From 9bcfcc63056f8c0ea6f327a033c5fa7e2d89a01c Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Fri, 27 Jan 2023 08:42:51 +0100 Subject: [PATCH 01/15] modif role nfs-server again --- roles/lb-nfs-server/tasks/main.yml | 133 ++++++++++++++--------------- 1 file changed, 63 insertions(+), 70 deletions(-) diff --git a/roles/lb-nfs-server/tasks/main.yml b/roles/lb-nfs-server/tasks/main.yml index f87b678..e3461ab 100644 --- a/roles/lb-nfs-server/tasks/main.yml +++ b/roles/lb-nfs-server/tasks/main.yml @@ -1,77 +1,70 @@ - - name: 00 - cree repertoire wordpress pour export nfs - file: - path: /exports/wordpress - state: directory +- name: 00 - cree repertoire wordpress pour export nfs + file: + path: /home/wordpress + state: directory - - name: 05 - Install nfs-server - apt: - name: nfs-server - state: present +- name: 05 - Install nfs-server + apt: + name: nfs-server + state: present - - name: 10 - creation fichier exports nfs - ansible.builtin.blockinfile: - path: /etc/exports - block: | - /exports/wordpress 192.168.56.0/255.255.255.0 (rw,no_root_squash,subtree_check) +- name: 10 - creation fichier exports nfs + ansible.builtin.blockinfile: + path: /etc/exports + block: | + /home/wordpress 192.168.102.0/255.255.255.0(rw,no_root_squash,subtree_check) + +- name: 20 - decompresse wordpress + unarchive: + src: https://fr.wordpress.org/latest-fr_FR.tar.gz + dest: /home/ + remote_src: yes + +- name: 22 - change owner et group pour repertoire wordpress + file: + path: /home/wordpress + state: directory + recurse: yes + owner: www-data + group: www-data + +- name: 30 - genere fichier de config wordpress + copy: + src: /home/wordpress/wp-config-sample.php + dest: /home/wordpress/wp-config.php + remote_src: yes + +- name: 35 - ajuste variable dbname dans fichier de config wp-config.php + replace: + path: /home/wordpress/wp-config.php + regexp: "votre_nom_de_bdd" + replace: "wordpressdb" + backup: yes - - name: 15 - Recupere wordpress.tar.gz - get_url: - url: "https://fr.wordpress.org/latest-fr_FR.tar.gz" - dest: /tmp/wordpress-6.1.1-fr_FR.tar.gz +- name: 40 ajuste variable dbusername dans fichier de config wp-config.php + replace: + path: /exports/wordpress/wp-config.php + regexp: "votre_utilisateur_de_bdd" + replace: "wordpressuser" + backup: yes - - name: 20 - decompresse wordpress - unarchive: - src: /tmp/wordpress-6.1.1-fr_FR.tar.gz - dest: /exports/ - remote_src: yes - - - name: 22 - change owner et group pour repertoire wordpress - file: - path: /exports/wordpress - state: directory - recurse: yes - owner: www-data - group: www-data +- name: 45 - ajuste variable mdp dans fichier de config wp-config.php + replace: + path: /home/wordpress/wp-config.php + regexp: "votre_mdp_de_bdd" + replace: "wordpresspasswd" + backup: yes - - name: 30 - genere fichier de config wordpress - copy: - src: /exports/wordpress/wp-config-sample.php - dest: /exports/wordpress/wp-config.php - remote_src: yes - - - name: 35 - ajuste variable dbname dans fichier de config wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "votre_nom_de_bdd" - replace: "wordpressdb" - backup: yes - - - - name: 40 ajuste variable dbusername dans fichier de config wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "votre_utilisateur_de_bdd" - replace: "wordpressuser" - backup: yes - - - name: 45 - ajuste variable mdp dans fichier de config wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "votre_mdp_de_bdd" - replace: "wordpresspasswd" - backup: yes - - - name: 50 - ajuste hostname fichier wp-config.php - replace: - path: /exports/wordpress/wp-config.php - regexp: "localhost" - replace: "192.168.102.253" - backup: yes - - - name: 55 - relance nfs - service: - name: nfs-server - state: restarted - enabled: yes +- name: 50 - ajuste hostname fichier wp-config.php + replace: + path: /home/wordpress/wp-config.php + regexp: "localhost" + replace: "192.168.102.253" + backup: yes +- name: 55 - relance nfs + service: + name: nfs-server + state: restarted + enabled: yes From 0988c9729e29a5e81a0c0cdf7081e6d544ebd4ee Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Fri, 27 Jan 2023 09:01:34 +0100 Subject: [PATCH 02/15] enieme modif nfs --- roles/lb-nfs-server/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/lb-nfs-server/tasks/main.yml b/roles/lb-nfs-server/tasks/main.yml index e3461ab..9d24173 100644 --- a/roles/lb-nfs-server/tasks/main.yml +++ b/roles/lb-nfs-server/tasks/main.yml @@ -44,7 +44,7 @@ - name: 40 ajuste variable dbusername dans fichier de config wp-config.php replace: - path: /exports/wordpress/wp-config.php + path: /home/wordpress/wp-config.php regexp: "votre_utilisateur_de_bdd" replace: "wordpressuser" backup: yes From 76b4ceabe3d869dab1b8846e8c242d8ebc7bc2f6 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 27 Jan 2023 09:08:36 +0100 Subject: [PATCH 03/15] ajout ferm.conf --- goss/list-goss | 12 ++++++++ roles/fw-ferm-1/ferm.conf | 63 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 goss/list-goss create mode 100644 roles/fw-ferm-1/ferm.conf diff --git a/goss/list-goss b/goss/list-goss new file mode 100644 index 0000000..a13faf9 --- /dev/null +++ b/goss/list-goss @@ -0,0 +1,12 @@ +cd goss/ +goss -g r-vp1.yaml v +goss -g r-vp1.yaml aa wireguard +goss add interface enp0s3 +goss add interface enp0s8 +goss add interface enp0s9 +goss add interface wg0 +goss aa wireguard +goss add package wireguard-tools +goss add service wg-quick@wg0 +goss add command "ping -c4 10.0.0.2" +goss add file "/etc/wireguard/wg0.conf" diff --git a/roles/fw-ferm-1/ferm.conf b/roles/fw-ferm-1/ferm.conf new file mode 100644 index 0000000..0097688 --- /dev/null +++ b/roles/fw-ferm-1/ferm.conf @@ -0,0 +1,63 @@ +# -*- shell-script -*- +# +# Ferm script r-vp1 + +@def $DEV_PRIVATE = enp0s8; +@def $DEV_WORLD = enp0s9; + +@def $NET_PRIVATE = 172.16.0.0/24; + +table filter { + chain (INPUT OUTPUT){ + # allow VPN + proto udp dport 51820 ACCEPT; +} + chain INPUT { + policy DROP; + + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + + # allow local connections + interface lo ACCEPT; + + # respond to ping + proto icmp icmp-type echo-request ACCEPT; + + + # allow SSH connections from the private network and from some + # well-known internet hosts + saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT; + + # we provide DNS and SMTP services for the internal net + interface $DEV_PRIVATE saddr $NET_PRIVATE { + proto (udp tcp) dport domain ACCEPT; + proto udp dport bootps ACCEPT; + } + + # interface réseau + interface $DEV_WORLD { + + } + + # the rest is dropped by the above policy + }#FIN INPUT + + # outgoing connections are not limited + chain OUTPUT policy ACCEPT; + + chain FORWARD { + policy ACCEPT; + + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + + # connections from the internal net to the internet or to other + # internal nets are allowed + interface $DEV_PRIVATE ACCEPT; + + # the rest is dropped by the above policy + } +} From 143c3878a3c0548d72e057593b97453e4f6f05fc Mon Sep 17 00:00:00 2001 From: Mathis Laceppe Date: Fri, 27 Jan 2023 09:15:49 +0100 Subject: [PATCH 04/15] ajout fichier test nmap --- roles/fw-ferm-1/nmap-rvp1.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 roles/fw-ferm-1/nmap-rvp1.txt diff --git a/roles/fw-ferm-1/nmap-rvp1.txt b/roles/fw-ferm-1/nmap-rvp1.txt new file mode 100644 index 0000000..187df55 --- /dev/null +++ b/roles/fw-ferm-1/nmap-rvp1.txt @@ -0,0 +1,12 @@ +# CMD +sudo nmap -pU:51820 192.168.0.51 +#Resultat +Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-27 09:02 CET +Nmap scan report for 192.168.0.51 +Host is up (0.00030s latency). + +PORT STATE SERVICE +51820/tcp filtered unknown +MAC Address: 08:00:27:F0:E2:46 (Oracle VirtualBox virtual NIC) + +Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds From a7f366a124de70b178f395a77746f01452180d8b Mon Sep 17 00:00:00 2001 From: Johan Largy Date: Fri, 27 Jan 2023 09:37:04 +0100 Subject: [PATCH 05/15] nmap rvp2 --- roles/fw-ferm-2/nmap-rvp2.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 roles/fw-ferm-2/nmap-rvp2.txt diff --git a/roles/fw-ferm-2/nmap-rvp2.txt b/roles/fw-ferm-2/nmap-rvp2.txt new file mode 100644 index 0000000..bb8c7d0 --- /dev/null +++ b/roles/fw-ferm-2/nmap-rvp2.txt @@ -0,0 +1,9 @@ +Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-27 09:33 CET +Nmap scan report for 192.168.0.52 +Host is up (0.00021s latency). + +PORT STATE SERVICE +51820/tcp filtered unknown +MAC Address: 08:00:27:31:FA:71 (Oracle VirtualBox virtual NIC) + +Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds From 70950f9e4e678da4678cca93a12f7cedd1eeef71 Mon Sep 17 00:00:00 2001 From: Mathis Laceppe Date: Fri, 27 Jan 2023 09:41:55 +0100 Subject: [PATCH 06/15] ajout README.md --- roles/fw-ferm-1/README.d | 16 ++++++++++++++++ roles/fw-ferm-1/nmap-rvp1.txt | 12 ------------ 2 files changed, 16 insertions(+), 12 deletions(-) create mode 100644 roles/fw-ferm-1/README.d delete mode 100644 roles/fw-ferm-1/nmap-rvp1.txt diff --git a/roles/fw-ferm-1/README.d b/roles/fw-ferm-1/README.d new file mode 100644 index 0000000..0974b91 --- /dev/null +++ b/roles/fw-ferm-1/README.d @@ -0,0 +1,16 @@ +[Ferm]:http://ferm.foo-projects.org/ + +Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables +```bash +update-alternatives --set iptables /usr/sbin/iptables-legacy``` + +Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html +```bash +sudo nmap -p51820 192.168.0.51```(r-vp1) +```bash +sudo nmap -p51820 192.168.0.52```(r-vp2) + +Sortie : +`PORT STATE SERVICE +51820/tcp filtered unknown` +Faire des ping! diff --git a/roles/fw-ferm-1/nmap-rvp1.txt b/roles/fw-ferm-1/nmap-rvp1.txt deleted file mode 100644 index 187df55..0000000 --- a/roles/fw-ferm-1/nmap-rvp1.txt +++ /dev/null @@ -1,12 +0,0 @@ -# CMD -sudo nmap -pU:51820 192.168.0.51 -#Resultat -Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-27 09:02 CET -Nmap scan report for 192.168.0.51 -Host is up (0.00030s latency). - -PORT STATE SERVICE -51820/tcp filtered unknown -MAC Address: 08:00:27:F0:E2:46 (Oracle VirtualBox virtual NIC) - -Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds From 01c2b769365ca006c07308c310431e7b14c7cbc8 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 27 Jan 2023 09:43:16 +0100 Subject: [PATCH 07/15] ajout ferm.conf --- roles/fw-ferm-2/ferm.conf | 62 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 roles/fw-ferm-2/ferm.conf diff --git a/roles/fw-ferm-2/ferm.conf b/roles/fw-ferm-2/ferm.conf new file mode 100644 index 0000000..1c0c40b --- /dev/null +++ b/roles/fw-ferm-2/ferm.conf @@ -0,0 +1,62 @@ +# -*- shell-script -*- +# +# Ferm script r-vp2 + +@def $DEV_PRIVATE = enp0s9; +@def $DEV_WORLD = enp0s8; + +@def $NET_PRIVATE = 172.16.0.0/24; + +table filter { + chain (INPUT OUTPUT){ + # allow VPN + proto udp dport 51820 ACCEPT; +} + chain INPUT { + policy DROP; + + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + + # allow local connections + interface lo ACCEPT; + + # respond to ping + proto icmp icmp-type echo-request ACCEPT; + + # allow SSH connections from the private network and from some + # well-known internet hosts + saddr ($NET_PRIVATE 81.209.165.42) proto tcp dport ssh ACCEPT; + + # we provide DNS and SMTP services for the internal net + interface $DEV_PRIVATE saddr $NET_PRIVATE { + proto (udp tcp) dport domain ACCEPT; + proto udp dport bootps ACCEPT; + } + + # interface réseau + interface $DEV_WORLD { + + } + + # the rest is dropped by the above policy + }#FIN INPUT + + # outgoing connections are not limited + chain OUTPUT policy ACCEPT; + + chain FORWARD { + policy ACCEPT; + + # connection tracking + mod state state INVALID DROP; + mod state state (ESTABLISHED RELATED) ACCEPT; + + # connections from the internal net to the internet or to other + # internal nets are allowed + interface $DEV_PRIVATE ACCEPT; + + # the rest is dropped by the above policy + } +} From f38fca45611bc01259c906d9313e564684213915 Mon Sep 17 00:00:00 2001 From: Mathis Laceppe Date: Fri, 27 Jan 2023 09:45:11 +0100 Subject: [PATCH 08/15] ajout et modif README.md --- roles/fw-ferm-1/{README.d => README.md} | 0 roles/fw-ferm-2/README.md | 16 ++++++++++++++++ roles/fw-ferm-2/nmap-rvp2.txt | 9 --------- 3 files changed, 16 insertions(+), 9 deletions(-) rename roles/fw-ferm-1/{README.d => README.md} (100%) create mode 100644 roles/fw-ferm-2/README.md delete mode 100644 roles/fw-ferm-2/nmap-rvp2.txt diff --git a/roles/fw-ferm-1/README.d b/roles/fw-ferm-1/README.md similarity index 100% rename from roles/fw-ferm-1/README.d rename to roles/fw-ferm-1/README.md diff --git a/roles/fw-ferm-2/README.md b/roles/fw-ferm-2/README.md new file mode 100644 index 0000000..0974b91 --- /dev/null +++ b/roles/fw-ferm-2/README.md @@ -0,0 +1,16 @@ +[Ferm]:http://ferm.foo-projects.org/ + +Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables +```bash +update-alternatives --set iptables /usr/sbin/iptables-legacy``` + +Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html +```bash +sudo nmap -p51820 192.168.0.51```(r-vp1) +```bash +sudo nmap -p51820 192.168.0.52```(r-vp2) + +Sortie : +`PORT STATE SERVICE +51820/tcp filtered unknown` +Faire des ping! diff --git a/roles/fw-ferm-2/nmap-rvp2.txt b/roles/fw-ferm-2/nmap-rvp2.txt deleted file mode 100644 index bb8c7d0..0000000 --- a/roles/fw-ferm-2/nmap-rvp2.txt +++ /dev/null @@ -1,9 +0,0 @@ -Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-27 09:33 CET -Nmap scan report for 192.168.0.52 -Host is up (0.00021s latency). - -PORT STATE SERVICE -51820/tcp filtered unknown -MAC Address: 08:00:27:31:FA:71 (Oracle VirtualBox virtual NIC) - -Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds From 9fd18796a68b21a93e20cfdf4fdc382ce114f836 Mon Sep 17 00:00:00 2001 From: Mathis Laceppe Date: Fri, 27 Jan 2023 09:49:23 +0100 Subject: [PATCH 09/15] modif README.md --- roles/fw-ferm-1/README.md | 9 ++++++--- roles/fw-ferm-2/README.md | 9 ++++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/roles/fw-ferm-1/README.md b/roles/fw-ferm-1/README.md index 0974b91..64df66e 100644 --- a/roles/fw-ferm-1/README.md +++ b/roles/fw-ferm-1/README.md @@ -2,13 +2,16 @@ Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables ```bash -update-alternatives --set iptables /usr/sbin/iptables-legacy``` +update-alternatives --set iptables /usr/sbin/iptables-legacy +``` Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html ```bash -sudo nmap -p51820 192.168.0.51```(r-vp1) +sudo nmap -p51820 192.168.0.51 +```(r-vp1) ```bash -sudo nmap -p51820 192.168.0.52```(r-vp2) +sudo nmap -p51820 192.168.0.52 +```(r-vp2) Sortie : `PORT STATE SERVICE diff --git a/roles/fw-ferm-2/README.md b/roles/fw-ferm-2/README.md index 0974b91..64df66e 100644 --- a/roles/fw-ferm-2/README.md +++ b/roles/fw-ferm-2/README.md @@ -2,13 +2,16 @@ Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables ```bash -update-alternatives --set iptables /usr/sbin/iptables-legacy``` +update-alternatives --set iptables /usr/sbin/iptables-legacy +``` Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html ```bash -sudo nmap -p51820 192.168.0.51```(r-vp1) +sudo nmap -p51820 192.168.0.51 +```(r-vp1) ```bash -sudo nmap -p51820 192.168.0.52```(r-vp2) +sudo nmap -p51820 192.168.0.52 +```(r-vp2) Sortie : `PORT STATE SERVICE From 9019c0dbe75d41a1b3a2a7f9d82afa8bcdf9f149 Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Mon, 30 Jan 2023 10:36:52 +0100 Subject: [PATCH 10/15] modification de lb-bd --- s-lb-bd.yml | 68 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 47 insertions(+), 21 deletions(-) diff --git a/s-lb-bd.yml b/s-lb-bd.yml index c31f907..b079fa6 100644 --- a/s-lb-bd.yml +++ b/s-lb-bd.yml @@ -1,24 +1,50 @@ --- - - hosts: localhost - connection: local - vars: - maria_dbhost: "192.168.102.254" - maria_dbname: "wordpress" - maria_dbuser: "wp" - maria_dbpasswd: "wp" +- hosts: all + become: true + tasks: + - name: modules python pour + apt: + name: python3-pymysql + state: present - roles: - - base - - goss - - post - #- s-lb-bd-ab - - mariadb-ab -# - role: db-user -# cli_ip: "192.168.102.1" -# - role: db-user -# cli_ip: "192.168.102.2" -# - role: db-user -# cli_ip: "192.168.102.3" - - snmp-agent -# - post + - name: install mariadb-server + apt: + name: mariadb-server + state: present + + - name: Cree Bd wordpress + mysql_db: + db: wordpressdb + login_unix_socket: /var/run/mysqld/mysqld.sock + state: present + + - name: Ouvre port 3306 mariadb-server + replace: + path: /etc/mysql/mariadb.conf.d/50-server.cnf + regexp: '^bind-address.*' + replace: '#bind-adress = 127.0.0.1' + backup: yes + notify: restart mariadb + + - name: Create MySQL user for wordpress + mysql_user: + name: wordpressuser + password: wordpresspasswd + priv: "wordpressdb.*:ALL" + host: '%' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + + handlers: + - name: restart mariadb + ansible.builtin.service: + name: mariadb + state: restarted + + roles: + - base + - goss + - post + - mariadb-ab + - snmp-agent From 05ddace1af9bbf774a40ee40732b89385d8c9d6f Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Mon, 30 Jan 2023 10:44:18 +0100 Subject: [PATCH 11/15] lb-bd rev2 --- s-lb-bd.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/s-lb-bd.yml b/s-lb-bd.yml index b079fa6..bf2352d 100644 --- a/s-lb-bd.yml +++ b/s-lb-bd.yml @@ -46,5 +46,4 @@ - base - goss - post - - mariadb-ab - snmp-agent From 5ddbedac9795c3d5e92356f7f130aad0cc466f1f Mon Sep 17 00:00:00 2001 From: Johan Largy Date: Mon, 30 Jan 2023 10:57:23 +0100 Subject: [PATCH 12/15] ajout et changementroles fw-vpn --- r-vp1.yml | 1 + r-vp2.yml | 1 + roles/fw-ferm-2/README.md | 19 ------------------- roles/{fw-ferm-1 => fw-ferm}/README.md | 0 .../files/ferm.conf.r-vp1} | 0 .../files/ferm.conf.r-vp2} | 0 roles/fw-ferm/tasks/main.yml | 15 +++++++++++++++ roles/wireguard-l/tasks/main.yml | 10 +++++----- roles/wireguard-r/tasks/main.yml | 19 +++++++++++-------- 9 files changed, 33 insertions(+), 32 deletions(-) delete mode 100644 roles/fw-ferm-2/README.md rename roles/{fw-ferm-1 => fw-ferm}/README.md (100%) rename roles/{fw-ferm-1/ferm.conf => fw-ferm/files/ferm.conf.r-vp1} (100%) rename roles/{fw-ferm-2/ferm.conf => fw-ferm/files/ferm.conf.r-vp2} (100%) create mode 100644 roles/fw-ferm/tasks/main.yml diff --git a/r-vp1.yml b/r-vp1.yml index 2ffe142..5bd02e3 100644 --- a/r-vp1.yml +++ b/r-vp1.yml @@ -15,6 +15,7 @@ # - firewall-vpn-r - wireguard-r # - x509-r + - fw-ferm - ssh-cli - syslog-cli - post diff --git a/r-vp2.yml b/r-vp2.yml index 3c78dbf..a4009fe 100644 --- a/r-vp2.yml +++ b/r-vp2.yml @@ -18,6 +18,7 @@ # - firewall-vpn-l - wireguard-l # - x509-l + - fw-ferm - ssh-cli - syslog-cli - post diff --git a/roles/fw-ferm-2/README.md b/roles/fw-ferm-2/README.md deleted file mode 100644 index 64df66e..0000000 --- a/roles/fw-ferm-2/README.md +++ /dev/null @@ -1,19 +0,0 @@ -[Ferm]:http://ferm.foo-projects.org/ - -Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables -```bash -update-alternatives --set iptables /usr/sbin/iptables-legacy -``` - -Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html -```bash -sudo nmap -p51820 192.168.0.51 -```(r-vp1) -```bash -sudo nmap -p51820 192.168.0.52 -```(r-vp2) - -Sortie : -`PORT STATE SERVICE -51820/tcp filtered unknown` -Faire des ping! diff --git a/roles/fw-ferm-1/README.md b/roles/fw-ferm/README.md similarity index 100% rename from roles/fw-ferm-1/README.md rename to roles/fw-ferm/README.md diff --git a/roles/fw-ferm-1/ferm.conf b/roles/fw-ferm/files/ferm.conf.r-vp1 similarity index 100% rename from roles/fw-ferm-1/ferm.conf rename to roles/fw-ferm/files/ferm.conf.r-vp1 diff --git a/roles/fw-ferm-2/ferm.conf b/roles/fw-ferm/files/ferm.conf.r-vp2 similarity index 100% rename from roles/fw-ferm-2/ferm.conf rename to roles/fw-ferm/files/ferm.conf.r-vp2 diff --git a/roles/fw-ferm/tasks/main.yml b/roles/fw-ferm/tasks/main.yml new file mode 100644 index 0000000..78c42ff --- /dev/null +++ b/roles/fw-ferm/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: installation de ferm + apt: + name: ferm + state: present + +- name: copie du ferm.conf + copy: + src: ferm.conf.{{ ansible_hostname }} + dest: /etc/ferm/ferm.conf + +- name: redemarage service ferm + ansible.builtin.service: + name: ferm.service + state: restarted diff --git a/roles/wireguard-l/tasks/main.yml b/roles/wireguard-l/tasks/main.yml index 99035f8..32fd42e 100644 --- a/roles/wireguard-l/tasks/main.yml +++ b/roles/wireguard-l/tasks/main.yml @@ -4,16 +4,16 @@ name: wireguard state: present +- name: installation de ferm + apt: + name: ferm + state: present + - name: installation de wireguard-tools apt: name: wireguard-tools state: present -#- name: installation de sshpass -# apt: -# name: sshpass -# state: present - #- name: copie du fichier de configuration depuis r-vp1 # command: "sshpass -p 'root' scp -r root@192.168.99.112:/root/confwg/wg0-b.conf /etc/wireguard/" diff --git a/roles/wireguard-r/tasks/main.yml b/roles/wireguard-r/tasks/main.yml index 51fe16b..a0f6624 100644 --- a/roles/wireguard-r/tasks/main.yml +++ b/roles/wireguard-r/tasks/main.yml @@ -4,6 +4,11 @@ name: wireguard state: present +- name: installation de ferm + apt: + name: ferm + state: present + - name: installation de wireguard-tools apt: name: wireguard-tools @@ -27,12 +32,10 @@ - name: copie du fichier de configuration copy: src: /root/confwg/wg0-a.conf - dest: /etc/wireguard + dest: /etc/wireguard/wg0.conf -- name: renommage fichier de configuration - command: "mv /etc/wireguard/wg0-a.conf /etc/wireguard/wg0.conf" - -- name: demarrage du service wireguard - tags: aaaa - command: "systemctl enable wg-quick@wg0" - command: "systemctl restart wg-quick@wg0" +- name: Restart service httpd, in all cases + ansible.builtin.service: + name: wg-quick@wg0 + enabled: yes + state: restarted From 0dbbaf0751a2da79096d49f79aaa45857508edfe Mon Sep 17 00:00:00 2001 From: Johan Largy Date: Mon, 30 Jan 2023 11:08:22 +0100 Subject: [PATCH 13/15] modif README.md --- roles/fw-ferm/README.md | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/roles/fw-ferm/README.md b/roles/fw-ferm/README.md index 64df66e..9824637 100644 --- a/roles/fw-ferm/README.md +++ b/roles/fw-ferm/README.md @@ -1,19 +1,23 @@ [Ferm]:http://ferm.foo-projects.org/ Modifier l'execution d'iptables [plus d'info ici]:https://wiki.debian.org/iptables -```bash +```shell update-alternatives --set iptables /usr/sbin/iptables-legacy ``` Pour tester utiliser [Nmap]:https://nmap.org/man/fr/man-briefoptions.html -```bash +### r-vp1 +```shell sudo nmap -p51820 192.168.0.51 -```(r-vp1) -```bash +``` +### r-vp2 +```shell sudo nmap -p51820 192.168.0.52 -```(r-vp2) - -Sortie : +``` +### Sortie : +``` `PORT STATE SERVICE 51820/tcp filtered unknown` +``` + Faire des ping! From 038e41dd4034f9c027ddedf7d11c734d3943e932 Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Mon, 30 Jan 2023 11:43:48 +0100 Subject: [PATCH 14/15] marche stp --- roles/lb-web/tasks/main.yml | 34 +++++++++++++++++++++++++--------- s-lb-web1.yml | 1 - s-lb-web2.yml | 1 - 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/roles/lb-web/tasks/main.yml b/roles/lb-web/tasks/main.yml index cec5a55..eef017f 100644 --- a/roles/lb-web/tasks/main.yml +++ b/roles/lb-web/tasks/main.yml @@ -1,10 +1,26 @@ --- -- name: installation php et apache ... - apt: - name: - - apache2 - - php - - php-mbstring - - php-mysql - - mariadb-client - state: present +- name: + - apache2 + - php + - php-mbstring + - php-mysql + - mariadb-client + state: present + + - name: install nfs-common + apt: + name: nfs-common + state: present + + - name: montage nfs pour word press + blockinfile: + path: /etc/fstab + block: | + 192.168.56.6:/exports/wordpress /var/www/html nfs soft,timeo=5,intr,rsize=8192,wsize=8192,wsize=8192 0 0 + + - name: monte export wordpress + ansible.posix.mount: + path: /var/www/html + state: mounted + fstype: nfs + src: 192.168.56.6:/exports/wordpress diff --git a/s-lb-web1.yml b/s-lb-web1.yml index 7a7d540..438bfeb 100644 --- a/s-lb-web1.yml +++ b/s-lb-web1.yml @@ -6,5 +6,4 @@ - base - lb-web - snmp-agent - - lb-nfs-client - post diff --git a/s-lb-web2.yml b/s-lb-web2.yml index 7a7d540..438bfeb 100644 --- a/s-lb-web2.yml +++ b/s-lb-web2.yml @@ -6,5 +6,4 @@ - base - lb-web - snmp-agent - - lb-nfs-client - post From 9bda971ff6404dabbc8ab7203642750bc7f63bf4 Mon Sep 17 00:00:00 2001 From: Elam Monnot Date: Mon, 30 Jan 2023 11:44:10 +0100 Subject: [PATCH 15/15] marche stp --- roles/lb-web/files/wp-config.php | 102 ------------------------------- 1 file changed, 102 deletions(-) delete mode 100644 roles/lb-web/files/wp-config.php diff --git a/roles/lb-web/files/wp-config.php b/roles/lb-web/files/wp-config.php deleted file mode 100644 index 6c0623f..0000000 --- a/roles/lb-web/files/wp-config.php +++ /dev/null @@ -1,102 +0,0 @@ -