supprimé : ../.docker-compose.yml.swp

supprimé :        projetSDIS29_2.war

ansible/db.yml

@@ -0,0 +1,4 @@
+- name: Création de la BDD 
+  hosts: prod
+  roles:
+  - db

ansible/dump.yml

@@ -0,0 +1,4 @@
+- name: Dump de la base de donnée
+  hosts: web 
+  roles:
+    - dbdump

ansible/hosts

@@ -0,0 +1,11 @@
+[local]
+localhost # Add Server IP address, one line per server
+
+[prod]
+ap33prod
+
+[test]
+192.168.0.47
+
+[web]
+web1

ansible/init.yml

@@ -0,0 +1,4 @@
+- name: Initialisation du serveur
+  hosts: prod
+  roles:
+  - init

ansible/roles/db/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart MySQL
+  service:
+    name: mysqld
+    state: restarted

ansible/roles/db/tasks/main.yml

@@ -0,0 +1,35 @@
+- name: "[MYSQL] - Démarrage MySQL"
+  service:
+    name: "mysqld"
+    state: started
+    enabled: yes
+
+- name: "[MYSQL] - Création de la base de données"
+  mysql_db:
+    name: sdis29
+    check_implicit_admin: yes
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    state: present
+
+- name: "[MYSQL] - Création de l'utilisateur"
+  mysql_user:
+    user: slam
+    password: Azerty1+
+    priv: "*.*:ALL"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    state: present
+
+- name: Copie du dump
+  copy:
+    src: files/sdis29.sql
+    dest: /tmp
+
+- name: Restaurer la base de données
+  mysql_db:
+    name: sdis29
+    state: import
+    target: /tmp/sdis29.sql
+    login_user: slam
+    login_password: Azerty1+
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify: Restart MySQL

ansible/roles/db/vars/debian.yml

@@ -0,0 +1,5 @@
+mysql_packages:
+ - mariadb-server
+ - python-m ysqldb
mysql_db: "sdis29"
+ - mysql_user: "slam"
+ - mysql_password: "Azerty1+"

ansible/roles/dbdump/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart mysql
+  service:
+    name: mysql
+    state: restarted

ansible/roles/dbdump/tasks/main.yml

@@ -0,0 +1,17 @@
+- name: Création d'un dump
+  mysql_db:
+    state: dump
+    name: sdis29
+    target: /tmp/sdis29.sql
+    login_user: slam
+    login_password: Azerty1+
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Copie du dump distant
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /root/sauvegarde/sql/
+    flat: yes
+
+
+    

ansible/roles/init/tasks/main.yml

@@ -0,0 +1,36 @@
+- name: S'assurer que le système peut utiliser le transport HTTPS pour l'APT
+  stat:
+    path: /usr/lib/apt/methods/https
+  register: apt_https_transport
+
+- name: Installer APT HTTPS transport.
+  apt:
+    name: "apt-transport-https"
+    state: present
+    update_cache: yes
+  when: not apt_https_transport.stat.exists
+
+- name: Installation des différents paquets (tomcat)
+  package:
+    name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python3']
+    state: present
+    update_cache: yes
+
+- name: Installation de Java
+  apt:
+    name: default-jdk
+    state: present
+ 
+- name: "[MYSQL] - update cache"
+  apt:
+    update_cache: yes
+
+- name: "[MYSQL] - install"
+  apt:
+    name: mariadb-server
+    state: latest
+
+- name: "[Python] - install"
+  apt:
+    name: python3-pymysql
+    state: latest

ansible/roles/tomcat/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart tomcat
+  service:
+    name: tomcat
+    state: restarted

ansible/roles/tomcat/tasks/main.yml

@@ -0,0 +1,63 @@
+- name: Création du groupe tomcat
+  group:
+    name: tomcat
+
+- name: Création d'un utilisateur Tomcat
+  user:
+    name: tomcat
+    group: tomcat
+    home: /usr/share/tomcat
+    createhome: no
+    system: yes
+
+- name: Téléchargement Tomcat
+  get_url:
+    url: http://10.121.38.10/store/apache-tomcat-10.0.13.tar.gz
+    dest: /tmp/apache-tomcat-10.0.13.tar.gz
+
+- name: Création d'un répertoire Tomcat
+  file:
+    path: /usr/share/tomcat
+    state: directory
+    owner: tomcat
+    group: tomcat
+
+- name: Extraction de l'archive Tomcat
+  unarchive:
+    src: /tmp/apache-tomcat-10.0.13.tar.gz
+    dest: /usr/share/tomcat
+    owner: tomcat
+    group: tomcat
+    remote_src: yes
+    extra_opts: "--strip-components=1"
+    creates: /usr/share/tomcat/bin
+
+- name: Copie du fichier de défénition de service Tomcat
+  template:
+    src: templates/tomcat.service.j2
+    dest: /etc/systemd/system/tomcat.service
+  when: ansible_service_mgr == "systemd"
+
+- name: Démarrer Tomcat
+  service:
+    daemon_reload: yes
+    name: tomcat
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+
+- name: Défénition des utilisateurs
+  template:
+    src: tomcat-users.xml.j2
+    dest: /usr/share/tomcat/conf/tomcat-users.xml
+  notify: restart tomcat
+
+- name: Autoisation des différents ip de connexion
+  template:
+    src: context.xml.j2 
+    dest: "{{ item }}"
+  with_items:
+    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+  notify: restart tomcat
+

ansible/roles/tomcat/templates/context.xml.j2

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>

ansible/roles/tomcat/templates/tomcat-users.xml.j2

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>
+

ansible/roles/tomcat/templates/tomcat.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat
+Environment=CATALINA_BASE=/usr/share/tomcat
+Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
+
+ExecStart=/usr/share/tomcat/bin/catalina.sh start
+ExecStop=/usr/share/tomcat/bin/catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/tomcat/vars/main.yml

@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java

ansible/tomcat.yml

@@ -0,0 +1,14 @@
+---
+- name: Tomcat deployment playbook
+  hosts: prod       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    ui_manager_user: manager                    # User who can access the UI manager section only
+    ui_manager_pass: root      # UI manager user password
+    ui_admin_username: admin                    # User who can access bpth manager and admin UI sections
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - tomcat
+   

ansible/tout-les-playbook.yml

@@ -0,0 +1,18 @@
+---
+- name: Tomcat deployment playbook
+  hosts: web       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    ui_manager_user: manager     # User who can access the UI ma>
+    ui_manager_pass: root        # UI manager user password
+    ui_admin_username: admin     # User who can access bpth mana>
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - init
+    - tomcat
+    - db
+    - dbdump
+
+    

docker/docker-compose.yml

@@ -0,0 +1,41 @@
+version: '3.3'
+services:
+   db:
+     image: mysql:5.7
+     volumes:
+       - /opt/test:/var/lib/mysql
+       - ./mysql-dump:/docker-entrypoint-initdb.d
+     environment:
+       MYSQL_ROOT_PASSWORD: root
+       MYSQL_DATABASE: sdis29
+       MYSQL_USER: slam
+       MYSQL_PASSWORD: Azerty1+
+     ports:
+       - 3306:3306
+   phpmyadmin:
+     depends_on:
+       - db
+     image: phpmyadmin/phpmyadmin
+     ports:
+       - '8081:80'
+     environment:
+       PMA_HOST: db
+       MYSQL_ROOT_PASSWORD: root
+   web:
+     depends_on:
+       - db
+     image: tomcat
+     volumes:
+       - ./fichier/projetSDIS29_2.war:/usr/local/tomcat/webapps/projetSDIS29_2.war
+       - ./fichier/server.xml:/usr/share/local/conf/server.xml:rw
+       - ./fichier/tomcat-users.xml:/usr/local/tomcat/conf/tomcat-users.xml:rw
+       - ./fichier/context.xml:/usr/share/local/webapps/host-manager/META-INF/context.xml:rw
+       - ./fichier/context.xml:/usr/share/local/webapps/manager/META-INF/context.xml:rw
+
+     ports:
+       - '8080:8080'
+     environment:
+       MYSQL_ROOT_PASSWORD: root
+       MYSQL_DATABASE: sdis29
+       MYSQL_USER: slam
+       MYSQL_PASSWORD: Azerty1+

docker/fichier/context.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>

docker/fichier/server.xml

@@ -0,0 +1,153 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  <!-- APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+    <!--
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+        maxThreads="150" minSpareThreads="4"/>
+    -->
+
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned. Documentation at :
+         HTTP Connector: /docs/config/http.html
+         AJP  Connector: /docs/config/ajp.html
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+    -->
+    <Connector port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    <!-- A "Connector" using the shared thread pool-->
+    <!--
+    <Connector executor="tomcatThreadPool"
+               port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    -->
+    <!-- Define an SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
+         This connector uses the NIO implementation. The default
+         SSLImplementation will depend on the presence of the APR/native
+         library and the useOpenSSL attribute of the
+         AprLifecycleListener.
+         Either JSSE or OpenSSL style configuration may be used regardless of
+         the SSLImplementation selected. JSSE style configuration is used below.
+    -->
+    <!--
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true">
+        <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
+        <SSLHostConfig>
+            <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
+                         type="RSA" />
+        </SSLHostConfig>
+    </Connector>
+    -->
+
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
+    <!--
+    <Connector protocol="AJP/1.3"
+               address="::1"
+               port="8009"
+               redirectPort="8443" />
+    -->
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host).
+         Documentation at /docs/config/engine.html -->
+
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+    -->
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <!--For clustering, please take a look at documentation at:
+          /docs/cluster-howto.html  (simple how to)
+          /docs/config/cluster.html (reference documentation) -->
+      <!--
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+      -->
+
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <!-- SingleSignOn valve, share authentication between web applications
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+        -->
+
+        <!-- Access log processes all example.
+             Documentation at: /docs/config/valve.html
+             Note: The pattern used is equivalent to using pattern="common" -->
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log" suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>

docker/fichier/tomcat-users.xml

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="manager" password="root" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="admin" password="root" roles="manager-gui,admin-gui" />
+</tomcat-users>