Mise à jour des fichiers de configuration pour SOC-SFRV2-REC01

2024-11-26 17:17:23 +01:00
parent 35214ddbf8
commit f0323d517c
15 changed files with 573 additions and 8 deletions
--- a/ConfigSysRepo/etc/logrotate.d/socle_sup
+++ b/ConfigSysRepo/etc/logrotate.d/socle_sup
@@ -0,0 +1,9 @@
+# socle_supervision rotate
+/home/socle_sup/logs/socle-supervision.log {
+    daily
+    dateext
+    rotate 30
+    copytruncate
+    missingok
+    compress
+    delaycompress
--- a/ConfigSysRepo/etc/postgresql/14/main/pg_hba.conf
+++ b/ConfigSysRepo/etc/postgresql/14/main/pg_hba.conf
@@ -0,0 +1,136 @@
+# PostgreSQL Client Authentication Configuration File
+# ===================================================
+#
+# Refer to the "Client Authentication" section in the PostgreSQL
+# documentation for a complete description of this file.  A short
+# synopsis follows.
+#
+# This file controls: which hosts are allowed to connect, how clients
+# are authenticated, which PostgreSQL user names they can use, which
+# databases they can access.  Records take one of these forms:
+#
+# local         DATABASE  USER  METHOD  [OPTIONS]
+# host          DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostssl       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnossl     DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostgssenc    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+# hostnogssenc  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
+#
+# (The uppercase items must be replaced by actual values.)
+#
+# The first field is the connection type:
+# - "local" is a Unix-domain socket
+# - "host" is a TCP/IP socket (encrypted or not)
+# - "hostssl" is a TCP/IP socket that is SSL-encrypted
+# - "hostnossl" is a TCP/IP socket that is not SSL-encrypted
+# - "hostgssenc" is a TCP/IP socket that is GSSAPI-encrypted
+# - "hostnogssenc" is a TCP/IP socket that is not GSSAPI-encrypted
+#
+# DATABASE can be "all", "sameuser", "samerole", "replication", a
+# database name, or a comma-separated list thereof. The "all"
+# keyword does not match "replication". Access to replication
+# must be enabled in a separate record (see example below).
+#
+# USER can be "all", a user name, a group name prefixed with "+", or a
+# comma-separated list thereof.  In both the DATABASE and USER fields
+# you can also write a file name prefixed with "@" to include names
+# from a separate file.
+#
+# ADDRESS specifies the set of hosts the record matches.  It can be a
+# host name, or it is made up of an IP address and a CIDR mask that is
+# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
+# specifies the number of significant bits in the mask.  A host name
+# that starts with a dot (.) matches a suffix of the actual host name.
+# Alternatively, you can write an IP address and netmask in separate
+# columns to specify the set of hosts.  Instead of a CIDR-address, you
+# can write "samehost" to match any of the server's own IP addresses,
+# or "samenet" to match any address in any subnet that the server is
+# directly connected to.
+#
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
+#
+# OPTIONS are a set of options for the authentication in the format
+# NAME=VALUE.  The available options depend on the different
+# authentication methods -- refer to the "Client Authentication"
+# section in the documentation for a list of which options are
+# available for which authentication methods.
+#
+# Database and user names containing spaces, commas, quotes and other
+# special characters must be quoted.  Quoting one of the keywords
+# "all", "sameuser", "samerole" or "replication" makes the name lose
+# its special character, and just match a database or username with
+# that name.
+#
+# This file is read on server startup and when the server receives a
+# SIGHUP signal.  If you edit the file on a running system, you have to
+# SIGHUP the server for the changes to take effect, run "pg_ctl reload",
+# or execute "SELECT pg_reload_conf()".
+#
+# Put your actual configuration here
+# ----------------------------------
+#
+# If you want to allow non-local connections, you need to add more
+# "host" records.  In that case you will also need to make PostgreSQL
+# listen on a non-local interface via the listen_addresses
+# configuration parameter, or via the -i or -h command line switches.
+
+
+
+
+# DO NOT DISABLE!
+# If you change this first entry you will need to make sure that the
+# database superuser can access the database using some other method.
+# Noninteractive access to all databases is required during automatic
+# maintenance (custom daily cronjobs, replication, and similar tasks).
+#
+# Database administrative login by Unix domain socket
+local   all             postgres                                peer
+
+# TYPE  DATABASE        USER            ADDRESS                 METHOD
+
+# "local" is for Unix domain socket connections only
+local   all             all                                     peer
+# IPv4 local connections:
+host    all             all             127.0.0.1/32            md5
+host    all             all             172.28.235.0/24         md5
+
+# WEB
+host    all     socleng-sfr           10.106.101.147/32        md5
+
+# REPORTING
+host    all     prelytisng-sfr        10.106.101.147/32        md5
+
+# SOCLE_sup
+host    all     socle_sup             10.106.101.147/32        md5
+
+# IP DE TELSERVER REC
+host    socleng-sfr     socleng-sfr    10.106.100.150/32        md5
+
+# IP de COGRDPABC
+host    all             all             10.105.35.68/32         md5
+
+# Jobs Talend
+host    all     socleng-sfr      10.106.67.22/32        trust
+host    all     socleng-sfr      10.106.71.7/32        trust
+# Axyus
+host    all             all        10.107.27.33/32              md5
+
+# IP serveur Power BI On Premise
+host    socleng-sfr_report  socleng-sfr 10.106.101.97/32        md5
+
+# IP serveur de développement Power BI
+host    socleng-sfr_report     socleng-sfr       10.107.27.48/32       md5
+
+# IPv6 local connections:
+host    all             all             ::1/128                 scram-sha-256
+# Allow replication connections from localhost, by a user with the
+# replication privilege.
+local   replication     all                                     peer
+host    replication     all             127.0.0.1/32            scram-sha-256
+host    replication     all             ::1/128                 scram-sha-256
+# DUMP BDD REC vers BDD PROD - Benoist	
+host    all     postgres              10.106.101.145/32       md5
+host    all     socleng-sfr           10.106.101.145/32       md5
--- a/ConfigSysRepo/etc/systemd/system/echange.service
+++ b/ConfigSysRepo/etc/systemd/system/echange.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=Echange
+After=syslog.target
+
+[Service]
+User=socleng-sfr
+# StandardOutput=append:/home/socleng-xxx/logs/echange.log
+# StandardError=append:/home/socleng-xxx/logs/echange-err.log
+# ExecStart=/home/socleng-xxx/echange/socle-module-echange.jar
+ExecStart=/home/socleng-sfr/echange/startup_echange.sh
+SuccessExitStatus=143
+
+[Install]
+WantedBy=default.target
--- a/ConfigSysRepo/etc/systemd/system/socle.service
+++ b/ConfigSysRepo/etc/systemd/system/socle.service
@@ -0,0 +1,23 @@
+[Unit]
+Description=Tomcat socle
+After=network-online.target
+
+[Service]
+Type=forking
+
+User=socleng-sfr
+Group=socleng-sfr
+UMask=007
+
+Environment=JAVA_HOME=/usr/lib/jvm/java-1.17.0-openjdk-amd64
+
+ExecStart=/home/socleng-sfr/tomcat/bin/startup.sh
+ExecStop=/home/socleng-sfr/tomcat/bin/shutdown.sh
+
+Restart=on-failure
+
+# Configures the time to wait before service is stopped forcefully.
+TimeoutStopSec=300
+
+[Install]
+WantedBy=multi-user.target