Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ---
- - hosts: all
- sudo: true
- vars:
- tomcat_port: 9010
- gitlab_int_port: 9021
- gitlab_ext_port: 9020
- gitlab_admin_login: root
- gitlab_admin_password: 5iveL!fe
- gitlab_user_login: blueteam
- gitlab_user_password: blueteam
- gitlab_user_email: blueteamesiee@gmail.com
- gitlab_user_name: blueteam
- gitlab_group_name: blueteam_group
- tasks:
- # REPOSITORIES
- - name: Ajout du repository Java8
- apt_repository: repo='ppa:webupd8team/java' state=present
- - name: Mise à jour de l'apt cache
- apt: update_cache=yes
- # UTILITAIRES
- - debug: msg='# UTILITAIRES'
- - name: Installation des outils nécessaires à la configuration de la VM
- apt: name="{{item}}" state=present
- with_items:
- - git
- - jq
- - mailutils
- - libsasl2-2
- - ca-certificates
- - libsasl2-modules
- - unzip
- - dos2unix
- # APACHE2 + REVERSE PROXY
- - debug: msg='# APACHE2 + REVERSE PROXY'
- - name: Installation apache2
- apt: name={{item}} state=present
- with_items:
- - apache2
- - libapache2-mod-proxy-html
- - libxml2-dev
- - libxslt-dev
- - apache2-prefork-dev
- - name: Creation du dossier temporaire de compilation de mod_xml2enc
- file: path=/tmp/modbuild state=directory
- - name: Téléchargement de mod_xml2enc.c
- get_url: url=http://apache.webthing.com/svn/apache/filters/mod_xml2enc.c dest=/tmp/modbuild
- - name: Téléchargement de mod_xml2enc.h
- get_url: url=http://apache.webthing.com/svn/apache/filters/mod_xml2enc.h dest=/tmp/modbuild
- - name: Compilation de mod_xml2enc
- shell: apxs2 -aic -I/usr/include/libxml2 /tmp/modbuild/mod_xml2enc.c
- #- name: Suppression du dossier temporaire de compilation de mod_xml2enc
- # file: path=/tmp/modbuild state=absent
- - name: Activation des modules apache2
- shell: a2enmod proxy proxy_http proxy_ajp rewrite deflate headers proxy_balancer proxy_connect proxy_html
- - name: Redemarrage du service apache2
- service: name=apache2 state=restarted
- # JAVA 8
- - debug: msg='# JAVA 8'
- - name: Acceptation de la License oracle
- debconf: name="oracle-java8-installer"
- question='shared/accepted-oracle-license-v1-1' value='true' vtype='select'
- - name: Installation java 8
- apt: name=oracle-java8-installer state=present
- # TOMCAT 7
- - debug: msg='# TOMCAT 7'
- - name: Installation tomcat 7
- apt: name={{item}} state=present
- with_items:
- - tomcat7
- - tomcat7-admin
- - name: Téléchargement du fichier de configuration des utilisateurs tomcat 7
- get_url: url=http://pastebin.com/raw.php?i=b31xZmyt dest=/etc/tomcat7/tomcat-users.xml force=yes
- - name: Modification du port par defaut de tomcat
- replace: dest=/var/lib/tomcat7/conf/server.xml regexp='<Connector port="8080"'
- replace='<Connector port="{{tomcat_port}}"'
- - name: Definition de la variable HAVA_HOME
- lineinfile: dest=/etc/default/tomcat7 regexp='JAVA_HOME'
- line='JAVA_HOME=/usr/lib/jvm/java-8-oracle'
- - name: Redemarrage du service tomcat
- service: name=tomcat7 state=restarted
- # MAVEN
- - debug: msg='# MAVEN'
- - name: Installation maven
- apt: name=maven state=present
- # POSTFIX
- - debug: msg='# POSTFIX'
- - name: Configuration du type de mail
- debconf: name='postfix' question='postfix/main_mailer_type' vtype='select' value='Internet Site'
- - name: Configuration nom de domaine mail
- debconf: name='postfix' question='postfix/mailname' vtype='string' value='mail.blueteam.com'
- - name: Installation de postfix
- apt: name=postfix state=present
- - name: Configuration du relai
- lineinfile: dest=/etc/postfix/main.cf regexp='relayhost'
- line='relayhost = [smtp.gmail.com]:587'
- - name: Activation de l'authentification sasl
- lineinfile: dest=/etc/postfix/main.cf regexp='smtp_sasl_auth_enable'
- line='smtp_sasl_auth_enable = yes'
- - name: Definition du fichier password sasl
- lineinfile: dest=/etc/postfix/main.cf regexp='smtp_sasl_password_maps'
- line='smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd'
- - name: Definition de l'option de sécurité sasl
- lineinfile: dest=/etc/postfix/main.cf regexp='smtp_sasl_security_options'
- line='smtp_sasl_security_options = noanonymous'
- - name: Activation de tls
- lineinfile: dest=/etc/postfix/main.cf regexp='smtp_use_tls'
- line='smtp_use_tls = yes'
- - name: Definition de l'emplacement du certificat tls
- lineinfile: dest=/etc/postfix/main.cf regexp='smtp_tls_CAfile'
- line='smtp_tls_CAfile = /etc/postfix/cacert.pem'
- - name: Validation du certificat
- shell: cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem
- - name: Definition du compte gmail
- lineinfile: dest=/etc/postfix/sasl/sasl_passwd create=true state=present line='[smtp.gmail.com]:587 blueteamesiee@gmail.com:oBjCdDmhJhL'
- - name: Modification des autorisations du fichier des mot de passe
- file: path=/etc/postfix/sasl/sasl_passwd state=touch mode="u=r"
- - name: Mapping password
- shell: postmap /etc/postfix/sasl/sasl_passwd
- - name: Rechargement de la configuration
- shell: /usr/sbin/postfix reload
- - name: Changement du nom d'utilisateur
- shell: usermod vagrant -c "Postfix"
- # GITLAB
- - debug: msg='# GITLAB'
- - name: Téléchargement du package gitlab ominbus
- #get_url: url=https://downloads-packages.s3.amazonaws.com/ubuntu-14.04/gitlab_7.6.0-omnibus.5.3.0.ci-1_amd64.deb
- #dest=/home/vagrant/gitlab.deb
- get_url: url=https://downloads-packages.s3.amazonaws.com/ubuntu-14.04/gitlab_7.8.4-omnibus.1-1_amd64.deb
- dest=/home/vagrant/gitlab.deb
- - name: Installation de gitlab
- apt: deb=/home/vagrant/gitlab.deb
- - name: Modification du port par defaut de gitlab
- lineinfile: dest=/etc/gitlab/gitlab.rb regexp='external_url'
- line='external_url "http://localhost:{{gitlab_ext_port}}"'
- #- name: Modification du paramètre gitlab_email_from
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['gitlab_email_from'\]"
- # line="gitlab_rails['gitlab_email_from'] = 'blueteamesiee@gmail.com'"
- #- name: Modification du paramètre smtp_enable
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_enable'\]"
- # line="gitlab_rails['smtp_enable'] = true"
- # - name: Modification du paramètre smtp_address
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_address'\]"
- # line="gitlab_rails['smtp_address'] = 'smtp.gmail.com'"
- # - name: Modification du paramètre smtp_port
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_port'\]"
- # line="gitlab_rails['smtp_port'] = 587"
- # - name: Modification du paramètre smtp_user_name
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_user_name'\]"
- # line="gitlab_rails['smtp_user_name'] = 'blueteamesiee@gmail.com'"
- # - name: Modification du paramètre smtp_password
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_password'\]"
- # line="gitlab_rails['smtp_password'] = 'oBjCdDmhJhL'"
- # - name: Modification du paramètre smtp_domain
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_domain'\]"
- # line="gitlab_rails['smtp_domain'] = 'smtp.gmail.com'"
- # - name: Modification du paramètre smtp_authentication
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_authentication'\]"
- # line="gitlab_rails['smtp_authentication'] = 'login'"
- # - name: Modification du paramètre smtp_enable_starttls_auto
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_enable_starttls_auto'\]"
- # line="gitlab_rails['smtp_enable_starttls_auto'] = true"
- # - name: Modification du paramètre smtp_tls
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_tls'\]"
- # line="gitlab_rails['smtp_tls'] = false"
- # - name: Modification du paramètre smtp_openssl_verify_mode
- # lineinfile: state=present dest=/etc/gitlab/gitlab.rb regexp="# gitlab_rails\['smtp_openssl_verify_mode'\]"
- # line="gitlab_rails['smtp_openssl_verify_mode'] = 'peer'"
- - name: Lancement du script de reconfiguration de gitlab
- shell: gitlab-ctl reconfigure
- - name: Identification de l'admin par session sur l'API gitlab
- uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/session
- method=POST body='login={{ gitlab_admin_login }}&password={{ gitlab_admin_password }}' dest=/tmp/gitlab_api_root_session.json
- status_code=201
- - name: Récupération du token admin
- shell: cat /tmp/gitlab_api_root_session.json | jq '.private_token' -r
- register: gitlab_api_root_session
- #- name: Envoi de la requete de création de l'utilisateur de base sur l'API gitlab
- #uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/users
- #method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='username={{ gitlab_user_login }}&password={{ gitlab_user_password }}&email={{ gitlab_user_email }}&name={{ gitlab_user_name}}&confirm=false&can_create_group=false'
- #dest=/tmp/gitlab_api_create_user.json
- #status_code=201
- #- name: Envoi de la requete de création du groupe via l'API gitlab
- #uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/groups
- #method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='name={{ gitlab_group_name }}&path={{ gitlab_group_name }}'
- #dest=/tmp/gitlab_api_create_group.json
- #status_code=201
- - name: Envoi de la requete de creation du projet api via l'API gitlab
- uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/projects
- method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='name=JCalculator_api&visibility_level=10'
- dest=/tmp/gitlab_api_add_group_member.json
- status_code=201
- - name: Envoi de la requete de creation du projet client via l'API gitlab
- uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/projects
- method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body='name=JCalculator_client&visibility_level=10'
- dest=/tmp/gitlab_api_add_group_member.json
- status_code=201
- - name: Téléchargement de jcalculator_api
- get_url: validate_certs=no url=http://download1651.mediafire.com/sxd69savpuag/ndn1c2kf9jf4gzu/jcalculator_api.tar.gz dest=~/jcalculator_api.tar.gz
- - name: Téléchargement de jcalculator_client
- get_url: validate_certs=no url=http://download1510.mediafire.com/daqk7282qukg/gjergjytw8jgrjl/jcalculator_client.tar.gz dest=~/jcalculator_client.tar.gz
- - file: state=directory path=~/jcalculator_api
- - file: state=directory path=~/jcalculator_client
- - name: Création de la clé ssh blueteam
- shell: ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
- - file: path=~/.ssh/id_rsa owner=vagrant group=vagrant mode=0600
- - file: path=~/.ssh/id_rsa.pub owner=vagrant group=vagrant mode=0600
- - name: Récupération du token admin
- shell: cat ~/.ssh/id_rsa.pub
- register: id_rsa_blueteam
- - name: Envoi de la requete d'upload de la clé ssh via l'API gitlab
- shell: "curl -X POST -H 'PRIVATE-TOKEN: {{ gitlab_api_root_session.stdout }}' http://localhost:{{gitlab_ext_port}}/api/v3/user/keys --form-string 'title=blueteam_ssh_key' --form-string 'key={{ id_rsa_blueteam.stdout }}'"
- #- name: Envoi de la requetel'upload de la clé ssh via l'API gitlab
- # uri: url=http://localhost:{{gitlab_ext_port}}/api/v3/user/keys
- # method=POST HEADER_PRIVATE-TOKEN={{ gitlab_api_root_session.stdout }} body="title=blueteam_ssh_key&key={{ id_rsa_blueteam.stdout }}"
- # dest=/tmp/gitlab_api_add_sshkey.json
- # status_code=201
- - name: Config ssh
- get_url: url=http://pastebin.com/raw.php?i=jix0GghF dest=~/.ssh/config
- - name: Git user name
- shell: git config --global user.name "Administrator"
- - name: Git email
- shell: git config --global user.email "admin@example.com"
- - name: Téléchargement du script git
- get_url: url=http://pastebin.com/raw.php?i=edpMpbuT dest=~/git_bash.sh
- - name: Modification des droits du script git
- file: path=~/git_bash.sh state=touch mode="u+x,g+x,o+x"
- - name: Conversion des lignes du script git api
- command: dos2unix ~/git_bash.sh
- - name: Clonage du projet JCalculator-api
- #git: repo=git@localhost:root/jcalculator_api.git accept_hostkey=true
- #dest=~/jcalculator_api
- shell: git clone git@localhost:root/jcalculator_api.git ~/jcalculator_api
- - name: Dézippage de jcalculator_api
- shell: tar -xzf ~/jcalculator_api.tar.gz -C ~/jcalculator_api
- - name: Exécution de script git api
- shell: ~/git_bash.sh ~/jcalculator_api/.git ~/jcalculator_api
- - name: Clonage du projet JCalculator-client
- #git: repo=git@localhost:root/jcalculator_client.git
- #dest=~/jcalculator_client
- shell: git clone git@localhost:root/jcalculator_client.git ~/jcalculator_client
- - name: Dézippage de jcalculator_client
- shell: tar -xzf ~/jcalculator_client.tar.gz -C ~/jcalculator_client
- - name: Exécution de script git client
- shell: ~/git_bash.sh ~/jcalculator_client/.git ~/jcalculator_client
- # JENKINS
- - name: Ajout du dépot jenkins
- apt_repository: repo='deb http://pkg.jenkins-ci.org/debian binary/' state=present
- - name: Récupération de la clé jenkins
- get_url: url=http://pkg.jenkins-ci.org/debian/jenkins-ci.org.key dest=/tmp/jenkins.key
- - name: Intégration de la clé
- apt_key: file=/tmp/jenkins.key state=present
- - name: Mise à jour de l'apt cache
- apt: update_cache=yes
- - name: Installation jenkins
- apt: name=jenkins state=present
- - name: Definition du port jenkins
- lineinfile: dest=/etc/default/jenkins regexp='HTTP_PORT='
- line='HTTP_PORT={{jenkins_port}}'
- - name: Definition du context root jenkins
- lineinfile: dest=/etc/default/jenkins regexp='JENKINS_ARGS'
- line='JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=$HTTP_PORT --ajp13Port=$AJP_PORT --prefix=$PREFIX"'
- - name: Redemarrage du service jenkins
- service: name=jenkins state=restarted
- - pause: minutes=1
- - name: Installation du plugin gitlab
- command: java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:{{jenkins_port}}/jenkins install-plugin gitlab-plugin
- - name: Redemarrage de jenkins
- command: java -jar /var/cache/jenkins/war/WEB-INF/jenkins-cli.jar -s http://localhost:{{jenkins_port}}/jenkins safe-restart
- - name: Creation du dossier ssh de l'utilisateur jenkins
- file: path=/var/lib/jenkins/.ssh state=directory owner=jenkins group=jenkins
- - name: Copie clé privée root
- command: cp /root/.ssh/id_rsa /var/lib/jenkins/.ssh/id_rsa
- - name: Copie clé publique root
- command: cp /root/.ssh/id_rsa.pub /var/lib/jenkins/.ssh/id_rsa.pub
- - file: path=/var/lib/jenkins/.ssh/id_rsa owner=jenkins group=jenkins mode=0600
- - file: path=/var/lib/jenkins/.ssh/id_rsa.pub owner=jenkins group=jenkins mode=0600
- - name: Installation de python jenkins api
- pip: name=python-jenkins
- - name: Téléchargement du fichier de credentials
- get_url: url=http://pastebin.com/raw.php?i=qSzq54Ta dest=/var/lib/jenkins/credentials.xml
- - name: Téléchargement du fichier de configuration générale
- get_url: url=http://pastebin.com/raw.php?i=VUqc8VXJ dest=/var/lib/jenkins/config.xml
- - name: Téléchargement du fichier de configuration jcalculator_api
- get_url: url=http://pastebin.com/raw.php?i=jLBd81En dest=/tmp/jcalculator-api-config.xml
- - name: Téléchargement du fichier de configuration jcalculator_client
- get_url: url=http://pastebin.com/raw.php?i=ykc4mY7e dest=/tmp/jcalculator-client-config.xml
- - name: Téléchargement du script python de creation des jobs
- get_url: url=http://pastebin.com/raw.php?i=fjGTsuSb dest=/tmp/jenkins_jobs.py
- - pause: minutes=1
- - name: Creation des jobs via l'API python
- command: python /tmp/jenkins_jobs.py
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement