Update client role

author: Matthieu Saulnier <fantom@fedoraproject.org> 2018-11-01 07:47:48 +0100
committer: Matthieu Saulnier <fantom@fedoraproject.org> 2018-11-01 07:47:48 +0100
commit: b30d661dd76988ad4213a8c4a822f51125d6dc48 (patch)
tree: 8a406ca0f75201bf498ec93dfd4159f4853d16e7
parent: 70a98118cefc95c3fc131a9a9029c61153d9766e (diff)
download: playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.tar.gz
playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.tar.xz
playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.zip
20 files changed, 260 insertions, 0 deletions
diff --git a/roles/clients/files/arp-poisoning-eno1.service b/roles/clients/files/arp-poisoning-eno1.service
new file mode 100644
index 0000000..81ff551
--- /dev/null
+++ b/roles/clients/files/arp-poisoning-eno1.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=ARP Cache poisoning iface eno1
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+# Note you need to escape percentage sign
+ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);ettercap -TQ -i eno1 -w /mnt/lv3/passerelle-dump/fwd-eno1-$VERSION.cap -M arp:remote /192.168.0.254// /192.168.0.1-24//"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/arp-poisoning-enp6s0.service b/roles/clients/files/arp-poisoning-enp6s0.service
new file mode 100644
index 0000000..65963be
--- /dev/null
+++ b/roles/clients/files/arp-poisoning-enp6s0.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=ARP Cache poisoning iface enp6s0
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+# Note you need to escape percentage sign
+ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);ettercap -TQ -i enp6s0 -w /mnt/lv3/passerelle-dump/fwd-enp6s0-$VERSION.cap -M arp:remote /192.168.0.254// /192.168.0.1-24//"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/arp-watcher-eno1.service b/roles/clients/files/arp-watcher-eno1.service
new file mode 100644
index 0000000..2252818
--- /dev/null
+++ b/roles/clients/files/arp-watcher-eno1.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=ARP Watcher iface eno1
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=forking
+# Note you need to escape percentage sign
+ExecStart=/usr/sbin/arpwatch -i eno1
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/arp-watcher-enp6s0.service b/roles/clients/files/arp-watcher-enp6s0.service
new file mode 100644
index 0000000..e1352aa
--- /dev/null
+++ b/roles/clients/files/arp-watcher-enp6s0.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=ARP Watcher iface enp6s0
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=forking
+# Note you need to escape percentage sign
+ExecStart=/usr/sbin/arpwatch -i enp6s0
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/capslock-led-heartbeat.service b/roles/clients/files/capslock-led-heartbeat.service
new file mode 100644
index 0000000..5e0c765
--- /dev/null
+++ b/roles/clients/files/capslock-led-heartbeat.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Set capslock LED to heartbeat
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/local/bin/set-capslock-led-heartbeat.sh
+ExecStop=/usr/local/bin/unset-capslock-led-heartbeat.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/dnf-makecache.timer b/roles/clients/files/dnf-makecache.timer
new file mode 100644
index 0000000..4798691
--- /dev/null
+++ b/roles/clients/files/dnf-makecache.timer
@@ -0,0 +1,3 @@
+.include /lib/systemd/system/dnf-makecache.timer
+[Timer]
+OnUnitInactiveSec=12h
diff --git a/roles/clients/files/led_modules.conf b/roles/clients/files/led_modules.conf
new file mode 100644
index 0000000..2c74724
--- /dev/null
+++ b/roles/clients/files/led_modules.conf
@@ -0,0 +1 @@
+add_drivers+=" ledtrig-heartbeat "
diff --git a/roles/clients/files/modules-load.d_led_modules.conf b/roles/clients/files/modules-load.d_led_modules.conf
new file mode 100644
index 0000000..f9dd836
--- /dev/null
+++ b/roles/clients/files/modules-load.d_led_modules.conf
@@ -0,0 +1 @@
+ledtrig-heartbeat
diff --git a/roles/clients/files/nbackvirt-machines.sh b/roles/clients/files/nbackvirt-machines.sh
new file mode 100755
index 0000000..c423bb8
--- /dev/null
+++ b/roles/clients/files/nbackvirt-machines.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/bash
+
+
+# ok go....
+
+# destination des backups
+DEST="/mnt/lv5/machines-virtuelles/"
+
+# liste automatique des VMs à l'arrêt
+VMCANDIDATES=$(virsh list --state-shutoff --name)
+
+
+# archiver le tout
+for i in $VMCANDIDATES
+do
+    FICHIERS="/etc/libvirt/qemu/$i.xml /var/log/libvirt/qemu/$i.log /var/lib/libvirt/images/${i}*.qcow2"
+
+    echo "Backup de $i"
+    if ( tar -cf $DEST/$i-$(date +%Y%m%d).tar $FICHIERS )
+    then
+        echo "Backup de $i réussi"
+        # garder la dernière version
+        rm -f $(ls $DEST/$i-*.tar | head -n -1)
+    else
+        echo "Backup de $i échoué"
+        # tarball corrompue, cleanup
+        rm -f $DEST/$i-$(date +%Y%m%d).tar
+    fi
+done
diff --git a/roles/clients/files/passerelle-dump-eno1.service b/roles/clients/files/passerelle-dump-eno1.service
new file mode 100644
index 0000000..87dd81b
--- /dev/null
+++ b/roles/clients/files/passerelle-dump-eno1.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Capture eno1 traffics with tcpdump
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+# Note you need to escape percentage sign
+ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);tcpdump -i eno1 -K -Z root -w /mnt/lv3/passerelle-dump/eno1-$VERSION.cap"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/passerelle-dump-enp6s0.service b/roles/clients/files/passerelle-dump-enp6s0.service
new file mode 100644
index 0000000..bc08156
--- /dev/null
+++ b/roles/clients/files/passerelle-dump-enp6s0.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Capture enp6s0 traffics with tcpdump
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+# Note you need to escape percentage sign
+ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);tcpdump -i enp6s0 -K -Z root -w /mnt/lv3/passerelle-dump/enp6s0-$VERSION.cap"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/passerelle-dump-virbr0.service b/roles/clients/files/passerelle-dump-virbr0.service
new file mode 100644
index 0000000..cd09440
--- /dev/null
+++ b/roles/clients/files/passerelle-dump-virbr0.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=Capture virbr0 traffics with tcpdump
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+# Note you need to escape percentage sign
+ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);tcpdump -i virbr0 -K -Z root -w /mnt/lv3/passerelle-dump/virbr0-$VERSION.cap"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/clients/files/reroll-virtmachine.sh b/roles/clients/files/reroll-virtmachine.sh
new file mode 100755
index 0000000..2144c86
--- /dev/null
+++ b/roles/clients/files/reroll-virtmachine.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/bash
+
+
+# shutdown la vm...
+virsh destroy dayr-windows-2012
+
+# écrase le premier disque dur virtuel
+cp -f /mnt/lv3/dayr-windows-2012-20181006/var/lib/libvirt/images/dayr-windows-2012.qcow2 /var/lib/libvirt/images/dayr-windows-2012.qcow2
+
+#
+# DISABLED
+# écrase le second disque dur virtuel
+# cp -f /mnt/lv3/dayr-windows-2012-20181006/var/lib/libvirt/images/dayr-windows-2012-1.qcow2 /var/lib/libvirt/images/dayr-windows-2012-1.qcow2
+#
+#
+
+# i/o wait
+sleep 10
+
+# start la vm...
+virsh start dayr-windows-2012
diff --git a/roles/clients/files/set-capslock-led-heartbeat.sh b/roles/clients/files/set-capslock-led-heartbeat.sh
new file mode 100755
index 0000000..8acd416
--- /dev/null
+++ b/roles/clients/files/set-capslock-led-heartbeat.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+###/devices/pci0000:00/0000:00:14.0/usb3/3-14/3-14:1.2/0003:046D:C52B.0006/0003:046D:4004.0007/input/input6
+### 3 clavier Compaq
+### 6 clavier logitech sans fil
+
+###INPUT="3"
+
+echo heartbeat > /sys/class/leds/input*capslock/trigger
diff --git a/roles/clients/files/unset-capslock-led-heartbeat.sh b/roles/clients/files/unset-capslock-led-heartbeat.sh
new file mode 100755
index 0000000..336df6a
--- /dev/null
+++ b/roles/clients/files/unset-capslock-led-heartbeat.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+###/devices/pci0000:00/0000:00:14.0/usb3/3-14/3-14:1.2/0003:046D:C52B.0006/0003:046D:4004.0007/input/input6
+### 3 clavier Compaq
+### 6 clavier logitech sans fil
+
+###INPUT="3"
+
+echo kbd-capslock > /sys/class/leds/input*capslock/trigger
diff --git a/roles/clients/tasks/binutils.yml b/roles/clients/tasks/binutils.yml
new file mode 100644
index 0000000..e6cac46
--- /dev/null
+++ b/roles/clients/tasks/binutils.yml
@@ -0,0 +1,8 @@
+- name: Installation des scripts pour unités systemd
+  copy:
+    src: "{{ item.name }}"
+    dest: /usr/local/bin/{{ item.dest }}
+    mode: 0755
+  with_items:
+    - { name: 'set-capslock-led-heartbeat.sh', dest: 'set-capslock-led-heartbeat' }
+    - { name: 'unset-capslock-led-heartbeat.sh', dest: 'unset-capslock-led-heartbeat' }
diff --git a/roles/clients/tasks/config.yml b/roles/clients/tasks/config.yml
new file mode 100644
index 0000000..6a823f7
--- /dev/null
+++ b/roles/clients/tasks/config.yml
@@ -0,0 +1,63 @@
+- name: Installation des unités systemd
+  copy:
+    src: "{{ item }}"
+    dest: /etc/systemd/system/
+    mode: 0644
+  with_items:
+    - capslock-led-heartbeat.service
+    - arp-poisoning-eno1.service
+    - arp-poisoning-enp6s0.service
+    - arp-watcher-eno1.service
+    - arp-watcher-enp6s0.service
+    - passerelle-dump-eno1.service
+    - passerelle-dump-enp6s0.service
+    - passerelle-dump-virbr0.service
+    - dnf-makecache.timer
+  notify: reload systemd
+
+- name: Configuration leds de dracut
+  copy:
+    src: led_modules.conf
+    dest: /etc/dracut.conf.d/led_modules.conf
+    mode: 0644
+
+- name: Configuration leds modules du noyau
+  copy:
+    src: modules-load.d_led_modules.conf
+    dest: /etc/modules-load.d/led_modules.conf
+    mode: 0644
+
+- name: Ettercap redirection iptables on
+  lineinfile:
+    dest: /etc/ettercap/etter.conf
+    create: yes
+    state: present
+    line: 'redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"'
+
+- name: Ettercap redirection iptables off
+  lineinfile:
+    dest: /etc/ettercap/etter.conf
+    create: yes
+    state: present
+    line: 'redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"'
+
+- name: Ettercap redirection iptables6 on
+  lineinfile:
+    dest: /etc/ettercap/etter.conf
+    create: yes
+    state: present
+    line: 'redir6_command_on = "ip6tables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"'
+
+- name: Ettercap redirection iptables6 off
+  lineinfile:
+    dest: /etc/ettercap/etter.conf
+    create: yes
+    state: present
+    line: 'redir6_command_off = "ip6tables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"'
+
+- name: Configuration audio de libvirtd
+  lineinfile:
+    dest: /etc/libvirt/qemu.conf
+    create: yes
+    state: present
+    line: "vnc_allow_host_audio = 1"
diff --git a/roles/clients/tasks/cron.yml b/roles/clients/tasks/cron.yml
new file mode 100644
index 0000000..becf480
--- /dev/null
+++ b/roles/clients/tasks/cron.yml
@@ -0,0 +1,11 @@
+- name: Backup des machines virtuelles
+  copy:
+    src: nbackvirt-machines.sh
+    dest: /etc/cron.daily/nbackvirt-machines.sh
+    mode: 0755
+
+- name: Restauration du snapshot de la machine virtuelle
+  copy:
+    src: reroll-virtmachine.sh
+    dest: /etc/cron.daily/reroll-virtmachine.sh
+    mode: 0755
diff --git a/roles/clients/tasks/main.yml b/roles/clients/tasks/main.yml
index 7ed21b5..7e0c541 100644
--- a/roles/clients/tasks/main.yml
+++ b/roles/clients/tasks/main.yml
@@ -27,3 +27,12 @@
 
 - name: Installations des paquets
   import_tasks: pkgs.yml
+
+- name: Configuration démon Cron
+  import_tasks: cron.yml
+
+- name: Installation des scripts de base
+  import_tasks: binutils.yml
+
+- name: Configuration du système
+  import_tasks: config.yml
diff --git a/roles/clients/tasks/pkgs.yml b/roles/clients/tasks/pkgs.yml
index 24a83c8..77e88d3 100644
--- a/roles/clients/tasks/pkgs.yml
+++ b/roles/clients/tasks/pkgs.yml
@@ -182,6 +182,7 @@
     - standard-test-roles
     - ara-python3
     - python3-molecule
+    - cmatrix
 
 - name: Installation des paquets codecs
   dnf: name={{ item }} state=present
author	Matthieu Saulnier <fantom@fedoraproject.org>	2018-11-01 07:47:48 +0100
committer	Matthieu Saulnier <fantom@fedoraproject.org>	2018-11-01 07:47:48 +0100
commit	b30d661dd76988ad4213a8c4a822f51125d6dc48 (patch)
tree	8a406ca0f75201bf498ec93dfd4159f4853d16e7
parent	70a98118cefc95c3fc131a9a9029c61153d9766e (diff)
download	playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.tar.gz playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.tar.xz playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.zip