ajout ansible

ansible/db.yml

@@ -0,0 +1,4 @@
+- name: Création de la BDD 
+  hosts: prod
+  roles:
+  - db

ansible/dump.yml

@@ -0,0 +1,4 @@
+- name: Dump de la base de donnée
+  hosts: web 
+  roles:
+    - dbdump

ansible/hosts

@@ -1,2 +1,11 @@
-[tomcat-nodes]
+[local]
 localhost # Add Server IP address, one line per server
+
+[prod]
+ap33prod
+
+[test]
+192.168.0.47
+
+[web]
+web1

ansible/init.yml

@@ -0,0 +1,4 @@
+- name: Initialisation du serveur
+  hosts: prod
+  roles:
+  - init

ansible/invent

@@ -1 +0,0 @@
-localhost

ansible/local2.yml

@@ -1,3 +0,0 @@
-- hosts: all
-  roles:
-  - db

ansible/roles/db/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart MySQL
+  service:
+    name: mysqld
+    state: restarted

ansible/roles/db/tasks/main.yml

@@ -1,44 +1,35 @@
-- name: "[MYSQL] - update cache"
-  apt:
-    update_cache: yes
-
-- name: "[MYSQL] - install"
-  apt:
-    name: mariadb-server
-    state: latest
-
-- name: "[Python] - install"
-  apt:
-    name: python
-    state: latest
-
-- name: "[MYSQL] - start mysql"
+- name: "[MYSQL] - Démarage MySQL"
   service:
     name: "mysqld"
     state: started
     enabled: yes
 
-- name: "[MYSQL] - create database"
-  community.mysql.mysql_db:
-    name:
-      - sdis29
+- name: "[MYSQL] - Création de la base de données"
+  mysql_db:
+    name: sdis29
+    check_implicit_admin: yes
+    login_unix_socket: /var/run/mysqld/mysqld.sock
     state: present
 
-- name: "[MYSQL] - create user"
+- name: "[MYSQL] - Création de l'utilisateur"
   mysql_user:
-    name: "slam"
-    password: "Azerty1+"
+    user: slam
+    password: Azerty1+
     priv: "*.*:ALL"
-    host: "127.0.0.1"
-    become: yes
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    state: present
 
-- name: Copier dump
+- name: Copie du dump
   copy:
-    src: db-sauv.sql.gz
+    src: files/sdis29.sql
     dest: /tmp
 
-- name: Restorer la base de données
-  community.mysql.mysql_db:
-    name: my_db
+- name: Restaurer la base de données
+  mysql_db:
+    name: sdis29
     state: import
-    target: /tmp/db-sauv.sql.gz
+    target: /tmp/sdis29.sql
+    login_user: slam
+    login_password: Azerty1+
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify: Restart MySQL

ansible/roles/db/vars/debian.yml

@@ -1,5 +1,5 @@
 mysql_packages:
  - mariadb-server
- - python-m ysqldb
mysql_db: "sdis29"

- - mysql_user: "slam"

+ - python-m ysqldb
mysql_db: "sdis29"
+ - mysql_user: "slam"
  - mysql_password: "Azerty1+"

ansible/roles/dbdump/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart mysql
+  service:
+    name: mysql
+    state: restarted

ansible/roles/dbdump/tasks/main.yml

@@ -1,8 +1,17 @@
-- name: create a backup
+- name: Création d'un dump
   mysql_db:
-    name: sdis29
     state: dump
+    name: sdis29
     target: /tmp/sdis29.sql
-    login_host: localhost
     login_user: slam
     login_password: Azerty1+
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Copie du dump distant
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /root/sauvegarde/sql/
+    flat: yes
+
+
+    

ansible/roles/init/tasks/main.yml

@@ -0,0 +1,36 @@
+- name: S'assurer que le système peut utiliser le transport HTTPS pour l'APT
+  stat:
+    path: /usr/lib/apt/methods/https
+  register: apt_https_transport
+
+- name: Installer APT HTTPS transport.
+  apt:
+    name: "apt-transport-https"
+    state: present
+    update_cache: yes
+  when: not apt_https_transport.stat.exists
+
+- name: Installation des différents paquets (tomcat)
+  package:
+    name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python3']
+    state: present
+    update_cache: yes
+
+- name: Installation de Java
+  apt:
+    name: default-jdk
+    state: present
+ 
+- name: "[MYSQL] - update cache"
+  apt:
+    update_cache: yes
+
+- name: "[MYSQL] - install"
+  apt:
+    name: mariadb-server
+    state: latest
+
+- name: "[Python] - install"
+  apt:
+    name: python3-pymysql
+    state: latest

ansible/roles/tomcat/defaults/main.yml

@@ -1,3 +0,0 @@
----
-tomcat_archive_url: https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.14/bin/apache-tomcat-10.0.14.tar.gz
-tomcat_archive_dest: /tmp/apache-tomcat-{{ tomcat_ver }}.tar.gz

ansible/roles/tomcat/tasks/main.yaml

@@ -1,8 +0,0 @@
----
-- name: Add the OS specific variables
-  include_vars: "{{ item }}"
-  with_first_found:
-    - "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml"
-    - "{{ ansible_os_family }}.yml"
-
-- include_tasks: "tomcat-setup-{{ ansible_os_family }}.yml"

ansible/roles/tomcat/tasks/main.yml

@@ -0,0 +1,63 @@
+- name: Création du groupe tomcat
+  group:
+    name: tomcat
+
+- name: Création d'un utilisateur Tomcat
+  user:
+    name: tomcat
+    group: tomcat
+    home: /usr/share/tomcat
+    createhome: no
+    system: yes
+
+- name: Téléchargement Tomcat
+  get_url:
+    url: http://10.121.38.10/store/apache-tomcat-10.0.13.tar.gz
+    dest: /tmp/apache-tomcat-10.0.13.tar.gz
+
+- name: Création d'un répertoire Tomcat
+  file:
+    path: /usr/share/tomcat
+    state: directory
+    owner: tomcat
+    group: tomcat
+
+- name: Extraction de l'archive Tomcat
+  unarchive:
+    src: /tmp/apache-tomcat-10.0.13.tar.gz
+    dest: /usr/share/tomcat
+    owner: tomcat
+    group: tomcat
+    remote_src: yes
+    extra_opts: "--strip-components=1"
+    creates: /usr/share/tomcat/bin
+
+- name: Copie du fichier de défénition de service Tomcat
+  template:
+    src: templates/tomcat.service.j2
+    dest: /etc/systemd/system/tomcat.service
+  when: ansible_service_mgr == "systemd"
+
+- name: Démarrer Tomcat
+  service:
+    daemon_reload: yes
+    name: tomcat
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+
+- name: Défénition des utilisateurs
+  template:
+    src: tomcat-users.xml.j2
+    dest: /usr/share/tomcat/conf/tomcat-users.xml
+  notify: restart tomcat
+
+- name: Autoisation des différents ip de connexion
+  template:
+    src: context.xml.j2 
+    dest: "{{ item }}"
+  with_items:
+    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+  notify: restart tomcat
+

ansible/roles/tomcat/tasks/tomcat-setup-Debian.yml

@@ -1,85 +0,0 @@
-- name: Ensure the system can use the HTTPS transport for APT.
-  stat:
-    path: /usr/lib/apt/methods/https
-  register: apt_https_transport
-
-- name: Install APT HTTPS transport.
-  apt:
-    name: "apt-transport-https"
-    state: present
-    update_cache: yes
-  when: not apt_https_transport.stat.exists
-
-- name: Install basic packages
-  package:
-    name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
-    state: present
-    update_cache: yes
-
-- name: Install Default Java (Debian/Ubuntu)
-  apt:
-    name: default-jdk
-    state: present
-
-- name: Add tomcat group
-  group:
-    name: tomcat
-
-- name: Add "tomcat" user
-  user:
-    name: tomcat
-    group: tomcat
-    home: /usr/share/tomcat
-    createhome: no
-    system: yes
-
-- name: Download Tomcat
-  get_url:
-    url: "https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.14/bin/apache-tomcat-10.0.14.tar.gz"
-    dest: "{{ tomcat_archive_dest }}"
-
-- name: Create a tomcat directory
-  file:
-    path: /usr/share/tomcat
-    state: directory
-    owner: tomcat
-    group: tomcat
-
-- name: Extract tomcat archive
-  unarchive:
-    src: "{{ tomcat_archive_dest }}"
-    dest: /usr/share/tomcat
-    owner: tomcat
-    group: tomcat
-    remote_src: yes
-    extra_opts: "--strip-components=1"
-    creates: /usr/share/tomcat/bin
-
-- name: Copy tomcat service file
-  template:
-    src: templates/tomcat.service.j2
-    dest: /etc/systemd/system/tomcat.service
-  when: ansible_service_mgr == "systemd"
-
-- name: Start and enable tomcat
-  service:
-    daemon_reload: yes
-    name: tomcat
-    state: started
-    enabled: yes
-  when: ansible_service_mgr == "systemd"
-- name: Set UI access credentials
-  template:
-    src: tomcat-users.xml.j2
-    dest: /usr/share/tomcat/conf/tomcat-users.xml
-  notify: restart tomcat
-
-- name: Allow access to Manager and Host Manager apps from any IP
-  template:
-    src: context.xml.j2 
-    dest: "{{ item }}"
-  with_items:
-    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
-    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
-  notify: restart tomcat
-

ansible/roles/tomcat/vars/RedHat.yml

@@ -1 +0,0 @@
-JAVA_HOME: /usr/lib/jvm/jre

ansible/tomcat.yml

@@ -1,15 +1,14 @@
 ---
 - name: Tomcat deployment playbook
-  hosts: all       # Inventory hosts group / server to act on
+  hosts: prod       # Inventory hosts group / server to act on
   become: yes               # If to escalate privilege
   become_method: sudo       # Set become method
   remote_user: root         # Update username for remote server
   vars:
-    tomcat_ver: 10.0.14                          # Tomcat version to install
     ui_manager_user: manager                    # User who can access the UI manager section only
     ui_manager_pass: root      # UI manager user password
     ui_admin_username: admin                    # User who can access bpth manager and admin UI sections
     ui_admin_pass: root          # UI admin password
   roles:
     - tomcat
-
+   

ansible/tout-les-playbook.yml

@@ -0,0 +1,18 @@
+---
+- name: Tomcat deployment playbook
+  hosts: web       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    ui_manager_user: manager     # User who can access the UI ma>
+    ui_manager_pass: root        # UI manager user password
+    ui_admin_username: admin     # User who can access bpth mana>
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - init
+    - tomcat
+    - db
+    - dbdump
+
+    

wireguard/wg0_bis.conf

@@ -0,0 +1,12 @@
+[Interface]
+Address = 10.0.2.1/24 # Adresses autorisées dans le VPN
+Listenport = 51820
+
+# clé privée de machine A 
+PrivateKey = gH7dHUHX8cbpvc3TcazYDfJpJK4QXWfCJJ+QbBKh33s=  
+# UDP service port; 51820 is a common choice for WireGuard
+ListenPort = 51820
+
+[Peer]
+PublicKey = pqqV6rxSa4kT7xJcaSpmky/eK3rCp4JvncjtqcSsPmI= # de machine B
+AllowedIPs = 10.0.2.1/24 # le peer peut acceder au serveur