Merge pull request 'configure' (#2) from configure into master
Reviewed-on: #2
This commit is contained in:
commit
79811d9fe5
78
blacklist/vps-host/etc/sentinel/blacklist
Normal file
78
blacklist/vps-host/etc/sentinel/blacklist
Normal file
@ -0,0 +1,78 @@
|
||||
51.222.107.37
|
||||
45.33.110.22
|
||||
185.142.236.35
|
||||
164.92.135.200
|
||||
46.101.166.31
|
||||
195.181.163.29
|
||||
206.189.47.168
|
||||
103.74.54.128
|
||||
185.180.143.140
|
||||
146.0.77.38
|
||||
172.104.249.218
|
||||
137.184.200.131
|
||||
128.90.135.254
|
||||
134.209.70.98
|
||||
3.235.198.47
|
||||
71.6.199.23
|
||||
20.84.48.39
|
||||
193.42.33.15
|
||||
167.235.148.2
|
||||
54.74.107.180
|
||||
170.187.229.101
|
||||
165.227.89.199
|
||||
165.22.98.234
|
||||
34.122.37.133
|
||||
167.172.141.44
|
||||
167.172.142.119
|
||||
134.209.207.188
|
||||
34.125.93.26
|
||||
34.162.183.125
|
||||
139.59.138.104
|
||||
35.245.198.244
|
||||
143.198.85.144
|
||||
157.245.136.150
|
||||
185.134.23.83
|
||||
20.125.115.103
|
||||
185.163.109.66
|
||||
128.199.85.172
|
||||
148.153.45.238
|
||||
185.142.236.34
|
||||
45.13.227.172
|
||||
18.204.48.86
|
||||
34.106.22.184
|
||||
51.222.107.37
|
||||
106.75.176.55
|
||||
146.190.84.120
|
||||
143.198.213.67
|
||||
34.125.234.83
|
||||
43.130.152.82
|
||||
45.59.163.17
|
||||
172.94.9.227
|
||||
148.153.45.236
|
||||
68.183.183.237
|
||||
89.187.162.187
|
||||
206.189.38.98
|
||||
2.57.122.253
|
||||
172.105.190.200
|
||||
15.188.26.9
|
||||
13.49.23.69
|
||||
20.87.214.199
|
||||
45.55.64.12
|
||||
188.166.187.222
|
||||
167.71.24.123
|
||||
185.213.174.115
|
||||
165.232.174.66
|
||||
161.35.153.48
|
||||
54.219.74.101
|
||||
2.57.122.81
|
||||
165.22.96.121
|
||||
43.153.118.27
|
||||
43.153.12.17
|
||||
185.180.143.141
|
||||
18.144.156.146
|
||||
193.56.29.113
|
||||
3.129.42.4
|
||||
169.197.143.220
|
||||
3.15.142.108
|
||||
139.162.34.62
|
||||
80.66.79.22
|
@ -1,14 +1,30 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37656337323032643834333437363330363932363462306332646166616531616265646536373530
|
||||
6234313633353137656665653536663964393264303532610a633664613332343333363034396238
|
||||
61643465363532383661636238356566616161343034343166656364353538353564333235373663
|
||||
3336313930643062370a316439666335626265306338383939306433343439666333646632613366
|
||||
65663766326333623033643933613962393163313566636238353964656636633265373936626364
|
||||
65313565663265613532623563366533393030643539346363613035656632323762666131643530
|
||||
61616338616637336333663363323761653564633137633361333364663232656136353966346134
|
||||
38313435653131326161383564386261356333356164393034663538326262633036383438666330
|
||||
65393939363338363932653461393234346431653661626338653536353562396664313932346432
|
||||
39353035373263633938336337346461306162656662363461306538353436353063363764323631
|
||||
30386334356534663238656166666432636233353935623331366130323264393231306265363761
|
||||
37323163663561393938366662373963303634636564346663363239346332316336366636636235
|
||||
64343466333931353861346164656234393265653034623335636266393262323234
|
||||
33636162336330363833666465326430326230353032643365623263306139346138363135316462
|
||||
6232623366616434333833333630663435333237306563630a333065363335653361613135316131
|
||||
38346464653533633062636534303937366534383064376232336635663665323163386566336465
|
||||
3037636164626361390a373963346334616232323639353561306631333834613964363635626330
|
||||
62633139383230373063313136383534653230323038313762323430393164616534363836376333
|
||||
30303662613534333631393031303165376435363831323636316561336530393963313465356164
|
||||
37386462643361363265326230393465313536343533646437393634663663663862643033323966
|
||||
34396162613134343738343861666663643338363136383262666263623933316435323135656331
|
||||
30373134376565633662646365636464663562636666303061653664633138326139373737303163
|
||||
30613561366233333264336562633837393239626462633238323564386332613861323266643733
|
||||
37653764646637313631326365373935313762393934663234326362393762313434663366663165
|
||||
62313036373732383739666166626631353738323830636234383430313539666433643139346232
|
||||
39626462613537363263343166663038346338383863343334656433396238346330653938373139
|
||||
39373265373961303763613962353762303735323966373762616462643433353162623136656130
|
||||
34666362373638303635313833663133623431353230386266653962646163646665333334646661
|
||||
38663634346461663430623235623138666563343739643432366635653331663233366136353666
|
||||
35393765346362663561633064356364623737353862353334386638306362363362386663663636
|
||||
37663731356664396330663862623965343237643066663031336338313937363461343264633534
|
||||
39613230373964663462656664656161623939656361336532383530303030666264323439623231
|
||||
65643430643433643239333338646363343933373934353435646337333238663239613539333862
|
||||
33333130386239303738366262386562323261653334356238646132313861396661633937353630
|
||||
65643064383036623035313766346636636264653265666232343837343033646466623066663932
|
||||
37313366363064613662383938663965633865326333323264363730666635316533393331643362
|
||||
64373661303761633862613237363430346134346237633736326139363963656239393162616432
|
||||
31663437333434626536353164663234353164623265623538303031333833646438616265306633
|
||||
38346535366531323032313232656533613431313133373561343465616266306634656237333038
|
||||
65633134656132623238363136623934346235316336326136613863626564396339646265323262
|
||||
65313239353737656231383664656431343239363730666362376532663835643337666664393738
|
||||
6131
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- hosts: all
|
||||
remote_user: admloc
|
||||
remote_user: valentin
|
||||
roles:
|
||||
- deploy-web
|
||||
|
@ -3,35 +3,40 @@ MAIL=/tmp/mail
|
||||
SERVER_LOG=/var/log/nginx
|
||||
HOST=($(cat /etc/sentinel/virtualhost))
|
||||
BLACKLIST=/etc/sentinel/blacklist
|
||||
chain_count=$(iptables -L BLACKLIST -n | wc -l)
|
||||
if [ ${chain_count} -eq 0 ]; then
|
||||
bash /usr/local/bin/sentinel/refill_blacklist.sh
|
||||
fi
|
||||
currently_blacklist=$(ps -ef | grep blacklist | grep bash |grep ${USER} | wc -l)
|
||||
|
||||
for i in ${HOST[@]}
|
||||
do
|
||||
log_access=${SERVER_LOG}/${i}_access.log
|
||||
tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
|
||||
cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
|
||||
cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
|
||||
cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
|
||||
cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
|
||||
count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
|
||||
if [ ${count} -ne 0 ]; then
|
||||
echo "Nouvelle IP blacklisté" > ${MAIL}
|
||||
list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq))
|
||||
for j in ${list_ip[@]}
|
||||
do
|
||||
echo ${j} >> ${MAIL}
|
||||
curl http://ipinfo.io/${j} >> ${MAIL}
|
||||
echo "" >> ${MAIL}
|
||||
cat /tmp/error_$i | grep ${j} >> ${MAIL}
|
||||
echo "" >> ${MAIL}
|
||||
echo ${j} >> ${BLACKLIST}
|
||||
iptables -A BLACKLIST -s ${j} -j DROP
|
||||
done
|
||||
echo "IP dejà blacklisté : " >> ${MAIL}
|
||||
cat ${BLACKLIST} >> ${MAIL}
|
||||
cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
|
||||
if [ ${currently_blacklist} -eq 2 ]; then
|
||||
|
||||
chain_count=$(iptables -L BLACKLIST -n | wc -l)
|
||||
if [ ${chain_count} -eq 0 ]; then
|
||||
bash /usr/local/bin/sentinel/refill_blacklist.sh
|
||||
fi
|
||||
done
|
||||
|
||||
for i in ${HOST[@]}
|
||||
do
|
||||
log_access=${SERVER_LOG}/${i}_access.log
|
||||
tail -n 50 $log_access | awk -F "|" '{ if($2 == "400" || $2 == "404") print $0}' > /tmp/error_$i
|
||||
cat /tmp/error_$i | awk -F "|" '{ if($2 == "404") print $1}' > /tmp/404_$i
|
||||
cat /tmp/error_$i | awk -F "|" '{ if($2 == "400") print $1}' > /tmp/400_$i
|
||||
cat /tmp/404_$i | sort | uniq -c | awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_404
|
||||
cat /tmp/400_$i |sort | uniq -c |awk '{ if($1 >= 5) print $2}' > /tmp/blacklist_400
|
||||
count=$(cat /tmp/blacklist_404 /tmp/blacklist_400 |grep -f ${BLACKLIST} -v |sort |uniq |wc -l)
|
||||
if [ ${count} -ne 0 ]; then
|
||||
echo "Nouvelle IP blacklisté" > ${MAIL}
|
||||
list_ip=($(cat /tmp/blacklist_400 /tmp/blacklist_404 |grep -f ${BLACKLIST} -v |sort |uniq))
|
||||
for j in ${list_ip[@]}
|
||||
do
|
||||
echo ${j} >> ${MAIL}
|
||||
curl http://ipinfo.io/${j} >> ${MAIL}
|
||||
echo "" >> ${MAIL}
|
||||
cat /tmp/error_$i | grep ${j} >> ${MAIL}
|
||||
echo "" >> ${MAIL}
|
||||
echo ${j} >> ${BLACKLIST}
|
||||
iptables -A BLACKLIST -s ${j} -j DROP
|
||||
done
|
||||
echo "IP dejà blacklisté : " >> ${MAIL}
|
||||
cat ${BLACKLIST} >> ${MAIL}
|
||||
cat ${MAIL} |mail -s "Blacklist IP ${i}" valczebackup@gmail.com
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
@ -2,7 +2,7 @@
|
||||
MAIL=/tmp/mail
|
||||
DIRECTORY=/home/valentin/mail
|
||||
SERVER_LOG=/var/log/nginx
|
||||
TOKEN=af920d2f7dbe97
|
||||
TOKEN=$(cat /etc/sentinel/token)
|
||||
DATE=$(date +%Y%m%d-%H%M%S)
|
||||
HOST=($(cat /etc/sentinel/virtualhost))
|
||||
WEEK=$(date +%V)
|
||||
@ -26,6 +26,7 @@ do
|
||||
cat $log_access | grep "|" | awk -F "|" '{print $1}' | sort | uniq > $directory_host/list_$DATE
|
||||
cat $log_access | awk -F "|" '{ if($2 == "404") print $1}' > $directory_host/404_$DATE
|
||||
cat $log_access | awk -F "|" '{ if($2 == "400") print $1}' > $directory_host/400_$DATE
|
||||
grep robots.txt $log_access | awk -F '|' '{print $3}' > $directory_host/robots_$DATE
|
||||
while read line; do
|
||||
if grep $line $DIRECTORY/*/*/output_*.txt > /dev/null 2>&1; then
|
||||
grep -h -B1 -A8 $line $DIRECTORY/*/*/output_*.txt |head -10 >> $directory_host/output_$DATE.txt
|
||||
@ -50,6 +51,9 @@ do
|
||||
cat $directory_host/${j}_$DATE |sort |uniq -c >> ${MAIL}
|
||||
echo "--------" >> ${MAIL}
|
||||
done
|
||||
echo "nombre de robots " >> ${MAIL}
|
||||
cat $directory_host/robots_$DATE |sort |uniq -c >> ${MAIL}
|
||||
echo "---------" >> ${MAIL}
|
||||
cat ${MAIL} |mail -s "Rapport reverse proxy $DATE" -A $directory_host/output_$DATE.txt valczebackup@gmail.com
|
||||
#rm $directory_host/*
|
||||
done
|
||||
|
@ -23,6 +23,10 @@ do
|
||||
cat $directory_host/${j}_* |sort |uniq -c >> ${MAIL}
|
||||
echo "----------------" >> ${MAIL}
|
||||
done
|
||||
echo "nombre de robots :" >> ${MAIL}
|
||||
cat $directory_host/robots_* |sort |uniq -c >> ${MAIL}
|
||||
echo "----------------" >> ${MAIL}
|
||||
|
||||
cat ${MAIL} |mail -s "Rapport mensuel reverse proxy ${i} $DATE" valczebackup@gmail.com
|
||||
rm -rf $directory_host
|
||||
done
|
||||
|
@ -36,6 +36,9 @@ do
|
||||
cat $directory_host/${j}_* |sort |uniq -c >> ${MAIL}
|
||||
echo "----------------" >> ${MAIL}
|
||||
done
|
||||
echo "nombre de robots :" >> ${MAIL}
|
||||
cat $directory_host/robots_* |sort |uniq -c >> ${MAIL}
|
||||
echo "----------------" >> ${MAIL}
|
||||
cat ${MAIL} |mail -s "Rapport hebdomadaire reverse proxy ${i} $DATE" valczebackup@gmail.com
|
||||
#rm $directory_host/*
|
||||
done
|
||||
|
@ -4,6 +4,7 @@ server {
|
||||
#gzip_static off;
|
||||
server_name clarissariviere.com clarissariviere.fr www.clarissariviere.fr www.clarissariviere.com;
|
||||
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
|
||||
add_header Link "<https://www.clarissariviere.com; rel=\"canonical\">";
|
||||
proxy_cache STATIC;
|
||||
location / {
|
||||
# First attempt to serve request as file, then
|
||||
@ -11,6 +12,7 @@ server {
|
||||
#try_files $uri $uri/ =404;
|
||||
proxy_set_header Accept-Encoding "";
|
||||
proxy_pass http://gouters.canalblog.com/;
|
||||
#add_header Link "<https://www.clarissariviere.com; rel=\"canonical\">";
|
||||
#proxy_redirect off;
|
||||
#proxy_set_header Host $host;
|
||||
#proxy_buffering on;
|
||||
@ -25,6 +27,7 @@ server {
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header X-Forwarded-Proto $scheme;
|
||||
sub_filter 'gouters.canalblog.com' "$host";
|
||||
sub_filter '<meta name="generator" content="CanalBlog - https://www.canalblog.com" /> '';
|
||||
sub_filter_types text/html text/xml text/plain text/css;
|
||||
sub_filter_once off;
|
||||
|
||||
@ -33,6 +36,14 @@ server {
|
||||
location /googlebbc3cfa6d1866691.html {
|
||||
root /var/www/gouter/;
|
||||
}
|
||||
|
||||
location /yandex_93259fe4480c9828.html {
|
||||
root /var/www/gouter/;
|
||||
}
|
||||
|
||||
location /yandex_f07f7ace7d8459d8.html {
|
||||
root /var/www/gouter/;
|
||||
}
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/clarissariviere.com/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/clarissariviere.com/privkey.pem; # managed by Certbot
|
||||
|
53
roles/deploy-web/files/scw-backup.sh
Executable file
53
roles/deploy-web/files/scw-backup.sh
Executable file
@ -0,0 +1,53 @@
|
||||
#!/bin/bash
|
||||
LOGFILE_RECENT="/var/log/scw-log/logfile-recent.log"
|
||||
LOGFILE="/var/log/scw-log/logfile.log"
|
||||
DUPLICITY=/usr/local/bin/duplicity
|
||||
log () {
|
||||
date=`date +%Y-%m-%d`
|
||||
hour=`date +%H:%M:%S`
|
||||
echo "$date $hour $*" >> ${LOGFILE_RECENT}
|
||||
}
|
||||
|
||||
rotate_log() {
|
||||
cat ${LOGFILE_RECENT} >> ${LOGFILE}
|
||||
backupScw=`echo ${SCW_BUCKET} | rev | cut -d "/" -f 2 | rev`
|
||||
status="OK"
|
||||
if [ $(grep "Errors 0" ${LOGFILE_RECENT} |wc -l) -eq 0 ]; then
|
||||
status="ALERTE FAIL !!!"
|
||||
fi
|
||||
cat ${LOGFILE_RECENT} |mail -s "${status} | Backup ${backupScw} `date +%Y-%m-%d`" valczebackup@gmail.com
|
||||
}
|
||||
|
||||
USER=$(whoami)
|
||||
currently_backuping=$(ps -ef | grep duplicity | grep python |grep ${USER} | wc -l)
|
||||
|
||||
if [ $currently_backuping -eq 0 ]; then
|
||||
if [ ${#} -ne 1 ]; then
|
||||
log ">>> Il manque un paramètre ${0} : <CONFIGFILE>"
|
||||
rotate_log
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f ${1} ]; then
|
||||
log ">>> Le paramètre n'est pas un fichier ${USER} : ${1}"
|
||||
rotate_log
|
||||
exit 1
|
||||
fi
|
||||
source "$1"
|
||||
echo > ${LOGFILE_RECENT}
|
||||
log ">>> removing old backups"
|
||||
${DUPLICITY} remove-older-than --s3-endpoint-url ${SCW_ENDPOINT_URL} --s3-region-name ${SCW_REGION} ${KEEP_BACKUP_TIME} ${SCW_BUCKET} --force >> ${LOGFILE_RECENT} 2>&1
|
||||
log ">>> creating and uploading backup to c14 cold storage ${SOURCE}"
|
||||
${DUPLICITY} \
|
||||
incr --full-if-older-than ${FULL_BACKUP_TIME} \
|
||||
--s3-endpoint-url ${SCW_ENDPOINT_URL} \
|
||||
--s3-region-name ${SCW_REGION} \
|
||||
--asynchronous-upload \
|
||||
--s3-use-glacier \
|
||||
--encrypt-key=${GPG_FINGERPRINT} \
|
||||
--sign-key=${GPG_FINGERPRINT} \
|
||||
${SOURCE} ${SCW_BUCKET} >> ${LOGFILE_RECENT} 2>&1
|
||||
rotate_log
|
||||
else
|
||||
log ">>> Duplicity déjà en cours de route sur cette utilisateur ${USER}"
|
||||
rotate_log
|
||||
fi
|
29
roles/deploy-web/files/scw-restore.sh
Normal file
29
roles/deploy-web/files/scw-restore.sh
Normal file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $# -lt 3 ]; then
|
||||
echo -e "Usage $0 <scw_configrc> <time or delta> [file to restore] <restore to>
|
||||
Exemple:
|
||||
\t$ $0 2018-7-21 recovery/ ## recovers * from closest backup to date
|
||||
\t$ $0 0D secret data/ ## recovers most recent file nammed 'secret'";
|
||||
exit; fi
|
||||
|
||||
source $1
|
||||
shift
|
||||
|
||||
|
||||
if [ $# -eq 2 ]; then
|
||||
duplicity \
|
||||
--s3-endpoint-url ${SCW_ENDPOINT_URL} \
|
||||
--s3-region-name ${SCW_REGION} \
|
||||
--time $1 \
|
||||
${SCW_BUCKET} $2
|
||||
fi
|
||||
|
||||
if [ $# -eq 3 ]; then
|
||||
duplicity \
|
||||
--s3-endpoint-url ${SCW_ENDPOINT_URL} \
|
||||
--s3-region-name ${SCW_REGION} \
|
||||
--time $1 \
|
||||
--file-to-restore $2 \
|
||||
${SCW_BUCKET} $3
|
||||
fi
|
@ -1 +0,0 @@
|
||||
clarissa
|
50
roles/deploy-web/tasks/backup.yml
Normal file
50
roles/deploy-web/tasks/backup.yml
Normal file
@ -0,0 +1,50 @@
|
||||
# tasks file for stats script
|
||||
|
||||
- name: "Create log for backup script"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- "/var/log/scw-log"
|
||||
- "/root/log"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Copy scw backup and restore script
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "/opt/{{ item }}"
|
||||
mode: "0500"
|
||||
with_items:
|
||||
- "scw-backup.sh"
|
||||
- "scw-restore.sh"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Copy scw backup config
|
||||
template:
|
||||
src: "scw-configrc.j2"
|
||||
dest: "/root/.scw-configrc"
|
||||
mode: "0400"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
|
||||
#- name: Crontab blacklist
|
||||
# ansible.builtin.cron:
|
||||
# name: "blacklist script"
|
||||
# cron_file: "blacklist_cron"
|
||||
# minute: "*/5"
|
||||
# job: "bash /usr/local/bin/sentinel/blacklist.sh"
|
||||
# user: root
|
||||
#
|
||||
# vars:
|
||||
# ansible_become: yes
|
||||
# ansible_become_method: sudo
|
||||
# ansible_become_password: "{{ sudo_password }}"
|
27
roles/deploy-web/tasks/blacklist.yml
Normal file
27
roles/deploy-web/tasks/blacklist.yml
Normal file
@ -0,0 +1,27 @@
|
||||
# tasks file for stats script
|
||||
|
||||
- name: Copy blacklist script
|
||||
copy:
|
||||
src: "{{ item }}.sh"
|
||||
dest: "/usr/local/bin/sentinel/{{ item }}.sh"
|
||||
mode: "0555"
|
||||
with_items:
|
||||
- blacklist
|
||||
- refill_blacklist
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Crontab blacklist
|
||||
ansible.builtin.cron:
|
||||
name: "blacklist script"
|
||||
cron_file: "blacklist_cron"
|
||||
minute: "*/5"
|
||||
job: "bash /usr/local/bin/sentinel/blacklist.sh"
|
||||
user: root
|
||||
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
54
roles/deploy-web/tasks/configure.yml
Normal file
54
roles/deploy-web/tasks/configure.yml
Normal file
@ -0,0 +1,54 @@
|
||||
- name: Create sentinel directory
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ item }}/sentinel"
|
||||
with_items:
|
||||
- /usr/local/bin
|
||||
- /etc
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Template virtualhost
|
||||
template:
|
||||
src: virtualhost.j2
|
||||
dest: /etc/sentinel/virtualhost
|
||||
mode: "0444"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
tags: [ "configure_blacklist" ]
|
||||
|
||||
- name: Copy blacklist
|
||||
copy:
|
||||
src: "{{ playbook_dir }}/blacklist/{{ inventory_hostname }}/etc/sentinel/blacklist"
|
||||
dest: /etc/sentinel/blacklist
|
||||
mode: "0644"
|
||||
when: script is not defined or script == "blacklist"
|
||||
ignore_errors: true
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
tags: [ "restore_blacklist" ]
|
||||
|
||||
- name: Deploy stats script
|
||||
import_tasks: stats.yml
|
||||
tags: [ "configure_stats" ]
|
||||
|
||||
- name: Configure blacklist script
|
||||
import_tasks: blacklist.yml
|
||||
tags: [ "configure_blacklist" ]
|
||||
|
||||
- name: Configure supervision script
|
||||
import_tasks: supervision.yml
|
||||
tags: [ "configure_supervision" ]
|
||||
|
||||
- name: Configure backup script
|
||||
import_tasks: backup.yml
|
||||
tags: [ "configure_backup" ]
|
||||
|
||||
|
||||
|
36
roles/deploy-web/tasks/deconfigure.yml
Normal file
36
roles/deploy-web/tasks/deconfigure.yml
Normal file
@ -0,0 +1,36 @@
|
||||
- name: Backup blacklist
|
||||
fetch:
|
||||
src: /etc/sentinel/blacklist
|
||||
dest: blacklist
|
||||
tags: [ "backup_blacklist" ]
|
||||
|
||||
|
||||
- name: Deconfigure stats script
|
||||
import_tasks: deconfigure_stats.yml
|
||||
tags: [ "deconfigure_stats" ]
|
||||
|
||||
- name: Deconfigure blacklist script
|
||||
import_tasks: deconfigure_blacklist.yml
|
||||
tags: [ "deconfigure_blacklist" ]
|
||||
|
||||
|
||||
- name: Deconfigure supervision script
|
||||
import_tasks: deconfigure_supervision.yml
|
||||
tags: [ "deconfigure_supervision" ]
|
||||
|
||||
- name: Deconfigure backup script
|
||||
import_tasks: deconfigure_backup.yml
|
||||
tags: [ "deconfigure_backup" ]
|
||||
|
||||
|
||||
- name: Remove sentinel directory
|
||||
file:
|
||||
state: absent
|
||||
path: "{{ item }}/sentinel"
|
||||
with_items:
|
||||
- /usr/local/bin
|
||||
- /etc
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
31
roles/deploy-web/tasks/deconfigure_backup.yml
Normal file
31
roles/deploy-web/tasks/deconfigure_backup.yml
Normal file
@ -0,0 +1,31 @@
|
||||
# tasks file for stats script
|
||||
|
||||
- name: "Create log for backup script"
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
with_items:
|
||||
- "/var/log/scw-log"
|
||||
- "/root/log"
|
||||
- "/opt/scw-backup.sh"
|
||||
- "/opt/scw-restore.sh"
|
||||
- "/root/.scw-configrc"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
|
||||
|
||||
#- name: Crontab blacklist
|
||||
# ansible.builtin.cron:
|
||||
# name: "blacklist script"
|
||||
# cron_file: "blacklist_cron"
|
||||
# minute: "*/5"
|
||||
# job: "bash /usr/local/bin/sentinel/blacklist.sh"
|
||||
# user: root
|
||||
#
|
||||
# vars:
|
||||
# ansible_become: yes
|
||||
# ansible_become_method: sudo
|
||||
# ansible_become_password: "{{ sudo_password }}"
|
25
roles/deploy-web/tasks/deconfigure_blacklist.yml
Normal file
25
roles/deploy-web/tasks/deconfigure_blacklist.yml
Normal file
@ -0,0 +1,25 @@
|
||||
# tasks file for stats script
|
||||
|
||||
|
||||
- name: Remove crontab blacklist
|
||||
ansible.builtin.cron:
|
||||
name: "blacklist script"
|
||||
cron_file: "blacklist_cron"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Remove blacklist script
|
||||
copy:
|
||||
src: "{{ item }}.sh"
|
||||
state: absent
|
||||
with_items:
|
||||
- blacklist
|
||||
- refill_blacklist
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
64
roles/deploy-web/tasks/deconfigure_stats.yml
Normal file
64
roles/deploy-web/tasks/deconfigure_stats.yml
Normal file
@ -0,0 +1,64 @@
|
||||
# tasks file for stats script
|
||||
|
||||
|
||||
- name: Remove crontab get info day
|
||||
ansible.builtin.cron:
|
||||
name: "get info day"
|
||||
cron_file: "get_info_day_cron"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Remove crontab get info week
|
||||
ansible.builtin.cron:
|
||||
name: "get info week"
|
||||
cron_file: "get_info_week_cron"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Remove crontab get info month
|
||||
ansible.builtin.cron:
|
||||
name: "get info month"
|
||||
cron_file: "get_info_month_cron"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
|
||||
- name: Remove getinfo script
|
||||
file:
|
||||
path: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh"
|
||||
state: absent
|
||||
with_items:
|
||||
- day
|
||||
- week
|
||||
- month
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Remove token
|
||||
file:
|
||||
path: "/etc/sentinel/token"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Remove template virtualhost
|
||||
file:
|
||||
path: /etc/sentinel/virtualhost
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
22
roles/deploy-web/tasks/deconfigure_supervision.yml
Normal file
22
roles/deploy-web/tasks/deconfigure_supervision.yml
Normal file
@ -0,0 +1,22 @@
|
||||
# tasks file for stats script
|
||||
|
||||
- name: Remove crontab blacklist
|
||||
ansible.builtin.cron:
|
||||
name: "check ssl script"
|
||||
cron_file: "check_ssl_cron"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
|
||||
- name: Remove check_ssl script
|
||||
file:
|
||||
path: "/usr/local/bin/sentinel/check_ssl.sh"
|
||||
state: absent
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
@ -2,7 +2,15 @@
|
||||
import_tasks: deploy.yml
|
||||
tags: ["deploy"]
|
||||
|
||||
- name: Configure project web
|
||||
import_tasks: configure.yml
|
||||
tags: [ "configure" ]
|
||||
|
||||
|
||||
- name: Destrpy project web
|
||||
import_tasks: destroy.yml
|
||||
tags: ["destroy"]
|
||||
tags: ["destroy"]
|
||||
|
||||
- name: Deconfigure project web
|
||||
import_tasks: deconfigure.yml
|
||||
tags: [ "deconfigure" ]
|
66
roles/deploy-web/tasks/stats.yml
Normal file
66
roles/deploy-web/tasks/stats.yml
Normal file
@ -0,0 +1,66 @@
|
||||
# tasks file for stats script
|
||||
|
||||
- name: Template token ipinfo
|
||||
template:
|
||||
src: token.j2
|
||||
dest: /etc/sentinel/token
|
||||
mode: "0555"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Copy getinfo script
|
||||
copy:
|
||||
src: "getinfo_{{ item }}.sh"
|
||||
dest: "/usr/local/bin/sentinel/getinfo_{{ item }}.sh"
|
||||
mode: "0555"
|
||||
with_items:
|
||||
- day
|
||||
- week
|
||||
- month
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Crontab get info day
|
||||
ansible.builtin.cron:
|
||||
name: "get info day"
|
||||
cron_file: "get_info_day_cron"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
user: root
|
||||
job: "bash /usr/local/bin/sentinel/getinfo_day.sh"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Crontab get info week
|
||||
ansible.builtin.cron:
|
||||
name: "get info week"
|
||||
cron_file: "get_info_week_cron"
|
||||
minute: "15"
|
||||
hour: "3"
|
||||
weekday: "1"
|
||||
user: root
|
||||
job: "bash /usr/local/bin/sentinel/getinfo_week.sh"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Crontab get info month
|
||||
ansible.builtin.cron:
|
||||
name: "get info month"
|
||||
cron_file: "get_info_month_cron"
|
||||
minute: "30"
|
||||
hour: "3"
|
||||
day: "1"
|
||||
user: root
|
||||
job: "bash /usr/local/bin/sentinel/getinfo_month.sh"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
36
roles/deploy-web/tasks/supervision.yml
Normal file
36
roles/deploy-web/tasks/supervision.yml
Normal file
@ -0,0 +1,36 @@
|
||||
# tasks file for stats script
|
||||
|
||||
|
||||
- name: Create supervision directory
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ item }}/supervision"
|
||||
with_items:
|
||||
- /usr/local/bin
|
||||
- /etc
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Copy check_ssl script
|
||||
copy:
|
||||
src: "check_ssl.sh"
|
||||
dest: "/usr/local/bin/supervision/check_ssl.sh"
|
||||
mode: "0555"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
||||
|
||||
- name: Crontab check_ssl
|
||||
ansible.builtin.cron:
|
||||
name: "check ssl script"
|
||||
cron_file: "check_ssl_cron"
|
||||
minute: "*/30"
|
||||
user: root
|
||||
job: "bash /usr/local/bin/supervision/check_ssl.sh"
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
ansible_become_password: "{{ sudo_password }}"
|
28
roles/deploy-web/templates/scw-configrc.j2
Normal file
28
roles/deploy-web/templates/scw-configrc.j2
Normal file
@ -0,0 +1,28 @@
|
||||
export AWS_ACCESS_KEY_ID="{{ aws_access_key_id }}"
|
||||
export AWS_SECRET_ACCESS_KEY="{{ aws_secret_access_key }}"
|
||||
export SCW_REGION="{{ scw_region }}"
|
||||
export SCW_ENDPOINT_URL="https://s3.${SCW_REGION}.scw.cloud"
|
||||
export SCW_BUCKET="s3://{{ scw_directory }}"
|
||||
|
||||
# GPG Key information
|
||||
export PASSPHRASE="{{ passphrase }}"
|
||||
export GPG_FINGERPRINT="{{ gpg_fingerprint }}"
|
||||
# Folder to backup
|
||||
export SOURCE="--exclude /sys --exclude /proc --exclude /opt --exclude /tmp --exclude /mnt --exclude /home /"
|
||||
|
||||
# Will keep backup up to 1 month
|
||||
export KEEP_BACKUP_TIME="1M"
|
||||
|
||||
# Will make a full backup every 10 days
|
||||
export FULL_BACKUP_TIME="10D"
|
||||
|
||||
# Log files
|
||||
export LOGFILE_RECENT="/root/log/logfile-recent.log"
|
||||
export LOGFILE="/root/log/logfile.log"
|
||||
|
||||
log () {
|
||||
date=`date +%Y-%m-%d`
|
||||
hour=`date +%H:%M:%S`
|
||||
echo "$date $hour $*" >> ${LOGFILE_RECENT}
|
||||
}
|
||||
export -f log
|
1
roles/deploy-web/templates/token.j2
Normal file
1
roles/deploy-web/templates/token.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ token_ipinfo }}
|
3
roles/deploy-web/templates/virtualhost.j2
Normal file
3
roles/deploy-web/templates/virtualhost.j2
Normal file
@ -0,0 +1,3 @@
|
||||
{% for host in virtualhosts %}
|
||||
{{ host }}
|
||||
{% endfor %}
|
Loading…
x
Reference in New Issue
Block a user