From 87e0e17eec1865dcc0c2764b95f9924c2fa0e1de Mon Sep 17 00:00:00 2001 From: phil Date: Wed, 1 Feb 2023 23:25:37 +0100 Subject: [PATCH] reorg. + doc --- README.md | 24 ++++-- s-web.yml => old/s-web.yml | 0 s-web1.yml => old/s-web1.yml | 0 s-web2.yml => old/s-web2.yml | 0 s-web3.yml => old/s-web3.yml | 0 roles/lb-bd/files/.my.cnf | 3 - roles/lb-bd/files/installmysql.sh | 16 ---- roles/lb-bd/files/my.cnf | 128 ------------------------------ roles/lb-bd/handlers/main.yml | 5 +- roles/lb-bd/tasks/main.yml | 35 +++++++- s-lb-bd.yml | 40 +--------- s-lb-web1.yml | 2 + s-lb-web2.yml | 1 + s-lb.yml | 1 + 14 files changed, 59 insertions(+), 196 deletions(-) rename s-web.yml => old/s-web.yml (100%) rename s-web1.yml => old/s-web1.yml (100%) rename s-web2.yml => old/s-web2.yml (100%) rename s-web3.yml => old/s-web3.yml (100%) delete mode 100644 roles/lb-bd/files/.my.cnf delete mode 100755 roles/lb-bd/files/installmysql.sh delete mode 100644 roles/lb-bd/files/my.cnf diff --git a/README.md b/README.md index 6a258e3..9f27dcf 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # gsb2023 -2023-01-30 ps +2023-02-01 ps Environnement et playbooks ansible pour le projet GSB 2023 @@ -13,7 +13,6 @@ Prérequis : * **debian-buster-gsb-2023a.ova** - * **s-adm** : routeur adm, DHCP + NAT, deploiement, proxy squid * **s-infra** : DNS maitre, autoconfiguration navigateurs avec **wpad** * **r-int** : routage, DHCP @@ -42,13 +41,25 @@ Prérequis : ## Installation -On utilisera l'image de machine virtuelle suivante : +On utilisera les images de machines virtuelle suivantes : * **debian-bullseye-2023a.ova** (2023-01-06) * Debian Bullseye 11.6 - 2 cartes - 1 Go - stockage 20 Go +et pour **s-fog** : + * **debian-buster-2023a.ova** (2023-01-06) + * Debian Buster 10 - 2 cartes - 1 Go - stockage 20 Go + +On utilsera le script (bash) **mkvm** ou (PowerShell) **mkvm.ps1** pour créeer une VM + +```shell +gsb2023> +cd pre +$ mkvm s-adm + +``` ### Machine s-adm - * créer la machine virtuelle **s-adm** en important l'image ova décrite plus haut + * créer la machine virtuelle **s-adm** avec **mkvm * comme décrit plus haut. * renommer la machine puis redémarrer * taper : ```shell @@ -66,11 +77,10 @@ On utilisera l'image de machine virtuelle suivante : ### Pour chaque machine - - importer la machine à partir du fichier **.ova** - - définir les cartes réseau en accord avec le plan d'adressage et le schéma + - créer la machine avec **mkvm**, les cartes réseau sont paramétrées par **mkvm** selon les spécifications - donner le nom adapté (avec sed -i …) - redémarrer - - mettre à jour les paquets : apt update && apt upgrade + - mettre à jour les paquets : apt update - cloner le dépot : ```shell mkdir -p tools/ansible ; cd tools/ansible diff --git a/s-web.yml b/old/s-web.yml similarity index 100% rename from s-web.yml rename to old/s-web.yml diff --git a/s-web1.yml b/old/s-web1.yml similarity index 100% rename from s-web1.yml rename to old/s-web1.yml diff --git a/s-web2.yml b/old/s-web2.yml similarity index 100% rename from s-web2.yml rename to old/s-web2.yml diff --git a/s-web3.yml b/old/s-web3.yml similarity index 100% rename from s-web3.yml rename to old/s-web3.yml diff --git a/roles/lb-bd/files/.my.cnf b/roles/lb-bd/files/.my.cnf deleted file mode 100644 index 34d0e25..0000000 --- a/roles/lb-bd/files/.my.cnf +++ /dev/null @@ -1,3 +0,0 @@ -[client] -user=root -password=root diff --git a/roles/lb-bd/files/installmysql.sh b/roles/lb-bd/files/installmysql.sh deleted file mode 100755 index 9ee2508..0000000 --- a/roles/lb-bd/files/installmysql.sh +++ /dev/null @@ -1,16 +0,0 @@ -# Download and Install the Latest Updates for the OS -apt-get update && apt-get upgrade -y - -# Install MySQL Server in a Non-Interactive mode. Default root password will be "root" -echo "mysql-server mysql-server/root_password password root" | debconf-set-selections -echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections -apt-get -y install mysql-server - - -# Run the MySQL Secure Installation wizard -mysql_secure_installation - -sed -i 's/127\.0\.0\.1/0\.0\.0\.0/g' /etc/mysql/my.cnf -mysql -uroot -p -e 'USE mysql; UPDATE `user` SET `Host`="%" WHERE `User`="root" AND `Host`="localhost"; DELETE FROM `user` WHERE `Host` != "%" AND `User`="root"; FLUSH PRIVILEGES;' - -service mysql restart \ No newline at end of file diff --git a/roles/lb-bd/files/my.cnf b/roles/lb-bd/files/my.cnf deleted file mode 100644 index 1308652..0000000 --- a/roles/lb-bd/files/my.cnf +++ /dev/null @@ -1,128 +0,0 @@ -# -# The MySQL database server configuration file. -# -# You can copy this to one of: -# - "/etc/mysql/my.cnf" to set global options, -# - "~/.my.cnf" to set user-specific options. -# -# One can use all long options that the program supports. -# Run program with --help to get a list of available options and with -# --print-defaults to see which it would actually understand and use. -# -# For explanations see -# http://dev.mysql.com/doc/mysql/en/server-system-variables.html - -# This will be passed to all mysql clients -# It has been reported that passwords should be enclosed with ticks/quotes -# escpecially if they contain "#" chars... -# Remember to edit /etc/mysql/debian.cnf when changing the socket location. -[client] -port = 3306 -socket = /var/run/mysqld/mysqld.sock - -# Here is entries for some specific programs -# The following values assume you have at least 32M ram - -# This was formally known as [safe_mysqld]. Both versions are currently parsed. -[mysqld_safe] -socket = /var/run/mysqld/mysqld.sock -nice = 0 - -[mysqld] -# -# * Basic Settings -# -user = mysql -pid-file = /var/run/mysqld/mysqld.pid -socket = /var/run/mysqld/mysqld.sock -port = 3306 -basedir = /usr -datadir = /var/lib/mysql -tmpdir = /tmp -lc-messages-dir = /usr/share/mysql -skip-external-locking -# -# Instead of skip-networking the default is now to listen only on -# localhost which is more compatible and is not less secure. -#bind-address = 127.0.0.1 -# -# * Fine Tuning -# -key_buffer = 16M -max_allowed_packet = 16M -thread_stack = 192K -thread_cache_size = 8 -# This replaces the startup script and checks MyISAM tables if needed -# the first time they are touched -myisam-recover = BACKUP -#max_connections = 100 -#table_cache = 64 -#thread_concurrency = 10 -# -# * Query Cache Configuration -# -query_cache_limit = 1M -query_cache_size = 16M -# -# * Logging and Replication -# -# Both location gets rotated by the cronjob. -# Be aware that this log type is a performance killer. -# As of 5.1 you can enable the log at runtime! -#general_log_file = /var/log/mysql/mysql.log -#general_log = 1 -# -# Error log - should be very few entries. -# -log_error = /var/log/mysql/error.log -# -# Here you can see queries with especially long duration -#slow_query_log_file = /var/log/mysql/mysql-slow.log -#slow_query_log = 1 -#long_query_time = 2 -#log_queries_not_using_indexes -# -# The following can be used as easy to replay backup logs or for replication. -# note: if you are setting up a replication slave, see README.Debian about -# other settings you may need to change. -#server-id = 1 -#log_bin = /var/log/mysql/mysql-bin.log -expire_logs_days = 10 -max_binlog_size = 100M -#binlog_do_db = include_database_name -#binlog_ignore_db = include_database_name -# -# * InnoDB -# -# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. -# Read the manual for more InnoDB related options. There are many! -# -# * Security Features -# -# Read the manual, too, if you want chroot! -# chroot = /var/lib/mysql/ -# -# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". -# -# ssl-ca=/etc/mysql/cacert.pem -# ssl-cert=/etc/mysql/server-cert.pem -# ssl-key=/etc/mysql/server-key.pem - - - -[mysqldump] -quick -quote-names -max_allowed_packet = 16M - -[mysql] -#no-auto-rehash # faster start of mysql but no tab completition - -[isamchk] -key_buffer = 16M - -# -# * IMPORTANT: Additional settings that can override those from this file! -# The files must end with '.cnf', otherwise they'll be ignored. -# -!includedir /etc/mysql/conf.d/ diff --git a/roles/lb-bd/handlers/main.yml b/roles/lb-bd/handlers/main.yml index caa5308..f21f22c 100644 --- a/roles/lb-bd/handlers/main.yml +++ b/roles/lb-bd/handlers/main.yml @@ -1,3 +1,4 @@ --- - - name: restart mysql-server - service: name=mysql-server state=restarted +- name: restart mariadb + ansible.builtin.service: + name: mariadb diff --git a/roles/lb-bd/tasks/main.yml b/roles/lb-bd/tasks/main.yml index 9f65e0e..ff4020e 100644 --- a/roles/lb-bd/tasks/main.yml +++ b/roles/lb-bd/tasks/main.yml @@ -1,4 +1,35 @@ --- -- name: Install paquets - apt: name=mysql-server state=present force=yes + +- name: modules python pour + apt: + name: python3-pymysql + state: present + +- name: install mariadb-server + apt: + name: mariadb-server + state: present + +- name: Cree Bd wordpress + mysql_db: + db: wordpressdb + login_unix_socket: /var/run/mysqld/mysqld.sock + state: present + +- name: Ouvre port 3306 mariadb-server + replace: + path: /etc/mysql/mariadb.conf.d/50-server.cnf + regexp: '^bind-address.*' + replace: '#bind-adress = 127.0.0.1' + backup: yes + notify: restart mariadb + +- name: Create MySQL user for wordpress + mysql_user: + name: wordpressuser + password: wordpresspasswd + priv: "wordpressdb.*:ALL" + host: '%' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock diff --git a/s-lb-bd.yml b/s-lb-bd.yml index bf2352d..7852a09 100644 --- a/s-lb-bd.yml +++ b/s-lb-bd.yml @@ -3,47 +3,11 @@ become: true tasks: - - name: modules python pour - apt: - name: python3-pymysql - state: present - - - name: install mariadb-server - apt: - name: mariadb-server - state: present - - - name: Cree Bd wordpress - mysql_db: - db: wordpressdb - login_unix_socket: /var/run/mysqld/mysqld.sock - state: present - - - name: Ouvre port 3306 mariadb-server - replace: - path: /etc/mysql/mariadb.conf.d/50-server.cnf - regexp: '^bind-address.*' - replace: '#bind-adress = 127.0.0.1' - backup: yes - notify: restart mariadb - - - name: Create MySQL user for wordpress - mysql_user: - name: wordpressuser - password: wordpresspasswd - priv: "wordpressdb.*:ALL" - host: '%' - state: present - login_unix_socket: /var/run/mysqld/mysqld.sock - - handlers: - - name: restart mariadb - ansible.builtin.service: - name: mariadb - state: restarted roles: - base - goss + - lb-bd - post - snmp-agent + - ssh-cli diff --git a/s-lb-web1.yml b/s-lb-web1.yml index 369cd3e..a870cd5 100644 --- a/s-lb-web1.yml +++ b/s-lb-web1.yml @@ -7,3 +7,5 @@ - post - lb-web - snmp-agent + - ssh-cli + diff --git a/s-lb-web2.yml b/s-lb-web2.yml index 369cd3e..ffdf5c2 100644 --- a/s-lb-web2.yml +++ b/s-lb-web2.yml @@ -7,3 +7,4 @@ - post - lb-web - snmp-agent + - ssh-cli diff --git a/s-lb.yml b/s-lb.yml index 9579662..3a7f1a6 100644 --- a/s-lb.yml +++ b/s-lb.yml @@ -7,5 +7,6 @@ - goss - lb-front - snmp-agent + - ssh-cli - post