diff --git a/AP4/Mission1/glpi.yml b/AP4/Mission1/glpi.yml new file mode 100644 index 0000000..fd00980 --- /dev/null +++ b/AP4/Mission1/glpi.yml @@ -0,0 +1,8 @@ +- name: Playbook pour glpi + hosts: onfinfra + # become: yes + # become_method: sudo + # become_user: root + + roles: + - glpi diff --git a/AP4/Mission1/onfarbo44.yml b/AP4/Mission1/onfarbo44.yml new file mode 100644 index 0000000..fdb7f3b --- /dev/null +++ b/AP4/Mission1/onfarbo44.yml @@ -0,0 +1,10 @@ +- name: Playbook pour onfarbo + hosts: onfarbo + # become: yes + # become_method: sudo + # become_user: root + + roles: + - bdd + - dokuwiki + - goss diff --git a/AP4/Mission1/roles/bdd/handlers/main.yml b/AP4/Mission1/roles/bdd/handlers/main.yml new file mode 100644 index 0000000..cd64a1c --- /dev/null +++ b/AP4/Mission1/roles/bdd/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart apache + service: + name: apache2 + state: restarted diff --git a/AP4/Mission1/roles/bdd/tasks/main.yml b/AP4/Mission1/roles/bdd/tasks/main.yml new file mode 100644 index 0000000..cec5add --- /dev/null +++ b/AP4/Mission1/roles/bdd/tasks/main.yml @@ -0,0 +1,56 @@ +- name: apt update + tags: update + apt: + update-cache: yes + cache_valid_time: 3600 + +- name: installation des utilitaires + tags: utils + apt: + name: + - apache2 + - php + - php-common + - libapache2-mod-php + - php-cli + - php-xml + - php-mysql + - php-curl + - mariadb-server + - adminer + - python3-pymysql + state: present + +- name: Create a symbolic link + ansible.builtin.file: + src: /usr/share/adminer/adminer + dest: /var/www/html/adminer +# owner: +# group: + state: link + +- name: Message d'information + tags: msg + debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/" + +- name: On démarre MariaDB + tags: mariadb + service: + name: mysql + state: started + +- name: Création de la BDD bdarbre + tags: bdarbre + mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: bdarbre + +- name: Création de l'utilisateur slam + tags: user + mysql_user: + name: slam + password: Azerty1+ + priv: '*.*:ALL,GRANT' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + notify: restart apache diff --git a/AP4/Mission1/roles/bdd/vars/main.yml b/AP4/Mission1/roles/bdd/vars/main.yml new file mode 100644 index 0000000..1742b88 --- /dev/null +++ b/AP4/Mission1/roles/bdd/vars/main.yml @@ -0,0 +1 @@ +alias: "Alias /adminer.php /usr/share/adminer/adminer.php" diff --git a/AP4/Mission1/roles/dokuwiki/files/dokuwiki.sh b/AP4/Mission1/roles/dokuwiki/files/dokuwiki.sh new file mode 100644 index 0000000..f95c550 --- /dev/null +++ b/AP4/Mission1/roles/dokuwiki/files/dokuwiki.sh @@ -0,0 +1,19 @@ +chemin=/var/www/html/doku + +apt install -y apache2 php php-mbstring php-gd php-xml +cd /root +[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz + +if [ $? !=0 ]; then + echo "$0 : erreurwget" 1>&2 + exit 1 +fi +tar xvfz dokuwiki-stable.tgz +[ -d "${chemin}" ] || mkdir "${chemin}" + +cp -a dokuwiki-2020-07-29/* "${chemin}" +cd "${chemin}" +chown -R root:root . +chmod -R 755 . +chown -R www-data:www-data data lib conf +exit 0 diff --git a/AP4/Mission1/roles/dokuwiki/tasks/main.yml b/AP4/Mission1/roles/dokuwiki/tasks/main.yml new file mode 100644 index 0000000..a0b46fc --- /dev/null +++ b/AP4/Mission1/roles/dokuwiki/tasks/main.yml @@ -0,0 +1,26 @@ +- name: Création du dossier DokuWiki + tags: createfile + file: + path: /root/dokuwiki + state: directory + mode: 0755 + +- name: copie du fichier script d'install de dokuwiki + tags: sh + copy: + src: dokuwiki.sh + dest: /root/dokuwiki + +- name: On rend exécutable le script d'install + tags: chmod + file: + path: /root/dokuwiki/dokuwiki.sh + mode: 0755 + +- name: exécution du script d'install de dokuwiki + tags: exec + command: bash /root/dokuwiki/dokuwiki.sh + +- name: Message d'information pour dokuwiki + tags: msg2 + debug: msg="Le dokuwiki devra être installer depuis l'adresse http://onfarbo44/doku/install.php" diff --git a/AP4/Mission1/roles/glpi/files/apache2.conf b/AP4/Mission1/roles/glpi/files/apache2.conf new file mode 100644 index 0000000..85fa3e4 --- /dev/null +++ b/AP4/Mission1/roles/glpi/files/apache2.conf @@ -0,0 +1,231 @@ +# This is the main Apache server configuration file. It contains the +# configuration directives that give the server its instructions. +# See http://httpd.apache.org/docs/2.4/ for detailed information about +# the directives and /usr/share/doc/apache2/README.Debian about Debian specific +# hints. +# +# +# Summary of how the Apache 2 configuration works in Debian: +# The Apache 2 web server configuration in Debian is quite different to +# upstream's suggested way to configure the web server. This is because Debian's +# default Apache2 installation attempts to make adding and removing modules, +# virtual hosts, and extra configuration directives as flexible as possible, in +# order to make automating the changes and administering the server as easy as +# possible. + +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf-enabled +# | `-- *.conf +# `-- sites-enabled +# `-- *.conf +# +# +# * apache2.conf is the main configuration file (this file). It puts the pieces +# together by including all remaining configuration files when starting up the +# web server. +# +# * ports.conf is always included from the main configuration file. It is +# supposed to determine listening ports for incoming connections which can be +# customized anytime. +# +# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/ +# directories contain particular configuration snippets which manage modules, +# global configuration fragments, or virtual host configurations, +# respectively. +# +# They are activated by symlinking available configuration files from their +# respective *-available/ counterparts. These should be managed by using our +# helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See +# their respective man pages for detailed information. +# +# * The binary is called apache2. Due to the use of environment variables, in +# the default configuration, apache2 needs to be started/stopped with +# /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not +# work with the default configuration. + + +# Global configuration +# + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# NOTE! If you intend to place this on an NFS (or otherwise network) +# mounted filesystem then please read the Mutex documentation (available +# at ); +# you will save yourself a lot of trouble. +# +# Do NOT add a slash at the end of the directory path. +# +#ServerRoot "/etc/apache2" + +# +# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. +# +#Mutex file:${APACHE_LOCK_DIR} default + +# +# The directory where shm and other runtime files will be stored. +# + +DefaultRuntimeDir ${APACHE_RUN_DIR} + +# +# PidFile: The file in which the server should record its process +# identification number when it starts. +# This needs to be set in /etc/apache2/envvars +# +PidFile ${APACHE_PID_FILE} + +# +# Timeout: The number of seconds before receives and sends time out. +# +Timeout 300 + +# +# KeepAlive: Whether or not to allow persistent connections (more than +# one request per connection). Set to "Off" to deactivate. +# +KeepAlive On + +# +# MaxKeepAliveRequests: The maximum number of requests to allow +# during a persistent connection. Set to 0 to allow an unlimited amount. +# We recommend you leave this number high, for maximum performance. +# +MaxKeepAliveRequests 100 + +# +# KeepAliveTimeout: Number of seconds to wait for the next request from the +# same client on the same connection. +# +KeepAliveTimeout 5 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} + +# +# HostnameLookups: Log the names of clients or just their IP addresses +# e.g., www.apache.org (on) or 204.62.129.132 (off). +# The default is off because it'd be overall better for the net if people +# had to knowingly turn this feature on, since enabling it means that +# each client request will result in AT LEAST one lookup request to the +# nameserver. +# +HostnameLookups Off + +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog ${APACHE_LOG_DIR}/error.log + +# +# LogLevel: Control the severity of messages logged to the error_log. +# Available values: trace8, ..., trace1, debug, info, notice, warn, +# error, crit, alert, emerg. +# It is also possible to configure the log level for particular modules, e.g. +# "LogLevel info ssl:warn" +# +LogLevel warn + +# Include module configuration: +IncludeOptional mods-enabled/*.load +IncludeOptional mods-enabled/*.conf + +# Include list of ports to listen on +Include ports.conf + + +# Sets the default security model of the Apache2 HTTPD server. It does +# not allow access to the root filesystem outside of /usr/share and /var/www. +# The former is used by web applications packaged in Debian, +# the latter may be used for local directories served by the web server. If +# your system is serving content from a sub-directory in /srv you must allow +# access here, or in any related virtual host. + + Options FollowSymLinks + AllowOverride None + Require all denied + + + + AllowOverride None + Require all granted + + + + Options Indexes FollowSymLinks + AllowOverride None + Require all granted + + + +AllowOverride All + + +# +# Options Indexes FollowSymLinks +# AllowOverride None +# Require all granted +# + + + + +# AccessFileName: The name of the file to look for in each directory +# for additional configuration directives. See also the AllowOverride +# directive. +# +AccessFileName .htaccess + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + + +# +# The following directives define some format nicknames for use with +# a CustomLog directive. +# +# These deviate from the Common Log Format definitions in that they use %O +# (the actual bytes sent including headers) instead of %b (the size of the +# requested file), because the latter makes it impossible to detect partial +# requests. +# +# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended. +# Use mod_remoteip instead. +# +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent + +# Include of directories ignores editors' and dpkg's backup files, +# see README.Debian for details. + +# Include generic snippets of statements +IncludeOptional conf-enabled/*.conf + +# Include the virtual host configurations: +IncludeOptional sites-enabled/*.conf + +# vim: syntax=apache ts=4 sw=4 sts=4 sr noet diff --git a/AP4/Mission1/roles/glpi/tasks/.main.yml.swp b/AP4/Mission1/roles/glpi/tasks/.main.yml.swp new file mode 100644 index 0000000..9ffe77b Binary files /dev/null and b/AP4/Mission1/roles/glpi/tasks/.main.yml.swp differ diff --git a/AP4/Mission1/roles/glpi/tasks/main.yml b/AP4/Mission1/roles/glpi/tasks/main.yml new file mode 100644 index 0000000..cec5add --- /dev/null +++ b/AP4/Mission1/roles/glpi/tasks/main.yml @@ -0,0 +1,56 @@ +- name: apt update + tags: update + apt: + update-cache: yes + cache_valid_time: 3600 + +- name: installation des utilitaires + tags: utils + apt: + name: + - apache2 + - php + - php-common + - libapache2-mod-php + - php-cli + - php-xml + - php-mysql + - php-curl + - mariadb-server + - adminer + - python3-pymysql + state: present + +- name: Create a symbolic link + ansible.builtin.file: + src: /usr/share/adminer/adminer + dest: /var/www/html/adminer +# owner: +# group: + state: link + +- name: Message d'information + tags: msg + debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/" + +- name: On démarre MariaDB + tags: mariadb + service: + name: mysql + state: started + +- name: Création de la BDD bdarbre + tags: bdarbre + mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: bdarbre + +- name: Création de l'utilisateur slam + tags: user + mysql_user: + name: slam + password: Azerty1+ + priv: '*.*:ALL,GRANT' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + notify: restart apache diff --git a/AP4/Mission1/roles/glpi/tasks/main.yml.save b/AP4/Mission1/roles/glpi/tasks/main.yml.save new file mode 100644 index 0000000..4e076de --- /dev/null +++ b/AP4/Mission1/roles/glpi/tasks/main.yml.save @@ -0,0 +1,74 @@ +- name: apt update + tags: update + apt: + update-cache: yes + cache_valid_time: 3600 + +- name: installation des utilitaires + tags: utils + apt: + name: + - mysql-server + - mysql-client + - apache2 + - php7.4 + - php-7.4-mysql + - libapache2-mod-php7.4 + - php7.4-json + - php7.4-cli + - php7.4-xml + - php-cas + - php7.4-mbstring + - php7.4-curl + - php7.4-gd + - php7.4-imap + - php7.4-ldap + - php7.4-xmlrpc + - php-apcu + state: present + +- name: Création de la BDD GLPI + tags: glpi + mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: glpi + +- name: Création de l'utilisateur glpi sur mysql + tags: user + mysql_user: + name: glpi + password: glpi + priv: '*.*:ALL,GRANT' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Enable the Apache2 module wsgi + community.general.apache2_module: + state: present + name: rewrite + +- name: Message d'information + tags: msg + debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/" + +- name: On démarre MariaDB + tags: mariadb + service: + name: mysql + state: started + +- name: Création de la BDD bdarbre + tags: bdarbre + mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: bdarbre + +- name: Création de l'utilisateur slam + tags: user + mysql_user: + name: slam + password: Azerty1+ + priv: '*.*:ALL,GRANT' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + notify: restart apache diff --git a/AP4/Mission1/roles/glpi/tasks/main.yml.save.1 b/AP4/Mission1/roles/glpi/tasks/main.yml.save.1 new file mode 100644 index 0000000..4e076de --- /dev/null +++ b/AP4/Mission1/roles/glpi/tasks/main.yml.save.1 @@ -0,0 +1,74 @@ +- name: apt update + tags: update + apt: + update-cache: yes + cache_valid_time: 3600 + +- name: installation des utilitaires + tags: utils + apt: + name: + - mysql-server + - mysql-client + - apache2 + - php7.4 + - php-7.4-mysql + - libapache2-mod-php7.4 + - php7.4-json + - php7.4-cli + - php7.4-xml + - php-cas + - php7.4-mbstring + - php7.4-curl + - php7.4-gd + - php7.4-imap + - php7.4-ldap + - php7.4-xmlrpc + - php-apcu + state: present + +- name: Création de la BDD GLPI + tags: glpi + mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: glpi + +- name: Création de l'utilisateur glpi sur mysql + tags: user + mysql_user: + name: glpi + password: glpi + priv: '*.*:ALL,GRANT' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + +- name: Enable the Apache2 module wsgi + community.general.apache2_module: + state: present + name: rewrite + +- name: Message d'information + tags: msg + debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/" + +- name: On démarre MariaDB + tags: mariadb + service: + name: mysql + state: started + +- name: Création de la BDD bdarbre + tags: bdarbre + mysql_db: + login_unix_socket: /var/run/mysqld/mysqld.sock + name: bdarbre + +- name: Création de l'utilisateur slam + tags: user + mysql_user: + name: slam + password: Azerty1+ + priv: '*.*:ALL,GRANT' + state: present + login_unix_socket: /var/run/mysqld/mysqld.sock + notify: restart apache diff --git a/AP4/Mission1/roles/goss/files/install b/AP4/Mission1/roles/goss/files/install new file mode 100644 index 0000000..4577d98 --- /dev/null +++ b/AP4/Mission1/roles/goss/files/install @@ -0,0 +1,48 @@ +#!/bin/sh + +{ +set -e + +LATEST_URL="https://github.com/aelsabbahy/goss/releases/latest" +LATEST_EFFECTIVE=$(curl -s -L -o /dev/null ${LATEST_URL} -w '%{url_effective}') +LATEST=${LATEST_EFFECTIVE##*/} + +DGOSS_VER=$GOSS_VER + +if [ -z "$GOSS_VER" ]; then + GOSS_VER=${GOSS_VER:-$LATEST} + DGOSS_VER='master' +fi +if [ -z "$GOSS_VER" ]; then + echo "ERROR: Could not automatically detect latest version, set GOSS_VER env var and re-run" + exit 1 +fi +GOSS_DST=${GOSS_DST:-/usr/local/bin} +INSTALL_LOC="${GOSS_DST%/}/goss" +DGOSS_INSTALL_LOC="${GOSS_DST%/}/dgoss" +touch "$INSTALL_LOC" || { echo "ERROR: Cannot write to $GOSS_DST set GOSS_DST elsewhere or use sudo"; exit 1; } + +arch="" +if [ "$(uname -m)" = "x86_64" ]; then + arch="amd64" +elif [ "$(uname -m)" = "aarch64" ]; then + arch="arm" +else + arch="386" +fi + +url="https://github.com/aelsabbahy/goss/releases/download/$GOSS_VER/goss-linux-$arch" + +echo "Downloading $url" +curl -L "$url" -o "$INSTALL_LOC" +chmod +rx "$INSTALL_LOC" +echo "Goss $GOSS_VER has been installed to $INSTALL_LOC" +echo "goss --version" +"$INSTALL_LOC" --version + +dgoss_url="https://raw.githubusercontent.com/aelsabbahy/goss/$DGOSS_VER/extras/dgoss/dgoss" +echo "Downloading $dgoss_url" +curl -L "$dgoss_url" -o "$DGOSS_INSTALL_LOC" +chmod +rx "$DGOSS_INSTALL_LOC" +echo "dgoss $DGOSS_VER has been installed to $DGOSS_INSTALL_LOC" +} diff --git a/AP4/Mission1/roles/goss/tasks/main.yml b/AP4/Mission1/roles/goss/tasks/main.yml new file mode 100644 index 0000000..841bfff --- /dev/null +++ b/AP4/Mission1/roles/goss/tasks/main.yml @@ -0,0 +1,5 @@ +- name: Telechargement de goss + get_url: + url: http://depl/store/goss + dest: /usr/local/bin/goss + mode: '0750'