script journald receveur

Partie2/Wireguard/ap31-prod/journald-snd.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# usage : ./journald-snd.sh 10.0.0.1
+#sudo timedatectl set-timezone Europe/Paris
+#sudo apt-get update
+#sudo apt-get install -y systemd-journal-remote
+rpl="s/^# URL=/URL=http:\/\/${1}:19532/"  # $1 represente l'adresse du recepteur
+sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
+sudo systemctl enable --now systemd-journal-upload.service
+sudo systemctl restart systemd-journal-upload.service

Partie2/Wireguard/ap31-prod/wg0.conf

@@ -0,0 +1,12 @@
+#Fichier wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = iIMEJjirl1chq2kLfuO9G5f25cJrVbHgK+BgOiHTdUI=
+Address = 10.0.0.3/32
+ListenPort = 51820
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = JkdGvyuNoJRKGF3Vc4OGgiY59WhROJfCDCwnyVgCmjs=
+Endpoint = 10.121.38.35:51820
+AllowedIPs = 10.0.0.1/32

Partie2/Wireguard/ap31-test/journald-snd.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# usage : ./journald-snd.sh 10.0.0.1
+#sudo timedatectl set-timezone Europe/Paris
+#sudo apt-get update
+#sudo apt-get install -y systemd-journal-remote
+rpl="s/^# URL=/URL=http:\/\/${1}:19532/"  # $1 represente l'adresse du recepteur
+sudo sed -i "$rpl" /etc/systemd/journal-upload.conf
+sudo systemctl enable --now systemd-journal-upload.service
+sudo systemctl restart systemd-journal-upload.service

Partie2/Wireguard/ap31-test/wg0.conf

@@ -0,0 +1,12 @@
+#Fichier wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = WEFEtAFdTwClzY7/AGKW4k0LFqL4Gc4iKIdFYokUa0M=
+Address = 10.0.0.2/32
+ListenPort = 51820
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = JkdGvyuNoJRKGF3Vc4OGgiY59WhROJfCDCwnyVgCmjs=
+Endpoint = 10.121.38.35:51820
+AllowedIPs = 10.0.0.1/32

Partie2/Wireguard/srvlog31/journald-rcv.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+sudo timedatectl set-timezone Europe/Paris
+sudo apt-get update
+sudo apt-get install -y systemd-journal-remote
+sudo systemctl enable --now systemd-journal-remote.socket
+sudo cp /lib/systemd/system/systemd-journal-remote.service /etc/systemd/system
+sudo sed -i 's/--listen-https=-3/--listen-http=-3/' /etc/systemd/system/systemd-journal-remote.service
+[[ -d /var/log/journal/remote ]] || sudo mkdir /var/log/journal/remote
+sudo chown systemd-journal-remote /var/log/journal/remote
+sudo systemctl daemon-reload

Partie2/Wireguard/srvlog31/mkwgconf-p2p.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+set -u
+set -e
+ 
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard extremite A
+EndpointA=10.121.38.35  # Adresse extremite A (gwsio avec redirection vers srvlog31)
+PortA=51820             # Port ecoute extremite A
+
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard extremite B
+EndpointB=172.16.0.95   # Adresse extremite B (ap31-test)
+PortB=51820             # Port ecoute extremite B
+
+AddressCwg=10.0.0.3/32  # Adresse VPN Wireguard extremite C
+EndpointC=172.16.0.82   # Adresse extremite C (ap31-prod)
+PortC=51820             # Port ecoute extremite C
+
+umask 077 ;  
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+ 
+wg genkey > endpoint-c.key
+wg pubkey < endpoint-c.key > endpoint-c.pub
+
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+
+PKC=$(cat endpoint-c.key)
+pKC=$(cat endpoint-c.pub)
+
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA
+Address = $AddressAwg
+ListenPort = $PortA
+ 
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB
+Endpoint = ${EndpointB}:$PortB
+AllowedIPs = $AddressBwg
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = $pKC
+Endpoint = ${EndpointC}:$PortC
+AllowedIPs = $AddressCwg
+FINI
+ 
+ 
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB
+Address = $AddressBwg
+ListenPort = $PortB
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg
+FINI
+
+cat <<FINI > wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = $PKC
+Address = $AddressCwg
+ListenPort = $PortC
+ 
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA
+Endpoint = ${EndpointA}:$PortA
+AllowedIPs = $AddressAwg
+FINI

Partie2/Wireguard/srvlog31/wg0.conf

@@ -0,0 +1,18 @@
+#Fichier wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = iD/nJRCNKIVrCjJQh8ay49jaWuo/WF7iXylGg6GvwmI=
+Address = 10.0.0.1/32
+ListenPort = 51820
+ 
+# remote settings for Endpoint B
+[Peer]
+PublicKey = O1jQuesiC2HEP2Sght/usrjV7KtqF+JLHJ77JhsMPDY=
+Endpoint = 172.16.0.95:51820
+AllowedIPs = 10.0.0.2/32
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = K78Gxh0wHPPPbQxJg8JpbOsS9dRLrG2AqZcCs3W2UR0=
+Endpoint = 172.16.0.82:51820
+AllowedIPs = 10.0.0.3/32

Partie2/ansible/apbase.yml

@@ -0,0 +1,18 @@
+---
+- name: install ap et bd
+  #hosts: ap31-prod, ap31-test
+  #hosts: ap31-prodt
+  hosts: all
+    #  become_method: sudo
+    #  remote_user: debian
+  become: yes
+
+  tasks:
+  - name: install apache2, php, mariadb-server, python3-pymysql
+    ansible.builtin.apt:
+      name:
+        - apache2
+        - php
+        - mariadb-server
+        - python3-pymysql  
+      state: present

Partie2/ansible/apdb.yml

@@ -0,0 +1,32 @@
+---
+- name: Creer la BDD, creer les comptes et injecter la BDD
+  hosts: all
+  become: true
+
+  tasks:
+    - name: creation de la BDD sdis29-1
+      community.mysql.mysql_db:
+        name: sdis29-1
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: copie de la base de donnees
+      copy:
+        src: sdis2023.sql
+        dest: /tmp
+
+    - name: restauration de la base de donnees
+      community.mysql.mysql_db:
+        name: sdis29-1
+        state: import
+        target: /tmp/sdis2023.sql
+        force: true
+        login_unix_socket: /var/run/mysqld/mysqld.sock
+
+    - name: creation de lutilisateur slam
+      community.mysql.mysql_user:
+        name: slam
+        password: Azerty1+
+        priv: '*.*:ALL,GRANT'
+        state: present
+        login_unix_socket: /var/run/mysqld/mysqld.sock

Partie2/ansible/apdbdump.yml

@@ -0,0 +1,12 @@
+---
+- name: recuperer localement un dump de la BDD distante
+  hosts: all
+  become: true
+
+  tasks:
+  - name: Copie du dump distant
+    ansible.builtin.fetch:
+      src: /tmp/sdis2023.sql
+      dest: /root/sauvegarde/sql/
+      flat: true
+

Partie2/ansible/hosts

@@ -0,0 +1,2 @@
+ap31-prodt
+