ajout AP4*

AP4/Mission1/glpi.yml

@@ -0,0 +1,8 @@
+- name: Playbook pour glpi
+  hosts: onfinfra
+    #  become: yes
+    #  become_method: sudo
+    #  become_user: root
+
+  roles:
+    - glpi

AP4/Mission1/onfarbo44.yml

@@ -0,0 +1,10 @@
+- name: Playbook pour onfarbo
+  hosts: onfarbo 
+    #  become: yes
+    #  become_method: sudo
+    #  become_user: root
+  
+  roles:
+    - bdd
+    - dokuwiki
+    - goss

AP4/Mission1/roles/bdd/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart apache
+  service:
+    name: apache2
+    state: restarted

AP4/Mission1/roles/bdd/tasks/main.yml

@@ -0,0 +1,56 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: installation des utilitaires
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: Create a symbolic link
+  ansible.builtin.file:
+    src: /usr/share/adminer/adminer
+    dest: /var/www/html/adminer
+#    owner: 
+#    group: 
+    state: link
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/"
+
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify: restart apache

AP4/Mission1/roles/bdd/vars/main.yml

@@ -0,0 +1 @@
+alias: "Alias /adminer.php /usr/share/adminer/adminer.php"

AP4/Mission1/roles/dokuwiki/files/dokuwiki.sh

@@ -0,0 +1,19 @@
+chemin=/var/www/html/doku
+
+apt install -y apache2 php php-mbstring php-gd php-xml
+cd /root
+[ -r dokuwiki-stable.tgz ] || wget http://depl/store/dokuwiki-stable.tgz
+
+if [ $? !=0 ]; then
+	echo "$0 : erreurwget" 1>&2
+	exit 1
+fi
+tar xvfz dokuwiki-stable.tgz
+[ -d "${chemin}" ] || mkdir "${chemin}"
+
+cp -a dokuwiki-2020-07-29/* "${chemin}"
+cd "${chemin}"
+chown -R root:root .
+chmod -R 755 .
+chown -R www-data:www-data data lib conf
+exit 0

AP4/Mission1/roles/dokuwiki/tasks/main.yml

@@ -0,0 +1,26 @@
+- name: Création du dossier DokuWiki
+  tags: createfile
+  file:
+    path: /root/dokuwiki
+    state: directory
+    mode: 0755
+
+- name: copie du fichier script d'install de dokuwiki
+  tags: sh
+  copy:
+    src: dokuwiki.sh
+    dest: /root/dokuwiki
+
+- name: On rend exécutable le script d'install
+  tags: chmod
+  file:
+    path: /root/dokuwiki/dokuwiki.sh
+    mode: 0755
+
+- name: exécution du script d'install de dokuwiki
+  tags: exec
+  command: bash /root/dokuwiki/dokuwiki.sh
+
+- name: Message d'information pour dokuwiki
+  tags: msg2
+  debug: msg="Le dokuwiki devra être installer depuis l'adresse http://onfarbo44/doku/install.php"

AP4/Mission1/roles/glpi/files/apache2.conf

@@ -0,0 +1,231 @@
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See http://httpd.apache.org/docs/2.4/ for detailed information about
+# the directives and /usr/share/doc/apache2/README.Debian about Debian specific
+# hints.
+#
+#
+# Summary of how the Apache 2 configuration works in Debian:
+# The Apache 2 web server configuration in Debian is quite different to
+# upstream's suggested way to configure the web server. This is because Debian's
+# default Apache2 installation attempts to make adding and removing modules,
+# virtual hosts, and extra configuration directives as flexible as possible, in
+# order to make automating the changes and administering the server as easy as
+# possible.
+
+# It is split into several files forming the configuration hierarchy outlined
+# below, all located in the /etc/apache2/ directory:
+#
+#	/etc/apache2/
+#	|-- apache2.conf
+#	|	`--  ports.conf
+#	|-- mods-enabled
+#	|	|-- *.load
+#	|	`-- *.conf
+#	|-- conf-enabled
+#	|	`-- *.conf
+# 	`-- sites-enabled
+#	 	`-- *.conf
+#
+#
+# * apache2.conf is the main configuration file (this file). It puts the pieces
+#   together by including all remaining configuration files when starting up the
+#   web server.
+#
+# * ports.conf is always included from the main configuration file. It is
+#   supposed to determine listening ports for incoming connections which can be
+#   customized anytime.
+#
+# * Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
+#   directories contain particular configuration snippets which manage modules,
+#   global configuration fragments, or virtual host configurations,
+#   respectively.
+#
+#   They are activated by symlinking available configuration files from their
+#   respective *-available/ counterparts. These should be managed by using our
+#   helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
+#   their respective man pages for detailed information.
+#
+# * The binary is called apache2. Due to the use of environment variables, in
+#   the default configuration, apache2 needs to be started/stopped with
+#   /etc/init.d/apache2 or apache2ctl. Calling /usr/bin/apache2 directly will not
+#   work with the default configuration.
+
+
+# Global configuration
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the Mutex documentation (available
+# at <URL:http://httpd.apache.org/docs/2.4/mod/core.html#mutex>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+#ServerRoot "/etc/apache2"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+#Mutex file:${APACHE_LOCK_DIR} default
+
+#
+# The directory where shm and other runtime files will be stored.
+#
+
+DefaultRuntimeDir ${APACHE_RUN_DIR}
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+# This needs to be set in /etc/apache2/envvars
+#
+PidFile ${APACHE_PID_FILE}
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 5
+
+
+# These need to be set in /etc/apache2/envvars
+User ${APACHE_RUN_USER}
+Group ${APACHE_RUN_GROUP}
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog ${APACHE_LOG_DIR}/error.log
+
+#
+# LogLevel: Control the severity of messages logged to the error_log.
+# Available values: trace8, ..., trace1, debug, info, notice, warn,
+# error, crit, alert, emerg.
+# It is also possible to configure the log level for particular modules, e.g.
+# "LogLevel info ssl:warn"
+#
+LogLevel warn
+
+# Include module configuration:
+IncludeOptional mods-enabled/*.load
+IncludeOptional mods-enabled/*.conf
+
+# Include list of ports to listen on
+Include ports.conf
+
+
+# Sets the default security model of the Apache2 HTTPD server. It does
+# not allow access to the root filesystem outside of /usr/share and /var/www.
+# The former is used by web applications packaged in Debian,
+# the latter may be used for local directories served by the web server. If
+# your system is serving content from a sub-directory in /srv you must allow
+# access here, or in any related virtual host.
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+	Require all denied
+</Directory>
+
+<Directory /usr/share>
+	AllowOverride None
+	Require all granted
+</Directory>
+
+<Directory /var/www/>
+	Options Indexes FollowSymLinks
+	AllowOverride None
+	Require all granted
+</Directory>
+
+<Directory /var/www/html>
+AllowOverride All
+</Directory>
+
+#<Directory /srv/>
+#	Options Indexes FollowSymLinks
+#	AllowOverride None
+#	Require all granted
+#</Directory>
+
+
+
+
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<FilesMatch "^\.ht">
+	Require all denied
+</FilesMatch>
+
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive.
+#
+# These deviate from the Common Log Format definitions in that they use %O
+# (the actual bytes sent including headers) instead of %b (the size of the
+# requested file), because the latter makes it impossible to detect partial
+# requests.
+#
+# Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
+# Use mod_remoteip instead.
+#
+LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# Include of directories ignores editors' and dpkg's backup files,
+# see README.Debian for details.
+
+# Include generic snippets of statements
+IncludeOptional conf-enabled/*.conf
+
+# Include the virtual host configurations:
+IncludeOptional sites-enabled/*.conf
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

AP4/Mission1/roles/glpi/tasks/main.yml

@@ -0,0 +1,56 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: installation des utilitaires
+  tags: utils
+  apt:
+    name:
+      - apache2
+      - php
+      - php-common
+      - libapache2-mod-php
+      - php-cli
+      - php-xml
+      - php-mysql
+      - php-curl
+      - mariadb-server
+      - adminer
+      - python3-pymysql
+    state: present
+
+- name: Create a symbolic link
+  ansible.builtin.file:
+    src: /usr/share/adminer/adminer
+    dest: /var/www/html/adminer
+#    owner: 
+#    group: 
+    state: link
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/"
+
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify: restart apache

AP4/Mission1/roles/glpi/tasks/main.yml.save

@@ -0,0 +1,74 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: installation des utilitaires
+  tags: utils
+  apt:
+    name:
+      - mysql-server
+      - mysql-client
+      - apache2
+      - php7.4
+      - php-7.4-mysql
+      - libapache2-mod-php7.4
+      - php7.4-json
+      - php7.4-cli
+      - php7.4-xml
+      - php-cas
+      - php7.4-mbstring
+      - php7.4-curl
+      - php7.4-gd
+      - php7.4-imap
+      - php7.4-ldap
+      - php7.4-xmlrpc
+      - php-apcu
+    state: present
+
+- name: Création de la BDD GLPI
+  tags: glpi
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: glpi
+
+- name: Création de l'utilisateur glpi sur mysql
+  tags: user
+  mysql_user:
+    name: glpi
+    password: glpi
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Enable the Apache2 module wsgi
+  community.general.apache2_module:
+    state: present
+    name: rewrite
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/"
+
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify: restart apache

AP4/Mission1/roles/glpi/tasks/main.yml.save.1

@@ -0,0 +1,74 @@
+- name: apt update
+  tags: update
+  apt:
+    update-cache: yes
+    cache_valid_time: 3600
+
+- name: installation des utilitaires
+  tags: utils
+  apt:
+    name:
+      - mysql-server
+      - mysql-client
+      - apache2
+      - php7.4
+      - php-7.4-mysql
+      - libapache2-mod-php7.4
+      - php7.4-json
+      - php7.4-cli
+      - php7.4-xml
+      - php-cas
+      - php7.4-mbstring
+      - php7.4-curl
+      - php7.4-gd
+      - php7.4-imap
+      - php7.4-ldap
+      - php7.4-xmlrpc
+      - php-apcu
+    state: present
+
+- name: Création de la BDD GLPI
+  tags: glpi
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: glpi
+
+- name: Création de l'utilisateur glpi sur mysql
+  tags: user
+  mysql_user:
+    name: glpi
+    password: glpi
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Enable the Apache2 module wsgi
+  community.general.apache2_module:
+    state: present
+    name: rewrite
+
+- name: Message d'information
+  tags: msg
+  debug: msg="Adminer sera accessible depuis l'adresse http://onfarbo44/adminer/"
+
+- name: On démarre MariaDB
+  tags: mariadb
+  service:
+    name: mysql
+    state: started
+
+- name: Création de la BDD bdarbre
+  tags: bdarbre
+  mysql_db:
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    name: bdarbre
+
+- name: Création de l'utilisateur slam
+  tags: user
+  mysql_user:
+    name: slam
+    password: Azerty1+
+    priv: '*.*:ALL,GRANT'
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+  notify: restart apache

AP4/Mission1/roles/goss/files/install

@@ -0,0 +1,48 @@
+#!/bin/sh
+
+{
+set -e
+
+LATEST_URL="https://github.com/aelsabbahy/goss/releases/latest"
+LATEST_EFFECTIVE=$(curl -s -L -o /dev/null ${LATEST_URL} -w '%{url_effective}')
+LATEST=${LATEST_EFFECTIVE##*/}
+
+DGOSS_VER=$GOSS_VER
+
+if [ -z "$GOSS_VER" ]; then
+    GOSS_VER=${GOSS_VER:-$LATEST}
+    DGOSS_VER='master'
+fi
+if [ -z "$GOSS_VER" ]; then
+    echo "ERROR: Could not automatically detect latest version, set GOSS_VER env var and re-run"
+    exit 1
+fi
+GOSS_DST=${GOSS_DST:-/usr/local/bin}
+INSTALL_LOC="${GOSS_DST%/}/goss"
+DGOSS_INSTALL_LOC="${GOSS_DST%/}/dgoss"
+touch "$INSTALL_LOC" || { echo "ERROR: Cannot write to $GOSS_DST set GOSS_DST elsewhere or use sudo"; exit 1; }
+
+arch=""
+if [ "$(uname -m)" = "x86_64" ]; then
+    arch="amd64"
+elif [ "$(uname -m)" = "aarch64" ]; then
+    arch="arm"
+else
+    arch="386"
+fi
+
+url="https://github.com/aelsabbahy/goss/releases/download/$GOSS_VER/goss-linux-$arch"
+
+echo "Downloading $url"
+curl -L "$url" -o "$INSTALL_LOC"
+chmod +rx "$INSTALL_LOC"
+echo "Goss $GOSS_VER has been installed to $INSTALL_LOC"
+echo "goss --version"
+"$INSTALL_LOC" --version
+
+dgoss_url="https://raw.githubusercontent.com/aelsabbahy/goss/$DGOSS_VER/extras/dgoss/dgoss"
+echo "Downloading $dgoss_url"
+curl -L "$dgoss_url" -o "$DGOSS_INSTALL_LOC"
+chmod +rx "$DGOSS_INSTALL_LOC"
+echo "dgoss $DGOSS_VER has been installed to $DGOSS_INSTALL_LOC"
+}

AP4/Mission1/roles/goss/tasks/main.yml

@@ -0,0 +1,5 @@
+- name: Telechargement de goss
+  get_url:
+    url: http://depl/store/goss
+    dest: /usr/local/bin/goss
+    mode: '0750'

Mission1/Syslog/rsyslogprod.conf

@@ -0,0 +1,95 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="517")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+
+
+*.*     @10.121.38.35:517

Mission1/Syslog/rsyslogwiki.conf

@@ -0,0 +1,94 @@
+# /etc/rsyslog.conf configuration file for rsyslog
+#
+# For more information install rsyslog-doc and see
+# /usr/share/doc/rsyslog-doc/html/configuration/index.html
+
+
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+# provides UDP syslog reception
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# provides TCP syslog reception
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+#
+# Use traditional timestamp format.
+# To enable high precision timestamps, comment out the following line.
+#
+$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
+
+#
+# Set the default permissions for all log files.
+#
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+#
+# Include all config files in /etc/rsyslog.d/
+#
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+
+#
+# First some standard log files.  Log by facility.
+#
+auth,authpriv.*			/var/log/auth.log
+*.*;auth,authpriv.none		-/var/log/syslog
+#cron.*				/var/log/cron.log
+daemon.*			-/var/log/daemon.log
+kern.*				-/var/log/kern.log
+lpr.*				-/var/log/lpr.log
+mail.*				-/var/log/mail.log
+user.*				-/var/log/user.log
+
+#
+# Logging for the mail system.  Split it up so that
+# it is easy to write scripts to parse these files.
+#
+mail.info			-/var/log/mail.info
+mail.warn			-/var/log/mail.warn
+mail.err			/var/log/mail.err
+
+#
+# Some "catch-all" log files.
+#
+*.=debug;\
+	auth,authpriv.none;\
+	mail.none		-/var/log/debug
+*.=info;*.=notice;*.=warn;\
+	auth,authpriv.none;\
+	cron,daemon.none;\
+	mail.none		-/var/log/messages
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
+
+*.*        10.121.38.35:514

Mission1/goss-wiki/goss.yaml

@@ -0,0 +1,38 @@
+package:
+  git:
+    installed: true
+    versions:
+    - 1:2.30.2-1
+  snmpd:
+    installed: true
+    versions:
+    - 5.9+dfsg-3+b1
+  ssh:
+    installed: true
+    versions:
+    - 1:8.4p1-5
+service:
+  apache2:
+    enabled: true
+    running: true
+  ssh:
+    enabled: true
+    running: false
+group:
+  ssh:
+    exists: true
+    gid: 108
+interface:
+  eth0:
+    exists: true
+    addrs:
+    - 10.121.38.75/24
+    - fe80::5877:9eff:fef2:d478/64
+    mtu: 1500
+http:
+  http://10.121.38.75/dokuwiki:
+    status: 200
+    allow-insecure: false
+    no-follow-redirects: false
+    timeout: 5000
+    body: []

Mission2/ansible/hosts

@@ -0,0 +1,9 @@
+[localhost]
+localhost
+
+[test]
+tomcattest
+
+[proxsrv]
+10.121.38.65
+

Mission2/ansible/ppebase.yml

@@ -0,0 +1,14 @@
+---
+- name: Tomcat & MariaDB installation playbook
+  hosts: test
+  become: yes
+  become_method: sudo
+  remote_user: root
+  vars:
+    tomcat_ver: 10.0.13
+    ui_manager_user: manager
+    ui_manager_pass: root
+    ui_admin_username: admin
+    ui_admin_pass: root
+  roles:
+    - InstallTomcatMariaDB

Mission2/ansible/ppedb.yml

@@ -0,0 +1,9 @@
+---
+- name: MariaDB création de compte et injection BDD playbook
+  hosts: test
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - mysql

Mission2/ansible/ppedump.yml

@@ -0,0 +1,10 @@
+---
+- name: mysql dump playbook
+  hosts: test
+  become: yes
+  become_method: sudo
+  remote_user: root
+
+  roles:
+    - mysql_dump
+

Mission2/ansible/roles/InstallTomcatMariaDB/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+tomcat_archive_url: https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.13/bin/apache-tomcat-10.0.13.tar.gz
+tomcat_archive_dest: /tmp/apache-tomcat-{{ tomcat_ver }}.tar.gz

Mission2/ansible/roles/InstallTomcatMariaDB/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart tomcat
+  service:
+    name: tomcat
+    state: restarted

Mission2/ansible/roles/InstallTomcatMariaDB/tasks/main.yaml

@@ -0,0 +1,8 @@
+---
+- name: Add the OS specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml"
+    - "{{ ansible_os_family }}.yml"
+
+- include_tasks: "tomcat-mariadb-install.yml"

Mission2/ansible/roles/InstallTomcatMariaDB/tasks/tomcat-mariadb-install.yml

@@ -0,0 +1,104 @@
+- name: S'assurer que le système utilise le port HTTPS pour APT.
+  stat:
+    path: /usr/lib/apt/methods/https
+  register: apt_https_transport
+
+- name: Installation APT HTTPS transport.
+  apt:
+    name: "apt-transport-https"
+    state: present
+    update_cache: yes
+  when: not apt_https_transport.stat.exists
+
+- name: Installation packages basique
+  package:
+    name: ['vim','aptitude','bash-completion','tmux','tree','htop','wget','unzip','curl','git','python']
+    state: present
+    update_cache: yes
+
+- name: Installation Java (Debian/Ubuntu)
+  apt:
+    name: default-jdk
+    state: present
+
+- name: Ajout tomcat dans un groupe
+  group:
+    name: tomcat
+
+- name: Ajout "tomcat" au user
+  user:
+    name: tomcat
+    group: tomcat
+    home: /usr/share/tomcat
+    createhome: no
+    system: yes
+
+- name: Installation Tomcat
+  get_url:
+    url: "https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.14/bin/apache-tomcat-10.0.14.tar.gz"
+    dest: "{{ tomcat_archive_dest }}"
+
+- name: Création du répertoire tomcat
+  file:
+    path: /usr/share/tomcat
+    state: directory
+    owner: tomcat
+    group: tomcat
+
+- name: Extraction archive de tomcat
+  unarchive:
+    src: "{{ tomcat_archive_dest }}"
+    dest: /usr/share/tomcat
+    owner: tomcat
+    group: tomcat
+    remote_src: yes
+    extra_opts: "--strip-components=1"
+    creates: /usr/share/tomcat/bin
+
+- name: Copie tomcat fichier service
+  template:
+    src: templates/tomcat.service.j2
+    dest: /etc/systemd/system/tomcat.service
+  when: ansible_service_mgr == "systemd"
+
+- name: Démarrer et activer tomcat
+  service:
+    daemon_reload: yes
+    name: tomcat
+    state: started
+    enabled: yes
+  when: ansible_service_mgr == "systemd"
+- name: Définir l'accès a l'interface utilisateur authentifié
+  template:
+    src: tomcat-users.xml.j2
+    dest: /usr/share/tomcat/conf/tomcat-users.xml
+  notify: restart tomcat
+
+- name: Autoriser l'accès aux applications du gestionnaire et gestionnaire d'hote sur n'importe qu'elle IP 
+  template:
+    src: context.xml.j2 
+    dest: "{{ item }}"
+  with_items:
+    - /usr/share/tomcat/webapps/host-manager/META-INF/context.xml
+    - /usr/share/tomcat/webapps/manager/META-INF/context.xml
+  notify: restart tomcat
+
+- name: "MYSQL - update cache"
+  apt:
+    update_cache: yes
+
+- name: "MYSQL - installation"
+  apt:
+    name: mariadb-server
+    state: latest
+
+- name: "PYTHON3 - installation"
+  apt:
+    name: python3-pymysql
+    state: latest
+
+- name: "MYSQL - démarrage de mysql"
+  service:
+    name: "mysqld"
+    state: started
+    enabled: yes

Mission2/ansible/roles/InstallTomcatMariaDB/templates/context.xml.j2

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<Context antiResourceLocking="false" privileged="true" >
+</Context>

Mission2/ansible/roles/InstallTomcatMariaDB/templates/tomcat-users.xml.j2

@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<tomcat-users xmlns="http://tomcat.apache.org/xml"
+              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
+              version="1.0">
+<!--
+  NOTE:  By default, no user is included in the "manager-gui" role required
+  to operate the "/manager/html" web application.  If you wish to use this app,
+  you must define such a user - the username and password are arbitrary. It is
+  strongly recommended that you do NOT use one of the users in the commented out
+  section below since they are intended for use with the examples web
+  application.
+-->
+<!--
+  NOTE:  The sample user and role entries below are intended for use with the
+  examples web application. They are wrapped in a comment and thus are ignored
+  when reading this file. If you wish to configure these users for use with the
+  examples web application, do not forget to remove the <!.. ..> that surrounds
+  them. You will also need to set the passwords to something appropriate.
+-->
+<!-- user manager can access only manager section -->
+<role rolename="manager-gui" />
+<user username="{{ ui_manager_user }}" password="{{ ui_manager_pass }}" roles="manager-gui" />
+
+<!-- user admin can access manager and admin section both -->
+<role rolename="admin-gui" />
+<user username="{{ ui_admin_username }}" password="{{ ui_admin_pass }}" roles="manager-gui,admin-gui" />
+</tomcat-users>
+

Mission2/ansible/roles/InstallTomcatMariaDB/templates/tomcat.service.j2

@@ -0,0 +1,22 @@
+[Unit]
+Description=Tomcat
+After=syslog.target network.target
+
+[Service]
+Type=forking
+
+User=tomcat
+Group=tomcat
+
+Environment=JAVA_HOME={{ JAVA_HOME }}
+Environment='JAVA_OPTS=-Djava.awt.headless=true'
+
+Environment=CATALINA_HOME=/usr/share/tomcat
+Environment=CATALINA_BASE=/usr/share/tomcat
+Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
+
+ExecStart=/usr/share/tomcat/bin/catalina.sh start
+ExecStop=/usr/share/tomcat/bin/catalina.sh stop
+
+[Install]
+WantedBy=multi-user.target

Mission2/ansible/roles/InstallTomcatMariaDB/vars/Debian.yml

@@ -0,0 +1,2 @@
+---
+JAVA_HOME: /usr/lib/jvm/default-java

Mission2/ansible/roles/mysql/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart mariadb
+  service:
+    name: mariadb
+    state: restarted
+

Mission2/ansible/roles/mysql/tasks/main.yml

@@ -0,0 +1,29 @@
+---
+- name: "MYSQL - creation base de données"
+  community.mysql.mysql_db:
+    name: sdis29
+    state: present
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+    check_implicit_admin: yes
+
+- name: "MYSQL - creation utilisateur"
+  mysql_user:
+    name: "dev"
+    password: "Azerty1+"
+    priv: "*.*:ALL"
+    host: "localhost"
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: copie de la base de donnée
+  copy:
+    src: ~/sauvegarde/sql/sdis29-dump.sql
+    dest: /tmp/
+
+- name: Importation de la base de données
+  mysql_db:
+    name: sdis29
+    state: import
+    target: /tmp/sdis29.sql
+    login_user: dev
+    login_password: Azerty1+
+    login_unix_socket: /var/run/mysqld/mysqld.sock

Mission2/ansible/roles/mysql/vars/debian.yml

@@ -0,0 +1,12 @@
+mariadb_packages:
+  - mariadb-server
+  - mariadb-common
+  - python-mysqldb
+  - python-openssl
+repo_software_package:
+  - software-properties-common 
+  - dirmngr
+  - apt-transport-https
+key_url: "https://mariadb.org/mariadb_release_signing_key.asc"
+repo_deb: deb [arch=amd64] https://mirror.klaus-uwe.me/mariadb/repo/10.4/debian
+mariadb_socket: /run/mysqld/mysqld.sock

Mission2/ansible/roles/mysql_dump/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart mysqld
+  ansible.builtin.service:
+    name: mysqld
+    state: restarted

Mission2/ansible/roles/mysql_dump/tasks/main.yml

@@ -0,0 +1,15 @@
+- name: exportation de la base de données
+  mysql_db:
+    name: sdis29
+    state: dump
+    target: /tmp/sdis29-dump.sql
+    login_user: dev
+    login_password: Azerty1+
+    login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: importation du dump de la base de donnée
+  ansible.builtin.fetch:
+    src: /tmp/sdis29-dump.sql
+    dest: /root/sauvegarde/sql/
+    flat: yes
+