Cloud-init

supprimé :        55-proxmox/create.sh
	supprimé :        55-proxmox/id_rsa.pub
	supprimé :        55-proxmox/pubkey/id_rsa.pub

sio2/sisr/35-script/bash/script/restoration

@@ -0,0 +1,17 @@
+#!/bin/bash
+DAT=$(date "+%u")
+DEST=/home/sv/d/"${DAT}"
+HOST=root@192.168.0.29
+ssh "${HOST}" apt install -y rsync apache2 mariadb-server php 
+ssh "${HOST}" "mysql CREATE DATABASES wordpress;" #a refaire
+ssh "${HOST}" "mysql -u wordpress_user -pqdrhh45 wordpress < "${DEST}"/wordpress.sql" #a refaire
+scp -r "${DEST}"/wordpress "${HOST}":/var/www/html/
+scp "${DEST}"/default-ssl.conf "${HOST}":/etc/apache2/sites-available/
+scp "${DEST}"/wordpress.conf "${HOST}":/etc/apache2/sites-available/
+scp "${DEST}"/server.key "${HOST}":/etc/apache2/
+scp "${DEST}"/server.crt "${HOST}":/etc/apache2/
+#rsync -az "${DEST}"/wordpress "${HOST}":/var/www/html/
+#rsync -az "${DEST}"/default-ssl.conf "${HOST}":/etc/apache2/sites-available/
+#rsync -az "${DEST}"/wordpress.conf "${HOST}":/etc/apache2/sites-available/
+#rsync -az "${DEST}"/server.key "${HOST}":/etc/apache2/
+#rsync -az "${DEST}"/server.crt "${HOST}":/etc/apache2/

sio2/sisr/35-script/bash/script/sauv

@@ -0,0 +1,15 @@
+#!/bin/bash
+DAT=$(date "+%u")
+DEST=/home/sv
+DEST2="${DEST}/d/${DAT}"
+[ -d  "${DEST}/d"  ] || mkdir -p "${DEST}/d"
+[ -d  "${DEST}/d/${DAT}"  ] || mkdir -p "${DEST}/d/${DAT}"
+HOST=sauv@192.168.0.34
+ssh "${HOST}" "mysqldump -u wordpress_user -pqdrhh45 wordpress|gzip -" >"${DEST2}"/wordpress.sql.gz
+
+rsync -av -e ssh "${HOST}":/var/www/html/wordpress "${DEST2}"
+rsync -av -e ssh "${HOST}":/etc/apache2/sites-available/default-ssl.conf "${DEST2}"/default-ssl.conf
+rsync -av -e ssh "${HOST}":/etc/apache2/sites-available/wordpress.conf "${DEST2}"/wordpress.conf
+rsync -av -e ssh "${HOST}":/etc/apache2/server.key "${DEST2}"/server.key
+rsync -av -e ssh "${HOST}":/etc/apache2/server.crt "${DEST2}"/server.crt
+

sio2/sisr/35-script/python/log.py

@@ -0,0 +1,19 @@
+#/usr/bin/python3
+import re
+import sys
+group = {}
+regexp = '^(\S+) (\S+) (\S+) \[([^]]+)\] "(\w+) (\S+).*" (\d+) (\S+)'
+for line in sys.stdin:
+   line = line.rstrip ( )
+   match = re.match (regexp, line) 
+   if match:
+     print (match.group(1)," ",match.group(8))
+     ip = match.group(1)
+     vol = match.group(8)
+     if ip in group:
+        group[ip] = group[ip] + vol
+     else:
+        group[ip] = vol
+for key in group.keys():
+   print (key, " ", group[key])
+

sio2/sisr/35-script/python/passusr.py

@@ -0,0 +1,38 @@
+#!/usr/bin/python3
+import sys
+import subprocess
+import os
+nbarg = len(sys.argv)
+if nbarg != 2:
+       print ("Nombre d'argument invalide")
+       exit (1) 
+filename = sys.argv[1]
+try:
+    fh = open(filename, "r")
+except:
+    print ("Fichier ", filename," inconnu")
+    exit (2)
+else:
+    line = fh.readline ()
+    while line:
+        nouvline = line.rstrip()
+        login,nomlong = nouvline.split(':')
+        cmd = "sudo useradd -m -d /home/"+login+" -c \'"+ nomlong+"\' -s /bin/bash "+ login
+        res = os.system ("getent passwd "+login)
+        if res != 0:
+            passw = ["pwgen", "4","1"]  
+            os.system (cmd)
+            mdp = subprocess.run(passw,capture_output=True)
+            mdp2 = mdp.stdout.decode("utf-8")
+            mdp3 = mdp2.rstrip()
+            print (mdp3)
+            ch3 = "echo "+login+":"+mdp3+"|sudo chpasswd"
+            print (ch3)
+            os.system (ch3)
+            os.system ("sudo echo "+login+":"+mdp3+" >> "+filename+".pwd")
+        else:
+            print ("Utilisateur "+login+" déjà éxistant")
+            os.system ("sudo userdel -r "+login)
+        line = fh.readline()
+
+    fh.close()

sio2/sisr/35-script/python/user.txt

@@ -0,0 +1,2 @@
+adupont:Albert Dupont
+jduroy:Jeannette Duroy

sio2/sisr/35-script/python/user.txt.pwd

@@ -0,0 +1,4 @@
+adupont:0PSg
+jduroy:2Sdc
+adupont:Ksw4
+jduroy:C0px

sio2/sisr/40-vlan/ipsec.conf

@@ -0,0 +1,23 @@
+config setup
+        charondebug="all"
+        uniqueids=yes
+        strictcrlpolicy=no
+conn %default
+conn tunnel #
+        left=10.0.0.2
+        leftsubnet=192.168.2.0/24
+        right=10.0.0.1
+        rightsubnet=192.168.1.0/24
+        ike=aes256-sha2_256-modp1024!
+        esp=aes256-sha2_256!
+        keyingtries=0
+        ikelifetime=1h
+        lifetime=8h
+        dpddelay=30
+        dpdtimeout=120
+        dpdaction=restart
+        authby=secret
+        auto=start
+        keyexchange=ikev2
+        type=tunnel
+

sio2/sisr/40-vlan/ipsec.secrets

@@ -0,0 +1,5 @@
+# This file holds shared secrets or RSA private keys for authentication.
+
+# RSA private key for this host, authenticating it to any other host
+# which knows the public part.
+10.0.0.2 10.0.0.1 : PSK 'root'

sio2/sisr/45-ansible/dokuw/invent

@@ -0,0 +1 @@
+doku

sio2/sisr/45-ansible/dokuw/local.yml

@@ -0,0 +1,4 @@
+- hosts: all
+  roles:
+  - web
+  - doku

sio2/sisr/45-ansible/dokuw/roles/doku/tasks/main.yml

@@ -0,0 +1,59 @@
+- name: recuperation dokuwiki-stable.tgz depuis machine depl
+  get_url:
+    url: http://depl.sio.lan/store/dokuwiki-stable.tgz
+    dest: /tmp
+
+- name: Extraction archive
+  unarchive:
+    src: /tmp/dokuwiki-stable.tgz
+    dest: /var/www/html/
+    remote_src: yes
+
+- name: stat rept
+  stat:
+    path: /var/www/html/dokuwiki-2020-07-29
+  register: rept_stat
+
+- name: Renommage de dokuwiki-stable
+  command: mv /var/www/html/dokuwiki-2020-07-29 /var/www/html/doku
+  when: rept_stat.stat.exists
+
+- name: Droit root recursive
+  file: 
+    path: /var/www/html/doku
+    state: directory
+    recurse: yes
+    owner: root
+    group: root
+
+- name: droit 755
+  file:
+    path: /var/www/html/doku
+    state: directory
+    mode: '0755'
+    recurse: yes
+
+- name: droit apache data
+  file: 
+    path: /var/www/html/doku/data
+    state: directory
+    owner: www-data
+    group: www-data
+    recurse: yes
+
+- name: droit apache lib
+  file: 
+    path: /var/www/html/doku/lib
+    state: directory 
+    owner: www-data
+    group: www-data
+    recurse: yes
+
+- name: droit apache conf
+  file: 
+    path: /var/www/html/doku/conf
+    state: directory 
+    owner: www-data
+    group: www-data
+    recurse: yes
+

sio2/sisr/45-ansible/dokuw/roles/web/tasks/main.yml

@@ -0,0 +1,25 @@
+- name: installation apache2
+  apt:
+    name: apache2
+    state: present
+
+- name: installation php
+  apt:
+    name: php
+    state: present
+
+- name: installation php-mbstring
+  apt:
+    name: php-mbstring
+    state: present
+
+- name: installation php-gd
+  apt:
+    name: php-gd
+    state: present
+
+- name: installation php-xml
+  apt:
+    name: php-xml
+    state: present
+

sio2/sisr/45-ansible/testansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio2/sisr/45-ansible/tpansible/hosts

@@ -0,0 +1,6 @@
+[adm]
+infra
+
+[web]
+web1
+web2

sio2/sisr/45-ansible/tpansible/index.html

@@ -0,0 +1 @@
+Salut

sio2/sisr/45-ansible/tpansible/squid.yml

@@ -0,0 +1,31 @@
+- hosts: adm
+  vars:
+  - proxy_port: 8080
+  - proxy_mem: 128 
+  
+  tasks:
+  - name: Installation squid
+    apt:
+      name: squid
+      state: present 
+  
+  - name: Copie squid.conf squid.conf.j2
+    template:
+      src: squid.conf.j2
+      dest: /etc/squid/squid.conf
+    notify:
+    - restart squid
+ 
+#  - name: On ajoute http_access allow localnet
+#    replace:
+#      path: /etc/squid/squid.conf
+#      regexp: '^#http_access allow localnet'
+#      replace: 'http_access allow localnet'
+#    notify:
+#    - restart squid 
+ 
+  handlers:
+    - name: restart squid
+      service:
+        name: squid
+        state: restarted  

sio2/sisr/45-ansible/tpansible/syslog-cli.yml

@@ -0,0 +1,29 @@
+- hosts: web
+  tasks:
+  
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify:
+    - restart journald  
+  
+  - name: Ajoute l'indication de serveur syslog distant si elle n'est pas presente
+    lineinfile:
+      path: /etc/rsyslog.conf
+      line: '*.* @192.168.0.23:514'
+      create: yes
+    notify:
+    - restart rsyslog
+  
+  handlers:
+  - name: restart journald
+    service:
+      name: systemd-journald.service
+      state: restarted  
+
+  - name: restart syslog
+    service:
+      name: rsyslog
+      state: restarted

sio2/sisr/45-ansible/tpansible/syslog.yml

@@ -0,0 +1,37 @@
+- hosts: adm
+  tasks:
+ 
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#module\(load="imudp"\)'
+      replace: 'module(load="imudp")'
+    notify:
+    - restart rsyslog
+
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/rsyslog.conf
+      regexp: '^#input\(type="imudp" port="514"\)'
+      replace: 'input(type="imudp" port="514")'
+    notify:
+    - restart rsyslog
+ 
+  - name: decommente le chargement du module imudp dans rsyslog.conf
+    replace:
+      path: /etc/systemd/journald.conf
+      regexp: '^#ForwardToSyslog=yes'
+      replace: 'ForwardToSyslog=yes'
+    notify:
+    - restart journald
+ 
+  handlers:  
+    - name: restart rsyslog
+      service:
+        name: rsyslog
+        state: restarted
+
+    - name: restart journald
+      service:
+        name: systemd-journald.service
+        state: restarted

sio2/sisr/45-ansible/tpansible/web.yml

@@ -0,0 +1,18 @@
+- hosts: web
+  tasks:
+  - name: Installation apache2
+    apt:
+      name: apache2
+      state: present
+  - name: Installation php  
+    apt:
+      name: php
+      state: present
+  - name: Installation php-mbstring 
+    apt:
+      name: php-mbstring
+      state: present
+  - name: Copie index.html
+    copy:
+      src: index.html
+      dest: /var/www/html/

sio2/sisr/50-wireguard/wg-private.key

@@ -0,0 +1 @@
+SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=

sio2/sisr/50-wireguard/wg-public.key

@@ -0,0 +1 @@
+pKM5noo3ZF3v3t3fBJBYzvFt61ItJxIkEHC0uXkCgAU=

sio2/sisr/50-wireguard/wg0.conf

@@ -0,0 +1,14 @@
+# générer des clés : cd /etc/wireguard; umask 077 ; wg genkey | tee private.key | wg pubkey > public.key 
+[Interface]
+Address = 10.0.2.1/24 # Adresses autorisées dans le VPN
+Listenport = 51820
+
+# clé privée de machine A (actuelle)
+PrivateKey = SBGswrABm13tZGpO70WKZjCtEF4YcGlJkBXORNgkJHE=
+# UDP service port; 51820 is a common choice for WireGuard
+ListenPort = 51820
+
+[Peer]
+# clé publique de machine B (l'autre)
+PublicKey = qhiQishoQMM6Y/g7OnUeLNX5T2p0FQx2oq+F/qKQfVc=
+AllowedIPs = 10.0.2.1/24 # le peer peut acceder au serveur

sio2/sisr/55-proxmox/clone.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+num1="$1"
+num2="$2"
+nom="$3" 
+ip="$4"
+
+qm clone "${num1}" "${num2}" --name "${nom}"
+qm set "${num2}" --sshkeys id_rsa.pub
+qm set "${num2}" --ipconfig0 ip="${ip}",gw=192.168.0.1
+qm resize "${num2}" scsi0 8G
+qm start "${num2}"

sio2/sisr/55-proxmox/create.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+num="$1"
+#récupération de l'image Openstack Debian 11 au format qcow2
+cd /var/lib/vz/template/qemu/
+export http_proxy=http://10.121.38.1:8080
+export https_proxy=http://10.121.38.1:8080
+wget --no-check-certificate  https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-genericcloud-amd64.qcow2
+#Création de la VM a partir de l'image
+qm create "${num}" --memory 1024 --net0 virtio,bridge=vmbr0
+qm importdisk "${num}" /var/lib/vz/template/qemu/debian-11-generic-amd64.qcow2 local-lvm
+#Paramètrage de la machine
+qm set "${num}" --scsihw virtio-scsi-pci --scsi0 local-lvm:vm-"${num}"-disk-0 # on associe le disque scsi0 au LV vm-9000-disk-0
+qm set "${num}" --boot c --bootdisk scsi0 # on définit le disque scsi0 comme disque de démarrage
+qm set "${num}" --ide2 local-lvm:cloudinit # on joint le volume CDROM cloudinit utilisé pour le démarrage
+qm set "${num}" --serial0 socket --vga serial0 # on définit une console série qu'on utilise comme affichage
+qm template "${num}"  # on définit la VM 9000 comme template

sio2/sisr/55-proxmox/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh2egCAcgBM+XXtvBfg6QYHB5+c0jqN1gzcfcs/2SaP/FTWk6u5mv+E9igbpMHrQKkH8z0ocNgKhV8nAHbtbCFa9UOF7kUESSnMWb6gt9qSiVY3PHb9iQHAbpQkqWgCgUKUTp7UEFLPd1QaCAFvbv43nGZGAFod/lX5h3HQV5goAyWgwairJbFSekkEvAF6hDFzaTSZaoi8tRRKDBDZVmTsL4v4ywM6/SIl/8COK0FJmEwIjU8jSOUAQtmbwXH70Zbegh30Osg8xLdnNrWJCKC9onf0V8s8djongk7wgj0KTBTrpPf26f9imY6Is24paHTGAFEfaqjhPyIz+i2hZKKMT5K5j0QYKOsThiReJs59cJIJpPgysbKnkNNMbhHtSL0XENmlhXzsKgfVVwTcvopE7+yoe1suCsqBrWtUw9o8RpHmzFrLH9HHJ5Ts1JCyMnTg10LzXlyK2ukWMbb0+qc0PMJrANTmpf77mJulkblQaOKSV38S5awS44NCZPRIbs= sio@lab213-23

sio2/sisr/55-proxmox/pubkey/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCh2egCAcgBM+XXtvBfg6QYHB5+c0jqN1gzcfcs/2SaP/FTWk6u5mv+E9igbpMHrQKkH8z0ocNgKhV8nAHbtbCFa9UOF7kUESSnMWb6gt9qSiVY3PHb9iQHAbpQkqWgCgUKUTp7UEFLPd1QaCAFvbv43nGZGAFod/lX5h3HQV5goAyWgwairJbFSekkEvAF6hDFzaTSZaoi8tRRKDBDZVmTsL4v4ywM6/SIl/8COK0FJmEwIjU8jSOUAQtmbwXH70Zbegh30Osg8xLdnNrWJCKC9onf0V8s8djongk7wgj0KTBTrpPf26f9imY6Is24paHTGAFEfaqjhPyIz+i2hZKKMT5K5j0QYKOsThiReJs59cJIJpPgysbKnkNNMbhHtSL0XENmlhXzsKgfVVwTcvopE7+yoe1suCsqBrWtUw9o8RpHmzFrLH9HHJ5Ts1JCyMnTg10LzXlyK2ukWMbb0+qc0PMJrANTmpf77mJulkblQaOKSV38S5awS44NCZPRIbs= sio@lab213-23