diff options
author | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-11-01 07:47:48 +0100 |
---|---|---|
committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2018-11-01 07:47:48 +0100 |
commit | b30d661dd76988ad4213a8c4a822f51125d6dc48 (patch) | |
tree | 8a406ca0f75201bf498ec93dfd4159f4853d16e7 | |
parent | 70a98118cefc95c3fc131a9a9029c61153d9766e (diff) | |
download | playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.tar.gz playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.tar.xz playbooks-ansible-b30d661dd76988ad4213a8c4a822f51125d6dc48.zip |
Update client role
20 files changed, 260 insertions, 0 deletions
diff --git a/roles/clients/files/arp-poisoning-eno1.service b/roles/clients/files/arp-poisoning-eno1.service new file mode 100644 index 0000000..81ff551 --- /dev/null +++ b/roles/clients/files/arp-poisoning-eno1.service @@ -0,0 +1,12 @@ +[Unit] +Description=ARP Cache poisoning iface eno1 +Requires=network-online.target +After=network-online.target + +[Service] +Type=simple +# Note you need to escape percentage sign +ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);ettercap -TQ -i eno1 -w /mnt/lv3/passerelle-dump/fwd-eno1-$VERSION.cap -M arp:remote /192.168.0.254// /192.168.0.1-24//" + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/arp-poisoning-enp6s0.service b/roles/clients/files/arp-poisoning-enp6s0.service new file mode 100644 index 0000000..65963be --- /dev/null +++ b/roles/clients/files/arp-poisoning-enp6s0.service @@ -0,0 +1,12 @@ +[Unit] +Description=ARP Cache poisoning iface enp6s0 +Requires=network-online.target +After=network-online.target + +[Service] +Type=simple +# Note you need to escape percentage sign +ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);ettercap -TQ -i enp6s0 -w /mnt/lv3/passerelle-dump/fwd-enp6s0-$VERSION.cap -M arp:remote /192.168.0.254// /192.168.0.1-24//" + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/arp-watcher-eno1.service b/roles/clients/files/arp-watcher-eno1.service new file mode 100644 index 0000000..2252818 --- /dev/null +++ b/roles/clients/files/arp-watcher-eno1.service @@ -0,0 +1,12 @@ +[Unit] +Description=ARP Watcher iface eno1 +Requires=network-online.target +After=network-online.target + +[Service] +Type=forking +# Note you need to escape percentage sign +ExecStart=/usr/sbin/arpwatch -i eno1 + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/arp-watcher-enp6s0.service b/roles/clients/files/arp-watcher-enp6s0.service new file mode 100644 index 0000000..e1352aa --- /dev/null +++ b/roles/clients/files/arp-watcher-enp6s0.service @@ -0,0 +1,12 @@ +[Unit] +Description=ARP Watcher iface enp6s0 +Requires=network-online.target +After=network-online.target + +[Service] +Type=forking +# Note you need to escape percentage sign +ExecStart=/usr/sbin/arpwatch -i enp6s0 + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/capslock-led-heartbeat.service b/roles/clients/files/capslock-led-heartbeat.service new file mode 100644 index 0000000..5e0c765 --- /dev/null +++ b/roles/clients/files/capslock-led-heartbeat.service @@ -0,0 +1,11 @@ +[Unit] +Description=Set capslock LED to heartbeat + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/local/bin/set-capslock-led-heartbeat.sh +ExecStop=/usr/local/bin/unset-capslock-led-heartbeat.sh + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/dnf-makecache.timer b/roles/clients/files/dnf-makecache.timer new file mode 100644 index 0000000..4798691 --- /dev/null +++ b/roles/clients/files/dnf-makecache.timer @@ -0,0 +1,3 @@ +.include /lib/systemd/system/dnf-makecache.timer +[Timer] +OnUnitInactiveSec=12h diff --git a/roles/clients/files/led_modules.conf b/roles/clients/files/led_modules.conf new file mode 100644 index 0000000..2c74724 --- /dev/null +++ b/roles/clients/files/led_modules.conf @@ -0,0 +1 @@ +add_drivers+=" ledtrig-heartbeat " diff --git a/roles/clients/files/modules-load.d_led_modules.conf b/roles/clients/files/modules-load.d_led_modules.conf new file mode 100644 index 0000000..f9dd836 --- /dev/null +++ b/roles/clients/files/modules-load.d_led_modules.conf @@ -0,0 +1 @@ +ledtrig-heartbeat diff --git a/roles/clients/files/nbackvirt-machines.sh b/roles/clients/files/nbackvirt-machines.sh new file mode 100755 index 0000000..c423bb8 --- /dev/null +++ b/roles/clients/files/nbackvirt-machines.sh @@ -0,0 +1,29 @@ +#!/usr/bin/bash + + +# ok go.... + +# destination des backups +DEST="/mnt/lv5/machines-virtuelles/" + +# liste automatique des VMs à l'arrêt +VMCANDIDATES=$(virsh list --state-shutoff --name) + + +# archiver le tout +for i in $VMCANDIDATES +do + FICHIERS="/etc/libvirt/qemu/$i.xml /var/log/libvirt/qemu/$i.log /var/lib/libvirt/images/${i}*.qcow2" + + echo "Backup de $i" + if ( tar -cf $DEST/$i-$(date +%Y%m%d).tar $FICHIERS ) + then + echo "Backup de $i réussi" + # garder la dernière version + rm -f $(ls $DEST/$i-*.tar | head -n -1) + else + echo "Backup de $i échoué" + # tarball corrompue, cleanup + rm -f $DEST/$i-$(date +%Y%m%d).tar + fi +done diff --git a/roles/clients/files/passerelle-dump-eno1.service b/roles/clients/files/passerelle-dump-eno1.service new file mode 100644 index 0000000..87dd81b --- /dev/null +++ b/roles/clients/files/passerelle-dump-eno1.service @@ -0,0 +1,12 @@ +[Unit] +Description=Capture eno1 traffics with tcpdump +Requires=network-online.target +After=network-online.target + +[Service] +Type=simple +# Note you need to escape percentage sign +ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);tcpdump -i eno1 -K -Z root -w /mnt/lv3/passerelle-dump/eno1-$VERSION.cap" + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/passerelle-dump-enp6s0.service b/roles/clients/files/passerelle-dump-enp6s0.service new file mode 100644 index 0000000..bc08156 --- /dev/null +++ b/roles/clients/files/passerelle-dump-enp6s0.service @@ -0,0 +1,12 @@ +[Unit] +Description=Capture enp6s0 traffics with tcpdump +Requires=network-online.target +After=network-online.target + +[Service] +Type=simple +# Note you need to escape percentage sign +ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);tcpdump -i enp6s0 -K -Z root -w /mnt/lv3/passerelle-dump/enp6s0-$VERSION.cap" + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/passerelle-dump-virbr0.service b/roles/clients/files/passerelle-dump-virbr0.service new file mode 100644 index 0000000..cd09440 --- /dev/null +++ b/roles/clients/files/passerelle-dump-virbr0.service @@ -0,0 +1,12 @@ +[Unit] +Description=Capture virbr0 traffics with tcpdump +Requires=network-online.target +After=network-online.target + +[Service] +Type=simple +# Note you need to escape percentage sign +ExecStart=/bin/bash -c "VERSION=$(date +%%Y%%m%%d%%H%%M%%S);tcpdump -i virbr0 -K -Z root -w /mnt/lv3/passerelle-dump/virbr0-$VERSION.cap" + +[Install] +WantedBy=multi-user.target diff --git a/roles/clients/files/reroll-virtmachine.sh b/roles/clients/files/reroll-virtmachine.sh new file mode 100755 index 0000000..2144c86 --- /dev/null +++ b/roles/clients/files/reroll-virtmachine.sh @@ -0,0 +1,21 @@ +#!/usr/bin/bash + + +# shutdown la vm... +virsh destroy dayr-windows-2012 + +# écrase le premier disque dur virtuel +cp -f /mnt/lv3/dayr-windows-2012-20181006/var/lib/libvirt/images/dayr-windows-2012.qcow2 /var/lib/libvirt/images/dayr-windows-2012.qcow2 + +# +# DISABLED +# écrase le second disque dur virtuel +# cp -f /mnt/lv3/dayr-windows-2012-20181006/var/lib/libvirt/images/dayr-windows-2012-1.qcow2 /var/lib/libvirt/images/dayr-windows-2012-1.qcow2 +# +# + +# i/o wait +sleep 10 + +# start la vm... +virsh start dayr-windows-2012 diff --git a/roles/clients/files/set-capslock-led-heartbeat.sh b/roles/clients/files/set-capslock-led-heartbeat.sh new file mode 100755 index 0000000..8acd416 --- /dev/null +++ b/roles/clients/files/set-capslock-led-heartbeat.sh @@ -0,0 +1,9 @@ +#!/usr/bin/bash + +###/devices/pci0000:00/0000:00:14.0/usb3/3-14/3-14:1.2/0003:046D:C52B.0006/0003:046D:4004.0007/input/input6 +### 3 clavier Compaq +### 6 clavier logitech sans fil + +###INPUT="3" + +echo heartbeat > /sys/class/leds/input*capslock/trigger diff --git a/roles/clients/files/unset-capslock-led-heartbeat.sh b/roles/clients/files/unset-capslock-led-heartbeat.sh new file mode 100755 index 0000000..336df6a --- /dev/null +++ b/roles/clients/files/unset-capslock-led-heartbeat.sh @@ -0,0 +1,9 @@ +#!/usr/bin/bash + +###/devices/pci0000:00/0000:00:14.0/usb3/3-14/3-14:1.2/0003:046D:C52B.0006/0003:046D:4004.0007/input/input6 +### 3 clavier Compaq +### 6 clavier logitech sans fil + +###INPUT="3" + +echo kbd-capslock > /sys/class/leds/input*capslock/trigger diff --git a/roles/clients/tasks/binutils.yml b/roles/clients/tasks/binutils.yml new file mode 100644 index 0000000..e6cac46 --- /dev/null +++ b/roles/clients/tasks/binutils.yml @@ -0,0 +1,8 @@ +- name: Installation des scripts pour unités systemd + copy: + src: "{{ item.name }}" + dest: /usr/local/bin/{{ item.dest }} + mode: 0755 + with_items: + - { name: 'set-capslock-led-heartbeat.sh', dest: 'set-capslock-led-heartbeat' } + - { name: 'unset-capslock-led-heartbeat.sh', dest: 'unset-capslock-led-heartbeat' } diff --git a/roles/clients/tasks/config.yml b/roles/clients/tasks/config.yml new file mode 100644 index 0000000..6a823f7 --- /dev/null +++ b/roles/clients/tasks/config.yml @@ -0,0 +1,63 @@ +- name: Installation des unités systemd + copy: + src: "{{ item }}" + dest: /etc/systemd/system/ + mode: 0644 + with_items: + - capslock-led-heartbeat.service + - arp-poisoning-eno1.service + - arp-poisoning-enp6s0.service + - arp-watcher-eno1.service + - arp-watcher-enp6s0.service + - passerelle-dump-eno1.service + - passerelle-dump-enp6s0.service + - passerelle-dump-virbr0.service + - dnf-makecache.timer + notify: reload systemd + +- name: Configuration leds de dracut + copy: + src: led_modules.conf + dest: /etc/dracut.conf.d/led_modules.conf + mode: 0644 + +- name: Configuration leds modules du noyau + copy: + src: modules-load.d_led_modules.conf + dest: /etc/modules-load.d/led_modules.conf + mode: 0644 + +- name: Ettercap redirection iptables on + lineinfile: + dest: /etc/ettercap/etter.conf + create: yes + state: present + line: 'redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' + +- name: Ettercap redirection iptables off + lineinfile: + dest: /etc/ettercap/etter.conf + create: yes + state: present + line: 'redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' + +- name: Ettercap redirection iptables6 on + lineinfile: + dest: /etc/ettercap/etter.conf + create: yes + state: present + line: 'redir6_command_on = "ip6tables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' + +- name: Ettercap redirection iptables6 off + lineinfile: + dest: /etc/ettercap/etter.conf + create: yes + state: present + line: 'redir6_command_off = "ip6tables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"' + +- name: Configuration audio de libvirtd + lineinfile: + dest: /etc/libvirt/qemu.conf + create: yes + state: present + line: "vnc_allow_host_audio = 1" diff --git a/roles/clients/tasks/cron.yml b/roles/clients/tasks/cron.yml new file mode 100644 index 0000000..becf480 --- /dev/null +++ b/roles/clients/tasks/cron.yml @@ -0,0 +1,11 @@ +- name: Backup des machines virtuelles + copy: + src: nbackvirt-machines.sh + dest: /etc/cron.daily/nbackvirt-machines.sh + mode: 0755 + +- name: Restauration du snapshot de la machine virtuelle + copy: + src: reroll-virtmachine.sh + dest: /etc/cron.daily/reroll-virtmachine.sh + mode: 0755 diff --git a/roles/clients/tasks/main.yml b/roles/clients/tasks/main.yml index 7ed21b5..7e0c541 100644 --- a/roles/clients/tasks/main.yml +++ b/roles/clients/tasks/main.yml @@ -27,3 +27,12 @@ - name: Installations des paquets import_tasks: pkgs.yml + +- name: Configuration démon Cron + import_tasks: cron.yml + +- name: Installation des scripts de base + import_tasks: binutils.yml + +- name: Configuration du système + import_tasks: config.yml diff --git a/roles/clients/tasks/pkgs.yml b/roles/clients/tasks/pkgs.yml index 24a83c8..77e88d3 100644 --- a/roles/clients/tasks/pkgs.yml +++ b/roles/clients/tasks/pkgs.yml @@ -182,6 +182,7 @@ - standard-test-roles - ara-python3 - python3-molecule + - cmatrix - name: Installation des paquets codecs dnf: name={{ item }} state=present |