From 6b7d2ff9a99abff24e5a2f9bbf52eeddfe6511f3 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 18:13:05 +0100 Subject: [PATCH 01/23] add configure file --- roles/deploy-web/tasks/configure.yml | 12 ++++++++++++ roles/deploy-web/tasks/main.yml | 4 ++++ 2 files changed, 16 insertions(+) create mode 100644 roles/deploy-web/tasks/configure.yml diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml new file mode 100644 index 0000000..4f1de1d --- /dev/null +++ b/roles/deploy-web/tasks/configure.yml @@ -0,0 +1,12 @@ +- name: Deploy stats script + import_tasks: stats.yml + tags: ["stats"] + +- name: Configure blacklist script + import_tasks: blacklist.yml + tags: [ "blacklist" ] + + +- name: Configure supervision script + import_tasks: supervision.yml + tags: ["supervision"] \ No newline at end of file diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index 22d0e52..092474b 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -2,6 +2,10 @@ import_tasks: deploy.yml tags: ["deploy"] +- name: Configure project web + import_tasks: configure.yml + tags: [ "configure" ] + - name: Destrpy project web import_tasks: destroy.yml From 87ea635874da5d4749394210afee2dcd92fcbb30 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 18:38:38 +0100 Subject: [PATCH 02/23] templatizing virtualhost getinfo_day --- inventory/host_vars/vps-host | 30 ++-- roles/deploy-web/files/virtualhost | 1 - roles/deploy-web/tasks/stats.yml | 147 ++++++++++++++++++ .../getinfo_day.sh.j2} | 2 +- roles/deploy-web/templates/virtualhost.j2 | 3 + 5 files changed, 168 insertions(+), 15 deletions(-) delete mode 100644 roles/deploy-web/files/virtualhost create mode 100644 roles/deploy-web/tasks/stats.yml rename roles/deploy-web/{files/getinfo_day.sh => templates/getinfo_day.sh.j2} (98%) create mode 100644 roles/deploy-web/templates/virtualhost.j2 diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index 793ffea..90d25f1 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,14 +1,18 @@ $ANSIBLE_VAULT;1.1;AES256 -37656337323032643834333437363330363932363462306332646166616531616265646536373530 -6234313633353137656665653536663964393264303532610a633664613332343333363034396238 -61643465363532383661636238356566616161343034343166656364353538353564333235373663 -3336313930643062370a316439666335626265306338383939306433343439666333646632613366 -65663766326333623033643933613962393163313566636238353964656636633265373936626364 -65313565663265613532623563366533393030643539346363613035656632323762666131643530 -61616338616637336333663363323761653564633137633361333364663232656136353966346134 -38313435653131326161383564386261356333356164393034663538326262633036383438666330 -65393939363338363932653461393234346431653661626338653536353562396664313932346432 -39353035373263633938336337346461306162656662363461306538353436353063363764323631 -30386334356534663238656166666432636233353935623331366130323264393231306265363761 -37323163663561393938366662373963303634636564346663363239346332316336366636636235 -64343466333931353861346164656234393265653034623335636266393262323234 +62643736353737643733623031373139626437396435656664636661373730646535326539303362 +3562383661323166643437636233633838303861373230380a623939366265356531356131343062 +65306666333065336633333036626163313633646233313238373032323561626665356531653661 +6661393439386438360a376339663536313366653633363362323264346565313332366230326331 +66333630383639626262386332633462653635386137396231363763373466663463343961356137 +38643432316330366432333534343639663433333361343665376461333465306236353833313866 +37643531396639626461303538313465323663396436393365323663333363653835366637356339 +63316435346132383766363562356262396565303233336337366430323034383832633738616135 +64646232646237613736643134653264383963373935333766626461383939663538346466383731 +37643131663830653630633864306439613637363836646164356464623732356137656331343233 +66356534396239646266313063356333353232343263323139386337306135623063316439643861 +36323839393536323562323462376161376561653934366135376165656338656361333530646431 +39396461353432316537366433353765663234393932393536323963643631306563663133323930 +32396465646635336566623636353437626232343135623762343338323661363332653837316363 +39346334616339643062623731353035363433653163303062636362353235636265623533636634 +62326461356462363562373537363630303263653864323334326561326637636166346364626563 +3761 diff --git a/roles/deploy-web/files/virtualhost b/roles/deploy-web/files/virtualhost deleted file mode 100644 index 70d1684..0000000 --- a/roles/deploy-web/files/virtualhost +++ /dev/null @@ -1 +0,0 @@ -clarissa diff --git a/roles/deploy-web/tasks/stats.yml b/roles/deploy-web/tasks/stats.yml new file mode 100644 index 0000000..edff9af --- /dev/null +++ b/roles/deploy-web/tasks/stats.yml @@ -0,0 +1,147 @@ +# tasks file for stats script + +- name: Create sentinel directory + file: + state: directory + path: /usr/local/bin/sentinel + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "all create directory " + file: + path: "/var/www/{{ item.git_name }}" + state: directory + owner: www-data + group: www-data + mode: '500' + when: "item.git_name is defined and project_name is not defined and conf_name is not defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "all extract repo " + unarchive: + src: "/tmp/{{ item.git_name }}.tar.gz" + dest: "/var/www/{{ item.git_name }}" + owner: www-data + group: www-data + mode: '500' + when: "item.git_name is defined and project_name is not defined and conf_name is not defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "single git archive" + local_action: + module: git + repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" + dest: "/home/valentin/src/" + archive: "/tmp/{{ project_name }}.tar.gz" + force: yes + update: yes + when: "project_name is defined" + + +- name: "single create directory " + file: + path: "/var/www/{{ project_name }}" + state: directory + owner: www-data + group: www-data + mode: '500' + when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "single extract repo " + unarchive: + src: "/tmp/{{ project_name }}.tar.gz" + dest: "/var/www/{{ project_name }}" + owner: www-data + group: www-data + mode: '500' + when: "project_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "copy nginx.conf" + copy: + src: "nginx.conf" + dest: "/etc/nginx/" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: "all copy configure nginx" + copy: + src: "{{ item.conf_name }}" + dest: "/etc/nginx/sites-available" + when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "all create symlink" + file: + src: "/etc/nginx/sites-available/{{ item.conf_name }}" + dest: "/etc/nginx/sites-enabled/{{ item.conf_name }}" + state: link + when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" + with_items: + - "{{ project }}" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "single copy configure nginx" + copy: + src: "{{ conf_name }}" + dest: "/etc/nginx/sites-available" + when: "conf_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: "single create symlink" + file: + src: "/etc/nginx/sites-available/{{ conf_name }}" + dest: "/etc/nginx/sites-enabled/{{ conf_name }}" + state: link + when: "conf_name is defined" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: restart nginx + service: + name: nginx + state: restarted + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" \ No newline at end of file diff --git a/roles/deploy-web/files/getinfo_day.sh b/roles/deploy-web/templates/getinfo_day.sh.j2 similarity index 98% rename from roles/deploy-web/files/getinfo_day.sh rename to roles/deploy-web/templates/getinfo_day.sh.j2 index be4abf8..83b549b 100755 --- a/roles/deploy-web/files/getinfo_day.sh +++ b/roles/deploy-web/templates/getinfo_day.sh.j2 @@ -2,7 +2,7 @@ MAIL=/tmp/mail DIRECTORY=/home/valentin/mail SERVER_LOG=/var/log/nginx -TOKEN=af920d2f7dbe97 +TOKEN={{ token_ipinfo }} DATE=$(date +%Y%m%d-%H%M%S) HOST=($(cat /etc/sentinel/virtualhost)) WEEK=$(date +%V) diff --git a/roles/deploy-web/templates/virtualhost.j2 b/roles/deploy-web/templates/virtualhost.j2 new file mode 100644 index 0000000..8ca5a18 --- /dev/null +++ b/roles/deploy-web/templates/virtualhost.j2 @@ -0,0 +1,3 @@ +{% for host in virtualhosts %} + {{ host }} +{% endfor %} From c54c384178d808e0813d63190cd5eee61e27032f Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 19:15:48 +0100 Subject: [PATCH 03/23] finish configure stats --- roles/deploy-web/tasks/configure.yml | 6 +- roles/deploy-web/tasks/stats.yml | 145 ++++++++------------------- 2 files changed, 43 insertions(+), 108 deletions(-) diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index 4f1de1d..754855a 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -1,12 +1,12 @@ - name: Deploy stats script import_tasks: stats.yml - tags: ["stats"] + tags: [ "configure", "stats"] - name: Configure blacklist script import_tasks: blacklist.yml - tags: [ "blacklist" ] + tags: [ "configure", "blacklist" ] - name: Configure supervision script import_tasks: supervision.yml - tags: ["supervision"] \ No newline at end of file + tags: [ "configure", "supervision" ] \ No newline at end of file diff --git a/roles/deploy-web/tasks/stats.yml b/roles/deploy-web/tasks/stats.yml index edff9af..ae6904f 100644 --- a/roles/deploy-web/tasks/stats.yml +++ b/roles/deploy-web/tasks/stats.yml @@ -3,145 +3,80 @@ - name: Create sentinel directory file: state: directory - path: /usr/local/bin/sentinel - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - -- name: "all create directory " - file: - path: "/var/www/{{ item.git_name }}" - state: directory - owner: www-data - group: www-data - mode: '500' - when: "item.git_name is defined and project_name is not defined and conf_name is not defined" + path: "{{ item }}/sentinel" with_items: - - "{{ project }}" + - /usr/local/bin + - /etc vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - -- name: "all extract repo " - unarchive: - src: "/tmp/{{ item.git_name }}.tar.gz" - dest: "/var/www/{{ item.git_name }}" - owner: www-data - group: www-data - mode: '500' - when: "item.git_name is defined and project_name is not defined and conf_name is not defined" - with_items: - - "{{ project }}" +- name: Template virtualhost + template: + src: virtualhost.j2 + dest: /etc/sentinel/virtualhost + mode: "0755" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - -- name: "single git archive" - local_action: - module: git - repo: "https://{{ git_username | urlencode }}:{{ git_password | urlencode }}@git.valczeryba.ovh/v4l3n71n/{{ project_name }}.git" - dest: "/home/valentin/src/" - archive: "/tmp/{{ project_name }}.tar.gz" - force: yes - update: yes - when: "project_name is defined" - - -- name: "single create directory " - file: - path: "/var/www/{{ project_name }}" - state: directory - owner: www-data - group: www-data - mode: '500' - when: "project_name is defined" +- name: Template getinfo day script + template: + src: getinfo_day.sh.j2 + dest: /usr/local/bin/sentinel/getinfo_day.sh + mode: "0755" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - -- name: "single extract repo " - unarchive: - src: "/tmp/{{ project_name }}.tar.gz" - dest: "/var/www/{{ project_name }}" - owner: www-data - group: www-data - mode: '500' - when: "project_name is defined" - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - -- name: "copy nginx.conf" +- name: Template getinfo month and week script copy: - src: "nginx.conf" - dest: "/etc/nginx/" + src: "getinfo_{{ item }}.sh.j2" + dest: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh" + mode: "0755" + with_items: + - week + - month vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: "all copy configure nginx" - copy: - src: "{{ item.conf_name }}" - dest: "/etc/nginx/sites-available" - when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" - with_items: - - "{{ project }}" +- name: Crontab get info day + ansible.builtin.cron: + name: "get info day" + minute: "0" + hour: "3" + job: "bash /usr/local/bin/sentinel/getinfo_day.sh" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - -- name: "all create symlink" - file: - src: "/etc/nginx/sites-available/{{ item.conf_name }}" - dest: "/etc/nginx/sites-enabled/{{ item.conf_name }}" - state: link - when: "item.conf_name is defined and project_name is not defined and conf_name is not defined" - with_items: - - "{{ project }}" +- name: Crontab get info week + ansible.builtin.cron: + name: "get info week" + minute: "15" + hour: "3" + weekday: "1" + job: "bash /usr/local/bin/sentinel/getinfo_week.sh" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - -- name: "single copy configure nginx" - copy: - src: "{{ conf_name }}" - dest: "/etc/nginx/sites-available" - when: "conf_name is defined" +- name: Crontab get info month + ansible.builtin.cron: + name: "get info mongth" + minute: "30" + hour: "3" + day: "1" + job: "bash /usr/local/bin/sentinel/getinfo_month.sh" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - -- name: "single create symlink" - file: - src: "/etc/nginx/sites-available/{{ conf_name }}" - dest: "/etc/nginx/sites-enabled/{{ conf_name }}" - state: link - when: "conf_name is defined" - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - -- name: restart nginx - service: - name: nginx - state: restarted - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" \ No newline at end of file From 98ee7045f6542d05e4d92159a8a12cc67d26623e Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 21:25:57 +0100 Subject: [PATCH 04/23] configure finish --- roles/deploy-web/tasks/blacklist.yml | 24 ++++++++++++++++++++++++ roles/deploy-web/tasks/configure.yml | 14 ++++++++++++++ roles/deploy-web/tasks/stats.yml | 23 +++++------------------ roles/deploy-web/tasks/supervision.yml | 21 +++++++++++++++++++++ 4 files changed, 64 insertions(+), 18 deletions(-) create mode 100644 roles/deploy-web/tasks/blacklist.yml create mode 100644 roles/deploy-web/tasks/supervision.yml diff --git a/roles/deploy-web/tasks/blacklist.yml b/roles/deploy-web/tasks/blacklist.yml new file mode 100644 index 0000000..dbaaee8 --- /dev/null +++ b/roles/deploy-web/tasks/blacklist.yml @@ -0,0 +1,24 @@ +# tasks file for stats script + +- name: Copy blacklist script + copy: + src: "{{ item }}.sh" + dest: "/usr/local/bin/sentinel/{{ item }}.sh" + mode: "0555" + with_items: + - blacklist + - refill_blacklist + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Crontab blacklist + ansible.builtin.cron: + name: "blacklist script" + minute: "*/5" + job: "bash /usr/local/bin/sentinel/blacklist.sh" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index 754855a..d9f1a42 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -1,3 +1,17 @@ +- name: Create sentinel directory + file: + state: directory + path: "{{ item }}/sentinel" + with_items: + - /usr/local/bin + - /etc + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + tags: [ "configure", "stats", "blacklist", "supervision"] + + - name: Deploy stats script import_tasks: stats.yml tags: [ "configure", "stats"] diff --git a/roles/deploy-web/tasks/stats.yml b/roles/deploy-web/tasks/stats.yml index ae6904f..e743a76 100644 --- a/roles/deploy-web/tasks/stats.yml +++ b/roles/deploy-web/tasks/stats.yml @@ -1,22 +1,10 @@ # tasks file for stats script -- name: Create sentinel directory - file: - state: directory - path: "{{ item }}/sentinel" - with_items: - - /usr/local/bin - - /etc - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - - name: Template virtualhost template: src: virtualhost.j2 dest: /etc/sentinel/virtualhost - mode: "0755" + mode: "0444" vars: ansible_become: yes ansible_become_method: sudo @@ -26,17 +14,17 @@ template: src: getinfo_day.sh.j2 dest: /usr/local/bin/sentinel/getinfo_day.sh - mode: "0755" + mode: "0555" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: Template getinfo month and week script +- name: Copy getinfo month and week script copy: src: "getinfo_{{ item }}.sh.j2" dest: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh" - mode: "0755" + mode: "0555" with_items: - week - month @@ -78,5 +66,4 @@ vars: ansible_become: yes ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - + ansible_become_password: "{{ sudo_password }}" \ No newline at end of file diff --git a/roles/deploy-web/tasks/supervision.yml b/roles/deploy-web/tasks/supervision.yml new file mode 100644 index 0000000..8d6928b --- /dev/null +++ b/roles/deploy-web/tasks/supervision.yml @@ -0,0 +1,21 @@ +# tasks file for stats script + +- name: Copy check_ssl script + copy: + src: "check_ssl.sh" + dest: "/usr/local/bin/sentinel/check_ssl.sh" + mode: "0555" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Crontab blacklist + ansible.builtin.cron: + name: "check ssl script" + minute: "*/30" + job: "bash /usr/local/bin/sentinel/check_ssl.sh" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" From c22d70bcdd667808af5dbea1858462620568742e Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 21:44:19 +0100 Subject: [PATCH 05/23] add deconfigure tasks --- roles/deploy-web/tasks/deconfigure.yml | 28 ++++++++++++++++++++++++++ roles/deploy-web/tasks/main.yml | 6 +++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 roles/deploy-web/tasks/deconfigure.yml diff --git a/roles/deploy-web/tasks/deconfigure.yml b/roles/deploy-web/tasks/deconfigure.yml new file mode 100644 index 0000000..21e3c60 --- /dev/null +++ b/roles/deploy-web/tasks/deconfigure.yml @@ -0,0 +1,28 @@ + + + +- name: Deconfigure stats script + import_tasks: deconfigure_stats.yml + tags: [ "deconfigure", "stats"] + +- name: Deconfigure blacklist script + import_tasks: deconfigure_blacklist.yml + tags: [ "deconfigure", "blacklist" ] + + +- name: Deconfigure supervision script + import_tasks: deconfigure_supervision.yml + tags: [ "deconfigure", "supervision" ] + + - name: Remove sentinel directory + file: + state: absent + path: "{{ item }}/sentinel" + with_items: + - /usr/local/bin + - /etc + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + tags: [ "deconfigure", "stats", "blacklist", "supervision"] \ No newline at end of file diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index 092474b..63983af 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -9,4 +9,8 @@ - name: Destrpy project web import_tasks: destroy.yml - tags: ["destroy"] \ No newline at end of file + tags: ["destroy"] + +- name: Configure project web + import_tasks: configure.yml + tags: [ "deconfigure" ] \ No newline at end of file From 1e605b0109bf048fd91e08286314dc08a82425f8 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 21:58:18 +0100 Subject: [PATCH 06/23] add deconfigure tasks --- roles/deploy-web/tasks/blacklist.yml | 1 + .../tasks/deconfigure_blacklist.yml | 25 +++++++++ roles/deploy-web/tasks/deconfigure_stats.yml | 55 +++++++++++++++++++ .../tasks/deconfigure_supervision.yml | 22 ++++++++ roles/deploy-web/tasks/stats.yml | 5 +- roles/deploy-web/tasks/supervision.yml | 1 + 6 files changed, 108 insertions(+), 1 deletion(-) create mode 100644 roles/deploy-web/tasks/deconfigure_blacklist.yml create mode 100644 roles/deploy-web/tasks/deconfigure_stats.yml create mode 100644 roles/deploy-web/tasks/deconfigure_supervision.yml diff --git a/roles/deploy-web/tasks/blacklist.yml b/roles/deploy-web/tasks/blacklist.yml index dbaaee8..23df579 100644 --- a/roles/deploy-web/tasks/blacklist.yml +++ b/roles/deploy-web/tasks/blacklist.yml @@ -16,6 +16,7 @@ - name: Crontab blacklist ansible.builtin.cron: name: "blacklist script" + cron_file: "blacklist_cron" minute: "*/5" job: "bash /usr/local/bin/sentinel/blacklist.sh" vars: diff --git a/roles/deploy-web/tasks/deconfigure_blacklist.yml b/roles/deploy-web/tasks/deconfigure_blacklist.yml new file mode 100644 index 0000000..60014fc --- /dev/null +++ b/roles/deploy-web/tasks/deconfigure_blacklist.yml @@ -0,0 +1,25 @@ +# tasks file for stats script + + +- name: Remove crontab blacklist + ansible.builtin.cron: + name: "blacklist script" + cron_file: "blacklist_cron" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Remove blacklist script + copy: + src: "{{ item }}.sh" + state: absent + with_items: + - blacklist + - refill_blacklist + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + diff --git a/roles/deploy-web/tasks/deconfigure_stats.yml b/roles/deploy-web/tasks/deconfigure_stats.yml new file mode 100644 index 0000000..4cd0ccc --- /dev/null +++ b/roles/deploy-web/tasks/deconfigure_stats.yml @@ -0,0 +1,55 @@ +# tasks file for stats script + + +- name: Crontab get info day + ansible.builtin.cron: + name: "get info day" + cron_file: "get_info_day_cron" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Crontab get info week + ansible.builtin.cron: + name: "get info week" + cron_file: "get_info_week_cron" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Crontab get info month + ansible.builtin.cron: + name: "get info month" + cron_file: "get_info_month_cron" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: Remove getinfo script + file: + path: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh" + state: absent + with_items: + - day + - week + - month + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Remove template virtualhost + file: + path: /etc/sentinel/virtualhost + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" diff --git a/roles/deploy-web/tasks/deconfigure_supervision.yml b/roles/deploy-web/tasks/deconfigure_supervision.yml new file mode 100644 index 0000000..5b901b1 --- /dev/null +++ b/roles/deploy-web/tasks/deconfigure_supervision.yml @@ -0,0 +1,22 @@ +# tasks file for stats script + +- name: Remove crontab blacklist + ansible.builtin.cron: + name: "check ssl script" + cron_file: "check_ssl_cron" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +- name: Remove check_ssl script + file: + path: "/usr/local/bin/sentinel/check_ssl.sh" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + diff --git a/roles/deploy-web/tasks/stats.yml b/roles/deploy-web/tasks/stats.yml index e743a76..d6e7a4d 100644 --- a/roles/deploy-web/tasks/stats.yml +++ b/roles/deploy-web/tasks/stats.yml @@ -36,6 +36,7 @@ - name: Crontab get info day ansible.builtin.cron: name: "get info day" + cron_file: "get_info_day_cron" minute: "0" hour: "3" job: "bash /usr/local/bin/sentinel/getinfo_day.sh" @@ -47,6 +48,7 @@ - name: Crontab get info week ansible.builtin.cron: name: "get info week" + cron_file: "get_info_week_cron" minute: "15" hour: "3" weekday: "1" @@ -58,7 +60,8 @@ - name: Crontab get info month ansible.builtin.cron: - name: "get info mongth" + name: "get info month" + cron_file: "get_info_month_cron" minute: "30" hour: "3" day: "1" diff --git a/roles/deploy-web/tasks/supervision.yml b/roles/deploy-web/tasks/supervision.yml index 8d6928b..b641ae8 100644 --- a/roles/deploy-web/tasks/supervision.yml +++ b/roles/deploy-web/tasks/supervision.yml @@ -13,6 +13,7 @@ - name: Crontab blacklist ansible.builtin.cron: name: "check ssl script" + cron_file: "check_ssl_cron" minute: "*/30" job: "bash /usr/local/bin/sentinel/check_ssl.sh" vars: From 7d5f86b045ebb657d0efa9c191a4c1b79720984e Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 12 Feb 2023 22:28:32 +0100 Subject: [PATCH 07/23] test configure and deconfigure --- inventory/host_vars/vps-host | 34 +++++++++---------- .../getinfo_day.sh} | 2 +- roles/deploy-web/tasks/blacklist.yml | 2 ++ roles/deploy-web/tasks/configure.yml | 9 ++--- roles/deploy-web/tasks/deconfigure.yml | 11 +++--- roles/deploy-web/tasks/deconfigure_stats.yml | 15 ++++++-- roles/deploy-web/tasks/main.yml | 4 +-- roles/deploy-web/tasks/stats.yml | 14 +++++--- roles/deploy-web/tasks/supervision.yml | 1 + roles/deploy-web/templates/token.j2 | 1 + 10 files changed, 56 insertions(+), 37 deletions(-) rename roles/deploy-web/{templates/getinfo_day.sh.j2 => files/getinfo_day.sh} (98%) create mode 100644 roles/deploy-web/templates/token.j2 diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index 90d25f1..575c2a9 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,18 +1,18 @@ $ANSIBLE_VAULT;1.1;AES256 -62643736353737643733623031373139626437396435656664636661373730646535326539303362 -3562383661323166643437636233633838303861373230380a623939366265356531356131343062 -65306666333065336633333036626163313633646233313238373032323561626665356531653661 -6661393439386438360a376339663536313366653633363362323264346565313332366230326331 -66333630383639626262386332633462653635386137396231363763373466663463343961356137 -38643432316330366432333534343639663433333361343665376461333465306236353833313866 -37643531396639626461303538313465323663396436393365323663333363653835366637356339 -63316435346132383766363562356262396565303233336337366430323034383832633738616135 -64646232646237613736643134653264383963373935333766626461383939663538346466383731 -37643131663830653630633864306439613637363836646164356464623732356137656331343233 -66356534396239646266313063356333353232343263323139386337306135623063316439643861 -36323839393536323562323462376161376561653934366135376165656338656361333530646431 -39396461353432316537366433353765663234393932393536323963643631306563663133323930 -32396465646635336566623636353437626232343135623762343338323661363332653837316363 -39346334616339643062623731353035363433653163303062636362353235636265623533636634 -62326461356462363562373537363630303263653864323334326561326637636166346364626563 -3761 +31393265313635666339373930656266363533626234383533313734323964386463363739363664 +3362323965366165643139326433646535303931616338390a316232656464383534383361313032 +39303032376339303830643866356464303235633736623134313334646361363265393330653432 +6338626261383734380a333662613238323038616637643162626436376536326461396461303866 +36383835363639633530653238353564643438616238663263363837343436636531656332303266 +37303663303139393636663334313130356231643639633833636563356137393930383639613337 +31353336346531313561336464643332333234656236386330316236376234306463663164623435 +62386665383332316133383035366162323636323638323965643532356634333836323562303132 +61396539633336346436346466306339316461613732383738666663366233373261396366353039 +61303966326130326531393837333562383337646463393435643336303465393935623938346530 +64623864313332613633333162623736643030363833346133643838383534656430336332333331 +61383661353932383961303537306233333864623531316239653131346436313035643461633032 +33376338326466616230373465643236343937653839316562633630393162373936306364633765 +32306337656639386330386334653262313663363062356263623165366164663764646430373162 +36353539376234386465393637303533323662353965663936623464633066386239623637373539 +39323637653361663730633735396133636539303133306164373838623930663364306135353938 +3935 diff --git a/roles/deploy-web/templates/getinfo_day.sh.j2 b/roles/deploy-web/files/getinfo_day.sh similarity index 98% rename from roles/deploy-web/templates/getinfo_day.sh.j2 rename to roles/deploy-web/files/getinfo_day.sh index 83b549b..6866cb8 100755 --- a/roles/deploy-web/templates/getinfo_day.sh.j2 +++ b/roles/deploy-web/files/getinfo_day.sh @@ -2,7 +2,7 @@ MAIL=/tmp/mail DIRECTORY=/home/valentin/mail SERVER_LOG=/var/log/nginx -TOKEN={{ token_ipinfo }} +TOKEN=$(cat /etc/sentinel/token) DATE=$(date +%Y%m%d-%H%M%S) HOST=($(cat /etc/sentinel/virtualhost)) WEEK=$(date +%V) diff --git a/roles/deploy-web/tasks/blacklist.yml b/roles/deploy-web/tasks/blacklist.yml index 23df579..b584859 100644 --- a/roles/deploy-web/tasks/blacklist.yml +++ b/roles/deploy-web/tasks/blacklist.yml @@ -19,6 +19,8 @@ cron_file: "blacklist_cron" minute: "*/5" job: "bash /usr/local/bin/sentinel/blacklist.sh" + user: root + vars: ansible_become: yes ansible_become_method: sudo diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index d9f1a42..f483ce3 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -9,18 +9,19 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - tags: [ "configure", "stats", "blacklist", "supervision"] + when: script is not defined + - name: Deploy stats script import_tasks: stats.yml - tags: [ "configure", "stats"] + when: script is not defined or script == "stats" - name: Configure blacklist script import_tasks: blacklist.yml - tags: [ "configure", "blacklist" ] + when: script is not defined or script == "blacklist" - name: Configure supervision script import_tasks: supervision.yml - tags: [ "configure", "supervision" ] \ No newline at end of file + when: script is not defined or script == "supervision" diff --git a/roles/deploy-web/tasks/deconfigure.yml b/roles/deploy-web/tasks/deconfigure.yml index 21e3c60..266d5bb 100644 --- a/roles/deploy-web/tasks/deconfigure.yml +++ b/roles/deploy-web/tasks/deconfigure.yml @@ -3,18 +3,19 @@ - name: Deconfigure stats script import_tasks: deconfigure_stats.yml - tags: [ "deconfigure", "stats"] + when: script is not defined or script == "stats" - name: Deconfigure blacklist script import_tasks: deconfigure_blacklist.yml - tags: [ "deconfigure", "blacklist" ] + when: script is not defined or script == "blacklist" + - name: Deconfigure supervision script import_tasks: deconfigure_supervision.yml - tags: [ "deconfigure", "supervision" ] + when: script is not defined or script == "supervision" - - name: Remove sentinel directory +- name: Remove sentinel directory file: state: absent path: "{{ item }}/sentinel" @@ -25,4 +26,4 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - tags: [ "deconfigure", "stats", "blacklist", "supervision"] \ No newline at end of file + when: script is not defined diff --git a/roles/deploy-web/tasks/deconfigure_stats.yml b/roles/deploy-web/tasks/deconfigure_stats.yml index 4cd0ccc..330b61c 100644 --- a/roles/deploy-web/tasks/deconfigure_stats.yml +++ b/roles/deploy-web/tasks/deconfigure_stats.yml @@ -1,7 +1,7 @@ # tasks file for stats script -- name: Crontab get info day +- name: Remove crontab get info day ansible.builtin.cron: name: "get info day" cron_file: "get_info_day_cron" @@ -11,7 +11,7 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: Crontab get info week +- name: Remove crontab get info week ansible.builtin.cron: name: "get info week" cron_file: "get_info_week_cron" @@ -21,7 +21,7 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: Crontab get info month +- name: Remove crontab get info month ansible.builtin.cron: name: "get info month" cron_file: "get_info_month_cron" @@ -45,6 +45,15 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" +- name: Remove token + file: + path: "/etc/sentinel/token" + state: absent + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + - name: Remove template virtualhost file: path: /etc/sentinel/virtualhost diff --git a/roles/deploy-web/tasks/main.yml b/roles/deploy-web/tasks/main.yml index 63983af..f03c8a2 100644 --- a/roles/deploy-web/tasks/main.yml +++ b/roles/deploy-web/tasks/main.yml @@ -11,6 +11,6 @@ import_tasks: destroy.yml tags: ["destroy"] -- name: Configure project web - import_tasks: configure.yml +- name: Deconfigure project web + import_tasks: deconfigure.yml tags: [ "deconfigure" ] \ No newline at end of file diff --git a/roles/deploy-web/tasks/stats.yml b/roles/deploy-web/tasks/stats.yml index d6e7a4d..0c96977 100644 --- a/roles/deploy-web/tasks/stats.yml +++ b/roles/deploy-web/tasks/stats.yml @@ -10,22 +10,23 @@ ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: Template getinfo day script +- name: Template token ipinfo template: - src: getinfo_day.sh.j2 - dest: /usr/local/bin/sentinel/getinfo_day.sh + src: token.j2 + dest: /etc/sentinel/token mode: "0555" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: Copy getinfo month and week script +- name: Copy getinfo script copy: - src: "getinfo_{{ item }}.sh.j2" + src: "getinfo_{{ item }}.sh" dest: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh" mode: "0555" with_items: + - day - week - month vars: @@ -39,6 +40,7 @@ cron_file: "get_info_day_cron" minute: "0" hour: "3" + user: root job: "bash /usr/local/bin/sentinel/getinfo_day.sh" vars: ansible_become: yes @@ -52,6 +54,7 @@ minute: "15" hour: "3" weekday: "1" + user: root job: "bash /usr/local/bin/sentinel/getinfo_week.sh" vars: ansible_become: yes @@ -65,6 +68,7 @@ minute: "30" hour: "3" day: "1" + user: root job: "bash /usr/local/bin/sentinel/getinfo_month.sh" vars: ansible_become: yes diff --git a/roles/deploy-web/tasks/supervision.yml b/roles/deploy-web/tasks/supervision.yml index b641ae8..6ed473a 100644 --- a/roles/deploy-web/tasks/supervision.yml +++ b/roles/deploy-web/tasks/supervision.yml @@ -15,6 +15,7 @@ name: "check ssl script" cron_file: "check_ssl_cron" minute: "*/30" + user: root job: "bash /usr/local/bin/sentinel/check_ssl.sh" vars: ansible_become: yes diff --git a/roles/deploy-web/templates/token.j2 b/roles/deploy-web/templates/token.j2 new file mode 100644 index 0000000..bcd9b81 --- /dev/null +++ b/roles/deploy-web/templates/token.j2 @@ -0,0 +1 @@ +{{ token_ipinfo }} \ No newline at end of file From 9993844f02b2b208f2fdc6edd957991638c203bc Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 13 Feb 2023 23:52:47 +0100 Subject: [PATCH 08/23] backup and restore blacklist file --- blacklist/vps-host/etc/sentinel/blacklist | 55 +++++++++++++++++++++++ roles/deploy-web/tasks/configure.yml | 15 ++++++- roles/deploy-web/tasks/deconfigure.yml | 7 ++- 3 files changed, 74 insertions(+), 3 deletions(-) create mode 100644 blacklist/vps-host/etc/sentinel/blacklist diff --git a/blacklist/vps-host/etc/sentinel/blacklist b/blacklist/vps-host/etc/sentinel/blacklist new file mode 100644 index 0000000..0d07c22 --- /dev/null +++ b/blacklist/vps-host/etc/sentinel/blacklist @@ -0,0 +1,55 @@ +51.222.107.37 +45.33.110.22 +185.142.236.35 +164.92.135.200 +46.101.166.31 +195.181.163.29 +206.189.47.168 +103.74.54.128 +185.180.143.140 +146.0.77.38 +172.104.249.218 +137.184.200.131 +128.90.135.254 +134.209.70.98 +3.235.198.47 +71.6.199.23 +20.84.48.39 +193.42.33.15 +167.235.148.2 +54.74.107.180 +170.187.229.101 +165.227.89.199 +165.22.98.234 +34.122.37.133 +167.172.141.44 +167.172.142.119 +134.209.207.188 +34.125.93.26 +34.162.183.125 +139.59.138.104 +35.245.198.244 +143.198.85.144 +157.245.136.150 +185.134.23.83 +20.125.115.103 +185.163.109.66 +128.199.85.172 +148.153.45.238 +185.142.236.34 +45.13.227.172 +18.204.48.86 +34.106.22.184 +51.222.107.37 +106.75.176.55 +146.190.84.120 +143.198.213.67 +34.125.234.83 +43.130.152.82 +45.59.163.17 +172.94.9.227 +148.153.45.236 +68.183.183.237 +89.187.162.187 +206.189.38.98 +2.57.122.253 diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index f483ce3..a845a8d 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -11,7 +11,18 @@ ansible_become_password: "{{ sudo_password }}" when: script is not defined - +- name: Copy blacklist + copy: + src: "{{ playbook_dir }}/blacklist/{{ inventory_hostname }}/etc/sentinel/blacklist" + dest: /etc/sentinel/blacklist + mode: "0644" + when: script is not defined or script == "blacklist" + ignore_errors: true + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + tags: [ "restore" ] - name: Deploy stats script import_tasks: stats.yml @@ -21,7 +32,7 @@ import_tasks: blacklist.yml when: script is not defined or script == "blacklist" - - name: Configure supervision script import_tasks: supervision.yml when: script is not defined or script == "supervision" + diff --git a/roles/deploy-web/tasks/deconfigure.yml b/roles/deploy-web/tasks/deconfigure.yml index 266d5bb..d993d79 100644 --- a/roles/deploy-web/tasks/deconfigure.yml +++ b/roles/deploy-web/tasks/deconfigure.yml @@ -1,4 +1,9 @@ - +- name: Backup blacklist + fetch: + src: /etc/sentinel/blacklist + dest: blacklist + when: script is not defined or script == "blacklist" + tags: [ "backup" ] - name: Deconfigure stats script From d475156b3ecb3c11359504850a06adffa13bf191 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Tue, 14 Feb 2023 21:39:20 +0100 Subject: [PATCH 09/23] deplacement template virtualhost --- roles/deploy-web/tasks/configure.yml | 11 +++++++++++ roles/deploy-web/tasks/stats.yml | 10 ---------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index a845a8d..d2f0150 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -11,6 +11,17 @@ ansible_become_password: "{{ sudo_password }}" when: script is not defined +- name: Template virtualhost + template: + src: virtualhost.j2 + dest: /etc/sentinel/virtualhost + mode: "0444" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + when: script is not defined or script == "blacklist" + - name: Copy blacklist copy: src: "{{ playbook_dir }}/blacklist/{{ inventory_hostname }}/etc/sentinel/blacklist" diff --git a/roles/deploy-web/tasks/stats.yml b/roles/deploy-web/tasks/stats.yml index 0c96977..30adb45 100644 --- a/roles/deploy-web/tasks/stats.yml +++ b/roles/deploy-web/tasks/stats.yml @@ -1,15 +1,5 @@ # tasks file for stats script -- name: Template virtualhost - template: - src: virtualhost.j2 - dest: /etc/sentinel/virtualhost - mode: "0444" - vars: - ansible_become: yes - ansible_become_method: sudo - ansible_become_password: "{{ sudo_password }}" - - name: Template token ipinfo template: src: token.j2 From 39fab7b0dc596306832e661aca386d0fb35e3678 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Tue, 14 Feb 2023 22:19:01 +0100 Subject: [PATCH 10/23] create directory supervision --- roles/deploy-web/tasks/supervision.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/roles/deploy-web/tasks/supervision.yml b/roles/deploy-web/tasks/supervision.yml index 6ed473a..f8a6289 100644 --- a/roles/deploy-web/tasks/supervision.yml +++ b/roles/deploy-web/tasks/supervision.yml @@ -1,22 +1,35 @@ # tasks file for stats script + +- name: Create supervision directory + file: + state: directory + path: "{{ item }}/supervision" + with_items: + - /usr/local/bin + - /etc + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + - name: Copy check_ssl script copy: src: "check_ssl.sh" - dest: "/usr/local/bin/sentinel/check_ssl.sh" + dest: "/usr/local/bin/supervision/check_ssl.sh" mode: "0555" vars: ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" -- name: Crontab blacklist +- name: Crontab check_ssl ansible.builtin.cron: name: "check ssl script" cron_file: "check_ssl_cron" minute: "*/30" user: root - job: "bash /usr/local/bin/sentinel/check_ssl.sh" + job: "bash /usr/local/bin/supervision/check_ssl.sh" vars: ansible_become: yes ansible_become_method: sudo From 18da14f2ded394b4b261911c9f7bdab5cc52ab0a Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Tue, 14 Feb 2023 22:20:37 +0100 Subject: [PATCH 11/23] add check robot yandex --- roles/deploy-web/files/gouter | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/deploy-web/files/gouter b/roles/deploy-web/files/gouter index b87b4bc..82a8953 100644 --- a/roles/deploy-web/files/gouter +++ b/roles/deploy-web/files/gouter @@ -33,6 +33,14 @@ server { location /googlebbc3cfa6d1866691.html { root /var/www/gouter/; } + + location /yandex_93259fe4480c9828.html { + root /var/www/gouter/; + } + + location /yandex_f07f7ace7d8459d8.html { + root /var/www/gouter/; + } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/clarissariviere.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/clarissariviere.com/privkey.pem; # managed by Certbot From 62af6912cddcb353051716533efe5b3c31335a6b Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Wed, 15 Feb 2023 21:54:20 +0100 Subject: [PATCH 12/23] replace when by tag specific --- roles/deploy-web/tasks/configure.yml | 11 +++++------ roles/deploy-web/tasks/deconfigure.yml | 11 ++++------- 2 files changed, 9 insertions(+), 13 deletions(-) diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index d2f0150..9ba3466 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -9,7 +9,6 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - when: script is not defined - name: Template virtualhost template: @@ -20,7 +19,7 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - when: script is not defined or script == "blacklist" + tags: [ "configure_blacklist" ] - name: Copy blacklist copy: @@ -33,17 +32,17 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - tags: [ "restore" ] + tags: [ "restore_blacklist" ] - name: Deploy stats script import_tasks: stats.yml - when: script is not defined or script == "stats" + tags: [ "configure_stats" ] - name: Configure blacklist script import_tasks: blacklist.yml - when: script is not defined or script == "blacklist" + tags: [ "configure_blacklist" ] - name: Configure supervision script import_tasks: supervision.yml - when: script is not defined or script == "supervision" + tags: [ "configure_supervision" ] diff --git a/roles/deploy-web/tasks/deconfigure.yml b/roles/deploy-web/tasks/deconfigure.yml index d993d79..037c8d1 100644 --- a/roles/deploy-web/tasks/deconfigure.yml +++ b/roles/deploy-web/tasks/deconfigure.yml @@ -2,23 +2,21 @@ fetch: src: /etc/sentinel/blacklist dest: blacklist - when: script is not defined or script == "blacklist" - tags: [ "backup" ] + tags: [ "backup_balcklist" ] - name: Deconfigure stats script import_tasks: deconfigure_stats.yml - when: script is not defined or script == "stats" + tags: [ "deconfigure_stats" ] - name: Deconfigure blacklist script import_tasks: deconfigure_blacklist.yml - when: script is not defined or script == "blacklist" - +tags: [ "deconfigure_blacklist" ] - name: Deconfigure supervision script import_tasks: deconfigure_supervision.yml - when: script is not defined or script == "supervision" + tags: [ "deconfigure_supervision" ] - name: Remove sentinel directory file: @@ -31,4 +29,3 @@ ansible_become: yes ansible_become_method: sudo ansible_become_password: "{{ sudo_password }}" - when: script is not defined From 8c85e36d85aa6640e2f5d74e58332c2189e1e639 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Wed, 15 Feb 2023 22:25:05 +0100 Subject: [PATCH 13/23] add canonical web --- roles/deploy-web/files/gouter | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/deploy-web/files/gouter b/roles/deploy-web/files/gouter index 82a8953..6e25ce3 100644 --- a/roles/deploy-web/files/gouter +++ b/roles/deploy-web/files/gouter @@ -4,6 +4,7 @@ server { #gzip_static off; server_name clarissariviere.com clarissariviere.fr www.clarissariviere.fr www.clarissariviere.com; add_header 'Content-Security-Policy' 'upgrade-insecure-requests'; + add_header Link ""; proxy_cache STATIC; location / { # First attempt to serve request as file, then @@ -11,6 +12,7 @@ server { #try_files $uri $uri/ =404; proxy_set_header Accept-Encoding ""; proxy_pass http://gouters.canalblog.com/; + #add_header Link ""; #proxy_redirect off; #proxy_set_header Host $host; #proxy_buffering on; @@ -25,6 +27,7 @@ server { #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; sub_filter 'gouters.canalblog.com' "$host"; + sub_filter '' ''; sub_filter_types text/html text/xml text/plain text/css; sub_filter_once off; From 663b7c45177abb1827eae84f46ac1d008b87f295 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Thu, 16 Feb 2023 23:06:03 +0100 Subject: [PATCH 14/23] ajout robots --- roles/deploy-web/files/getinfo_day.sh | 4 ++++ roles/deploy-web/files/getinfo_month.sh | 4 ++++ roles/deploy-web/files/getinfo_week.sh | 3 +++ 3 files changed, 11 insertions(+) diff --git a/roles/deploy-web/files/getinfo_day.sh b/roles/deploy-web/files/getinfo_day.sh index 6866cb8..e259ebf 100755 --- a/roles/deploy-web/files/getinfo_day.sh +++ b/roles/deploy-web/files/getinfo_day.sh @@ -26,6 +26,7 @@ do cat $log_access | grep "|" | awk -F "|" '{print $1}' | sort | uniq > $directory_host/list_$DATE cat $log_access | awk -F "|" '{ if($2 == "404") print $1}' > $directory_host/404_$DATE cat $log_access | awk -F "|" '{ if($2 == "400") print $1}' > $directory_host/400_$DATE + grep robots.txt $log_access | awk -F '|' '{print $3}' > $directory_host/robots_$DATE while read line; do if grep $line $DIRECTORY/*/*/output_*.txt > /dev/null 2>&1; then grep -h -B1 -A8 $line $DIRECTORY/*/*/output_*.txt |head -10 >> $directory_host/output_$DATE.txt @@ -50,6 +51,9 @@ do cat $directory_host/${j}_$DATE |sort |uniq -c >> ${MAIL} echo "--------" >> ${MAIL} done + echo "nombre de robots " >> ${MAIL} + cat $directory_host/robots_$DATE |sort |uniq -c >> ${MAIL} + echo "---------" >> ${MAIL} cat ${MAIL} |mail -s "Rapport reverse proxy $DATE" -A $directory_host/output_$DATE.txt valczebackup@gmail.com #rm $directory_host/* done diff --git a/roles/deploy-web/files/getinfo_month.sh b/roles/deploy-web/files/getinfo_month.sh index b563ae4..ae5e780 100755 --- a/roles/deploy-web/files/getinfo_month.sh +++ b/roles/deploy-web/files/getinfo_month.sh @@ -23,6 +23,10 @@ do cat $directory_host/${j}_* |sort |uniq -c >> ${MAIL} echo "----------------" >> ${MAIL} done + echo "nombre de robots :" >> ${MAIL} + cat $directory_host/robots_* |sort |uniq -c >> ${MAIL} + echo "----------------" >> ${MAIL} + cat ${MAIL} |mail -s "Rapport mensuel reverse proxy ${i} $DATE" valczebackup@gmail.com rm -rf $directory_host done diff --git a/roles/deploy-web/files/getinfo_week.sh b/roles/deploy-web/files/getinfo_week.sh index f54e4b0..e791c2a 100755 --- a/roles/deploy-web/files/getinfo_week.sh +++ b/roles/deploy-web/files/getinfo_week.sh @@ -36,6 +36,9 @@ do cat $directory_host/${j}_* |sort |uniq -c >> ${MAIL} echo "----------------" >> ${MAIL} done + echo "nombre de robots :" >> ${MAIL} + cat $directory_host/robots_* |sort |uniq -c >> ${MAIL} + echo "----------------" >> ${MAIL} cat ${MAIL} |mail -s "Rapport hebdomadaire reverse proxy ${i} $DATE" valczebackup@gmail.com #rm $directory_host/* done From dc27773f248261df8d9377257e9b6fc39b815bb4 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Fri, 17 Feb 2023 16:20:37 +0100 Subject: [PATCH 15/23] replace by remove --- roles/deploy-web/files/gouter | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/deploy-web/files/gouter b/roles/deploy-web/files/gouter index 6e25ce3..f2e068e 100644 --- a/roles/deploy-web/files/gouter +++ b/roles/deploy-web/files/gouter @@ -27,7 +27,7 @@ server { #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; sub_filter 'gouters.canalblog.com' "$host"; - sub_filter '' ''; + sub_filter '' r; sub_filter_types text/html text/xml text/plain text/css; sub_filter_once off; From c5c18b05a027cf9d7cf577dbfd8d80aae65784a9 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Fri, 17 Feb 2023 18:04:21 +0100 Subject: [PATCH 16/23] add backup script --- inventory/host_vars/vps-host | 46 +++++++++++-------- roles/deploy-web/files/scw-backup.sh | 51 ++++++++++++++++++++++ roles/deploy-web/tasks/backup.yml | 47 ++++++++++++++++++++ roles/deploy-web/tasks/configure.yml | 6 +++ roles/deploy-web/tasks/deconfigure.yml | 2 +- roles/deploy-web/templates/scw-configrc.j2 | 26 +++++++++++ 6 files changed, 160 insertions(+), 18 deletions(-) create mode 100755 roles/deploy-web/files/scw-backup.sh create mode 100644 roles/deploy-web/tasks/backup.yml create mode 100644 roles/deploy-web/templates/scw-configrc.j2 diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index 575c2a9..628dc84 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,18 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -31393265313635666339373930656266363533626234383533313734323964386463363739363664 -3362323965366165643139326433646535303931616338390a316232656464383534383361313032 -39303032376339303830643866356464303235633736623134313334646361363265393330653432 -6338626261383734380a333662613238323038616637643162626436376536326461396461303866 -36383835363639633530653238353564643438616238663263363837343436636531656332303266 -37303663303139393636663334313130356231643639633833636563356137393930383639613337 -31353336346531313561336464643332333234656236386330316236376234306463663164623435 -62386665383332316133383035366162323636323638323965643532356634333836323562303132 -61396539633336346436346466306339316461613732383738666663366233373261396366353039 -61303966326130326531393837333562383337646463393435643336303465393935623938346530 -64623864313332613633333162623736643030363833346133643838383534656430336332333331 -61383661353932383961303537306233333864623531316239653131346436313035643461633032 -33376338326466616230373465643236343937653839316562633630393162373936306364633765 -32306337656639386330386334653262313663363062356263623165366164663764646430373162 -36353539376234386465393637303533323662353965663936623464633066386239623637373539 -39323637653361663730633735396133636539303133306164373838623930663364306135353938 -3935 +36626136326337616132316236306132333431646431313930313833313062336239623763336335 +6538653435663965303330303835353935636433303834340a326439353435326661343964623464 +61633563323032626230616361336533313733363965323666306537313061666266613731366430 +6464306365656536300a303463313966353833346164326434376635326334336539393739383266 +66383664636161656636623131636437646436316530376133616134383732633932623064663531 +30306135643033633934396530353636653263393935613230663165623664653563306161383761 +36653533326264346134623532363562313638666439626163396466316632303866306664363666 +35613064616236316532643235643231376564616530363831386436626565363261636438663335 +35303233303734653363613161363036393434626363333636613331316133366462316665626463 +62343762643233343366396439303966333331663865636666643230333937653866666432353162 +35306131623364306131333931326437646335653237653735663165656132303065656162653539 +63326337306234333636373461326537376561353663343231336561313736363432376261656566 +63366261353539646263343366363533623330393132373461373166323633333032303930616134 +33663365356430373239663462343135636138373831626633383664333135353466636439316638 +64313138326630613233323461653730323733353465356433626436336338633431656334363366 +31376566653565643631383339326465303537633864343136623230366630376539383465303639 +32626562373062313464323037323530346530303235313037663236646134626434363934643935 +66626333363163306563316631313331656261353263633133393835303235626665376236333339 +32323366653932393666313164643162363864636238613332343263623731643338303066326364 +66626163343733646462626536336533353239383332616438316565353966373263356336653062 +34646432396264666461336534363862623230313633336434393065303863623338326135363365 +65363733656339616461363564646633626462643062343835663637633832646633353664653933 +39393838333332616665663432626565336235396138316637663933373339613336376164376166 +36626261366331336436353466623230326232373833333038313138623366623234363630303663 +30646537653230383461623535376631613337336539626166653236373961326639326232393264 +31306336303563383734376366383831663061373532336636626165336335653465373839363235 +37393132613461656263386537376634363661393038626264373435366366336135383132303733 +36653862393932393734303862666463376138303635363161333566323830343336336566666230 +37626136376231353566313934633563656636356430663861336537613664306461 diff --git a/roles/deploy-web/files/scw-backup.sh b/roles/deploy-web/files/scw-backup.sh new file mode 100755 index 0000000..1bf2635 --- /dev/null +++ b/roles/deploy-web/files/scw-backup.sh @@ -0,0 +1,51 @@ +#!/bin/bash +LOGFILE_RECENT="/var/log/scw-log/logfile-recent.log" +LOGFILE="/var/log/scw-log/logfile.log" +DUPLICITY=/usr/local/bin/duplicity +log () { + date=`date +%Y-%m-%d` + hour=`date +%H:%M:%S` + echo "$date $hour $*" >> ${LOGFILE_RECENT} +} + +rotate_log() { + cat ${LOGFILE_RECENT} >> ${LOGFILE} + backupScw=`echo ${URL_SCW} | rev | cut -d "/" -f 2 | rev` + status="OK" + if [ $(grep "Errors 0" ${LOGFILE_RECENT} |wc -l) -eq 0 ]; then + status="ALERTE FAIL !!!" + fi + cat ${LOGFILE_RECENT} |mail -s "${status} | Backup ${backupScw} `date +%Y-%m-%d`" valczebackup@gmail.com +} + +USER=$(whoami) +currently_backuping=$(ps -ef | grep duplicity | grep python |grep ${USER} | wc -l) + +if [ $currently_backuping -eq 0 ]; then + if [ ${#} -ne 1 ]; then + log ">>> Il manque un paramètre ${0} : " + rotate_log + exit 1 + fi + if [ ! -f ${1} ]; then + log ">>> Le paramètre n'est pas un fichier ${USER} : ${1}" + rotate_log + exit 1 + fi + source "$1" + echo > ${LOGFILE_RECENT} + log ">>> removing old backups" + ${DUPLICITY} remove-older-than ${KEEP_BACKUP_TIME} ${URL_SCW} --force >> ${LOGFILE_RECENT} 2>&1 + log ">>> creating and uploading backup to c14 cold storage ${SOURCE}" + ${DUPLICITY} \ + incr --full-if-older-than ${FULL_BACKUP_TIME} \ + --asynchronous-upload \ + --s3-use-glacier \ + --encrypt-key=${GPG_FINGERPRINT} \ + --sign-key=${GPG_FINGERPRINT} \ + ${SOURCE} ${URL_SCW} >> ${LOGFILE_RECENT} 2>&1 + rotate_log +else + log ">>> Duplicity déjà en cours de route sur cette utilisateur ${USER}" + rotate_log +fi diff --git a/roles/deploy-web/tasks/backup.yml b/roles/deploy-web/tasks/backup.yml new file mode 100644 index 0000000..fdf4c7b --- /dev/null +++ b/roles/deploy-web/tasks/backup.yml @@ -0,0 +1,47 @@ +# tasks file for stats script + +- name: "Create log for backup script" + file: + path: "{{ item }}" + state: directory + with_items: + - "/var/log/scw-log" + - "/root/log" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Copy scw backup script + copy: + src: "scw-backup.sh" + dest: "/opt/scw-backup.sh" + mode: "0500" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + +- name: Copy scw backup config + template: + src: "scw-configrc.j2" + dest: "/root/.scw-configrc" + mode: "0400" + vars: + ansible_become: yes + ansible_become_method: sudo + ansible_become_password: "{{ sudo_password }}" + + +#- name: Crontab blacklist +# ansible.builtin.cron: +# name: "blacklist script" +# cron_file: "blacklist_cron" +# minute: "*/5" +# job: "bash /usr/local/bin/sentinel/blacklist.sh" +# user: root +# +# vars: +# ansible_become: yes +# ansible_become_method: sudo +# ansible_become_password: "{{ sudo_password }}" diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml index 9ba3466..a55dc8c 100644 --- a/roles/deploy-web/tasks/configure.yml +++ b/roles/deploy-web/tasks/configure.yml @@ -46,3 +46,9 @@ import_tasks: supervision.yml tags: [ "configure_supervision" ] +- name: Configure backup script + import_tasks: backup.yml + tags: [ "configure_backup" ] + + + diff --git a/roles/deploy-web/tasks/deconfigure.yml b/roles/deploy-web/tasks/deconfigure.yml index 037c8d1..4e1ccf3 100644 --- a/roles/deploy-web/tasks/deconfigure.yml +++ b/roles/deploy-web/tasks/deconfigure.yml @@ -11,7 +11,7 @@ - name: Deconfigure blacklist script import_tasks: deconfigure_blacklist.yml -tags: [ "deconfigure_blacklist" ] + tags: [ "deconfigure_blacklist" ] - name: Deconfigure supervision script diff --git a/roles/deploy-web/templates/scw-configrc.j2 b/roles/deploy-web/templates/scw-configrc.j2 new file mode 100644 index 0000000..32db50f --- /dev/null +++ b/roles/deploy-web/templates/scw-configrc.j2 @@ -0,0 +1,26 @@ +export AWS_ACCESS_KEY_ID="{{ aws_access_key_id }}" +export AWS_SECRET_ACCESS_KEY="{{ aws_secret_access_key }}" +export URL_SCW="s3://{{ url_scw }}/{{ scw_directory }}" + +# GPG Key information +export PASSPHRASE="{{ passphrase }}" +export GPG_FINGERPRINT="{{ gpg_fingerprint }}" +# Folder to backup +export SOURCE="--exclude /sys --exclude /proc --exclude /opt --exclude /tmp --exclude /mnt --exclude /home /" + +# Will keep backup up to 1 month +export KEEP_BACKUP_TIME="1M" + +# Will make a full backup every 10 days +export FULL_BACKUP_TIME="10D" + +# Log files +export LOGFILE_RECENT="/root/log/logfile-recent.log" +export LOGFILE="/root/log/logfile.log" + + log () { + date=`date +%Y-%m-%d` + hour=`date +%H:%M:%S` + echo "$date $hour $*" >> ${LOGFILE_RECENT} +} +export -f log From ef64e724cb4a899b107233e1ab2f61fb4abebf4c Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Fri, 24 Feb 2023 23:33:51 +0100 Subject: [PATCH 17/23] remove r --- roles/deploy-web/files/gouter | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/deploy-web/files/gouter b/roles/deploy-web/files/gouter index f2e068e..881f846 100644 --- a/roles/deploy-web/files/gouter +++ b/roles/deploy-web/files/gouter @@ -27,7 +27,7 @@ server { #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-Proto $scheme; sub_filter 'gouters.canalblog.com' "$host"; - sub_filter '' r; + sub_filter ' ''; sub_filter_types text/html text/xml text/plain text/css; sub_filter_once off; From f519194c13c05a41aa58f3a89791b07c55f5233c Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 26 Feb 2023 22:28:47 +0100 Subject: [PATCH 18/23] gestion des process --- roles/deploy-web/files/blacklist.sh | 65 ++++++++++++++++------------- 1 file changed, 35 insertions(+), 30 deletions(-) diff --git a/roles/deploy-web/files/blacklist.sh b/roles/deploy-web/files/blacklist.sh index 2d2fc72..6104852 100755 --- a/roles/deploy-web/files/blacklist.sh +++ b/roles/deploy-web/files/blacklist.sh @@ -3,35 +3,40 @@ MAIL=/tmp/mail SERVER_LOG=/var/log/nginx HOST=($(cat /etc/sentinel/virtualhost)) BLACKLIST=/etc/sentinel/blacklist -chain_count=$(iptables -L BLACKLIST -n | wc -l) -if [ ${chain_count} -eq 0 ]; then - bash /usr/local/bin/sentinel/refill_blacklist.sh -fi +currently_blacklist=$(ps -ef | grep blacklist | grep bash |grep ${USER} | wc -l) -for i in ${HOST[@]} -do - log_access=${SERVER_LOG}/${i}_access.log - tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i - cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i - cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i - cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404 - cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400 - count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l) - if [ ${count} -ne 0 ]; then - echo "Nouvelle IP blacklisté" > ${MAIL} - list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq)) - for j in ${list_ip[@]} - do - echo ${j} >> ${MAIL} - curl http://ipinfo.io/${j} >> ${MAIL} - echo "" >> ${MAIL} - cat /tmp/error_$i | grep ${j} >> ${MAIL} - echo "" >> ${MAIL} - echo ${j} >> ${BLACKLIST} - iptables -A BLACKLIST -s ${j} -j DROP - done - echo "IP dejà blacklisté : " >> ${MAIL} - cat ${BLACKLIST} >> ${MAIL} - cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com +if [ ${currently_blacklist} -eq 0 ]; then + + chain_count=$(iptables -L BLACKLIST -n | wc -l) + if [ ${chain_count} -eq 0 ]; then + bash /usr/local/bin/sentinel/refill_blacklist.sh fi -done + + for i in ${HOST[@]} + do + log_access=${SERVER_LOG}/${i}_access.log + tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i + cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i + cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i + cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404 + cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400 + count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l) + if [ ${count} -ne 0 ]; then + echo "Nouvelle IP blacklisté" > ${MAIL} + list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq)) + for j in ${list_ip[@]} + do + echo ${j} >> ${MAIL} + curl http://ipinfo.io/${j} >> ${MAIL} + echo "" >> ${MAIL} + cat /tmp/error_$i | grep ${j} >> ${MAIL} + echo "" >> ${MAIL} + echo ${j} >> ${BLACKLIST} + iptables -A BLACKLIST -s ${j} -j DROP + done + echo "IP dejà blacklisté : " >> ${MAIL} + cat ${BLACKLIST} >> ${MAIL} + cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com + fi + done +fi From 85f7573262b996f1e50a40d04f39cf115208a328 Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Sun, 26 Feb 2023 22:32:10 +0100 Subject: [PATCH 19/23] gestion ps --- roles/deploy-web/files/blacklist.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/deploy-web/files/blacklist.sh b/roles/deploy-web/files/blacklist.sh index 6104852..fe8be21 100755 --- a/roles/deploy-web/files/blacklist.sh +++ b/roles/deploy-web/files/blacklist.sh @@ -5,7 +5,7 @@ HOST=($(cat /etc/sentinel/virtualhost)) BLACKLIST=/etc/sentinel/blacklist currently_blacklist=$(ps -ef | grep blacklist | grep bash |grep ${USER} | wc -l) -if [ ${currently_blacklist} -eq 0 ]; then +if [ ${currently_blacklist} -eq 2 ]; then chain_count=$(iptables -L BLACKLIST -n | wc -l) if [ ${chain_count} -eq 0 ]; then From 767c45eb3011d827ae605126132d7e250254d9da Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 27 Feb 2023 22:31:21 +0100 Subject: [PATCH 20/23] fix script backup for new version duplicity --- inventory/host_vars/vps-host | 58 +++++++++++----------- playbook.yml | 2 +- roles/deploy-web/files/scw-backup.sh | 8 +-- roles/deploy-web/templates/scw-configrc.j2 | 4 +- 4 files changed, 38 insertions(+), 34 deletions(-) diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host index 628dc84..b10ad15 100644 --- a/inventory/host_vars/vps-host +++ b/inventory/host_vars/vps-host @@ -1,30 +1,30 @@ $ANSIBLE_VAULT;1.1;AES256 -36626136326337616132316236306132333431646431313930313833313062336239623763336335 -6538653435663965303330303835353935636433303834340a326439353435326661343964623464 -61633563323032626230616361336533313733363965323666306537313061666266613731366430 -6464306365656536300a303463313966353833346164326434376635326334336539393739383266 -66383664636161656636623131636437646436316530376133616134383732633932623064663531 -30306135643033633934396530353636653263393935613230663165623664653563306161383761 -36653533326264346134623532363562313638666439626163396466316632303866306664363666 -35613064616236316532643235643231376564616530363831386436626565363261636438663335 -35303233303734653363613161363036393434626363333636613331316133366462316665626463 -62343762643233343366396439303966333331663865636666643230333937653866666432353162 -35306131623364306131333931326437646335653237653735663165656132303065656162653539 -63326337306234333636373461326537376561353663343231336561313736363432376261656566 -63366261353539646263343366363533623330393132373461373166323633333032303930616134 -33663365356430373239663462343135636138373831626633383664333135353466636439316638 -64313138326630613233323461653730323733353465356433626436336338633431656334363366 -31376566653565643631383339326465303537633864343136623230366630376539383465303639 -32626562373062313464323037323530346530303235313037663236646134626434363934643935 -66626333363163306563316631313331656261353263633133393835303235626665376236333339 -32323366653932393666313164643162363864636238613332343263623731643338303066326364 -66626163343733646462626536336533353239383332616438316565353966373263356336653062 -34646432396264666461336534363862623230313633336434393065303863623338326135363365 -65363733656339616461363564646633626462643062343835663637633832646633353664653933 -39393838333332616665663432626565336235396138316637663933373339613336376164376166 -36626261366331336436353466623230326232373833333038313138623366623234363630303663 -30646537653230383461623535376631613337336539626166653236373961326639326232393264 -31306336303563383734376366383831663061373532336636626165336335653465373839363235 -37393132613461656263386537376634363661393038626264373435366366336135383132303733 -36653862393932393734303862666463376138303635363161333566323830343336336566666230 -37626136376231353566313934633563656636356430663861336537613664306461 +33636162336330363833666465326430326230353032643365623263306139346138363135316462 +6232623366616434333833333630663435333237306563630a333065363335653361613135316131 +38346464653533633062636534303937366534383064376232336635663665323163386566336465 +3037636164626361390a373963346334616232323639353561306631333834613964363635626330 +62633139383230373063313136383534653230323038313762323430393164616534363836376333 +30303662613534333631393031303165376435363831323636316561336530393963313465356164 +37386462643361363265326230393465313536343533646437393634663663663862643033323966 +34396162613134343738343861666663643338363136383262666263623933316435323135656331 +30373134376565633662646365636464663562636666303061653664633138326139373737303163 +30613561366233333264336562633837393239626462633238323564386332613861323266643733 +37653764646637313631326365373935313762393934663234326362393762313434663366663165 +62313036373732383739666166626631353738323830636234383430313539666433643139346232 +39626462613537363263343166663038346338383863343334656433396238346330653938373139 +39373265373961303763613962353762303735323966373762616462643433353162623136656130 +34666362373638303635313833663133623431353230386266653962646163646665333334646661 +38663634346461663430623235623138666563343739643432366635653331663233366136353666 +35393765346362663561633064356364623737353862353334386638306362363362386663663636 +37663731356664396330663862623965343237643066663031336338313937363461343264633534 +39613230373964663462656664656161623939656361336532383530303030666264323439623231 +65643430643433643239333338646363343933373934353435646337333238663239613539333862 +33333130386239303738366262386562323261653334356238646132313861396661633937353630 +65643064383036623035313766346636636264653265666232343837343033646466623066663932 +37313366363064613662383938663965633865326333323264363730666635316533393331643362 +64373661303761633862613237363430346134346237633736326139363963656239393162616432 +31663437333434626536353164663234353164623265623538303031333833646438616265306633 +38346535366531323032313232656533613431313133373561343465616266306634656237333038 +65633134656132623238363136623934346235316336326136613863626564396339646265323262 +65313239353737656231383664656431343239363730666362376532663835643337666664393738 +6131 diff --git a/playbook.yml b/playbook.yml index 47c229a..a5d892b 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,5 @@ --- - hosts: all - remote_user: admloc + remote_user: valentin roles: - deploy-web diff --git a/roles/deploy-web/files/scw-backup.sh b/roles/deploy-web/files/scw-backup.sh index 1bf2635..3c394b9 100755 --- a/roles/deploy-web/files/scw-backup.sh +++ b/roles/deploy-web/files/scw-backup.sh @@ -10,7 +10,7 @@ log () { rotate_log() { cat ${LOGFILE_RECENT} >> ${LOGFILE} - backupScw=`echo ${URL_SCW} | rev | cut -d "/" -f 2 | rev` + backupScw=`echo ${SCW_BUCKET} | rev | cut -d "/" -f 2 | rev` status="OK" if [ $(grep "Errors 0" ${LOGFILE_RECENT} |wc -l) -eq 0 ]; then status="ALERTE FAIL !!!" @@ -35,15 +35,17 @@ if [ $currently_backuping -eq 0 ]; then source "$1" echo > ${LOGFILE_RECENT} log ">>> removing old backups" - ${DUPLICITY} remove-older-than ${KEEP_BACKUP_TIME} ${URL_SCW} --force >> ${LOGFILE_RECENT} 2>&1 + ${DUPLICITY} remove-older-than --s3-endpoint-url ${SCW_ENDPOINT_URL} --s3-region-name ${SCW_REGION} ${KEEP_BACKUP_TIME} ${SCW_BUCKET} --force >> ${LOGFILE_RECENT} 2>&1 log ">>> creating and uploading backup to c14 cold storage ${SOURCE}" ${DUPLICITY} \ incr --full-if-older-than ${FULL_BACKUP_TIME} \ + --s3-endpoint-url ${SCW_ENDPOINT_URL} \ + --s3-region-name ${SCW_REGION} \ --asynchronous-upload \ --s3-use-glacier \ --encrypt-key=${GPG_FINGERPRINT} \ --sign-key=${GPG_FINGERPRINT} \ - ${SOURCE} ${URL_SCW} >> ${LOGFILE_RECENT} 2>&1 + ${SOURCE} ${SCW_BUCKET} >> ${LOGFILE_RECENT} 2>&1 rotate_log else log ">>> Duplicity déjà en cours de route sur cette utilisateur ${USER}" diff --git a/roles/deploy-web/templates/scw-configrc.j2 b/roles/deploy-web/templates/scw-configrc.j2 index 32db50f..8fa877f 100644 --- a/roles/deploy-web/templates/scw-configrc.j2 +++ b/roles/deploy-web/templates/scw-configrc.j2 @@ -1,6 +1,8 @@ export AWS_ACCESS_KEY_ID="{{ aws_access_key_id }}" export AWS_SECRET_ACCESS_KEY="{{ aws_secret_access_key }}" -export URL_SCW="s3://{{ url_scw }}/{{ scw_directory }}" +export SCW_REGION="{{ scw_region }}" +export SCW_ENDPOINT_URL="https://s3.${SCW_REGION}.scw.cloud" +export SCW_BUCKET="s3://{{ scw_directory }}" # GPG Key information export PASSPHRASE="{{ passphrase }}" From 3b8652a97a9d0e891a3cfa775e645d71601c5f5a Mon Sep 17 00:00:00 2001 From: Valentin CZERYBA Date: Mon, 27 Feb 2023 22:39:25 +0100 Subject: [PATCH 21/23] add script restore --- roles/deploy-web/files/scw-restore.sh | 29 +++++++++++++++++++++++++++ roles/deploy-web/tasks/backup.yml | 9 ++++++--- 2 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 roles/deploy-web/files/scw-restore.sh diff --git a/roles/deploy-web/files/scw-restore.sh b/roles/deploy-web/files/scw-restore.sh new file mode 100644 index 0000000..4306849 --- /dev/null +++ b/roles/deploy-web/files/scw-restore.sh @@ -0,0 +1,29 @@ +#!/bin/bash + + if [ $# -lt 3 ]; then + echo -e "Usage $0