Ajout des fichiers de test goss et du playbook d'installation GLPI

AP4/onfarbo41/ansible/adminer.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour adminer 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - adminer

AP4/onfarbo41/ansible/db.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour la BDD 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - db

AP4/onfarbo41/ansible/dokuwiki.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour le dokuwiki 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - dokuwiki 

AP4/onfarbo41/ansible/hosts

@@ -0,0 +1,2 @@
+[onfarbo]
+onfarbo41

AP4/onfarbo41/ansible/playbook.yml

@@ -0,0 +1,10 @@
+- name: Playbook pour onfarbo41
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - adminer
+    - db
+    - dokuwiki 

AP4/onfarbo41/ansible/roles/adminer/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

AP4/onfarbo41/ansible/roles/adminer/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/adminer/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: install utils
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: On créer un lien symbolique
+  tags: link
+  file:
+    src: /usr/share/adminer/adminer
+    dest: /var/www/html/adminer
+    state: link
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo41/adminer.php"
+

AP4/onfarbo41/ansible/roles/adminer/vars/main.yml

@@ -0,0 +1 @@
+alias: "Alias /adminer.php /usr/share/adminer/adminer.php"

AP4/onfarbo41/ansible/roles/db/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/db/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock

AP4/onfarbo41/ansible/roles/dokuwiki/files/dokuwiki.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+chemin=/var/www/html/doku
+
+apt install -y apache2 php php-mbstring php-gd php-xml
+cd /root
+[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz
+
+if [ $? !=0 ]; then
+	echo "$0 : erreurwget" 1>&2
+	exit 1
+fi
+tar xvfz dokuwiki-stable.tgz
+[ -d "${chemin}" ] || mkdir "${chemin}"
+
+cp -a dokuwiki-2020-07-29/* "${chemin}"
+cd "${chemin}"
+chown -R root:root .
+chmod -R 755 .
+chown -R www-data:www-data data lib conf
+exit 0

AP4/onfarbo41/ansible/roles/dokuwiki/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/dokuwiki/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Création du dossier DokuWiki
+  tags: createfile
+  file:
+    path: /root/dokuwiki
+    state: directory
+    mode: 0755
+
+- name: copie du fichier script d'install de dokuwiki
+  tags: sh
+  copy:
+    src: dokuwiki.sh
+    dest: /root/dokuwiki
+
+- name: On rend exécutable le script d'install
+  tags: chmod
+  file:
+    path: /root/dokuwiki/dokuwiki.sh
+    mode: 0755
+
+- name: exécution du script d'install de dokuwiki
+  tags: exec
+  command: bash /root/dokuwiki/dokuwiki.sh
+
+- name: Message d'information pour dokuwiki
+  tags: msg2
+  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://onfarbo41/doku/install.php"

AP4/onfarbo41/gosstest/goss.yaml

@@ -0,0 +1,36 @@
+#Ici, on test MariaDB
+port:
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+
+#Ici, on test ssh
+service:
+  ssh:
+    enabled: true
+    running: true
+group:
+  ssh:
+    exists: true
+    gid: 111
+
+#Ici, on test le serveur web
+http:
+  http://10.121.38.206:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - works
+
+#Ici, on test dokuwiki
+http:
+  http://10.121.38.206/doku/:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body:
+    - Trace

AP4/onfarbo41/onfinfra/ansible/glpi.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  connection: local
+  roles:
+    - glpi

AP4/onfarbo41/onfinfra/ansible/roles/glpi/defaults/main.yml

@@ -0,0 +1,10 @@
+depl_url: "http://depl/store"
+glpi_tgz: "glpi-9.5.7.tgz"
+fusion: "fusioninventory-9.5+3.0.tar.bz2"
+fusion64: "fusioninventory-agent_windows-x64_2.6.exe"
+glpi_dir: "/var/www/html/glpi"
+glpi_dbhost: "127.0.0.1"
+glpi_dbname: "glpi"
+glpi_dbuser: "glpi"
+glpi_dbpasswd: "glpi"
+

AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/glpi.conf

@@ -0,0 +1,12 @@
+DocumentRoot /var/www/glpi
+        <Directory /var/www/glpi>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride All
+                Order allow,deny
+                allow from all
+                AuthType Basic
+        </Directory>
+
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
+        CustomLog ${APACHE_LOG_DIR}/glpi_access.log combined
+        ErrorLog  ${APACHE_LOG_DIR}/glpi_error.log

AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/my.cnf

@@ -0,0 +1,3 @@
+[client]
+user=root
+password=root

AP4/onfarbo41/onfinfra/ansible/roles/glpi/handlers/main.yml

@@ -0,0 +1,18 @@
+---
+- name: restart php-fpm
+  service:
+    name: php-fpm
+    state: restarted
+    enabled: yes
+
+- name: restart nginx
+  service:
+    name: nginx
+    state : restarted
+    enabled: yes  
+
+- name: restart mariadb-server
+  service: 
+    name: mariadb-server
+    state: restarted
+    enabled: yes

AP4/onfarbo41/onfinfra/ansible/roles/glpi/tasks/main.yml

@@ -0,0 +1,134 @@
+---
+  - name: Installation des paquets
+    apt:
+      state: latest
+      name:
+      - nginx
+      - php-fpm
+      - php-mbstring
+      - php-mysql
+      - php-gd
+      - php-curl
+      - php-xml
+      - php-apcu
+      - php-ldap
+      - php-imap
+      - php-xmlrpc
+      - php-cas
+      - python3-mysqldb
+      - mariadb-server
+      - python3-pymysql
+      - php-intl
+      - php-bz2
+      - php-zip
+      - postfix
+      - mailutils
+
+  - name: Changement listen dans le fichier conf de php
+    replace:
+      dest: /etc/php/7.4/fpm/pool.d/www.conf
+      regexp: 'listen = /run/php/php7.4-fpm.sock'
+      replace: 'listen = 127.0.0.1:9000'
+      backup: yes
+
+  - name: Effacement block nginx default
+    file:
+      path: /etc/nginx/sites-enabled/default 
+      state: absent
+
+  - name: Creation fichier block nginx
+    template: 
+      src: block.j2 
+      dest: /etc/nginx/sites-enabled/glpi
+
+  - name: Remplacement dans le fichier de conf php du timeout
+    replace:
+      dest: /etc/php/7.4/fpm/php.ini
+      regexp: 'max_execution_time = 30'
+      replace: 'max_execution_time = 600'
+      backup: yes
+
+    notify:
+      - restart nginx
+
+  - name: Creation de la base de donnee mysql
+    mysql_db:
+      name: "{{ glpi_dbname }}"
+      check_implicit_admin: yes
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: Creation de l'utilisateur mysql avec tous les privileges
+    mysql_user:
+      user: "{{ glpi_dbuser }}"
+      password: "{{ glpi_dbpasswd }}"
+      priv: "*.*:ALL,GRANT"
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+      state: present
+ #   with_items:
+  #    - 127.0.0.1
+
+  - name: Creation du repertoire {{ glpi_dir }}
+    file: 
+      path: "{{ glpi_dir }}"
+      state: directory
+      owner: www-data
+      group: www-data
+
+  - name: Installation de GLPI
+    unarchive:
+      src: "{{ depl_url }}/{{ glpi_tgz }}"
+      dest: /var/www/html
+      remote_src: yes
+      owner: www-data
+      group: www-data
+
+  - name: Changement des attributs {{ glpi_dir }}
+    file: 
+      path: "{{ glpi_dir }}" 
+      owner: www-data 
+      group: www-data 
+      mode: 0755 
+      recurse: yes
+
+  - name: Changement des attributs {{ glpi_dir }}/plugins
+    file:
+      path: "{{ glpi_dir }}/plugins"
+      mode: 0777
+      owner: www-data
+      group: www-data
+      recurse: yes
+
+  - name: Installation de Fusioninventory pour Linux
+    unarchive:
+      src: "{{ depl_url }}/{{ fusion }}"
+      dest: "/var/www/html/glpi/plugins"
+      remote_src: yes
+
+  - name: Creation de ficlient
+    file:
+      path: /var/www/html/ficlients
+      state: directory
+      owner: www-data
+      group: www-data
+      mode: 0775
+
+  - name: Attribution des droits nginx.index
+    file:
+      path: /var/www/html/index.nginx-debian.html
+      owner: www-data
+      group: www-data
+      mode: 0775
+
+  - name: Installation de FusionInventory windows x64
+    get_url:
+      url: "{{ depl_url }}/{{ fusion64 }}"
+      dest: "/var/www/html/ficlients"
+
+  - name: Attribution des permissions sur repertoire /plugins/fusioninventory
+    file:
+      path: /var/www/html/glpi/plugins/fusioninventory
+      owner: www-data
+      group: www-data
+      recurse: yes
+      state: directory

AP4/onfarbo41/onfinfra/ansible/roles/glpi/templates/block.j2

@@ -0,0 +1,23 @@
+server {
+        listen   80 default_server;
+        root {{ glpi_dir }};
+        index index.php;
+        server_name localhost;
+
+        location / {try_files $uri $uri/ index.php;}
+
+        #prise en charge PHP
+        location ~ \.php$ {
+                fastcgi_pass 127.0.0.1:9000;
+                fastcgi_index index.php;
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+                fastcgi_param SERVER_NAME $host;
+  	 }
+
+	location /ficlients {
+		root /var/www/html;
+		autoindex on;
+	}
+}

AP4/onfarbo41/onfinfra/goss/goss.yaml

@@ -0,0 +1,39 @@
+port:
+  tcp:80:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+service:
+  mysql:
+    enabled: true
+    running: true
+user:
+  mysql:
+    exists: true
+    uid: 106
+    gid: 112
+    groups:
+    - mysql
+    home: /nonexistent
+    shell: /bin/false
+group:
+  mysql:
+    exists: true
+    gid: 112
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.2.12/24
+    - fe80::a00:27ff:fea2:45fd/64
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 192.168.0.39/24
+    - fe80::a00:27ff:fe66:36e3/64
+    mtu: 1500

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-confcli/wg0.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-confsrv/wg0.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.key

@@ -0,0 +1 @@
+cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=

AP4/onfarbo41/wireguard/wireguard-script/endpoint-c.pub

@@ -0,0 +1 @@
+e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=

AP4/onfarbo41/wireguard/wireguard-script/wg0-a.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client

AP4/onfarbo41/wireguard/wireguard-script/wg0-b.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-script/wg0-c.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint C
+[Interface]
+PrivateKey = cD01vjVVw642INlyE+Rmbwf9/Y6Msz6pLTI1zCRjeWM=       #Clé privée du client
+Address = 10.0.0.3/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-script/wireguard-init.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+bash wireguard.sh
+cp endpoint-a.* wg0-a.conf /etc/wireguard
+cd /etc/wireguard
+mv wg0-a.conf wg0.conf
+systemctl start wg-quick@wg0
+systemctl enable wg-quick@wg0

AP4/onfarbo41/wireguard/wireguard-script/wireguard.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+set -u
+set -e
+
+AddressAwg=10.0.0.1/32  # Adresse VPN Wireguard extremite A
+EndpointA=10.121.38.66 # Adresse extremite A
+PortA=51820             # Port ecoute extremite A
+AddressBwg=10.0.0.2/32  # Adresse VPN Wireguard extremite B
+EndpointB=192.168.2.14  # Adresse extremite B
+PortB=51820             # Port ecoute extremite B
+AddressCwg=10.0.0.3/32  # Adresse VPN Wireguard extremite C
+EndpointC=192.168.2.15  # Adresse extremite C
+PortC=51820             # Port ecoute extremite C
+
+umask 077 ;
+wg genkey > endpoint-a.key
+wg pubkey < endpoint-a.key > endpoint-a.pub
+
+wg genkey > endpoint-b.key
+wg pubkey < endpoint-b.key > endpoint-b.pub
+
+wg genkey > endpoint-c.key
+wg pubkey < endpoint-c.key > endpoint-c.pub
+
+PKA=$(cat endpoint-a.key)
+pKA=$(cat endpoint-a.pub)
+PKB=$(cat endpoint-b.key)
+pKB=$(cat endpoint-b.pub)
+PKC=$(cat endpoint-c.key)
+pKC=$(cat endpoint-c.pub)
+
+cat <<FINI > wg0-a.conf
+# local settings for Endpoint A
+[Interface]
+PrivateKey = $PKA       #Clé privée du serveur vpn
+Address = $AddressAwg   #Adresse du serveur vpn
+ListenPort = $PortA
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = $pKB        #Clé publique du client
+AllowedIPs = $AddressBwg #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = $pKC        #Clé publique du client
+AllowedIPs = $AddressCwg #Adresse vpn du client
+FINI
+
+
+cat <<FINI > wg0-b.conf
+# local settings for Endpoint B
+[Interface]
+PrivateKey = $PKB       #Clé privée du client
+Address = $AddressBwg   #Adresse du client
+ListenPort = $PortB
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI
+
+
+cat <<FINI > wg0-c.conf
+# local settings for Endpoint C
+[Interface]
+PrivateKey = $PKC       #Clé privée du client
+Address = $AddressCwg   #Adresse du client
+ListenPort = $PortC
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = $pKA       #Clé publique du serveur vpn
+Endpoint = ${EndpointA}:$PortA #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = $AddressAwg #Adresse du serveur vpn
+FINI

SDIS29-P2/config

@@ -0,0 +1,3 @@
+host localhost
+        user root
+	hostname 127.0.0.1

SDIS29-P2/ppe34test/hosts

@@ -0,0 +1,3 @@
+[local]
+localhost
+127.0.0.1

SDIS29-P2/ppe34test/ppebase.yml

@@ -0,0 +1,13 @@
+- name: Installer Tomcat et MariaDB puis lancer les services
+  hosts: all       # Inventory hosts group / server to act on
+  become: yes               # If to escalate privilege
+  become_method: sudo       # Set become method
+  remote_user: root         # Update username for remote server
+  vars:
+    tomcat_ver: 10.0.13                          # Tomcat version to install
+    ui_manager_user: manager                    # User who can access the UI manager section only
+    ui_manager_pass: root      # UI manager user password
+    ui_admin_username: admin                    # User who can access bpth manager and admin UI sections
+    ui_admin_pass: root          # UI admin password
+  roles:
+    - ppebase

SDIS29-P2/ppe34test/ppedb.yml

@@ -0,0 +1,9 @@
+---
+- name: Creer la BDD, creer les comptes et injecter la BDD
+  hosts: all
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - ppedb

SDIS29-P2/ppe34test/ppedbdump.yml

@@ -0,0 +1,9 @@
+---
+- name: Sauvegarder la BDD
+  hosts: all
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - ppedbdump

SDIS29-P2/ppe34test/roles/ppebase/defaults/main.yml

@@ -0,0 +1,2 @@
+tomcat_archive_url: http://depl/store/apache-tomcat-10.0.13.tar.gz
+tomcat_archive_dest: /usr/share/tomcat/

SDIS29-P2/ppe34test/roles/ppebase/tasks/main.yml

@@ -0,0 +1,96 @@
+  - name: Install basic packages
+    package:
+      name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+      state: present
+      update_cache: yes
+
+  - name: installer JDK
+    apt:
+      name: openjdk-11-jdk
+      state: present
+
+  - name: creer le repertoire /opt/tomcat
+    file:
+      path: /usr/share/tomcat
+      state: directory
+      mode: 0755
+
+  - name: creer le groupe tomcat
+    group:
+      name: tomcat
+
+  - name: creer l'utilisateur tomcat
+    user:
+      name: tomcat
+      group: tomcat
+      home: /usr/share/tomcat
+      createhome: no
+
+  - name: installer TomCat
+    unarchive:
+      src: http://depl/store/apache-tomcat-10.0.13.tar.gz
+      dest: /usr/share/tomcat
+      remote_src: yes
+
+  - name: Change ownership
+    file:
+      path: /usr/share/tomcat
+      owner: tomcat
+      group: tomcat
+      mode: "u+rwx,g+rx,o=rx"
+      recurse: yes
+      state: directory
+
+  - name: Templating Tomcat service from local to remote
+    template:
+      src: tomcat.service.j2
+      dest: /etc/systemd/system/tomcat.service
+    when: ansible_service_mgr == "systemd"
+
+  - name: Demarrer tomcat
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+  - name: Definition des utilisateurs
+    template:
+      src: tomcat-users.xml.j2
+      dest: /usr/share/tomcat/apache-tomcat-10.0.13/conf/tomcat-users.xml
+
+  - name: Autorisation des différentes ips de connexions
+    template:
+      src: context.xml.j2
+      dest: "{{ item }}" 
+    with_items:
+      - /usr/share/tomcat/apache-tomcat-10.0.13/webapps/host-manager/META-INF/context.xml
+      - /usr/share/tomcat/apache-tomcat-10.0.13/webapps/manager/META-INF/context.xml
+
+  - name: Redemarrer le service tomcat (1)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/shutdown.sh
+
+  - name: Redemarrer le service tomcat (2)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/startup.sh
+
+  - name: Redemarrer le service tomcat (3)
+    local_action: command sh /usr/share/tomcat/apache-tomcat-10.0.13/bin/catalina.sh start
+
+
+  - name: on installe java
+    apt:
+      name: default-jdk
+      state: present
+
+  - name: on installe les paquets de MariaDB
+    apt:
+      name: mariadb-server
+      state: latest
+      update_cache: yes
+
+  - name: on installe Python3
+    apt:
+      name: python3-pymysql
+      state: latest
+
+  - name: on lance MariaDB
+    service:
+      name: mysql
+      state: started
+

SDIS29-P2/ppe34test/roles/ppebase/templates/context.xml.j2

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>

SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat-users.xml.j2

@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>

SDIS29-P2/ppe34test/roles/ppebase/templates/tomcat.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat/apache-tomcat-10.0.13
+Environment=CATALINA_BASE=/usr/share/tomcat/apache-tomcat-10.0.13
+Environment=CATALINA_PID=/usr/share/tomcat/apache-tomcat-10.0.13/temp/tomcat.pid
+
+ExecStart=catalina.sh start
+ExecStop=catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target

SDIS29-P2/ppe34test/roles/ppebase/vars/main.yml

@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java

SDIS29-P2/ppe34test/roles/ppedb/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart MySQL
+  service:
+    name: mysqld
+    state: restarted

SDIS29-P2/ppe34test/roles/ppedb/tasks/main.yml

@@ -0,0 +1,31 @@
+- name: on lance MariaDB
+  service:
+    name: mysql
+    state: started
+
+- name: creation de la BDD sdis29
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: sdis29
+      
+- name: creation de l'utilisateur slam
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+      #- name: injection de la BDD
+      #command: scp sio@10.121.38.95:/home/sio/bdd/sdis29.sql /tmp
+
+- name: restauration de la bdd
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: sdis29
+    state: import
+    target: /tmp/sdis29.sql
+    login_user: slam
+    login_password: Azerty1+
+  notify: Restart MySQL
+

SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml

@@ -0,0 +1,5 @@
+- name: Copie de la sauv distante
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /sauvegarde
+    flat: yes

SDIS29-P2/ppe34test/roles/ppedbdump/tasks/createdump.yml.sv1

@@ -0,0 +1,15 @@
+- name: creer une sauvegarde
+  mysql_db:
+    name: sdis29
+    state: dump
+    target: /tmp/sdis29.sql
+    login_host: localhost
+    login_user: slam
+    login_password: Azerty1+
+    login_unix_user: /var/run/mysqld/mysqld.sock
+
+- name: Copie de la sauv distante
+  ansible.builtin.fetch:
+    src: /tmp/sdis29.sql
+    dest: /root/sauvegarde/sql/
+    flat: yes

SDIS29/svwar.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -o nounset
+DATH=$(date "+%X")
+DATJ=$(date "+%u")
+
+scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/usr/libexec/tomcat10/webapps
+scp /home/frederic.duhin/NetBeansProjects/Projet_SIDS29/dist/Projet_SIDS29.war root@10.121.38.72:/root/svwar

SDIS29/syslog/logrotate.conf

@@ -0,0 +1,23 @@
+# see "man logrotate" for details
+
+# global options do not affect preceding include directives
+
+# rotate log files weekly
+weekly
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+#dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may also be configured here.

SDIS29/vpn/journald.conf

@@ -0,0 +1,44 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+#
+# Entries in this file show the compile time defaults.
+# You can change settings by editing this file.
+# Defaults can be restored by simply deleting this file.
+#
+# See journald.conf(5) for details.
+
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+ForwardToSyslog=yes
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
+#LineMax=48K
+#ReadKMsg=yes
+#Audit=no

SDIS29/vpn/rsyslog.conf

@@ -0,0 +1,92 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*

SDIS29/vpn/wg0.conf

@@ -0,0 +1,21 @@
+[Interface]
+
+# VPN server private IP address
+Address = 10.0.2.1/24
+# Clef privee serveur
+PrivateKey = EOBiuF/rtF0LoYzTUWiJgfDXIU292jiY/INHJoQbCno=
+ListenPort = 51820
+
+[Peer]
+
+# Clef publique client
+PublicKey = ABBhn4p6vzj9swWqVXKw1De2OldsTpeEivx2DKfmNR8=
+# Adresses IP que le client VPN est autorisé à utiliser
+AllowedIPs = 10.0.2.1/24
+
+[Peer]
+
+# Clef publique client
+PublicKey = 0iV6dUPJtqUd0jpE7GAKMBrmfOjWp0hxcEi2Ue+ACkw=
+# Adresses IP que le client VPN est autorisé à utiliser
+AllowedIPs = 10.0.2.1/24