Ajout des fichiers de test goss et du playbook d'installation GLPI

AP4/onfarbo41/ansible/adminer.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour adminer 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - adminer

AP4/onfarbo41/ansible/db.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour la BDD 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - db

AP4/onfarbo41/ansible/dokuwiki.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour le dokuwiki 
+  hosts: onfarbo 
+  become: yes
+  become_method: sudo
+  become_user: root
+  
+  roles:
+    - dokuwiki 

AP4/onfarbo41/ansible/hosts

@@ -1,4 +1,2 @@
-[localhost]
-
 [onfarbo]
 onfarbo41

AP4/onfarbo41/ansible/playbook.yml

@@ -1,8 +1,10 @@
-- name: Playbook pour onfarbo
+- name: Playbook pour onfarbo41
   hosts: onfarbo 
   become: yes
   become_method: sudo
   become_user: root
   
   roles:
-    - onfarbo
+    - adminer
+    - db
+    - dokuwiki 

AP4/onfarbo41/ansible/roles/adminer/tasks/main.yml

@@ -0,0 +1,34 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: install utils
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: On créer un lien symbolique
+  tags: link
+  file:
+    src: /usr/share/adminer/adminer
+    dest: /var/www/html/adminer
+    state: link
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo41/adminer.php"
+

AP4/onfarbo41/ansible/roles/db/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/db/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock

AP4/onfarbo41/ansible/roles/dokuwiki/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/onfarbo41/ansible/roles/dokuwiki/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Création du dossier DokuWiki
+  tags: createfile
+  file:
+    path: /root/dokuwiki
+    state: directory
+    mode: 0755
+
+- name: copie du fichier script d'install de dokuwiki
+  tags: sh
+  copy:
+    src: dokuwiki.sh
+    dest: /root/dokuwiki
+
+- name: On rend exécutable le script d'install
+  tags: chmod
+  file:
+    path: /root/dokuwiki/dokuwiki.sh
+    mode: 0755
+
+- name: exécution du script d'install de dokuwiki
+  tags: exec
+  command: bash /root/dokuwiki/dokuwiki.sh
+
+- name: Message d'information pour dokuwiki
+  tags: msg2
+  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://onfarbo41/doku/install.php"

AP4/onfarbo41/ansible/roles/onfarbo/tasks/main.yml

@@ -1,83 +0,0 @@
-- name: apt update
-  tags: update
-  apt:
-    update-cache: yes
-    cache_valid_time: 3600
-
-- name: install utils
-  tags: utils
-  apt:
-    name:
-      - apache2
-      - php
-      - php-common
-      - libapache2-mod-php
-      - php-cli
-      - php-xml
-      - php-mysql
-      - php-curl
-      - mariadb-server
-      - adminer
-      - python3-pymysql
-    state: present
-
-- name: On fait la compilation de adminer
-  tags: compile
-  shell: |
-    php /usr/share/adminer/compile.php
-    mv /usr/share/adminer/adminer-*.php /usr/share/adminer/adminer.php
-    echo "{{ alias }}" | tee /etc/apache2/conf-available/adminer.conf
-    a2enconf adminer.conf
-  notify: restart apache
-
-- name: Message d'information
-  tags: msg
-  debug: msg="Adminer sera accessible depuis l'adresse http://10.121.38.206/adminer.php"
-
-- name: On démarre MariaDB
-  tags: mariadb
-  service:
-    name: mysql
-    state: started
-
-- name: Création de la BDD bdarbre
-  tags: bdarbre
-  mysql_db:
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-    name: bdarbre
-
-- name: Création de l'utilisateur slam
-  tags: user
-  mysql_user:
-    name: slam
-    password: Azerty1+
-    priv: '*.*:ALL,GRANT'
-    state: present
-    login_unix_socket: /var/run/mysqld/mysqld.sock
-
-- name: Création du dossier DokuWiki
-  tags: createfile
-  file:
-    path: /root/dokuwiki
-    state: directory
-    mode: 0755
-
-- name: copie du fichier script d'install de dokuwiki
-  tags: sh
-  copy:
-    src: dokuwiki.sh
-    dest: /root/dokuwiki
-
-- name: On rend exécutable le script d'install
-  tags: chmod
-  file:
-    path: /root/dokuwiki/dokuwiki.sh
-    mode: 0755
-
-- name: exécution du script d'install de dokuwiki
-  tags: exec
-  command: bash /root/dokuwiki/dokuwiki.sh
-
-- name: Message d'information pour dokuwiki
-  tags: msg2
-  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://10.121.38.206/doku/install.php"

AP4/onfarbo41/onfinfra/ansible/glpi.yml

@@ -0,0 +1,5 @@
+---
+- hosts: localhost
+  connection: local
+  roles:
+    - glpi

AP4/onfarbo41/onfinfra/ansible/roles/glpi/defaults/main.yml

@@ -0,0 +1,10 @@
+depl_url: "http://depl/store"
+glpi_tgz: "glpi-9.5.7.tgz"
+fusion: "fusioninventory-9.5+3.0.tar.bz2"
+fusion64: "fusioninventory-agent_windows-x64_2.6.exe"
+glpi_dir: "/var/www/html/glpi"
+glpi_dbhost: "127.0.0.1"
+glpi_dbname: "glpi"
+glpi_dbuser: "glpi"
+glpi_dbpasswd: "glpi"
+

AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/glpi.conf

@@ -0,0 +1,12 @@
+DocumentRoot /var/www/glpi
+        <Directory /var/www/glpi>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride All
+                Order allow,deny
+                allow from all
+                AuthType Basic
+        </Directory>
+
+        LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
+        CustomLog ${APACHE_LOG_DIR}/glpi_access.log combined
+        ErrorLog  ${APACHE_LOG_DIR}/glpi_error.log

AP4/onfarbo41/onfinfra/ansible/roles/glpi/files/my.cnf

@@ -0,0 +1,3 @@
+[client]
+user=root
+password=root

AP4/onfarbo41/onfinfra/ansible/roles/glpi/handlers/main.yml

@@ -0,0 +1,18 @@
+---
+- name: restart php-fpm
+  service:
+    name: php-fpm
+    state: restarted
+    enabled: yes
+
+- name: restart nginx
+  service:
+    name: nginx
+    state : restarted
+    enabled: yes  
+
+- name: restart mariadb-server
+  service: 
+    name: mariadb-server
+    state: restarted
+    enabled: yes

AP4/onfarbo41/onfinfra/ansible/roles/glpi/tasks/main.yml

@@ -0,0 +1,134 @@
+---
+  - name: Installation des paquets
+    apt:
+      state: latest
+      name:
+      - nginx
+      - php-fpm
+      - php-mbstring
+      - php-mysql
+      - php-gd
+      - php-curl
+      - php-xml
+      - php-apcu
+      - php-ldap
+      - php-imap
+      - php-xmlrpc
+      - php-cas
+      - python3-mysqldb
+      - mariadb-server
+      - python3-pymysql
+      - php-intl
+      - php-bz2
+      - php-zip
+      - postfix
+      - mailutils
+
+  - name: Changement listen dans le fichier conf de php
+    replace:
+      dest: /etc/php/7.4/fpm/pool.d/www.conf
+      regexp: 'listen = /run/php/php7.4-fpm.sock'
+      replace: 'listen = 127.0.0.1:9000'
+      backup: yes
+
+  - name: Effacement block nginx default
+    file:
+      path: /etc/nginx/sites-enabled/default 
+      state: absent
+
+  - name: Creation fichier block nginx
+    template: 
+      src: block.j2 
+      dest: /etc/nginx/sites-enabled/glpi
+
+  - name: Remplacement dans le fichier de conf php du timeout
+    replace:
+      dest: /etc/php/7.4/fpm/php.ini
+      regexp: 'max_execution_time = 30'
+      replace: 'max_execution_time = 600'
+      backup: yes
+
+    notify:
+      - restart nginx
+
+  - name: Creation de la base de donnee mysql
+    mysql_db:
+      name: "{{ glpi_dbname }}"
+      check_implicit_admin: yes
+      state: present
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+
+  - name: Creation de l'utilisateur mysql avec tous les privileges
+    mysql_user:
+      user: "{{ glpi_dbuser }}"
+      password: "{{ glpi_dbpasswd }}"
+      priv: "*.*:ALL,GRANT"
+      login_unix_socket: /var/run/mysqld/mysqld.sock
+      state: present
+ #   with_items:
+  #    - 127.0.0.1
+
+  - name: Creation du repertoire {{ glpi_dir }}
+    file: 
+      path: "{{ glpi_dir }}"
+      state: directory
+      owner: www-data
+      group: www-data
+
+  - name: Installation de GLPI
+    unarchive:
+      src: "{{ depl_url }}/{{ glpi_tgz }}"
+      dest: /var/www/html
+      remote_src: yes
+      owner: www-data
+      group: www-data
+
+  - name: Changement des attributs {{ glpi_dir }}
+    file: 
+      path: "{{ glpi_dir }}" 
+      owner: www-data 
+      group: www-data 
+      mode: 0755 
+      recurse: yes
+
+  - name: Changement des attributs {{ glpi_dir }}/plugins
+    file:
+      path: "{{ glpi_dir }}/plugins"
+      mode: 0777
+      owner: www-data
+      group: www-data
+      recurse: yes
+
+  - name: Installation de Fusioninventory pour Linux
+    unarchive:
+      src: "{{ depl_url }}/{{ fusion }}"
+      dest: "/var/www/html/glpi/plugins"
+      remote_src: yes
+
+  - name: Creation de ficlient
+    file:
+      path: /var/www/html/ficlients
+      state: directory
+      owner: www-data
+      group: www-data
+      mode: 0775
+
+  - name: Attribution des droits nginx.index
+    file:
+      path: /var/www/html/index.nginx-debian.html
+      owner: www-data
+      group: www-data
+      mode: 0775
+
+  - name: Installation de FusionInventory windows x64
+    get_url:
+      url: "{{ depl_url }}/{{ fusion64 }}"
+      dest: "/var/www/html/ficlients"
+
+  - name: Attribution des permissions sur repertoire /plugins/fusioninventory
+    file:
+      path: /var/www/html/glpi/plugins/fusioninventory
+      owner: www-data
+      group: www-data
+      recurse: yes
+      state: directory

AP4/onfarbo41/onfinfra/ansible/roles/glpi/templates/block.j2

@@ -0,0 +1,23 @@
+server {
+        listen   80 default_server;
+        root {{ glpi_dir }};
+        index index.php;
+        server_name localhost;
+
+        location / {try_files $uri $uri/ index.php;}
+
+        #prise en charge PHP
+        location ~ \.php$ {
+                fastcgi_pass 127.0.0.1:9000;
+                fastcgi_index index.php;
+                include /etc/nginx/fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+                include fastcgi_params;
+                fastcgi_param SERVER_NAME $host;
+  	 }
+
+	location /ficlients {
+		root /var/www/html;
+		autoindex on;
+	}
+}

AP4/onfarbo41/onfinfra/goss/goss.yaml

@@ -0,0 +1,39 @@
+port:
+  tcp:80:
+    listening: true
+    ip:
+    - 0.0.0.0
+  tcp:3306:
+    listening: true
+    ip:
+    - 127.0.0.1
+service:
+  mysql:
+    enabled: true
+    running: true
+user:
+  mysql:
+    exists: true
+    uid: 106
+    gid: 112
+    groups:
+    - mysql
+    home: /nonexistent
+    shell: /bin/false
+group:
+  mysql:
+    exists: true
+    gid: 112
+interface:
+  enp0s3:
+    exists: true
+    addrs:
+    - 192.168.2.12/24
+    - fe80::a00:27ff:fea2:45fd/64
+    mtu: 1500
+  enp0s8:
+    exists: true
+    addrs:
+    - 192.168.0.39/24
+    - fe80::a00:27ff:fe66:36e3/64
+    mtu: 1500

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.key

@@ -0,0 +1 @@
+KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=

AP4/onfarbo41/wireguard/wireguard-confcli/endpoint-b.pub

@@ -0,0 +1 @@
+GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=

AP4/onfarbo41/wireguard/wireguard-confcli/wg0.conf

@@ -0,0 +1,11 @@
+# local settings for Endpoint B
+[Interface]
+PrivateKey = KClI53wv5L7AZ9ZOQPNzPqIuQVyfda0VpzLsykuXdXg=       #Clé privée du client
+Address = 10.0.0.2/32   #Adresse du client
+ListenPort = 51820
+
+# remote settings for Endpoint A
+[Peer]
+PublicKey = qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=       #Clé publique du serveur vpn
+Endpoint = 10.121.38.66:51820 #Adresse en dhcp (pont) du serveur vpn avec le port qu'on utilise
+AllowedIPs = 10.0.0.1/32 #Adresse du serveur vpn

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.key

@@ -0,0 +1 @@
+qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=

AP4/onfarbo41/wireguard/wireguard-confsrv/endpoint-a.pub

@@ -0,0 +1 @@
+qxFRWqsOToqCiV3xlCNFh33mDCm0Mb1U/yDukcfcA2o=

AP4/onfarbo41/wireguard/wireguard-confsrv/wg0.conf

@@ -0,0 +1,15 @@
+# local settings for Endpoint A
+[Interface]
+PrivateKey = qKycHr1Ukwzlkw9fI0H4gKbAHpdmwa3HDkWX7rso9Vw=       #Clé privée du serveur vpn
+Address = 10.0.0.1/32   #Adresse du serveur vpn
+ListenPort = 51820
+
+# remote settings for Endpoint B
+[Peer]
+PublicKey = GoHn0zP27+IFPcApQl/Je7EZg2gCrpvr1+Vt6H35AA0=        #Clé publique du client
+AllowedIPs = 10.0.0.2/32 #Adresse vpn du client
+
+# remote settings for Endpoint C
+[Peer]
+PublicKey = e/GFlV6jH219ewqRpNKOKw2SVo/+4g9M5Cz7vZ35JAE=        #Clé publique du client
+AllowedIPs = 10.0.0.3/32 #Adresse vpn du client