ajout des fichiers ansible

Mission1/Syslog/redirectiongw5.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+echo "1" > /proc/sys/net/ipv4/ip_forward
+sudo iptables -t nat -A PREROUTING -d 10.121.38.35 -p udp --dport 517 -j DNAT --to 192.168.0.22:514
+sudo iptables -t nat -A POSTROUTING -d 192.168.0.22 -p udp --dport 517 -j SNAT --to 10.121.38.35

Mission1/Syslog/rsyslogprod.conf

@@ -0,0 +1,95 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="517")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+
+
+*.*     @10.121.38.35:517

Mission1/Syslog/rsyslogsyslog.conf

@@ -0,0 +1,92 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*

Mission1/Syslog/rsyslogwiki.conf

@@ -0,0 +1,94 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+
+*.*        10.121.38.35:514

Mission1/goss-wiki/goss.yaml

@@ -0,0 +1,38 @@
+package:
+  git:
+    installed: true
+    versions:
+    - 1:2.30.2-1
+  snmpd:
+    installed: true
+    versions:
+    - 5.9+dfsg-3+b1
+  ssh:
+    installed: true
+    versions:
+    - 1:8.4p1-5
+service:
+  apache2:
+    enabled: true
+    running: true
+  ssh:
+    enabled: true
+    running: false
+group:
+  ssh:
+    exists: true
+    gid: 108
+interface:
+  eth0:
+    exists: true
+    addrs:
+    - 10.121.38.75/24
+    - fe80::5877:9eff:fef2:d478/64
+    mtu: 1500
+http:
+  http://10.121.38.75/dokuwiki:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body: []

Mission2/hosts

@@ -0,0 +1,9 @@
+[localhost]
+localhost
+
+[test]
+tomcattest
+
+[proxsrv]
+10.121.38.65
+

Mission2/mariadb-setup.yml

@@ -0,0 +1,9 @@
+---
+- name: Tomcat playbook
+  hosts: test
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - mysql

Mission2/playbook.yml

@@ -0,0 +1,13 @@
+---
+- hosts: test
+  remote_user: root
+  become: yes
+  become_method: sudo
+
+  roles:
+  - tomcat
+  - mariadb
+  - mariadb_create_dump
+  - mariadb_create_usr
+  - mariadb_inject_dump
+  - openjdk

Mission2/roles/mariadb_create_dump/tasks/main.yml

@@ -0,0 +1,6 @@
+
+
+- name: exportation du dump
+  copy:
+    src: db-sauv.sql.gz
+    dest: /tmp

Mission2/roles/mariadb_inject_dump/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: Restoration la base de données
+  community.mysql.mysql_db:
+    name: my_db
+    state: import
+    target: /tmp/db-sauv.sql.gz

Mission2/roles/mysql/handlers/main.yml

@@ -0,0 +1,22 @@
+---
+# handlers file for mariadb
+- name: set mariadb log selinux
+  sefcontext:
+    target: '/var/log/mariadb(/.*)?'
+    setype: mysqld_log_t
+    state: present
+- name: restart mariadb server
+  systemd:
+    name: "{{ mariadb_service }}"
+    state: restarted
+    enabled: yes
+
+- name: Remove test database priviledges
+  command: mysql -u root -p{{ mysql_root_password }} -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
+
+- name: Flush Priviliges
+  command: mysql -u root -p{{ mysql_root_password }} -e "FLUSH PRIVILEGES"
+
+- name: Update repo cache
+  apt:
+    update_cache: yes

Mission2/roles/mysql/tasks/main.yml

@@ -0,0 +1,39 @@
+- name: "[MYSQL] - update cache"
+  apt:
+    update_cache: yes
+
+- name: "[MYSQL] - install"
+  apt:
+    name: mariadb-server
+    state: latest
+
+- name: "[Python] - install"
+  apt:
+    name: python
+    state: latest
+
+- name: "[MYSQL] - start mysql"
+  service:
+    name: "mysqld"
+    state: started
+    enabled: yes
+
+- name: "[MYSQL] - create database"
+  community.mysql.mysql_db:
+    name:
+      - sdis29
+    state: present
+
+- name: "[MYSQL] - create user"
+  mysql_user:
+    name: "dev"
+    password: "Azerty1+"
+    priv: "*.*:ALL"
+    host: "127.0.0.1"
+    become: yes
+
+- name: Restoration la base de données
+  community.mysql.mysql_db:
+    name: my_db
+    state: import
+    target: /tmp/db-sauv.sql.gz

Mission2/roles/mysql/vars/debian.yml

@@ -0,0 +1,12 @@
+mariadb_packages:
+  - mariadb-server
+  - mariadb-common
+  - python-mysqldb
+  - python-openssl
+repo_software_package:
+  - software-properties-common 
+  - dirmngr
+  - apt-transport-https
+key_url: "https://mariadb.org/mariadb_release_signing_key.asc"
+repo_deb: deb [arch=amd64] https://mirror.klaus-uwe.me/mariadb/repo/10.4/debian
+mariadb_socket: /run/mysqld/mysqld.sock

Mission2/roles/openjdk/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- hosts: all
+
+  tasks:
+  - name: install openjdk-17
+    apt :
+      name: openjdk-17-jdk
+      state: present

Mission2/roles/tomcat/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+tomcat_archive_url: https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.13/bin/apache-tomcat-10.0.13.tar.gz
+tomcat_archive_dest: /tmp/apache-tomcat-{{ tomcat_ver }}.tar.gz

Mission2/roles/tomcat/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart tomcat
+  service:
+    name: tomcat
+    state: restarted

Mission2/roles/tomcat/tasks/main.yaml

@@ -0,0 +1,8 @@
+---
+- name: Add the OS specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_os_family }}.yml"
+
+- include_tasks: "tomcat-setup-{{ ansible_os_family }}.yml"

Mission2/roles/tomcat/tasks/tomcat-setup-Debian.yml

@@ -0,0 +1,85 @@
+- name: S'assurer que le système utilise le port HTTPS pour APT.
+  stat:
+    path: /usr/lib/apt/methods/https
+  register: apt_https_transport
+
+- name: Installation APT HTTPS transport.
+  apt:
+    name: "apt-transport-https"
+    state: present
+    update_cache: yes
+  when: not apt_https_transport.stat.exists
+
+- name: Installation packages basique
+  package:
+    name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+    state: present
+    update_cache: yes
+
+- name: Installation Java (Debian/Ubuntu)
+  apt:
+    name: default-jdk
+    state: present
+
+- name: Ajout tomcat dans un groupe
+  group:
+    name: tomcat
+
+- name: Ajout "tomcat" au user
+  user:
+    name: tomcat
+    group: tomcat
+    home: /usr/share/tomcat
+    createhome: no
+    system: yes
+
+- name: Installation Tomcat
+  get_url:
+    url: "https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.14/bin/apache-tomcat-10.0.14.tar.gz"
+    dest: "{{ tomcat_archive_dest }}"
+
+- name: Création du répertoire tomcat
+  file:
+    path: /usr/share/tomcat
+    state: directory
+    owner: tomcat
+    group: tomcat
+
+- name: Extraction archive de tomcat
+  unarchive:
+    src: "{{ tomcat_archive_dest }}"
+    dest: /usr/share/tomcat
+    owner: tomcat
+    group: tomcat
+    remote_src: yes
+    extra_opts: "--strip-components=1"
+    creates: /usr/share/tomcat/bin
+
+- name: Copie tomcat fichier service*
+  template:
+    src: templates/tomcat.service.j2
+    dest: /etc/systemd/system/tomcat.service
+  when: ansible_service_mgr == "systemd"
+
+- name: Démarrer et activé tomcat
+  service:
+    daemon_reload: yes
+    name: tomcat
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+- name: Définir l'accès a l'interface utilisateur authentifié
+  template:
+    src: tomcat-users.xml.j2
+    dest: /usr/share/tomcat/conf/tomcat-users.xml
+  notify: restart tomcat
+
+- name: Autoriser l'accès aux applications du gestionnaire et gestionnaire d'hote sur n'importe qu'elle IP 
+  template:
+    src: context.xml.j2 
+    dest: "{{ item }}"
+  with_items:
+    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+  notify: restart tomcat
+

Mission2/roles/tomcat/templates/context.xml.j2

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>

Mission2/roles/tomcat/templates/tomcat-users.xml.j2

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>
+

Mission2/roles/tomcat/templates/tomcat.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat
+Environment=CATALINA_BASE=/usr/share/tomcat
+Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
+
+ExecStart=/usr/share/tomcat/bin/catalina.sh start
+ExecStop=/usr/share/tomcat/bin/catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target

Mission2/roles/tomcat/vars/Debian.yml

@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java

Mission2/tomcat-setup.yml

@@ -0,0 +1,15 @@
+---
+- name: Tomcat playbook
+  hosts: test
+  become: yes
+  become_method: sudo
+  remote_user: root
+  vars:
+    tomcat_ver: 10.0.13
+    ui_manager_user: manager
+    ui_manager_pass: root
+    ui_admin_username: admin
+    ui_admin_pass: root
+  roles:
+    - tomcat
+