Skip to content
Snippets Groups Projects
Commit a3341660 authored by jorge.leitemac's avatar jorge.leitemac :juggling_tone5:
Browse files

ajout du rapport et finalisation + readme

parent 155f25c0
No related branches found
No related tags found
No related merge requests found
No preview for this file type
# ansible_tp3
# Utilisation du playbook
## 1 - Pre-requis et topologie
* un projet gns3 avec la topologie donnée
* le fichier ssh ~/.ssh/config configuré avec les accès aux machines
```python3 script.py <nom_du_projet_gns3>```
* configurer le nom des machines pour ne pas être perdu losqu'on ssh dedans
```./hostnames.sh```
## 2 - Routage et adressage
Lancer la commande suivante pour mettre en place l'infrastructure avec le premier playbook :
```ansible-playbook -i inventaire.ini playbook.yml```
## Getting started
## 3 - Tunnel wireguard et serveur web
Supprimer les clés éventuellement déjà présentes dans les fichiers /hosts/vars/H1/main.yaml et /hosts/vars/H1/main.yaml
To make it easy for you to get started with GitLab, here's a list of recommended next steps.
Lancer les commandes suivantes pour générer les clés Wireguard :
```cd keys```
```sudo ./keys.sh```
```cd ..```
Already a pro? Just edit this README.md and make it your own. Want to make it easy? [Use the template at the bottom](#editing-this-readme)!
## Add your files
- [ ] [Create](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#create-a-file) or [upload](https://docs.gitlab.com/ee/user/project/repository/web_editor.html#upload-a-file) files
- [ ] [Add files using the command line](https://docs.gitlab.com/ee/gitlab-basics/add-file.html#add-a-file-using-the-command-line) or push an existing Git repository with the following command:
```
cd existing_repo
git remote add origin https://gitedu.hesge.ch/jorge.leitemac/ansible_tp3.git
git branch -M main
git push -uf origin main
```
## Integrate with your tools
- [ ] [Set up project integrations](https://gitedu.hesge.ch/jorge.leitemac/ansible_tp3/-/settings/integrations)
## Collaborate with your team
- [ ] [Invite team members and collaborators](https://docs.gitlab.com/ee/user/project/members/)
- [ ] [Create a new merge request](https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html)
- [ ] [Automatically close issues from merge requests](https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically)
- [ ] [Enable merge request approvals](https://docs.gitlab.com/ee/user/project/merge_requests/approvals/)
- [ ] [Automatically merge when pipeline succeeds](https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html)
## Test and Deploy
Use the built-in continuous integration in GitLab.
- [ ] [Get started with GitLab CI/CD](https://docs.gitlab.com/ee/ci/quick_start/index.html)
- [ ] [Analyze your code for known vulnerabilities with Static Application Security Testing(SAST)](https://docs.gitlab.com/ee/user/application_security/sast/)
- [ ] [Deploy to Kubernetes, Amazon EC2, or Amazon ECS using Auto Deploy](https://docs.gitlab.com/ee/topics/autodevops/requirements.html)
- [ ] [Use pull-based deployments for improved Kubernetes management](https://docs.gitlab.com/ee/user/clusters/agent/)
- [ ] [Set up protected environments](https://docs.gitlab.com/ee/ci/environments/protected_environments.html)
***
# Editing this README
When you're ready to make this README your own, just edit this file and use the handy template below (or feel free to structure it however you want - this is just a starting point!). Thank you to [makeareadme.com](https://www.makeareadme.com/) for this template.
## Suggestions for a good README
Every project is different, so consider which of these sections apply to yours. The sections used in the template are suggestions for most open source projects. Also keep in mind that while a README can be too long and detailed, too long is better than too short. If you think your README is too long, consider utilizing another form of documentation rather than cutting out information.
## Name
Choose a self-explaining name for your project.
## Description
Let people know what your project can do specifically. Provide context and add a link to any reference visitors might be unfamiliar with. A list of Features or a Background subsection can also be added here. If there are alternatives to your project, this is a good place to list differentiating factors.
## Badges
On some READMEs, you may see small images that convey metadata, such as whether or not all the tests are passing for the project. You can use Shields to add some to your README. Many services also have instructions for adding a badge.
## Visuals
Depending on what you are making, it can be a good idea to include screenshots or even a video (you'll frequently see GIFs rather than actual videos). Tools like ttygif can help, but check out Asciinema for a more sophisticated method.
## Installation
Within a particular ecosystem, there may be a common way of installing things, such as using Yarn, NuGet, or Homebrew. However, consider the possibility that whoever is reading your README is a novice and would like more guidance. Listing specific steps helps remove ambiguity and gets people to using your project as quickly as possible. If it only runs in a specific context like a particular programming language version or operating system or has dependencies that have to be installed manually, also add a Requirements subsection.
## Usage
Use examples liberally, and show the expected output if you can. It's helpful to have inline the smallest example of usage that you can demonstrate, while providing links to more sophisticated examples if they are too long to reasonably include in the README.
## Support
Tell people where they can go to for help. It can be any combination of an issue tracker, a chat room, an email address, etc.
## Roadmap
If you have ideas for releases in the future, it is a good idea to list them in the README.
## Contributing
State if you are open to contributions and what your requirements are for accepting them.
For people who want to make changes to your project, it's helpful to have some documentation on how to get started. Perhaps there is a script that they should run or some environment variables that they need to set. Make these steps explicit. These instructions could also be useful to your future self.
You can also document commands to lint the code or run tests. These steps help to ensure high code quality and reduce the likelihood that the changes inadvertently break something. Having instructions for running tests is especially helpful if it requires external setup, such as starting a Selenium server for testing in a browser.
## Authors and acknowledgment
Show your appreciation to those who have contributed to the project.
## License
For open source projects, say how it is licensed.
## Project status
If you have run out of energy or time for your project, put a note at the top of the README saying that development has slowed down or stopped completely. Someone may choose to fork your project or volunteer to step in as a maintainer or owner, allowing your project to keep going. You can also make an explicit request for maintainers.
Lancer la commande suivante pour configurer Wireguard et le serveur nginx :
```ansible-playbook -i inventaire.ini pb2.yml --vault-password-file ./secret/vault```
\ No newline at end of file
......@@ -12,19 +12,20 @@ wg_address: "10.0.0.1/24"
wg_allowed_ips: "10.0.0.2/32"
# wg_public_key: "HnS+bLoQh3SaCGWdJpmsZ8RFw1pHbdI3Evl6siSK8xE="
# wg_private_key: "cIbNuSaEecmtwAXC5EeHStZMFROGmSz0N8xp1U5YJHI="
wg_public_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
32366566343264393532393735333738306366646236626331666238333538333234363662633661
3565353131616239303634623039653564363261353662390a313734366534396337626666313664
36376464633130613231343336333661636439666363623665666435613031616435653932666563
6334343764386333610a363961653934383636323763316461393039326365356338613331613236
39633133616334636464396239636633613239356464616664646331383665633838663232656435
6661616436343962373961663239353831333637363866316336
34393937613165616435353565303532613735313766303631303933396131663566336634343434
3233306332373365373365306265373534343762336266310a383665383366323335653065613166
66396539623738666466343665353962306234373931393237636361306138663166633363646664
3230343335623139350a623233373266396364613564313361343235643666626334373964306538
37343165633136663164383930656634323336393334353164346236383732663636313237663363
3561643062656236346439643135393265373265333530656263
wg_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
36386538613435313833313130343535303939393035303461653965353865653637356565393838
3330383037383863653334323132363965383161326261300a316464346437646630313133656264
35333266373664366639316139366665623837383961353562343964343963323736643362663864
3739393964613464300a386466366363653430353133626339393234396435376563306430316462
31626234353736343361613137373839643763313939623235656633376462393936643264636364
3339393165336336633265616236613931343433343263376631
66653937343433633665336638376433636232666231613264363835333133646664666263353065
3030313738396432366235303932373866326337376136380a356638386631663166646666646138
64353437333162346661623132383361356535383730343166653037656135323665643061633032
6135313561643138620a383633396636316230326536616465386134323733336164363630396637
31626662343230383138626361646638373964323637396130303363326234633531353435366633
6164323764336164386466613137303261616633336438383064
......@@ -19,17 +19,17 @@ wg_allowed_ips: "10.0.0.1/32"
# wg_private_key: "MEKxxaXkS0IvBZpaURwex3Cc+C/V3q2akVbkKp69BGw="
wg_public_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
32316564363031383130626339666436353031666363626663383238636662323465656265396634
6665616236306130646163636265646338343637663238650a303066643861613731646336383938
36333765633763383263633832366333313732373231376265383531326435313635353333663037
6138323433366563650a646437363636616436316131303935343462666462636535386462623633
38353766613133376233383331623765626536336464376365396230396364646231373664323831
3139366363656263666630346465623935613235316266313736
37333032313061653762313964363930346632326630373332643833613564313930613261663036
6532313363393961666134353338653431626231326639660a396665633765383733313133663661
63313132323262343139343865333264343162336434633236366664396665616338616239323035
6431396136643366360a313634326331353330383638306465303236303334616531633565613136
64323538316664623430373363353564346339316561326433366232313732643331396361376263
3337356466643331306635383661623736363666386162383166
wg_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
39363136613135356563613439336436346334356132643339396632303736626262313931306632
6537663233306431313838313361663232636535353764620a616337323834333266636539303032
36326535346466336630333162383362353837656566656162663338666162616230643531613862
3639353865636162350a326436366666306332643831366435396462353564633634333433303761
64313632396131333131373435653637653138613738383937313632343730363330356336613161
3561363630636432366163393838363530656431386435303033
61303036396337373163343736363733366138363764313765353363623761306536383063376332
3666643038653763353934303339653530393930623030620a353331613132656438646533623065
30356561313238356139613839633439636165633266376331323066333339623663663961306139
3061643061333965640a363566623239663332396335373730646364626365363263303734323439
34346530353233346665336633663565623935353431656561616363323332616366343138356363
3332333963383434636637303430613164613065336331393338
......@@ -8,21 +8,20 @@ wg pubkey < privkey1 > pubkey1
wg pubkey < privkey2 > pubkey2
echo $(cat pubkey1) | ansible-vault encrypt_string --vault-password-file ../secret/vault --name 'pubkey1' > pubkey1_crypt
echo $(cat privkey1) | ansible-vault encrypt_string --vault-password-file ../secret/vault --name 'privkey1' > privkey1_crypt
echo $(cat pubkey1) | ansible-vault encrypt_string --vault-password-file ./secret/vault --name 'pubkey1' > pubkey1_crypt
echo $(cat privkey1) | ansible-vault encrypt_string --vault-password-file ./secret/vault --name 'privkey1' > privkey1_crypt
echo $(cat pubkey2) | ansible-vault encrypt_string --vault-password-file ./secret/vault --name 'pubkey2' > pubkey2_crypt
echo $(cat privkey2) | ansible-vault encrypt_string --vault-password-file ./secret/vault --name 'privkey2' > privkey2_crypt
echo $(cat pubkey2) | ansible-vault encrypt_string --vault-password-file ../secret/vault --name 'pubkey2' > pubkey2_crypt
echo $(cat privkey2) | ansible-vault encrypt_string --vault-password-file ../secret/vault --name 'privkey2' > privkey2_crypt
#
# # ajouter les clés dans le fichier de variables /hosts/vars/main.yml
# echo un retour a la ligne dans /hosts/vars/H1/main.yml
echo "" >> hosts/vars/H1/main.yaml
echo "wg_public_key: $(cat pubkey2_crypt)" >> hosts/vars/H1/main.yaml
echo "wg_private_key: $(cat privkey1_crypt)" >> hosts/vars/H1/main.yaml
echo "" >> ../hosts/vars/H1/main.yaml
echo "wg_public_key: $(cat pubkey2_crypt)" >> ../hosts/vars/H1/main.yaml
echo "wg_private_key: $(cat privkey1_crypt)" >> ../hosts/vars/H1/main.yaml
echo "" >> hosts/vars/H2/main.yaml
echo "wg_public_key: $(cat pubkey1_crypt)" >> hosts/vars/H2/main.yaml
echo "wg_private_key: $(cat privkey2_crypt)" >> hosts/vars/H2/main.yaml
echo "" >> ../hosts/vars/H2/main.yaml
echo "wg_public_key: $(cat pubkey1_crypt)" >> ../hosts/vars/H2/main.yaml
echo "wg_private_key: $(cat privkey2_crypt)" >> ../hosts/vars/H2/main.yaml
OODtib0PghBfSvQoBi5qPhZFBtVZyQNlfhZG/Kkfm3Q=
!vault |
$ANSIBLE_VAULT;1.1;AES256
66653937343433633665336638376433636232666231613264363835333133646664666263353065
3030313738396432366235303932373866326337376136380a356638386631663166646666646138
64353437333162346661623132383361356535383730343166653037656135323665643061633032
6135313561643138620a383633396636316230326536616465386134323733336164363630396637
31626662343230383138626361646638373964323637396130303363326234633531353435366633
6164323764336164386466613137303261616633336438383064
\ No newline at end of file
KJzNd1dMbCrklvsEm0p6skkJgCXcEgZGxfBj1Hzo5kI=
!vault |
$ANSIBLE_VAULT;1.1;AES256
61303036396337373163343736363733366138363764313765353363623761306536383063376332
3666643038653763353934303339653530393930623030620a353331613132656438646533623065
30356561313238356139613839633439636165633266376331323066333339623663663961306139
3061643061333965640a363566623239663332396335373730646364626365363263303734323439
34346530353233346665336633663565623935353431656561616363323332616366343138356363
3332333963383434636637303430613164613065336331393338
\ No newline at end of file
sDIdKGtXsPDEfGPpB7dD9X8I5Rbtkd6V601hnSgLJUM=
!vault |
$ANSIBLE_VAULT;1.1;AES256
37333032313061653762313964363930346632326630373332643833613564313930613261663036
6532313363393961666134353338653431626231326639660a396665633765383733313133663661
63313132323262343139343865333264343162336434633236366664396665616338616239323035
6431396136643366360a313634326331353330383638306465303236303334616531633565613136
64323538316664623430373363353564346339316561326433366232313732643331396361376263
3337356466643331306635383661623736363666386162383166
\ No newline at end of file
V1qBuMWXug8zM1y3sjyelXeteU8xJ/yCJJUlddeTayc=
!vault |
$ANSIBLE_VAULT;1.1;AES256
34393937613165616435353565303532613735313766303631303933396131663566336634343434
3233306332373365373365306265373534343762336266310a383665383366323335653065613166
66396539623738666466343665353962306234373931393237636361306138663166633363646664
3230343335623139350a623233373266396364613564313361343235643666626334373964306538
37343165633136663164383930656634323336393334353164346236383732663636313237663363
3561643062656236346439643135393265373265333530656263
\ No newline at end of file
---
# Installation des paquets
- name: Installer les paquets
hosts: hosts
become: yes
......@@ -40,15 +41,13 @@
state: restarted
# Configuration de wireguard
- name: Configurer wireguard
hosts: hosts
become: yes
vars_files:
- hosts/vars/{{ inventory_hostname }}/main.yaml
tasks:
# Configurer le tunnel WireGuard
- name: Configurer le tunnel WireGuard
template:
src: templates/wg0.conf.j2
......@@ -63,12 +62,13 @@
notify: Restart WireGuard
handlers:
# Redémarrer le tunnel WireGuard
- name: Restart WireGuard
ansible.builtin.service:
name: wg-quick@wg0
state: restarted
# Configuration du serveur web
- name: Configurer le serveur web
hosts: H2
become: yes
......@@ -93,12 +93,12 @@
notify: Restart Nginx
handlers:
# Redémarrer Nginx
- name: Restart Nginx
ansible.builtin.service:
name: nginx
state: restarted
# Test de connexion avec curl
- name: Curl de H1
hosts: H2
become: yes
......
4FjMCDeakKq/RzOwrcu9AkgApMPvXmef5DXrRJFpGlc=
!vault |
$ANSIBLE_VAULT;1.1;AES256
36386538613435313833313130343535303939393035303461653965353865653637356565393838
3330383037383863653334323132363965383161326261300a316464346437646630313133656264
35333266373664366639316139366665623837383961353562343964343963323736643362663864
3739393964613464300a386466366363653430353133626339393234396435376563306430316462
31626234353736343361613137373839643763313939623235656633376462393936643264636364
3339393165336336633265616236613931343433343263376631
\ No newline at end of file
SEg3VBImzrtbRm2RRsC3JQzEb+gvEOg4zpOcj5h2TEw=
!vault |
$ANSIBLE_VAULT;1.1;AES256
39363136613135356563613439336436346334356132643339396632303736626262313931306632
6537663233306431313838313361663232636535353764620a616337323834333266636539303032
36326535346466336630333162383362353837656566656162663338666162616230643531613862
3639353865636162350a326436366666306332643831366435396462353564633634333433303761
64313632396131333131373435653637653138613738383937313632343730363330356336613161
3561363630636432366163393838363530656431386435303033
\ No newline at end of file
Jcrurk2yydkRn5+n1/UhkDzyaQSedEcI7IxJGw8uLjY=
!vault |
$ANSIBLE_VAULT;1.1;AES256
32316564363031383130626339666436353031666363626663383238636662323465656265396634
6665616236306130646163636265646338343637663238650a303066643861613731646336383938
36333765633763383263633832366333313732373231376265383531326435313635353333663037
6138323433366563650a646437363636616436316131303935343462666462636535386462623633
38353766613133376233383331623765626536336464376365396230396364646231373664323831
3139366363656263666630346465623935613235316266313736
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment