diff --git a/README.md b/README.md index 4a9ef50..375bebd 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,14 @@ # gsb2023 +2023-01-06 + Environnement et playbooks ansible pour le projet GSB 2023 ## Quickstart -prérequis : une machine Debian Bullseye +prérequis : + * une machine Debian Bullseye + * VirtualBox + ## Les machines @@ -20,7 +25,7 @@ prérequis : une machine Debian Bullseye ## Installation On utilisera l'image de machine virtuelle suivante : - * **debian-bullseye-2023a.ova** (2022-05-07) + * **debian-bullseye-2023a.ova** (2023-01-06) * Debian Bullseye 11 - 2 cartes - 1 Go - stockage 20 Go @@ -35,7 +40,7 @@ On utilisera l'image de machine virtuelle suivante : bash inst-depl cd /var/www/html/gsbstore bash getall - cd /root/tools/ansible/gsb022/pre + cd /root/tools/ansible/gsb023/pre bash gsbboot cd .. ; bash pull-config ``` @@ -51,7 +56,7 @@ On utilisera l'image de machine virtuelle suivante : - cloner le dépot : ```shell mkdir -p tools/ansible ; cd tools/ansible -git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git +git clone https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git cd gsb2023/pre export DEPL=192.168.99.99 bash gsbboot diff --git a/goss/r-ext.yaml b/goss/r-ext.yaml index 3bacf0c..ab2f03b 100644 --- a/goss/r-ext.yaml +++ b/goss/r-ext.yaml @@ -34,8 +34,6 @@ interface: - 192.168.100.254/24 enp0s9: exists: true - addrs: - - 192.168.0.38/24 enp0s16: exists: true addrs: diff --git a/goss/s-adm.yaml b/goss/s-adm.yaml index a675b76..3d32d62 100644 --- a/goss/s-adm.yaml +++ b/goss/s-adm.yaml @@ -16,10 +16,6 @@ port: listening: true ip: - '::' - tcp6:8080: - listening: true - ip: - - '::' udp:53: listening: true ip: @@ -45,7 +41,6 @@ service: user: dnsmasq: exists: true - uid: 109 gid: 65534 groups: - nogroup @@ -54,7 +49,6 @@ user: group: ssh: exists: true - gid: 111 command: /sbin/sysctl net.ipv4.ip_forward: exit-status: 0 @@ -65,8 +59,6 @@ command: dns: depl.sio.lan: resolveable: true - addrs: - - 10.121.38.10 timeout: 500 process: dnsmasq: diff --git a/goss/s-mon.yaml b/goss/s-mon.yaml index 10c5be1..d42f96a 100644 --- a/goss/s-mon.yaml +++ b/goss/s-mon.yaml @@ -1,26 +1,27 @@ file: - /etc/icinga/htpasswd.users: + /etc/nagios4/htdigest.users: exists: true - mode: "0644" - size: 26 - owner: root - group: root + mode: "0640" + owner: nagios + group: www-data filetype: file - contains: [] + contains: [nagiosadmin] package: apache2: installed: true nagios-snmp-plugins: installed: true - icinga: + nagios4: installed: true snmp: installed: true + python3-passlib: + installed: true port: - tcp6:80: + tcp:80: listening: true ip: - - '::' + - 0.0.0.0 udp:514: listening: true ip: @@ -29,7 +30,7 @@ service: apache2: enabled: true running: true - icinga: + nagios4: enabled: true running: true command: @@ -42,19 +43,19 @@ command: process: apache2: running: true - icinga: + nagios4: running: true interface: enp0s3: exists: true addrs: - - 192.168.99.8/24 + - 192.168.99.104/24 enp0s8: exists: true addrs: - 172.16.0.8/24 http: - http://localhost/icinga: + http://localhost/nagios4: status: 401 allow-insecure: false no-follow-redirects: false diff --git a/pull-config b/pull-config index 4566973..093387b 100644 --- a/pull-config +++ b/pull-config @@ -1,7 +1,7 @@ #!/bin/bash -if [ -z ${UREP+x} ]; then - UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2022.git +if [ -z ${UREP+x} ]; then + UREP=https://gitea.lyc-lecastel.fr/gadmin/gsb2023.git fi dir=/root/tools/ansible diff --git a/roles/goss/tasks/main.yml b/roles/goss/tasks/main.yml index a82feb1..0cbb78a 100644 --- a/roles/goss/tasks/main.yml +++ b/roles/goss/tasks/main.yml @@ -3,19 +3,19 @@ - name: goss binary exists stat: path=/usr/local/bin/goss register: gossbin - + - name: install goss sur machine standard - get_url: - url: "{{ depl_url }}/{{ depl_goss }}" + get_url: + url: "{{ depl_url }}/{{ depl_goss }}" dest: /usr/local/bin/{{ depl_goss }} mode: 0755 - when: gossbin.stat.exists == False and ansible_hostname != "s-adm" + when: gossbin.stat.exists == false and ansible_hostname != "s-adm" - name: install goss sur s-adm - copy: + copy: src: "/var/www/html/gsbstore/{{ depl_goss }}" dest: /usr/local/bin/{{ depl_goss }} mode: 0755 remote_src: yes - when: gossbin.stat.exists == False and ansible_hostname == "s-adm" + when: gossbin.stat.exists == false and ansible_hostname == "s-adm" diff --git a/roles/post/files/interfaces.s-mon b/roles/post/files/interfaces.s-mon index 09035d9..5ff598c 100644 --- a/roles/post/files/interfaces.s-mon +++ b/roles/post/files/interfaces.s-mon @@ -1,7 +1,7 @@ # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). -source /etc/network/interfaces.d/* +#source /etc/network/interfaces.d/* # The loopback network interface auto lo @@ -10,7 +10,7 @@ iface lo inet loopback # cote n-adm allow-hotplug enp0s3 iface enp0s3 inet static - address 192.168.99.104/24 + address 192.168.99.8/24 gateway 192.168.99.99 # Cote n-infra @@ -20,4 +20,4 @@ iface enp0s8 inet static up ip route add 172.16.64.0/24 via 172.16.0.254 up ip route add 172.16.128.0/24 via 172.16.0.254 up ip route add 192.168.0.0/16 via 172.16.0.254 - up ip route add 192.168.200.0/24 via 172.16.0.254 \ No newline at end of file + up ip route add 192.168.200.0/24 via 172.16.0.254 diff --git a/roles/post/files/interfaces.s-nas b/roles/post/files/interfaces.s-nas index 94c3eaf..242414a 100644 --- a/roles/post/files/interfaces.s-nas +++ b/roles/post/files/interfaces.s-nas @@ -1,4 +1,4 @@ -source /etc/network/interfaces.d/* +#source /etc/network/interfaces.d/* # The loopback network interface auto lo @@ -14,4 +14,4 @@ iface enp0s3 inet static allow-hotplug enp0s8 iface enp0s8 inet static address 192.168.102.253 - netmask 255.255.255.0 \ No newline at end of file + netmask 255.255.255.0 diff --git a/scripts/mkvm b/scripts/mkvm index 64e41cb..c5b61fb 100755 --- a/scripts/mkvm +++ b/scripts/mkvm @@ -1,7 +1,9 @@ #!/bin/bash ovarelease="2023a" +ovafogrelease="2023a" ovafile="$HOME/Téléchargements/debian-bullseye-gsb-${ovarelease}.ova" +ovafilefog="$HOME/Téléchargements/debian-buster-gsb-${ovafogrelease}.ova" usage () { @@ -12,27 +14,31 @@ usage () { } create_vm () { - nom=$1 - if [[ ! -r "${ovafile}" ]]; then - echo "$0 : erreur ouverture fichier ${ovafile} ..." + nom="$1" + nomova=${ovafile} + if [[ "${nom}" == "s-fog" ]] ; then + nomova="${ovafilefog}" + fi + if [[ ! -r "${nomova}" ]]; then + echo "$0 : erreur ouverture fichier ${nomova} ..." exit 3 fi - vboxmanage import "${ovafile}" --vsys 0 --vmname "${nom}" + vboxmanage import "${nomova}" --vsys 0 --vmname "${nom}" } setif () { - VBoxManage modifyvm $1 --nic${2} intnet - VBoxManage modifyvm $1 --intnet${2} $3 - VBoxManage modifyvm $1 --nictype${2} 82540EM - VBoxManage modifyvm $1 --cableconnected${2} on - VBoxManage modifyvm $1 --nicpromisc${2} allow-all + VBoxManage modifyvm "$1" --nic"${2}" intnet + VBoxManage modifyvm "$1" --intnet"${2}" "$3" + VBoxManage modifyvm "$1" --nictype"${2}" 82540EM + VBoxManage modifyvm "$1" --cableconnected"${2}" on + VBoxManage modifyvm "$1" --nicpromisc"${2}" allow-all } create_if () { # enp0s3 - setif $1 1 $2 - setif $1 2 $3 + setif "$1" 1 "$2" + setif "$1" 2 "$3" #(enp0s8) } @@ -41,7 +47,7 @@ if [[ $# != 1 ]] ; then usage fi -vm=$1 +vm="$1" create_vm "${vm}" if [[ "${vm}" == "s-infra" ]] ; then @@ -74,6 +80,8 @@ elif [[ "${vm}" == "s-DNS-ext" ]] ; then create_if "${vm}" "n-adm" "n-dmz" elif [[ "${vm}" == "s-web-ext" ]] ; then create_if "${vm}" "n-adm" "n-dmz" +elif [[ "${vm}" == "s-nxc" ]] ; then + create_if "${vm}" "n-adm" "n-infra" elif [[ "${vm}" == "s-lb" ]] ; then create_if "${vm}" "n-adm" "n-dmz" "n-dmz-lb" elif [[ "${vm}" == "s-web1" ]] ; then