Ansible Onfarbo

AP4/onfarbo41/hosts

@@ -0,0 +1,4 @@
+[localhost]
+
+[onfarbo]
+onfarbo41

AP4/onfarbo41/playbook.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour onfarbo
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - onfarbo

AP4/onfarbo41/roles/onfarbo/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

AP4/onfarbo41/roles/onfarbo/files/dokuwiki.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+chemin=/var/www/html/doku
+
+apt install -y apache2 php php-mbstring php-gd php-xml
+cd /root
+[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz
+
+if [ $? !=0 ]; then
+	echo "$0 : erreurwget" 1>&2
+	exit 1
+fi
+tar xvfz dokuwiki-stable.tgz
+[ -d "${chemin}" ] || mkdir "${chemin}"
+
+cp -a dokuwiki-2020-07-29/* "${chemin}"
+cd "${chemin}"
+chown -R root:root .
+chmod -R 755 .
+chown -R www-data:www-data data lib conf
+exit 0

AP4/onfarbo41/roles/onfarbo/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/roles/onfarbo/tasks/main.yml

@@ -0,0 +1,83 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: install utils
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: On fait la compilation de adminer
+  tags: compile
+  shell: |
+    php /usr/share/adminer/compile.php
+    mv /usr/share/adminer/adminer-*.php /usr/share/adminer/adminer.php
+    echo "{{ alias }}" | tee /etc/apache2/conf-available/adminer.conf
+    a2enconf adminer.conf
+  notify: restart apache
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://10.121.38.206/adminer.php"
+
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Création du dossier DokuWiki
+  tags: createfile
+  file:
+    path: /root/dokuwiki
+    state: directory
+    mode: 0755
+
+- name: copie du fichier script d'install de dokuwiki
+  tags: sh
+  copy:
+    src: dokuwiki.sh
+    dest: /root/dokuwiki
+
+- name: On rend exécutable le script d'install
+  tags: chmod
+  file:
+    path: /root/dokuwiki/dokuwiki.sh
+    mode: 0755
+
+- name: exécution du script d'install de dokuwiki
+  tags: exec
+  command: bash /root/dokuwiki/dokuwiki.sh
+
+- name: Message d'information pour dokuwiki
+  tags: msg2
+  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://10.121.38.206/doku/install.php"

AP4/onfarbo41/roles/onfarbo/vars/main.yml

@@ -0,0 +1 @@
+alias: "Alias /adminer.php /usr/share/adminer/adminer.php"

SDIS29-P2/config

@@ -0,0 +1,3 @@
+host localhost
+        user root
+	hostname 127.0.0.1

SDIS29-P2/ppe34test/hosts

@@ -0,0 +1,3 @@
+[local]
+localhost
+127.0.0.1

SDIS29-P2/ppe34test/ppebase.yml

@@ -0,0 +1,13 @@
+- name: Installer Tomcat et MariaDB puis lancer les services
+  hosts: all       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    tomcat_ver: 10.0.13                          # Tomcat version to install
+    ui_manager_user: manager                    # User who can access the UI manager section only
+    ui_manager_pass: root      # UI manager user password
+    ui_admin_username: admin                    # User who can access bpth manager and admin UI sections
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - ppebase

SDIS29-P2/ppe34test/ppedb.yml

@@ -0,0 +1,9 @@
+---
+- name: Creer la BDD, creer les comptes et injecter la BDD
+  hosts: all
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - ppedb

SDIS29-P2/ppe34test/ppedbdump.yml

@@ -0,0 +1,9 @@
+---
+- name: Sauvegarder la BDD
+  hosts: all
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - ppedbdump

SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml

@@ -0,0 +1,2 @@
+tomcat_archive_url: http://depl/store/apache-tomcat-10.0.13.tar.gz
+tomcat_archive_dest: /usr/share/tomcat/

SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml

@@ -0,0 +1,96 @@
+  - name: Install basic packages
+    package:
+      name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+      state: present
+      update_cache: yes
+
+  - name: installer JDK
+    apt:
+      name: openjdk-11-jdk
+      state: present
+
+  - name: creer le repertoire /opt/tomcat
+    file:
+      path: /usr/share/tomcat
+      state: directory
+      mode: 0755
+
+  - name: creer le groupe tomcat
+    group:
+      name: tomcat
+
+  - name: creer l'utilisateur tomcat
+    user:
+      name: tomcat
+      group: tomcat
+      home: /usr/share/tomcat
+      createhome: no
+
+  - name: installer TomCat
+    unarchive:
+      src: http://depl/store/apache-tomcat-10.0.13.tar.gz
+      dest: /usr/share/tomcat
+      remote_src: yes
+
+  - name: Change ownership
+    file:
+      path: /usr/share/tomcat
+      owner: tomcat
+      group: tomcat
+      mode: "u+rwx,g+rx,o=rx"
+      recurse: yes
+      state: directory
+
+  - name: Templating Tomcat service from local to remote
+    template:
+      src: tomcat.service.j2
+      dest: /etc/systemd/system/tomcat.service
+    when: ansible_service_mgr == "systemd"
+
+  - name: Demarrer tomcat
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+  - name: Definition des utilisateurs
+    template:
+      src: tomcat-users.xml.j2
+      dest: /usr/share/tomcat/apache-tomcat-10.0.13/conf/tomcat-users.xml
+
+  - name: Autorisation des différentes ips de connexions
+    template:
+      src: context.xml.j2
+      dest: "{{ item }}" 
+    with_items:
+      - /usr/share/tomcat/apache-tomcat-10.0.13/webapps/host-manager/META-INF/context.xml
+      - /usr/share/tomcat/apache-tomcat-10.0.13/webapps/manager/META-INF/context.xml
+
+  - name: Redemarrer le service tomcat (1)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/shutdown.sh
+
+  - name: Redemarrer le service tomcat (2)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+  - name: Redemarrer le service tomcat (3)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/catalina.sh start
+
+
+  - name: on installe java
+    apt:
+      name: default-jdk
+      state: present
+
+  - name: on installe les paquets de MariaDB
+    apt:
+      name: mariadb-server
+      state: latest
+      update_cache: yes
+
+  - name: on installe Python3
+    apt:
+      name: python3-pymysql
+      state: latest
+
+  - name: on lance MariaDB
+    service:
+      name: mysql
+      state: started
+

SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>

SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>

SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat/apache-tomcat-10.0.13
+Environment=CATALINA_BASE=/usr/share/tomcat/apache-tomcat-10.0.13
+Environment=CATALINA_PID=/usr/share/tomcat/apache-tomcat-10.0.13/temp/tomcat.pid
+
+ExecStart=catalina.sh start
+ExecStop=catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target

SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml

@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java

SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart MySQL
+  service:
+    name: mysqld
+    state: restarted

SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml

@@ -0,0 +1,31 @@
+- name: on lance MariaDB
+  service:
+    name: mysql
+    state: started
+
+- name: creation de la BDD sdis29
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: sdis29
+      
+- name: creation de l'utilisateur slam
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+      #- name: injection de la BDD
+      #command: scp sio@10.121.38.95:/home/sio/bdd/sdis29.sql /tmp
+
+- name: restauration de la bdd
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: sdis29
+    state: import
+    target: /tmp/sdis29.sql
+    login_user: slam
+    login_password: Azerty1+
+  notify: Restart MySQL
+

SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml

@@ -0,0 +1,5 @@
+- name: Copie de la sauv distante
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /sauvegarde
+    flat: yes

SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1

@@ -0,0 +1,15 @@
+- name: creer une sauvegarde
+  mysql_db:
+    name: sdis29
+    state: dump
+    target: /tmp/sdis29.sql
+    login_host: localhost
+    login_user: slam
+    login_password: Azerty1+
+    login_unix_user: /var/run/mysqld/mysqld.sock
+
+- name: Copie de la sauv distante
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /root/sauvegarde/sql/
+    flat: yes

SDIS29/svwar.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -o nounset
+DATH=$(date "+%X")
+DATJ=$(date "+%u")
+
+scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/usr/libexec/tomcat10/webapps
+scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/root/svwar

SDIS29/vpn/journald.conf

@@ -0,0 +1,44 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+ForwardToSyslog=yes
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
+#LineMax=48K
+#ReadKMsg=yes
+#Audit=no

SDIS29/vpn/rsyslog.conf

@@ -0,0 +1,92 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*

SDIS29/vpn/wg0.conf

@@ -0,0 +1,21 @@
+[Interface]
+
+# VPN server private IP address
+Address = 10.0.2.1/24
+# Clef privee serveur
+PrivateKey = EOBiuF/rtF0LoYzTUWiJgfDXIU292jiY/INHJoQbCno=
+ListenPort = 51820
+
+[Peer]
+
+# Clef publique client
+PublicKey = ABBhn4p6vzj9swWqVXKw1De2OldsTpeEivx2DKfmNR8=
+# Adresses IP que le client VPN est autorisé à utiliser
+AllowedIPs = 10.0.2.1/24
+
+[Peer]
+
+# Clef publique client
+PublicKey = 0iV6dUPJtqUd0jpE7GAKMBrmfOjWp0hxcEi2Ue+ACkw=
+# Adresses IP que le client VPN est autorisé à utiliser
+AllowedIPs = 10.0.2.1/24