modifié : README.md

renommé :         bts_annee_2/sisr2/pxe/dhcpd.conf -> bts_annee_2/sisr2/pxe/DHCP/dhcpd.conf
	renommé :         bts_annee_2/sisr2/pxe/isc-dhcp-server -> bts_annee_2/sisr2/pxe/DHCP/isc-dhcp-server
	nouveau fichier : bts_annee_2/sisr2/pxe/Interfaces/README.md
	nouveau fichier : bts_annee_2/sisr2/pxe/Interfaces/enp0s3
	nouveau fichier : bts_annee_2/sisr2/pxe/Interfaces/enp0s8
	nouveau fichier : bts_annee_2/sisr2/pxe/nftables/README.md
	renommé :         bts_annee_2/sisr2/pxe/nftables.conf -> bts_annee_2/sisr2/pxe/nftables/nftables.conf
	nouveau fichier : bts_annee_2/sisr2/pxe/routing_command

README.md

@@ -1,5 +1,5 @@
-Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP.
+# Dépôt de fichiers personnels provenant de machines virtuelles utilisées en TP.
 
 Ce Gitea contient aussi un script d'automatisation du processus de push et de pull, adaptés aux deux branches.
 
-Le dépôt a été passé en privé de manière possiblement permanente, pour garder mon travail exclusif à moi-même.
+Dépôt anciennement privé, devenu public le 16 Septembre 2024.

bts_annee_2/sisr2/pxe/DHCP/README.md

@@ -0,0 +1 @@
+Fichiers de configuration du serveur DHCP de la machine PXE.

bts_annee_2/sisr2/pxe/DHCP/dhcpd.conf

@@ -0,0 +1,112 @@
+# dhcpd.conf
+#
+# Sample configuration file for ISC dhcpd
+#
+
+# option definitions common to all supported networks...
+#option domain-name "example.org";
+option domain-name-servers 10.121.38.7, 10.121.38.8;
+
+default-lease-time 100000;
+max-lease-time 7200000;
+
+allow booting;
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+#log-facility local7;
+
+# No service will be given on this subnet, but declaring it helps the 
+# DHCP server to understand the network topology.
+
+#subnet 10.152.187.0 netmask 255.255.255.0 {
+#}
+
+# This is a very basic subnet declaration.
+
+subnet 192.168.1.0 netmask 255.255.255.0 {
+  range 192.168.1.10 192.168.1.20;
+  option broadcast-address 192.168.1.255;
+  option routers 192.168.1.100;
+  next-server 192.168.1.100;
+  filename "pxelinux.0";
+}
+
+# This declaration allows BOOTP clients to get dynamic addresses,
+# which we don't really recommend.
+
+#subnet 10.254.239.32 netmask 255.255.255.224 {
+#  range dynamic-bootp 10.254.239.40 10.254.239.60;
+#  option broadcast-address 10.254.239.31;
+#  option routers rtr-239-32-1.example.org;
+#}
+
+# A slightly different configuration for an internal subnet.
+#subnet 10.5.5.0 netmask 255.255.255.224 {
+#  range 10.5.5.26 10.5.5.30;
+#  option domain-name-servers ns1.internal.example.org;
+#  option domain-name "internal.example.org";
+#  option routers 10.5.5.1;
+#  option broadcast-address 10.5.5.31;
+#  default-lease-time 600;
+#  max-lease-time 7200;
+#}
+
+# Hosts which require special configuration options can be listed in
+# host statements.   If no address is specified, the address will be
+# allocated dynamically (if possible), but the host-specific information
+# will still come from the host declaration.
+
+#host passacaglia {
+#  hardware ethernet 0:0:c0:5d:bd:95;
+#  filename "vmunix.passacaglia";
+#  server-name "toccata.example.com";
+#}
+
+# Fixed IP addresses can also be specified for hosts.   These addresses
+# should not also be listed as being available for dynamic assignment.
+# Hosts for which fixed IP addresses have been specified can boot using
+# BOOTP or DHCP.   Hosts for which no fixed address is specified can only
+# be booted with DHCP, unless there is an address range on the subnet
+# to which a BOOTP client is connected which has the dynamic-bootp flag
+# set.
+#host fantasia {
+#  hardware ethernet 08:00:07:26:c0:a5;
+#  fixed-address fantasia.example.com;
+#}
+
+# You can declare a class of clients and then do address allocation
+# based on that.   The example below shows a case where all clients
+# in a certain class get addresses on the 10.17.224/24 subnet, and all
+# other clients get addresses on the 10.0.29/24 subnet.
+
+#class "foo" {
+#  match if substring (option vendor-class-identifier, 0, 4) = "SUNW";
+#}
+
+#shared-network 224-29 {
+#  subnet 10.17.224.0 netmask 255.255.255.0 {
+#    option routers rtr-224.example.org;
+#  }
+#  subnet 10.0.29.0 netmask 255.255.255.0 {
+#    option routers rtr-29.example.org;
+#  }
+#  pool {
+#    allow members of "foo";
+#    range 10.17.224.10 10.17.224.250;
+#  }
+#  pool {
+#    deny members of "foo";
+#    range 10.0.29.10 10.0.29.230;
+#  }
+#}

bts_annee_2/sisr2/pxe/DHCP/isc-dhcp-server

@@ -0,0 +1,18 @@
+# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
+
+# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
+DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
+#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
+
+# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
+DHCPDv4_PID=/var/run/dhcpd.pid
+#DHCPDv6_PID=/var/run/dhcpd6.pid
+
+# Additional options to start dhcpd with.
+#	Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
+#OPTIONS=""
+
+# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+#	Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+INTERFACESv4="enp0s8"
+INTERFACESv6=""

bts_annee_2/sisr2/pxe/Interfaces/README.md

@@ -0,0 +1 @@
+Fichiers d'interfaces réseau des deux cartes de la machine PXE.

bts_annee_2/sisr2/pxe/Interfaces/enp0s3

@@ -0,0 +1,3 @@
+# generated by FAI
+auto enp0s3
+iface enp0s3 inet dhcp

bts_annee_2/sisr2/pxe/Interfaces/enp0s8

@@ -0,0 +1,4 @@
+# generated by FAI
+auto enp0s8
+iface enp0s8 inet static
+address 192.168.1.100/24

bts_annee_2/sisr2/pxe/README.md

@@ -0,0 +1 @@
+Fichiers de configuration de la cinquième séance de SISR, sur PXE et le Netboot.

bts_annee_2/sisr2/pxe/nftables/README.md

@@ -0,0 +1 @@
+Fichier de configuration nftables de la machine PXE.

bts_annee_2/sisr2/pxe/nftables/nftables.conf

@@ -0,0 +1,24 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter;
+	}
+	chain forward {
+		type filter hook forward priority filter;
+	}
+	chain output {
+		type filter hook output priority filter;
+	}
+}
+table inet nat {
+	chain prerouting {
+		type nat hook prerouting priority 0;
+	}
+	chain postrouting {
+		type nat hook postrouting priority 100;
+		oifname "enp0s3" masquerade
+	}
+}

bts_annee_2/sisr2/pxe/routing_command

@@ -0,0 +1 @@
+sysctl net.ipv4.ip_forward=1

bts_annee_2/sisr2/seance_03/README.md

@@ -1 +1,2 @@
 Vagrantfiles de la troisième séance en SISR, et scripts pour le heartbeat.
+Les dossiers nominaux sont les machines du heartbeat.

bts_annee_2/sisr2/seance_04/README.md

@@ -0,0 +1 @@
+Dossier avec les fichiers provenant de la machine LVS pour l'équilibrage des charges.

bts_annee_2/sisr2/seance_04/lvs/haproxy.cfg

@@ -0,0 +1,44 @@
+global
+	log /dev/log	local0
+	log /dev/log	local1 notice
+	chroot /var/lib/haproxy
+	stats socket /run/haproxy/admin.sock mode 660 level admin
+	stats timeout 30s
+	user haproxy
+	group haproxy
+	daemon
+
+	# Default SSL material locations
+	ca-base /etc/ssl/certs
+	crt-base /etc/ssl/private
+
+	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
+        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
+        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
+
+defaults
+	log	global
+	mode	http
+	option	httplog
+	option	dontlognull
+        timeout connect 5000
+        timeout client  50000
+        timeout server  50000
+	errorfile 400 /etc/haproxy/errors/400.http
+	errorfile 403 /etc/haproxy/errors/403.http
+	errorfile 408 /etc/haproxy/errors/408.http
+	errorfile 500 /etc/haproxy/errors/500.http
+	errorfile 502 /etc/haproxy/errors/502.http
+	errorfile 503 /etc/haproxy/errors/503.http
+	errorfile 504 /etc/haproxy/errors/504.http
+# conf perso
+frontend front_webservers
+	bind *:80
+	default_backend backend_webservers
+	option forwardfor
+
+backend backend_webservers
+	balance roundrobin
+	server web1-ge 172.16.1.1:80 check
+	server web2-ge 172.16.1.2:80 check

bts_annee_2/sisr2/seance_04/lvs/ipvs.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+ipvsadm -A -t 192.168.0.150:80 -s rr
+ipvsadm -a -t 192.168.0.150:80 -r 172.16.1.1:80 -m
+ipvsadm -a -t 192.168.0.150:80 -r 172.16.1.2:80 -m
+ipvsadm -L