louis.depres/gsb2023
1
0
Fork 0
Code Pull Requests Activity

nettoyage

Browse Source
This commit is contained in:
“Albert
2023-01-20 09:15:54 +01:00
parent f4361d9ecb
commit 4dd5b711e2
43 changed files with 135 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
roles/old/s-lb-ab/README.md Normal file
View File

@@ -0,0 +1,4 @@
##Installation du load-balancer
Ce rôle sert à installer HAproxy et de mettre un fichier de configuration avec les serveur web à répartir.
Ce rôle est utilisé par s-lb

5
roles/old/s-lb-ab/files/actu.sh Executable file
View File

@@ -0,0 +1,5 @@
#!/bin/bash
while true
do
curl 192.168.100.10
done

55
roles/old/s-lb-ab/files/haproxy.cfg Normal file
View File

@@ -0,0 +1,55 @@
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend proxypublic
bind 192.168.100.10:80
default_backend fermeweb
backend fermeweb
balance roundrobin
option httpclose
#option httpchk HEAD / HTTP/1.0
server s-lb-web1 192.168.101.1:80 check
server s-lb-web2 192.168.101.2:80 check
server s-lb-web3 192.168.101.3:80 check
listen stats
bind *:8080
stats enable
stats uri /haproxy
stats auth admin:admin

3
roles/old/s-lb-ab/handlers/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: restart haproxy
service: name=haproxy state=restarted

29
roles/old/s-lb-ab/tasks/main.yml Normal file
View File

@@ -0,0 +1,29 @@
---
- name: Installation d'HAproxy
apt:
name:
- haproxy
state: present
- name: Copie du fichier de configuration
copy:
src: haproxy.cfg
dest: /etc/haproxy/haproxy.cfg
notify:
- restart haproxy
- name:
file:
path: /root/script
state: directory
- name: Copie du fichier actu.sh
copy:
src: actu.sh
dest: /root/script/
- name: On rend exécutable le script actu.sh
file:
path: /root/script/actu.sh
mode: 0777

11
roles/old/s-lb-bd-ab/README.txt Normal file
View File

@@ -0,0 +1,11 @@
Apres avoir lancer le bash pull config:
Creer un utilisateur autre que root dans la base de donnee
CREATE USER 'admin'@'localhost'IDENTIFIED BY 'Azerty1+';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost';
Puis executer le script dans files/installmysql.sh qui bloquera les connexions root en localhost et distantes
Enfin se connecter en tant que admin et creer un autre compte pour les utilisateurs
CREATE USER 'user'@'192.168.102.%'IDENTIFIED BY 'password';
Le % permet d'autoriser la connexion de tous les postes du reseau 192.168.102.0/24

3
roles/old/s-lb-bd-ab/files/.my.cnf Normal file
View File

@@ -0,0 +1,3 @@
[client]
user=root
password=root

16
roles/old/s-lb-bd-ab/files/installmysql.sh Executable file
View File

@@ -0,0 +1,16 @@
# Download and Install the Latest Updates for the OS
apt-get update && apt-get upgrade -y
# Install MySQL Server in a Non-Interactive mode. Default root password will be "root"
echo "mysql-server mysql-server/root_password password root" | debconf-set-selections
echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
apt-get -y install mysql-server
# Run the MySQL Secure Installation wizard
mysql_secure_installation
sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /etc/mysql/my.cnf
mysql -uroot -p -e 'USE mysql; UPDATE `user` SET `Host`="%" WHERE `User`="root" AND `Host`="localhost"; DELETE FROM `user` WHERE `Host` != "%" AND `User`="root"; FLUSH PRIVILEGES;'
service mysql restart

128
roles/old/s-lb-bd-ab/files/my.cnf Normal file
View File

@@ -0,0 +1,128 @@
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port = 3306
socket = /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket = /var/run/mysqld/mysqld.sock
nice = 0
[mysqld]
#
# * Basic Settings
#
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address = 127.0.0.1
#
# * Fine Tuning
#
key_buffer = 16M
max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover = BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
# As of 5.1 you can enable the log at runtime!
#general_log_file = /var/log/mysql/mysql.log
#general_log = 1
#
# Error log - should be very few entries.
#
log_error = /var/log/mysql/error.log
#
# Here you can see queries with especially long duration
#slow_query_log_file = /var/log/mysql/mysql-slow.log
#slow_query_log = 1
#long_query_time = 2
#log_queries_not_using_indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id = 1
#log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M
#binlog_do_db = include_database_name
#binlog_ignore_db = include_database_name
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet = 16M
[mysql]
#no-auto-rehash # faster start of mysql but no tab completition
[isamchk]
key_buffer = 16M
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

3
roles/old/s-lb-bd-ab/handlers/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: restart mysql-server
service: name=mysql-server state=restarted

3
roles/old/s-lb-web-ab/files/.my.cnf Normal file
View File

@@ -0,0 +1,3 @@
[client]
user=root
password=root

4
roles/old/s-lb-web-ab/files/compter.bash Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
echo "" > /var/log/apache2/access.log
watch -n 0 wc -l /var/log/apache2/access.log

3
roles/old/s-lb-web-ab/handlers/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: restart apache2
service: name=apache2 state=restarted

26
roles/old/s-lb-web-ab/tasks/main.yml Normal file
View File

@@ -0,0 +1,26 @@
---
- name: Install apache2 php php5-mysql et autres modules php
apt:
name:
- apache2
- php
- php-mysql
- php-gd
- php-zip
- php-mbstring
- php-curl
- php-imagick
- php-xml
state: present
- name: copie exports pour partage nfs wordpress
copy: src=compter.bash dest=/root
- name: Changement de permission pour compter.bash
shell: chmod a+x /root/compter.bash
#- name: Envoi d'index dans /var/www/
# copy: src=index.html dest=/var/www/
#- name: Install glusterfs client
# apt: pkg=glusterfs-client state=present update_cache=yes

3
roles/old/s-lb-web/README.md Normal file
View File

@@ -0,0 +1,3 @@
##Installation des serveurs web
Ce rôle sert à installer les paquets nécessaire pour WordPress sur les serveurs webs.

3
roles/old/s-lb-web/files/.my.cnf Normal file
View File

@@ -0,0 +1,3 @@
[client]
user=root
password=root

4
roles/old/s-lb-web/files/compter.bash Normal file
View File

@@ -0,0 +1,4 @@
#!/bin/bash
echo "" > /var/log/apache2/access.log
watch -n 0 wc -l /var/log/apache2/access.log

3
roles/old/s-lb-web/handlers/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
- name: restart apache2
service: name=apache2 state=restarted

12
roles/old/s-lb-web/tasks/main.yml Normal file
View File

@@ -0,0 +1,12 @@
---
- name: Installation des paquets
apt:
name :
- apache2
- php
- php-mysql
state: present