqsFWPvvl2PPU4cwB4kJeI
+uUI3/pDFA1jD8ia3I4Flkqxp9O2SwzTZzG7TQzQke7O73yNYBiMATmDmdhB7
+AAAAB3ZhZ3JhbnQBAgMEBQY=
+-----END OPENSSH PRIVATE KEY-----

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/home/guillaume.emorine/vagrant/testansible/dokuw","disabled":false,"__vagrantfile":true}}}

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/machines/default/virtualbox/vagrant_cwd

@@ -0,0 +1 @@
+/home/guillaume.emorine/vagrant/testansible/dokuw

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/provisioners/ansible/inventory/vagrant_ansible_inventory

@@ -0,0 +1,3 @@
+# Generated by Vagrant
+
+default ansible_ssh_host=127.0.0.1 ansible_ssh_port=2202 ansible_ssh_user='vagrant' ansible_ssh_private_key_file='/home/guillaume.emorine/vagrant/testansible/dokuw/.vagrant/machines/default/virtualbox/private_key'

bts_annee_2/sisr2/ansible/doku_vagrant/.vagrant/rgloader/loader.rb

@@ -0,0 +1,12 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: BUSL-1.1
+
+# This file loads the proper rgloader/loader.rb file that comes packaged
+# with Vagrant so that encoded files can properly run with Vagrant.
+
+if ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"]
+  require File.expand_path(
+    "rgloader/loader", ENV["VAGRANT_INSTALLER_EMBEDDED_DIR"])
+else
+  raise "Encoded files can't be read outside of the Vagrant installer."
+end

bts_annee_2/sisr2/ansible/doku_vagrant/README.md

@@ -0,0 +1 @@
+Dossier qui contient les fichiers du test vagrantfile + ansible.

bts_annee_2/sisr2/ansible/doku_vagrant/Vagrantfile

@@ -0,0 +1,30 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure("2") do |config|
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "debian/bookworm64"
+
+  config.vm.box_check_update = true
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  # NOTE: This will enable public access to the opened port
+
+  config.vm.network "forwarded_port", guest: 80, host: 8080
+  config.vm.network "forwarded_port", guest: 22, host: 2022
+
+  config.vm.provision "shell", inline: <<-SHELL
+     apt update && apt-get upgrade -y
+   SHELL
+ 
+   config.vm.provision "ansible" do |ansible|
+     ansible.playbook = "local.yml" # lance le playbook local.yml
+   end
+end

bts_annee_2/sisr2/ansible/doku_vagrant/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

bts_annee_2/sisr2/ansible/doku_vagrant/local.yml

@@ -0,0 +1,5 @@
+- hosts: all
+  become: yes
+  roles:
+  - web
+  - doku

bts_annee_2/sisr2/ansible/doku_vagrant/roles/doku/tasks/main.yml

@@ -0,0 +1,51 @@
+- name: 1. Récupération du tar.gz du DokuWiki
+  get_url:
+    url: http://depl/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: 2. Extraction de l'archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html
+    remote_src: yes
+
+- name: 3. Status des dossiers du Wiki
+  stat:
+    path: /var/www/html/dokuwiki-2024-02-06b
+  register: rept_stat
+
+- name: 4. On renomme les dossiers
+  command: mv /var/www/html/dokuwiki-2024-02-06b /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: 5. Changement des droits sur la racine
+  file:
+    path: /var/www/html/doku
+    owner: root
+    group: root
+
+- name: 6. Changement des droits sur le dossier data
+  file:
+    path: /var/www/html/doku/data
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 7. Changement des droits sur le dossier conf
+  file:
+    path: /var/www/html/doku/conf
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 8. Changement des droits sur le dossier lib
+  file:
+    path: /var/www/html/doku/lib
+    owner: www-data
+    group: www-data
+    recurse: true
+
+- name: 9. Redémarre Apache2
+  service:
+    name: apache2
+    state: restarted

bts_annee_2/sisr2/ansible/doku_vagrant/roles/web/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: 1. Installe les paquets requis pour le DokuWiki 
+  apt:
+    name: "{{ item }}"
+    state: present
+  with_items:
+     - apache2
+     - php
+     - php-mbstring
+     - php-gd
+     - php-xml

bts_annee_2/sisr2/ansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+ 
+[web]
+web1
+web2

bts_annee_2/sisr2/ansible/squid.yml

@@ -0,0 +1,32 @@
+# squid.yml
+---
+- hosts: adm
+  vars:
+    - proxy_port: 8080
+    - proxy_mem: 128
+    - proxy_localnet: "192.168.0.0/24"
+
+  tasks:
+    - name: 1. Installe le proxy Squid sur la machine Infra.
+      apt:
+        name: squid
+        state: present
+
+# Uncomment this on FIRST RUN, comment afterwards !
+#    - name: 2. Récupère le fichier squid.conf.
+#      ansible.builtin.fetch:
+#        src: /etc/squid/squid.conf
+#        dest: squid.conf.j2
+#        flat: yes
+
+    - name: 3. Envoie squid.conf
+      template:
+        src: squid.conf.j2
+        dest: /etc/squid/squid.conf
+      notify: Restart squid
+  
+  handlers:
+    - name: Restart squid
+      service: 
+        name: squid
+        state: restarted

bts_annee_2/sisr2/ansible/syslog-cli.yml

@@ -0,0 +1,35 @@
+# syslog-cli.yml
+---
+- hosts: web
+  tasks:
+  - name: 1. Installe le paquet rsyslog.
+    apt: 
+      name: rsyslog
+      state: present
+
+  - name: 2. Ajoute la ligne pour forwarder les logs rsyslog au bon endroit.
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @192.168.0.37:514'
+      create: yes
+    notify: Restart rsyslog
+
+  - name: 3. Forward les logs journald vers syslog.
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify: Restart journald
+
+  handlers:
+  - name: Restart rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+
+  - name: Restart journald
+    service:
+      name: systemd-journald
+      state: restarted
+
+

bts_annee_2/sisr2/ansible/syslog.yml

@@ -0,0 +1,30 @@
+# syslog.yml
+---
+- hosts: adm
+  tasks:
+  - name: 1. Installe le paquet rsyslog.
+    apt: 
+      name: rsyslog
+      state: present
+
+  - name: 2. Active le module UDP sur le serveur syslog.
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify: Restart rsyslog
+
+  - name: 3. Active l'écoute sur le port UDP 514.
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify: Restart rsyslog
+
+  handlers:
+  - name: Restart rsyslog
+    service:
+      name: rsyslog
+      state: restarted
+
+

bts_annee_2/sisr2/ansible/web.yml

@@ -0,0 +1,21 @@
+# playbook.yml
+---
+- hosts: web
+  tasks:
+  - name: 1. installe Apache
+    apt: 
+      name: apache2
+      state: present
+  - name: 2. installe PHP pour Apache
+    apt:
+      name: php
+      state: present
+  - name: 3. installe php-mbstring
+    apt:
+      name: php-mbstring
+      state: present
+  - name: 4. installe index.html
+    copy:
+      src: index.html
+      dest: /var/www/html/index.html
+      mode: 0664