From f0323d517cea918f345a59c5677f0dae94931035 Mon Sep 17 00:00:00 2001 From: admin-linexos Date: Tue, 26 Nov 2024 17:17:23 +0100 Subject: [PATCH] =?UTF-8?q?Mise=20=C3=A0=20jour=20des=20fichiers=20de=20co?= =?UTF-8?q?nfiguration=20pour=20SOC-SFRV2-REC01?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ConfigSysRepo/etc/logrotate.d/socle_sup | 9 + .../etc/postgresql/14/main/pg_hba.conf | 136 ++++++++++++++ .../etc/systemd/system/echange.service | 14 ++ .../etc/systemd/system/socle.service | 23 +++ .../systemd/user/socle_supervision.service | 12 ++ ConfigSysRepo/home/socle_sup/.profile | 39 ++++ .../config/application.properties | 33 ++++ .../socle_supervision/socle-supervision.conf | 3 + .../socle_supervision/startup_sup.sh | 6 + .../home/socleng-sfr/.install.properties | 21 +++ .../socleng-sfr/exploit_batch/clean_log.sh | 48 +++++ .../home/socleng-sfr/tomcat/conf/context.xml | 49 +++++ .../home/socleng-sfr/tomcat/conf/server.xml | 172 ++++++++++++++++++ path_config | 12 +- recuperation_config.sh | 4 +- 15 files changed, 573 insertions(+), 8 deletions(-) create mode 100644 ConfigSysRepo/etc/logrotate.d/socle_sup create mode 100644 ConfigSysRepo/etc/postgresql/14/main/pg_hba.conf create mode 100644 ConfigSysRepo/etc/systemd/system/echange.service create mode 100644 ConfigSysRepo/etc/systemd/system/socle.service create mode 100644 ConfigSysRepo/home/socle_sup/.config/systemd/user/socle_supervision.service create mode 100644 ConfigSysRepo/home/socle_sup/.profile create mode 100644 ConfigSysRepo/home/socle_sup/socle_supervision/config/application.properties create mode 100644 ConfigSysRepo/home/socle_sup/socle_supervision/socle-supervision.conf create mode 100755 ConfigSysRepo/home/socle_sup/socle_supervision/startup_sup.sh create mode 100644 ConfigSysRepo/home/socleng-sfr/.install.properties create mode 100755 ConfigSysRepo/home/socleng-sfr/exploit_batch/clean_log.sh create mode 100644 ConfigSysRepo/home/socleng-sfr/tomcat/conf/context.xml create mode 100644 ConfigSysRepo/home/socleng-sfr/tomcat/conf/server.xml mode change 100644 => 100755 recuperation_config.sh diff --git a/ConfigSysRepo/etc/logrotate.d/socle_sup b/ConfigSysRepo/etc/logrotate.d/socle_sup new file mode 100644 index 0000000..9f8ebb1 --- /dev/null +++ b/ConfigSysRepo/etc/logrotate.d/socle_sup @@ -0,0 +1,9 @@ +# socle_supervision rotate +/home/socle_sup/logs/socle-supervision.log { + daily + dateext + rotate 30 + copytruncate + missingok + compress + delaycompress diff --git a/ConfigSysRepo/etc/postgresql/14/main/pg_hba.conf b/ConfigSysRepo/etc/postgresql/14/main/pg_hba.conf new file mode 100644 index 0000000..3d1e393 --- /dev/null +++ b/ConfigSysRepo/etc/postgresql/14/main/pg_hba.conf @@ -0,0 +1,136 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: +# - "local" is a Unix-domain socket +# - "host" is a TCP/IP socket (encrypted or not) +# - "hostssl" is a TCP/IP socket that is SSL-encrypted +# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted +# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted +# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# "all", "sameuser", "samerole" or "replication" makes the name lose +# its special character, and just match a database or username with +# that name. +# +# This file is read on server startup and when the server receives a +# SIGHUP signal. If you edit the file on a running system, you have to +# SIGHUP the server for the changes to take effect, run "pg_ctl reload", +# or execute "SELECT pg_reload_conf()". +# +# Put your actual configuration here +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + + + + +# DO NOT DISABLE! +# If you change this first entry you will need to make sure that the +# database superuser can access the database using some other method. +# Noninteractive access to all databases is required during automatic +# maintenance (custom daily cronjobs, replication, and similar tasks). +# +# Database administrative login by Unix domain socket +local all postgres peer + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all peer +# IPv4 local connections: +host all all 127.0.0.1/32 md5 +host all all 172.28.235.0/24 md5 + +# WEB +host all socleng-sfr 10.106.101.147/32 md5 + +# REPORTING +host all prelytisng-sfr 10.106.101.147/32 md5 + +# SOCLE_sup +host all socle_sup 10.106.101.147/32 md5 + +# IP DE TELSERVER REC +host socleng-sfr socleng-sfr 10.106.100.150/32 md5 + +# IP de COGRDPABC +host all all 10.105.35.68/32 md5 + +# Jobs Talend +host all socleng-sfr 10.106.67.22/32 trust +host all socleng-sfr 10.106.71.7/32 trust +# Axyus +host all all 10.107.27.33/32 md5 + +# IP serveur Power BI On Premise +host socleng-sfr_report socleng-sfr 10.106.101.97/32 md5 + +# IP serveur de développement Power BI +host socleng-sfr_report socleng-sfr 10.107.27.48/32 md5 + +# IPv6 local connections: +host all all ::1/128 scram-sha-256 +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 scram-sha-256 +host replication all ::1/128 scram-sha-256 +# DUMP BDD REC vers BDD PROD - Benoist +host all postgres 10.106.101.145/32 md5 +host all socleng-sfr 10.106.101.145/32 md5 diff --git a/ConfigSysRepo/etc/systemd/system/echange.service b/ConfigSysRepo/etc/systemd/system/echange.service new file mode 100644 index 0000000..1463864 --- /dev/null +++ b/ConfigSysRepo/etc/systemd/system/echange.service @@ -0,0 +1,14 @@ +[Unit] +Description=Echange +After=syslog.target + +[Service] +User=socleng-sfr +# StandardOutput=append:/home/socleng-xxx/logs/echange.log +# StandardError=append:/home/socleng-xxx/logs/echange-err.log +# ExecStart=/home/socleng-xxx/echange/socle-module-echange.jar +ExecStart=/home/socleng-sfr/echange/startup_echange.sh +SuccessExitStatus=143 + +[Install] +WantedBy=default.target diff --git a/ConfigSysRepo/etc/systemd/system/socle.service b/ConfigSysRepo/etc/systemd/system/socle.service new file mode 100644 index 0000000..b794498 --- /dev/null +++ b/ConfigSysRepo/etc/systemd/system/socle.service @@ -0,0 +1,23 @@ +[Unit] +Description=Tomcat socle +After=network-online.target + +[Service] +Type=forking + +User=socleng-sfr +Group=socleng-sfr +UMask=007 + +Environment=JAVA_HOME=/usr/lib/jvm/java-1.17.0-openjdk-amd64 + +ExecStart=/home/socleng-sfr/tomcat/bin/startup.sh +ExecStop=/home/socleng-sfr/tomcat/bin/shutdown.sh + +Restart=on-failure + +# Configures the time to wait before service is stopped forcefully. +TimeoutStopSec=300 + +[Install] +WantedBy=multi-user.target diff --git a/ConfigSysRepo/home/socle_sup/.config/systemd/user/socle_supervision.service b/ConfigSysRepo/home/socle_sup/.config/systemd/user/socle_supervision.service new file mode 100644 index 0000000..7308ed0 --- /dev/null +++ b/ConfigSysRepo/home/socle_sup/.config/systemd/user/socle_supervision.service @@ -0,0 +1,12 @@ +[Unit] +Description=Socle supervision +After=syslog.target + +[Service] +Environment=JAVA_HOME=/usr/lib/jvm/java-1.17.5-openjdk-amd64 +Environment=PATH=/usr/lib/jvm/java-1.17.5-openjdk-amd64/bin:$PATH +ExecStart=/home/socle_sup/socle_supervision/startup_sup.sh +SuccessExitStatus=143 + +[Install] +WantedBy=default.target diff --git a/ConfigSysRepo/home/socle_sup/.profile b/ConfigSysRepo/home/socle_sup/.profile new file mode 100644 index 0000000..20a31a9 --- /dev/null +++ b/ConfigSysRepo/home/socle_sup/.profile @@ -0,0 +1,39 @@ +# ~/.profile: executed by the command interpreter for login shells. +# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login +# exists. +# see /usr/share/doc/bash/examples/startup-files for examples. +# the files are located in the bash-doc package. + +# the default umask is set in /etc/profile; for setting the umask +# for ssh logins, install and configure the libpam-umask package. +#umask 022 + +# if running bash +if [ -n "$BASH_VERSION" ]; then + # include .bashrc if it exists + if [ -f "$HOME/.bashrc" ]; then + . "$HOME/.bashrc" + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/bin" ] ; then + PATH="$HOME/bin:$PATH" +fi + +# === BEGIN ANSIBLE MANAGED BLOCK socle_supervision === +alias socle_sup_start="systemctl --user start socle_supervision" +alias socle_sup_stop="systemctl --user stop socle_supervision" +alias socle_sup_restart="systemctl --user restart socle_supervision" +alias socle_sup_status="systemctl --user status socle_supervision" +export XDG_RUNTIME_DIR="/run/user/$UID" +export DBUS_SESSION_BUS_ADDRESS="unix:path=${XDG_RUNTIME_DIR}/bus" +export JAVA_HOME="/usr/lib/jvm/java-1.17.0-openjdk-amd64" +export PATH=$JAVA_HOME/bin:$PATH +# === END ANSIBLE MANAGED BLOCK socle_supervision === + + +# set PATH so it includes user's private bin if it exists +if [ -d "$HOME/.local/bin" ] ; then + PATH="$HOME/.local/bin:$PATH" +fi diff --git a/ConfigSysRepo/home/socle_sup/socle_supervision/config/application.properties b/ConfigSysRepo/home/socle_sup/socle_supervision/config/application.properties new file mode 100644 index 0000000..230fd20 --- /dev/null +++ b/ConfigSysRepo/home/socle_sup/socle_supervision/config/application.properties @@ -0,0 +1,33 @@ +# Infos de connexion a la base de donnees +spring.datasource.url=jdbc:postgresql://10.106.101.147:5432/socle_sup +spring.datasource.username=socle_sup +spring.datasource.password=RT5G-p87SFR87 +server.servlet.context-path=/SFR_BT_ws_sup + +# Configuration du pool +spring.datasource.hikari.maximumPoolSize=5 +spring.datasource.hikari.connectionTimeout=20000 +#spring.datasource.hikari.minimumIdle=1 +#spring.datasource.hikari.idleTimeout=30000 +#spring.datasource.hikari.maxLifetime=2000000 +#spring.datasource.hikari.poolName=SocleSupervisionPool + +# Context path de l'application +# server.servlet.context-path=/module_supervision + +# Port d'ecoute du serveur tomcat embarque +server.port=8484 + +# Parametrage du niveau de LOG +#logging.level.root=DEBUG + + +# Configuration du module de supervision +## Intervalle en minutes pour l'aggregation des donnees sur l'axe journalier (defaut : 30) +# supervision.timeAxisStep=30 +## Clef secrete pour la validation du jeton JWT. +## Cette clef doit etre identique e la valeur de propriete "supervision.authenticationSecret" du SOCLE (fichier socle.properties) +# supervision.authenticationSecret=__SocleSupervisionJWTSecretKey + + + diff --git a/ConfigSysRepo/home/socle_sup/socle_supervision/socle-supervision.conf b/ConfigSysRepo/home/socle_sup/socle_supervision/socle-supervision.conf new file mode 100644 index 0000000..4deb0b6 --- /dev/null +++ b/ConfigSysRepo/home/socle_sup/socle_supervision/socle-supervision.conf @@ -0,0 +1,3 @@ +JAVA_OPTS=-Xmx2048M +# The location of the java executable (executable file at $JAVA_HOME/bin/java) +JAVA_HOME=/usr/lib/jvm/java-1.17.5-openjdk-amd64 diff --git a/ConfigSysRepo/home/socle_sup/socle_supervision/startup_sup.sh b/ConfigSysRepo/home/socle_sup/socle_supervision/startup_sup.sh new file mode 100755 index 0000000..5f94a07 --- /dev/null +++ b/ConfigSysRepo/home/socle_sup/socle_supervision/startup_sup.sh @@ -0,0 +1,6 @@ +#!/bin/sh + +export JAVA_HOME=/usr/lib/jvm/java-1.17.5-openjdk-amd64 +export PATH=/usr/lib/jvm/java-1.17.5-openjdk-amd64/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games + +/home/socle_sup/socle_supervision/socle-supervision.jar >> /home/socle_sup/logs/socle-supervision.log diff --git a/ConfigSysRepo/home/socleng-sfr/.install.properties b/ConfigSysRepo/home/socleng-sfr/.install.properties new file mode 100644 index 0000000..2f2b72d --- /dev/null +++ b/ConfigSysRepo/home/socleng-sfr/.install.properties @@ -0,0 +1,21 @@ +#Configuration installeur SOCLE +#Fri Nov 22 08:38:25 CET 2024 +log.directory=/home/socleng-sfr/logs +report.database.server=10.106.101.147 +database.user=socleng-sfr +batch.archive.directory=/home/socleng-sfr/archive +installation.target.purpose=recette +report.database.port=5432 +webapp.tomcat.home=/home/socleng-sfr/tomcat +database.name=socleng-sfr +webapp.tomcat.script=sudo service socle +database.port=5432 +report.database.passwd=Pwd4socleng-sfr +database.server=10.106.101.147 +batch.deploy.destination=/home/socleng-sfr/batch +report.database.user=socleng-sfr +report.batch.deploy.destination=/home/socleng-sfr/batchtbx +report.database.name=socleng-sfr_report +database.passwd=Pwd4socleng-sfr +batch.configuration.directory=/home/socleng-sfr/conf/batch +report.batch.configuration.directory=/home/socleng-sfr/conf/batchtbx diff --git a/ConfigSysRepo/home/socleng-sfr/exploit_batch/clean_log.sh b/ConfigSysRepo/home/socleng-sfr/exploit_batch/clean_log.sh new file mode 100755 index 0000000..88a6fbe --- /dev/null +++ b/ConfigSysRepo/home/socleng-sfr/exploit_batch/clean_log.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Arrete le socle, Nettoie les fichiers temporaire et logs + +# Nombre de jour de conservation +SOCLE_LOG_KEEP=30 +TOMCAT_LOG_KEEP=5 + +# Chemin des dossiers +TOMCAT_TEMP=~/tomcat/temp/ +TOMCAT_LOGS=~/tomcat/logs/ +SOCLE_LOGS=~/logs/ + +# Les variables ci dessus sont écrasés si le fichier .exploit_vars existe dans le home et les variables redéfis +test -f ~/.exploit_vars && source ~/.exploit_vars + +# On arrete le socle +sudo systemctl stop socle + +sleep 20 + +# on nettoie +# fichiers et dossiers temp du tomcat +find "${TOMCAT_TEMP}" -mindepth 1 -type f -delete -print +find "${TOMCAT_TEMP}" -mindepth 1 -type d -delete -print + +# fichier logs du tomcat a l'arret +gzip -S ".$(date +%Y%m%d).gz" ${TOMCAT_LOGS}/catalina.out +find "${TOMCAT_LOGS}" -name "*.log" -mtime +${TOMCAT_LOG_KEEP} -delete -print +find "${TOMCAT_LOGS}" -name "*.txt" -mtime +${TOMCAT_LOG_KEEP} -delete -print +find "${TOMCAT_LOGS}" -name "*.gz" -mtime +${TOMCAT_LOG_KEEP} -delete -print + +# fichiers logs de l'application socle +find "${SOCLE_LOGS}" -name "*.log*" -mtime +${SOCLE_LOG_KEEP} -delete -print + +# Recherche et compression des fichiers de logs non compressés +YMD=$(date +%y%m%d -d "1 days ago") +for xfile in $(find "${SOCLE_LOGS}" -name "*.log*" -mtime +2 -type f | grep -v ".gz") +do + echo "Compression de : $xfile" + gzip --suffix=_$YMD.gz $xfile +done + +# Suppression des répertoires vides +find ${SOCLE_LOGS} -empty -mtime +${SOCLE_LOG_KEEP} -type d -delete + +# on redemarre le socle +sudo systemctl start socle diff --git a/ConfigSysRepo/home/socleng-sfr/tomcat/conf/context.xml b/ConfigSysRepo/home/socleng-sfr/tomcat/conf/context.xml new file mode 100644 index 0000000..ef9157a --- /dev/null +++ b/ConfigSysRepo/home/socleng-sfr/tomcat/conf/context.xml @@ -0,0 +1,49 @@ + + + + + + + + WEB-INF/web.xml + ${catalina.base}/conf/web.xml + + + + + + + + + + + + diff --git a/ConfigSysRepo/home/socleng-sfr/tomcat/conf/server.xml b/ConfigSysRepo/home/socleng-sfr/tomcat/conf/server.xml new file mode 100644 index 0000000..26d7093 --- /dev/null +++ b/ConfigSysRepo/home/socleng-sfr/tomcat/conf/server.xml @@ -0,0 +1,172 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/path_config b/path_config index d9e91b4..81f6031 100644 --- a/path_config +++ b/path_config @@ -14,7 +14,7 @@ ### socle_echange ### /etc/systemd/system/echange.service -/home/socleng-{CLIENT_NAME_HERE}/.profile ### A modifier +/home/socleng-sfr/.profile ### A modifier /home/socleng-aigle/echange/config/application.properties /home/socleng-aigle/echange/socle-module-echange.conf @@ -24,14 +24,14 @@ ### WEB ### /etc/systemd/system/socle.service -/home/socleng-{CLIENT_NAME_HERE}/.install.properties -/home/socleng-{CLIENT_NAME_HERE}/tomcat/conf/context.xml -/home/socleng-{CLIENT_NAME_HERE}/tomcat/conf/server.xml -/home/socleng-{CLIENT_NAME_HERE}/exploit_batch/clean_log.sh +/home/socleng-sfr/.install.properties +/home/socleng-sfr/tomcat/conf/context.xml +/home/socleng-sfr/tomcat/conf/server.xml +/home/socleng-sfr/exploit_batch/clean_log.sh ### VM Prelytis ### /home/prelytis-intersport/tomcat/conf/Catalina/localhost/SOCLE_CRM_REPORTING.xml /home/prelytis-intersport/tomcat/conf/server.xml ### APM ### -/home/socleng-{CLIENT_NAME_HERE}/tomcat/webapps/{CLIENT_NAME_HERE}_FRONT/WEB-INF/views/main.jsp \ No newline at end of file +/home/socleng-sfr/tomcat/webapps/sfr_FRONT/WEB-INF/views/main.jsp diff --git a/recuperation_config.sh b/recuperation_config.sh old mode 100644 new mode 100755 index f7c32b1..decb28d --- a/recuperation_config.sh +++ b/recuperation_config.sh @@ -1,8 +1,8 @@ #!/bin/bash # Configuration des variables -ORG="SysConf" -BASE_URL="https://sysconfgit.linexos.eu" +ORG="CONFIGS" +BASE_URL="https://repolake.alc-crm.com" API_URL="$BASE_URL/api/v1" REPO_NAME=$(hostname) REPO_URL="$BASE_URL/$ORG/$REPO_NAME.git"