Compare commits
14 Commits
79a1b39281
...
main
Author | SHA1 | Date | |
---|---|---|---|
2c8263fe62 | |||
93b26fdc09 | |||
880d463cb0 | |||
952b544b0a | |||
dd29876793 | |||
dbf77e80d5 | |||
8f0877cd53 | |||
3e64946953 | |||
7ce8cf1662 | |||
e67cc93516 | |||
9ea9ac7254 | |||
7a2ccb537b | |||
b2459a2dc0 | |||
fc5d415d20 |
40
.ansible-lint
Normal file
40
.ansible-lint
Normal file
@@ -0,0 +1,40 @@
|
||||
---
|
||||
exclude_paths:
|
||||
- .gitea/
|
||||
- .github/
|
||||
- .git/
|
||||
- .cache/
|
||||
- test/
|
||||
- tests/
|
||||
- molecule/
|
||||
|
||||
skip_list:
|
||||
- yaml[line-length]
|
||||
- name[casing]
|
||||
- no-changed-when
|
||||
- command-instead-of-module
|
||||
- risky-file-permissions
|
||||
|
||||
warn_list:
|
||||
- experimental
|
||||
- role-name[path]
|
||||
- var-naming[no-role-prefix]
|
||||
|
||||
enable_list:
|
||||
- fqcn-builtins
|
||||
- no-log-password
|
||||
- no-same-owner
|
||||
|
||||
kinds:
|
||||
- tasks: "**/tasks/*.yml"
|
||||
- vars: "**/vars/*.yml"
|
||||
- defaults: "**/defaults/*.yml"
|
||||
- handlers: "**/handlers/*.yml"
|
||||
- meta: "**/meta/*.yml"
|
||||
- yaml: "*.yaml"
|
||||
- yml: "*.yml"
|
||||
|
||||
use_default_rules: true
|
||||
parseable: true
|
||||
quiet: false
|
||||
verbosity: 1
|
@@ -1,83 +1,140 @@
|
||||
name: Ansible Lint
|
||||
name: Ansible Minecraft CI/CD
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main, develop ]
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
environment:
|
||||
description: 'Environment to deploy'
|
||||
required: true
|
||||
default: 'staging'
|
||||
type: choice
|
||||
options:
|
||||
- staging
|
||||
- production
|
||||
pull_request:
|
||||
branches: [ main ]
|
||||
|
||||
jobs:
|
||||
ansible_lint_and_syntax_check:
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
name: Ansible Lint
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.9'
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install ansible ansible-lint yamllint
|
||||
|
||||
- name: Run yamllint
|
||||
run: yamllint .
|
||||
continue-on-error: true
|
||||
|
||||
- name: Run ansible-lint
|
||||
run: ansible-lint
|
||||
continue-on-error: true
|
||||
|
||||
- name: Validate inventory files
|
||||
- name: Lint YAML files
|
||||
run: |
|
||||
ansible-inventory --list -i inventories/production/hosts.yml
|
||||
ansible-inventory --list -i inventories/staging/hosts.yml
|
||||
yamllint .
|
||||
continue-on-error: true
|
||||
|
||||
deploy:
|
||||
- name: Lint Ansible playbooks
|
||||
run: |
|
||||
ansible-lint site.yml roles/
|
||||
continue-on-error: true
|
||||
|
||||
syntax-check:
|
||||
runs-on: ubuntu-latest
|
||||
environment: ${{ github.event.inputs.environment || 'staging' }}
|
||||
name: Syntax Check
|
||||
needs: lint
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.9'
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install Ansible
|
||||
run: pip install ansible
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install ansible
|
||||
|
||||
- name: Install collections
|
||||
run: |
|
||||
ansible-galaxy collection install -r requirements.yml
|
||||
|
||||
- name: Check syntax
|
||||
run: |
|
||||
ansible-playbook --syntax-check site.yml -i inventories/staging/hosts.yml
|
||||
|
||||
deploy-staging:
|
||||
runs-on: ubuntu-latest
|
||||
name: Deploy to Staging
|
||||
needs: [lint, syntax-check]
|
||||
if: github.ref == 'refs/heads/develop'
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install Ansible
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install ansible
|
||||
|
||||
- name: Install collections
|
||||
run: |
|
||||
ansible-galaxy collection install -r requirements.yml
|
||||
|
||||
- name: Setup SSH key
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.ANSIBLE_SSH_KEY }}" > ~/.ssh/ansible_key
|
||||
chmod 600 ~/.ssh/ansible_key
|
||||
ssh-keyscan -H ${{ secrets.ANSIBLE_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
- name: Create vault password file
|
||||
run: echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}" > ~/.ansible_vault_pass
|
||||
echo "${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}" | base64 -d > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.STAGING_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
- name: Deploy to staging
|
||||
if: ${{ github.event.inputs.environment == 'staging' || github.ref == 'refs/heads/develop' }}
|
||||
run: |
|
||||
ansible-playbook -i inventories/staging/hosts.yml site.yml \
|
||||
--vault-password-file ~/.ansible_vault_pass \
|
||||
--private-key ~/.ssh/ansible_key
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml --check --diff
|
||||
env:
|
||||
MINECRAFT_RCON_PASSWORD: ${{ secrets.MINECRAFT_RCON_PASSWORD }}
|
||||
ANSIBLE_HOST_KEY_CHECKING: 'false'
|
||||
|
||||
deploy-production:
|
||||
runs-on: ubuntu-latest
|
||||
name: Deploy to Production
|
||||
needs: [lint, syntax-check]
|
||||
if: github.ref == 'refs/heads/main'
|
||||
environment: production
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install Ansible
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
pip install ansible
|
||||
|
||||
- name: Install collections
|
||||
run: |
|
||||
ansible-galaxy collection install -r requirements.yml
|
||||
|
||||
- name: Setup SSH key
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.ANSIBLE_SSH_PRIVATE_KEY }}" | base64 -d > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ secrets.PRODUCTION_HOST }} >> ~/.ssh/known_hosts
|
||||
|
||||
- name: Deploy to production
|
||||
if: ${{ github.event.inputs.environment == 'production' || github.ref == 'refs/heads/main' }}
|
||||
run: |
|
||||
ansible-playbook -i inventories/production/hosts.yml site.yml \
|
||||
--vault-password-file ~/.ansible_vault_pass \
|
||||
--private-key ~/.ssh/ansible_key
|
||||
ansible-playbook site.yml -i inventories/production/hosts.yml
|
||||
env:
|
||||
MINECRAFT_RCON_PASSWORD: ${{ secrets.MINECRAFT_RCON_PASSWORD }}
|
||||
ANSIBLE_HOST_KEY_CHECKING: 'false'
|
67
.gitignore
vendored
67
.gitignore
vendored
@@ -1,29 +1,70 @@
|
||||
# Ansible
|
||||
*.retry
|
||||
*.log
|
||||
.vault_pass
|
||||
.ansible_vault_pass
|
||||
vault.yml
|
||||
secrets
|
||||
secrets.yml
|
||||
*.vault
|
||||
|
||||
# SSH keys
|
||||
# SSH Keys
|
||||
*.pem
|
||||
*.key
|
||||
*.pub
|
||||
id_rsa*
|
||||
ansible_key*
|
||||
id_ed25519*
|
||||
authorized_keys
|
||||
|
||||
# Temporary files
|
||||
*.tmp
|
||||
*.temp
|
||||
# Backup files
|
||||
*.bak
|
||||
*.backup
|
||||
*.old
|
||||
*~
|
||||
*.swp
|
||||
*.swo
|
||||
|
||||
# Python
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*$py.class
|
||||
.Python
|
||||
env/
|
||||
venv/
|
||||
.env
|
||||
.venv
|
||||
|
||||
# OS
|
||||
.DS_Store
|
||||
Thumbs.db
|
||||
desktop.ini
|
||||
|
||||
# IDE
|
||||
.vscode/
|
||||
.idea/
|
||||
*.swp
|
||||
*.swo
|
||||
*.iml
|
||||
.project
|
||||
.settings/
|
||||
|
||||
# Logs
|
||||
*.log
|
||||
# Ansible
|
||||
.ansible/
|
||||
/tmp/ansible_facts/
|
||||
ansible-facts/
|
||||
|
||||
# Backups
|
||||
*.bak
|
||||
*.backup
|
||||
# Test
|
||||
test/
|
||||
tests/
|
||||
molecule/
|
||||
.molecule/
|
||||
.cache/
|
||||
.pytest_cache/
|
||||
|
||||
# Local
|
||||
local/
|
||||
*.local
|
||||
*.local.yml
|
||||
.vagrant/
|
||||
|
||||
# Terraform (si utilisé)
|
||||
*.tfstate
|
||||
*.tfstate.*
|
||||
.terraform/
|
38
.yamllint.yml
Normal file
38
.yamllint.yml
Normal file
@@ -0,0 +1,38 @@
|
||||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
line-length:
|
||||
max: 150
|
||||
level: warning
|
||||
truthy:
|
||||
allowed-values: ['true', 'false', 'yes', 'no']
|
||||
check-keys: false
|
||||
comments:
|
||||
min-spaces-from-content: 1
|
||||
comments-indentation: disable
|
||||
indentation:
|
||||
spaces: 2
|
||||
indent-sequences: true
|
||||
brackets:
|
||||
max-spaces-inside: 1
|
||||
braces:
|
||||
max-spaces-inside: 1
|
||||
colons:
|
||||
max-spaces-after: -1
|
||||
commas:
|
||||
max-spaces-after: -1
|
||||
document-start:
|
||||
present: true
|
||||
empty-lines:
|
||||
max: 2
|
||||
key-duplicates: enable
|
||||
new-line-at-end-of-file: enable
|
||||
trailing-spaces: enable
|
||||
|
||||
ignore: |
|
||||
.gitea/
|
||||
.github/
|
||||
*.md
|
||||
.vault_pass
|
||||
vault.yml
|
672
README.md
672
README.md
@@ -1,530 +1,266 @@
|
||||
# Minecraft Spigot Server - Ansible Deployment
|
||||
# Ansible Minecraft Spigot Server
|
||||
|
||||
Ce projet Ansible permet de déployer automatiquement un serveur Minecraft Spigot complet avec hardening de sécurité, sauvegarde automatisée et gestion des mises à jour.
|
||||
Ce projet Ansible permet d'installer et de gérer automatiquement un serveur Minecraft Spigot avec toutes les fonctionnalités nécessaires pour un environnement de production.
|
||||
|
||||
## 🚀 Fonctionnalités
|
||||
|
||||
### ✅ Rôles disponibles
|
||||
- **01-server_hardening** : Durcissement sécuritaire du serveur
|
||||
- **02-installation-java** : Installation automatique de Java OpenJDK
|
||||
- **03-installation-minecraft** : Déploiement complet du serveur Spigot
|
||||
- **04-backups** : Système de sauvegarde automatisé
|
||||
- **05-update** : Gestion des mises à jour automatisées
|
||||
- **Installation automatisée** de Minecraft Spigot version 1.21.6
|
||||
- **Durcissement de sécurité** du serveur (SSH, Firewall, Fail2ban)
|
||||
- **Installation Java** automatique et optimisée
|
||||
- **Système de sauvegarde** complet (quotidien, hebdomadaire, mensuel)
|
||||
- **Mises à jour automatiques** de Spigot
|
||||
- **Gestion des plugins** et des administrateurs
|
||||
- **Surveillance et logs** avec rotation automatique
|
||||
- **CI/CD intégré** avec Gitea Actions
|
||||
|
||||
### 🔧 Composants installés
|
||||
- **Spigot 1.21.6** : Serveur Minecraft optimisé
|
||||
- **mcrcon** : Administration à distance via RCON
|
||||
- **Java 21** : Version optimale pour Spigot
|
||||
- **Fail2Ban** : Protection contre les attaques par force brute
|
||||
- **UFW** : Pare-feu simplifié
|
||||
- **Logrotate** : Rotation automatique des logs
|
||||
## 📋 Prérequis
|
||||
|
||||
## 📁 Structure du projet
|
||||
### Serveurs cibles
|
||||
- **OS supportés** : Debian 10/11/12/13 ou Ubuntu LTS
|
||||
- **Accès SSH** configuré avec l'utilisateur `ansible`
|
||||
- **Privilèges sudo** pour l'utilisateur ansible
|
||||
- **Python 3.8+** installé sur les cibles
|
||||
|
||||
### Machine de contrôle
|
||||
- **Ansible 2.10+**
|
||||
- **Python 3.8+**
|
||||
- **Collections Ansible** (installées via requirements.yml)
|
||||
|
||||
## 🛠️ Installation
|
||||
|
||||
### 1. Cloner le repository
|
||||
```bash
|
||||
git clone https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur.git
|
||||
cd Ansible-Minecraft-Serveur
|
||||
```
|
||||
|
||||
### 2. Installer les dépendances
|
||||
```bash
|
||||
# Installation des collections Ansible
|
||||
ansible-galaxy collection install -r requirements.yml
|
||||
|
||||
# Installation de Python (si nécessaire)
|
||||
python3 -m pip install ansible
|
||||
```
|
||||
|
||||
### 3. Configuration des inventaires
|
||||
|
||||
#### Staging
|
||||
Éditer `inventories/staging/hosts.yml` et `inventories/staging/group_vars/all.yml`
|
||||
|
||||
#### Production
|
||||
Éditer `inventories/production/hosts.yml` et `inventories/production/group_vars/all.yml`
|
||||
|
||||
### 4. Configuration des secrets
|
||||
|
||||
#### Pour Gitea CI/CD
|
||||
Configurer ces secrets dans Gitea :
|
||||
- `ANSIBLE_SSH_PRIVATE_KEY` : Clé SSH privée (base64)
|
||||
- `MINECRAFT_RCON_PASSWORD` : Mot de passe RCON
|
||||
- `STAGING_HOST` : Adresse du serveur staging
|
||||
- `PRODUCTION_HOST` : Adresse du serveur production
|
||||
|
||||
## 📚 Structure du projet
|
||||
|
||||
```
|
||||
minecraft-spigot-ansible/
|
||||
├── README.md # Documentation principale
|
||||
Ansible-Minecraft-Serveur/
|
||||
├── README.md # Ce fichier
|
||||
├── requirements.yml # Collections Ansible requises
|
||||
├── secrets # Template des secrets
|
||||
├── site.yml # Playbook principal
|
||||
├── ansible.cfg # Configuration Ansible
|
||||
├── inventories/ # Inventaires des serveurs
|
||||
│ ├── production/ # Environnement de production
|
||||
│ └── staging/ # Environnement de test
|
||||
├── roles/ # Rôles Ansible
|
||||
│ ├── 01-server_hardening/ # Sécurisation du serveur
|
||||
│ ├── 02-installation-java/ # Installation Java
|
||||
│ ├── 03-installation-minecraft/ # Déploiement Minecraft
|
||||
│ ├── 04-backups/ # Système de sauvegarde
|
||||
│ └── 05-update/ # Gestion des mises à jour
|
||||
└── .gitea/workflows/ # CI/CD Gitea
|
||||
├── lint.yml # Tests et validation
|
||||
└── deploy.yml # Déploiement automatique
|
||||
├── .gitea/workflows/ci.yml # Pipeline CI/CD
|
||||
├── inventories/ # Inventaires par environnement
|
||||
│ ├── production/ # Configuration production
|
||||
│ └── staging/ # Configuration staging
|
||||
└── roles/ # Rôles Ansible
|
||||
├── 01-server_hardening/ # Durcissement serveur
|
||||
├── 02-installation-java/ # Installation Java
|
||||
├── 03-Installation-minecraft/ # Installation Minecraft
|
||||
├── 04-backups/ # Système de sauvegarde
|
||||
└── 05-Update/ # Gestion des mises à jour
|
||||
```
|
||||
|
||||
## ⚙️ Configuration requise
|
||||
## 🚀 Utilisation
|
||||
|
||||
### Serveur cible
|
||||
- **OS** : Debian 10/11/12/13 ou Ubuntu LTS
|
||||
- **RAM** : Minimum 2GB (4GB recommandés)
|
||||
- **Stockage** : 20GB minimum
|
||||
- **Réseau** : Accès Internet pour téléchargements
|
||||
|
||||
### Serveur de contrôle
|
||||
- **Ansible** : Version 2.9 ou supérieure
|
||||
- **Python** : 3.8 ou supérieure
|
||||
- **SSH** : Accès par clé aux serveurs cibles
|
||||
|
||||
## 🛠️ Installation et configuration
|
||||
|
||||
### 1. Préparation de l'environnement
|
||||
### Déploiement complet
|
||||
|
||||
#### Environnement Staging
|
||||
```bash
|
||||
# Cloner le repository
|
||||
git clone https://your-gitea-instance.com/your-repo/minecraft-spigot-ansible.git
|
||||
cd minecraft-spigot-ansible
|
||||
# Vérification de la syntaxe
|
||||
ansible-playbook --syntax-check site.yml -i inventories/staging/hosts.yml
|
||||
|
||||
# Installer Ansible (si nécessaire)
|
||||
pip install ansible ansible-lint yamllint
|
||||
# Mode dry-run
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml --check --diff
|
||||
|
||||
# Configurer les clés SSH
|
||||
ssh-keygen -t ed25519 -f ~/.ssh/ansible_key
|
||||
ssh-copy-id -i ~/.ssh/ansible_key.pub ansible@your-server-ip
|
||||
# Déploiement réel
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml
|
||||
```
|
||||
|
||||
### 2. Configuration des inventaires
|
||||
#### Environnement Production
|
||||
```bash
|
||||
# Mode dry-run obligatoire en production
|
||||
ansible-playbook site.yml -i inventories/production/hosts.yml --check --diff
|
||||
|
||||
#### Production (`inventories/production/hosts.yml`)
|
||||
# Déploiement réel (après validation)
|
||||
ansible-playbook site.yml -i inventories/production/hosts.yml
|
||||
```
|
||||
|
||||
### Déploiement par rôle
|
||||
|
||||
#### Durcissement uniquement
|
||||
```bash
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml --tags hardening
|
||||
```
|
||||
|
||||
#### Installation/Mise à jour Minecraft
|
||||
```bash
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml --tags minecraft
|
||||
```
|
||||
|
||||
#### Configuration sauvegardes
|
||||
```bash
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml --tags backup
|
||||
```
|
||||
|
||||
## 🔧 Configuration avancée
|
||||
|
||||
### Variables importantes
|
||||
|
||||
#### Minecraft
|
||||
```yaml
|
||||
all:
|
||||
children:
|
||||
minecraft_servers:
|
||||
hosts:
|
||||
minecraft-prod-01:
|
||||
ansible_host: YOUR_PROD_IP
|
||||
ansible_user: ansible
|
||||
minecraft_version: "1.21.6" # Version Spigot
|
||||
minecraft_max_memory: "4G" # RAM maximum
|
||||
minecraft_min_memory: "2G" # RAM minimum
|
||||
minecraft_port: 25565 # Port serveur
|
||||
minecraft_rcon_port: 25575 # Port RCON
|
||||
```
|
||||
|
||||
#### Variables globales (`inventories/production/group_vars/minecraft_servers.yml`)
|
||||
#### Sécurité
|
||||
```yaml
|
||||
minecraft_version: "1.21.6"
|
||||
minecraft_memory_min: "1G"
|
||||
minecraft_memory_max: "4G"
|
||||
minecraft_rcon_password: "your-secure-password"
|
||||
firewall_enabled: true # Activation UFW
|
||||
fail2ban_enabled: true # Activation Fail2ban
|
||||
hardening_enabled: true # Durcissement complet
|
||||
ssh_port: 22 # Port SSH
|
||||
```
|
||||
|
||||
### 3. Configuration des secrets
|
||||
|
||||
Créer un fichier vault pour les mots de passe :
|
||||
```bash
|
||||
ansible-vault create inventories/production/group_vars/vault.yml
|
||||
```
|
||||
|
||||
Contenu du vault :
|
||||
#### Sauvegardes
|
||||
```yaml
|
||||
vault_minecraft_rcon_password: "your-secure-rcon-password"
|
||||
vault_mysql_password: "your-mysql-password"
|
||||
backup_enabled: true # Activation sauvegardes
|
||||
backup_retention_daily: 7 # Rétention quotidienne
|
||||
backup_retention_weekly: 4 # Rétention hebdomadaire
|
||||
backup_retention_monthly: 6 # Rétention mensuelle
|
||||
```
|
||||
|
||||
## 🚀 Déploiement
|
||||
|
||||
### Déploiement manuel
|
||||
|
||||
```bash
|
||||
# Test de connectivité
|
||||
ansible all -i inventories/production/hosts.yml -m ping
|
||||
|
||||
# Déploiement complet
|
||||
ansible-playbook -i inventories/production/hosts.yml site.yml --ask-vault-pass
|
||||
|
||||
# Déploiement par rôle spécifique
|
||||
ansible-playbook -i inventories/production/hosts.yml site.yml --tags "minecraft" --ask-vault-pass
|
||||
```
|
||||
|
||||
### Déploiement par tags
|
||||
|
||||
```bash
|
||||
# Sécurisation uniquement
|
||||
ansible-playbook site.yml --tags "hardening"
|
||||
|
||||
# Installation Java uniquement
|
||||
ansible-playbook site.yml --tags "java"
|
||||
|
||||
# Configuration Minecraft uniquement
|
||||
ansible-playbook site.yml --tags "minecraft"
|
||||
|
||||
# Configuration des sauvegardes uniquement
|
||||
ansible-playbook site.yml --tags "backup"
|
||||
|
||||
# Mises à jour uniquement
|
||||
ansible-playbook site.yml --tags "update"
|
||||
```
|
||||
|
||||
## 🔐 Sécurité
|
||||
|
||||
### Hardening automatique inclus
|
||||
- **SSH** : Configuration sécurisée (clés uniquement, port personnalisable)
|
||||
- **Firewall** : UFW avec règles restrictives
|
||||
- **Fail2Ban** : Protection anti-bruteforce
|
||||
- **Permissions** : Utilisateur dédié minecraft
|
||||
- **Logs** : Rotation automatique et surveillance
|
||||
|
||||
### Ports ouverts par défaut
|
||||
- **22/tcp** : SSH (configurable)
|
||||
- **25565/tcp** : Minecraft
|
||||
- **25575/tcp** : RCON (localhost uniquement)
|
||||
|
||||
## 💾 Système de sauvegarde
|
||||
|
||||
### Types de sauvegardes
|
||||
- **Quotidienne** : 2h00, rétention 7 jours
|
||||
- **Hebdomadaire** : Dimanche 3h00, rétention 4 semaines
|
||||
- **Mensuelle** : 1er du mois 4h00, rétention 6 mois
|
||||
|
||||
### Localisation des sauvegardes
|
||||
```
|
||||
/opt/minecraft/backups/
|
||||
├── daily/ # Sauvegardes quotidiennes
|
||||
├── weekly/ # Sauvegardes hebdomadaires
|
||||
├── monthly/ # Sauvegardes mensuelles
|
||||
└── scripts/ # Scripts de sauvegarde
|
||||
```
|
||||
|
||||
### Restauration
|
||||
```bash
|
||||
# Lister les sauvegardes disponibles
|
||||
sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh
|
||||
|
||||
# Restaurer une sauvegarde spécifique
|
||||
sudo -u minecraft /opt/minecraft/backups/scripts/restore.sh daily 20241201_020000
|
||||
```
|
||||
|
||||
## 🔄 Gestion des mises à jour
|
||||
|
||||
### Mises à jour automatiques
|
||||
Le rôle `05-update` vérifie et applique automatiquement :
|
||||
- **Clés SSH** : Nouvelles clés autorisées
|
||||
- **Système** : Paquets Debian/Ubuntu
|
||||
- **Spigot** : Nouvelles versions disponibles
|
||||
|
||||
### Processus de mise à jour Spigot
|
||||
1. Détection nouvelle version
|
||||
2. Téléchargement BuildTools
|
||||
3. Compilation en parallèle
|
||||
4. Tests de la nouvelle version
|
||||
5. Basculement sans interruption
|
||||
6. Nettoyage des anciennes versions
|
||||
|
||||
## 🎮 Administration du serveur
|
||||
|
||||
### Commandes utiles
|
||||
|
||||
```bash
|
||||
# Statut du service
|
||||
systemctl status minecraft
|
||||
|
||||
# Logs en temps réel
|
||||
journalctl -u minecraft -f
|
||||
|
||||
# Console RCON
|
||||
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password
|
||||
|
||||
# Commandes RCON utiles
|
||||
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "say Serveur en maintenance"
|
||||
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p your-password "stop"
|
||||
```
|
||||
|
||||
### Structure des fichiers Minecraft
|
||||
|
||||
```
|
||||
/opt/minecraft/
|
||||
├── server/ # Serveur actif
|
||||
│ ├── spigot.jar # Exécutable Spigot
|
||||
│ ├── plugins/ # Plugins installés
|
||||
│ ├── worlds/ # Mondes Minecraft
|
||||
│ ├── logs/ # Logs du serveur
|
||||
│ └── ops.json # Administrateurs
|
||||
├── sources/ # Sources et BuildTools
|
||||
├── tools/ # Outils (mcrcon, scripts)
|
||||
└── backups/ # Sauvegardes automatiques
|
||||
```
|
||||
|
||||
### Configuration des administrateurs
|
||||
|
||||
Éditer le fichier `inventories/production/group_vars/minecraft_servers.yml` :
|
||||
### Ajout d'administrateurs Minecraft
|
||||
|
||||
Dans `group_vars/all.yml` :
|
||||
```yaml
|
||||
minecraft_ops:
|
||||
- name: "admin_username"
|
||||
uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
|
||||
minecraft_admins:
|
||||
- name: "PlayerName"
|
||||
uuid: "player-uuid-here"
|
||||
level: 4
|
||||
bypass_limit: true
|
||||
- name: "moderator_username"
|
||||
uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
|
||||
level: 3
|
||||
bypass_limit: false
|
||||
```
|
||||
|
||||
## 🔧 CI/CD avec Gitea
|
||||
### Installation de plugins
|
||||
|
||||
### Configuration des secrets Gitea
|
||||
|
||||
Dans les paramètres de votre repository Gitea, configurez ces secrets :
|
||||
|
||||
- `ANSIBLE_SSH_KEY` : Clé privée SSH pour l'utilisateur ansible
|
||||
- `ANSIBLE_VAULT_PASSWORD` : Mot de passe du vault Ansible
|
||||
- `ANSIBLE_HOST` : IP du serveur pour ssh-keyscan
|
||||
|
||||
### Workflows disponibles
|
||||
|
||||
#### Lint et validation (`.gitea/workflows/lint.yml`)
|
||||
- **Déclenchement** : Push sur main/develop, Pull Requests
|
||||
- **Actions** :
|
||||
- Validation YAML avec yamllint
|
||||
- Validation Ansible avec ansible-lint
|
||||
- Test des inventaires
|
||||
|
||||
#### Déploiement automatique (`.gitea/workflows/deploy.yml`)
|
||||
- **Déclenchement** : Push sur main, déclenchement manuel
|
||||
- **Environnements** : staging, production
|
||||
- **Actions** :
|
||||
- Déploiement automatique selon la branche
|
||||
- Utilisation des secrets sécurisés
|
||||
|
||||
### Stratégie de déploiement
|
||||
|
||||
```
|
||||
develop branch → staging environment
|
||||
main branch → production environment
|
||||
manual trigger → choice of environment
|
||||
```yaml
|
||||
minecraft_plugins:
|
||||
- name: "WorldEdit"
|
||||
url: "https://example.com/worldedit.jar"
|
||||
- name: "Vault"
|
||||
url: "https://example.com/vault.jar"
|
||||
```
|
||||
|
||||
## 📊 Monitoring et logs
|
||||
## 🔍 Monitoring et maintenance
|
||||
|
||||
### Logs système
|
||||
### Logs importants
|
||||
- **Serveur Minecraft** : `/opt/minecraft/server/logs/`
|
||||
- **Système** : `/var/log/syslog`
|
||||
- **SSH** : `/var/log/auth.log`
|
||||
- **Fail2ban** : `/var/log/fail2ban.log`
|
||||
|
||||
### Commandes utiles
|
||||
|
||||
#### Status du serveur
|
||||
```bash
|
||||
# Logs du service Minecraft
|
||||
journalctl -u minecraft -f --since "1 hour ago"
|
||||
|
||||
# Logs de sécurité
|
||||
tail -f /var/log/auth.log
|
||||
|
||||
# Logs Fail2Ban
|
||||
tail -f /var/log/fail2ban.log
|
||||
|
||||
# Logs UFW
|
||||
tail -f /var/log/ufw.log
|
||||
systemctl status minecraft
|
||||
```
|
||||
|
||||
### Logs Minecraft
|
||||
#### Connexion RCON
|
||||
```bash
|
||||
# Log actuel du serveur
|
||||
tail -f /opt/minecraft/server/logs/latest.log
|
||||
|
||||
# Logs archivés
|
||||
ls -la /opt/minecraft/server/logs/
|
||||
|
||||
# Recherche dans les logs
|
||||
grep "ERROR" /opt/minecraft/server/logs/latest.log
|
||||
/opt/minecraft/tools/mcrcon/mcrcon -H localhost -P 25575 -p votre_mot_de_passe
|
||||
```
|
||||
|
||||
### Métriques système
|
||||
#### Sauvegarde manuelle
|
||||
```bash
|
||||
# Utilisation mémoire Java
|
||||
ps aux | grep java
|
||||
|
||||
# Espace disque
|
||||
df -h /opt/minecraft
|
||||
|
||||
# Processus réseau
|
||||
netstat -tlnp | grep :25565
|
||||
/usr/local/bin/minecraft-backup-daily.sh
|
||||
```
|
||||
|
||||
## 🔍 Dépannage
|
||||
#### Restauration
|
||||
```bash
|
||||
/usr/local/bin/minecraft-restore.sh daily minecraft-daily-20240127_020000
|
||||
```
|
||||
|
||||
## 🔄 Mises à jour
|
||||
|
||||
### Automatiques
|
||||
Les mises à jour sont vérifiées selon la planification définie dans les crons.
|
||||
|
||||
### Manuelles
|
||||
```bash
|
||||
ansible-playbook site.yml -i inventories/production/hosts.yml --tags update
|
||||
```
|
||||
|
||||
## 🐛 Dépannage
|
||||
|
||||
### Problèmes courants
|
||||
|
||||
#### Le serveur ne démarre pas
|
||||
1. Vérifier les logs : `journalctl -u minecraft -f`
|
||||
2. Vérifier l'EULA : `/opt/minecraft/server/eula.txt`
|
||||
3. Vérifier la RAM disponible : `free -h`
|
||||
|
||||
#### Compilation Spigot échoue
|
||||
1. Vérifier Java : `java -version`
|
||||
2. Vérifier l'espace disque : `df -h`
|
||||
3. Vérifier les logs de compilation
|
||||
|
||||
#### Connexion SSH échoue
|
||||
1. Vérifier le pare-feu : `ufw status`
|
||||
2. Vérifier les clés SSH
|
||||
3. Vérifier Fail2ban : `fail2ban-client status sshd`
|
||||
|
||||
### Logs de debug
|
||||
```bash
|
||||
# Vérifier le statut
|
||||
systemctl status minecraft
|
||||
|
||||
# Vérifier les logs
|
||||
journalctl -u minecraft -n 50
|
||||
|
||||
# Vérifier la configuration
|
||||
sudo -u minecraft java -jar /opt/minecraft/server/spigot.jar --help
|
||||
# Activation du mode verbose
|
||||
ansible-playbook site.yml -i inventories/staging/hosts.yml -vvv
|
||||
```
|
||||
|
||||
#### Problèmes de mémoire
|
||||
```bash
|
||||
# Ajuster dans group_vars/minecraft_servers.yml
|
||||
minecraft_memory_min: "2G"
|
||||
minecraft_memory_max: "6G"
|
||||
|
||||
# Redéployer
|
||||
ansible-playbook site.yml --tags "minecraft"
|
||||
```
|
||||
|
||||
#### Problèmes de connectivité
|
||||
```bash
|
||||
# Vérifier le pare-feu
|
||||
ufw status verbose
|
||||
|
||||
# Tester la connectivité
|
||||
telnet server-ip 25565
|
||||
|
||||
# Vérifier RCON
|
||||
/opt/minecraft/tools/mcrcon -H 127.0.0.1 -P 25575 -p password "list"
|
||||
```
|
||||
|
||||
#### Erreurs de compilation Spigot
|
||||
```bash
|
||||
# Nettoyer le cache de compilation
|
||||
rm -rf /opt/minecraft/sources/build_*
|
||||
|
||||
# Relancer la compilation
|
||||
ansible-playbook site.yml --tags "compile" -v
|
||||
```
|
||||
|
||||
### Mode debug
|
||||
|
||||
Pour activer le mode debug lors du déploiement :
|
||||
|
||||
```bash
|
||||
ansible-playbook site.yml -vvv
|
||||
```
|
||||
|
||||
## 🔄 Maintenance
|
||||
|
||||
### Maintenance programmée
|
||||
|
||||
```bash
|
||||
# Script de maintenance (à créer)
|
||||
#!/bin/bash
|
||||
# Arrêter le serveur
|
||||
systemctl stop minecraft
|
||||
|
||||
# Effectuer la maintenance
|
||||
# ...
|
||||
|
||||
# Redémarrer le serveur
|
||||
systemctl start minecraft
|
||||
```
|
||||
|
||||
### Mise à jour manuelle
|
||||
|
||||
```bash
|
||||
# Mise à jour du système uniquement
|
||||
ansible-playbook site.yml --tags "system-update"
|
||||
|
||||
# Mise à jour Spigot uniquement
|
||||
ansible-playbook site.yml --tags "spigot-update"
|
||||
|
||||
# Mise à jour complète
|
||||
ansible-playbook site.yml --tags "update"
|
||||
```
|
||||
|
||||
### Nettoyage
|
||||
|
||||
```bash
|
||||
# Nettoyer les anciens logs
|
||||
find /opt/minecraft/server/logs/ -name "*.log.gz" -mtime +30 -delete
|
||||
|
||||
# Nettoyer les anciennes sauvegardes (automatique via scripts)
|
||||
# Les scripts de sauvegarde incluent le nettoyage automatique
|
||||
|
||||
# Nettoyer les anciennes versions compilées
|
||||
rm -rf /opt/minecraft/sources/build_*
|
||||
```
|
||||
|
||||
## 📝 Personnalisation
|
||||
|
||||
### Ajout de plugins
|
||||
|
||||
Éditer `inventories/production/group_vars/minecraft_servers.yml` :
|
||||
|
||||
```yaml
|
||||
minecraft_plugins:
|
||||
- name: "EssentialsX-2.21.0.jar"
|
||||
url: "https://github.com/EssentialsX/Essentials/releases/download/2.21.0/EssentialsX-2.21.0.jar"
|
||||
- name: "WorldEdit-7.3.0.jar"
|
||||
url: "https://dev.bukkit.org/projects/worldedit/files/latest"
|
||||
```
|
||||
|
||||
### Configuration serveur personnalisée
|
||||
|
||||
Éditer les templates dans `roles/03-installation-minecraft/templates/` :
|
||||
|
||||
- `server.properties.j2` : Propriétés principales
|
||||
- `spigot.yml.j2` : Configuration Spigot
|
||||
- `bukkit.yml.j2` : Configuration Bukkit
|
||||
|
||||
### Ajout de nouveaux environnements
|
||||
|
||||
1. Créer le répertoire d'inventaire :
|
||||
```bash
|
||||
mkdir -p inventories/preprod/{group_vars}
|
||||
```
|
||||
|
||||
2. Créer les fichiers de configuration :
|
||||
```bash
|
||||
cp inventories/staging/* inventories/preprod/
|
||||
```
|
||||
|
||||
3. Adapter la configuration dans `group_vars/`
|
||||
|
||||
## 🤝 Contribution
|
||||
|
||||
### Développement local
|
||||
1. Fork le projet
|
||||
2. Créer une branche feature (`git checkout -b feature/amazing-feature`)
|
||||
3. Commit les changements (`git commit -m 'Add amazing feature'`)
|
||||
4. Push vers la branche (`git push origin feature/amazing-feature`)
|
||||
5. Créer une Pull Request
|
||||
|
||||
```bash
|
||||
# Cloner le projet
|
||||
git clone https://your-gitea-instance.com/your-repo/minecraft-spigot-ansible.git
|
||||
cd minecraft-spigot-ansible
|
||||
|
||||
# Installer les dépendances de développement
|
||||
pip install ansible ansible-lint yamllint pre-commit
|
||||
|
||||
# Installer les hooks pre-commit
|
||||
pre-commit install
|
||||
|
||||
# Tester les modifications
|
||||
ansible-lint
|
||||
yamllint .
|
||||
```
|
||||
|
||||
### Standards de code
|
||||
|
||||
- **YAML** : Indentation 2 espaces
|
||||
- **Ansible** : Utilisation des modules officiels
|
||||
- **Templates** : Variables Jinja2 documentées
|
||||
- **Tags** : Cohérence dans le nommage
|
||||
- **Idempotence** : Tous les tasks doivent être idempotents
|
||||
|
||||
### Processus de contribution
|
||||
|
||||
1. **Fork** du projet
|
||||
2. **Branche** de fonctionnalité : `feature/nouvelle-fonctionnalite`
|
||||
3. **Commits** descriptifs et atomiques
|
||||
4. **Tests** : Validation avec ansible-lint
|
||||
5. **Pull Request** avec description détaillée
|
||||
|
||||
## 📚 Ressources
|
||||
|
||||
### Documentation Ansible
|
||||
- [Ansible Documentation](https://docs.ansible.com/)
|
||||
- [Ansible Best Practices](https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html)
|
||||
|
||||
### Documentation Minecraft
|
||||
- [Spigot Documentation](https://www.spigotmc.org/wiki/)
|
||||
- [Paper Documentation](https://docs.papermc.io/)
|
||||
|
||||
### Sécurité
|
||||
- [CIS Benchmarks](https://www.cisecurity.org/cis-benchmarks/)
|
||||
- [ANSSI Hardening Guide](https://www.ssi.gouv.fr/)
|
||||
|
||||
## 📞 Support
|
||||
|
||||
### Rapporter un problème
|
||||
|
||||
Utilisez le système d'issues de Gitea avec :
|
||||
- **Titre** descriptif
|
||||
- **Environnement** (OS, version Ansible, etc.)
|
||||
- **Logs** d'erreur
|
||||
- **Steps to reproduce**
|
||||
|
||||
### Contact
|
||||
|
||||
- **Issues** : Système d'issues Gitea
|
||||
- **Discussions** : Forum interne de l'équipe
|
||||
- **Documentation** : Wiki du projet
|
||||
|
||||
## 📄 Licence
|
||||
## 📝 Licence
|
||||
|
||||
Ce projet est sous licence MIT. Voir le fichier `LICENSE` pour plus de détails.
|
||||
|
||||
## 🆘 Support
|
||||
|
||||
- **Issues** : [Gitea Issues](https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur/issues)
|
||||
- **Wiki** : [Documentation détaillée](https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur/wiki)
|
||||
- **Discussions** : [Forum du projet](https://gitea.tips-of-mine.com/Tips-Of-Mine/Ansible-Minecraft-Serveur/discussions)
|
||||
|
||||
## 🙏 Remerciements
|
||||
|
||||
- Équipe Ansible pour l'excellente plateforme
|
||||
- Communauté Spigot pour le serveur
|
||||
- Contributeurs du projet
|
||||
|
||||
---
|
||||
|
||||
**Version du playbook** : 1.0.0
|
||||
**Compatible avec** : Debian 10/11/12/13, Ubuntu 18.04/20.04/22.04
|
||||
**Version Minecraft supportée** : 1.21.6
|
||||
**Dernière mise à jour** : Décembre 2024
|
||||
**Made with ❤️ for Minecraft communities**
|
22
ansible.cfg
22
ansible.cfg
@@ -1,15 +1,21 @@
|
||||
[defaults]
|
||||
host_key_checking = False
|
||||
inventory = inventories/production/hosts.yml
|
||||
inventory = ./inventories/production/hosts.yml
|
||||
remote_user = ansible
|
||||
private_key_file = ~/.ssh/ansible_key
|
||||
roles_path = roles
|
||||
stdout_callback = yaml
|
||||
roles_path = ./roles
|
||||
collections_path = ./collections
|
||||
retry_files_enabled = False
|
||||
gathering = smart
|
||||
fact_caching = memory
|
||||
forks = 5
|
||||
timeout = 30
|
||||
fact_caching = jsonfile
|
||||
fact_caching_connection = /tmp/ansible_facts
|
||||
fact_caching_timeout = 86400
|
||||
stdout_callback = yaml
|
||||
deprecation_warnings = False
|
||||
command_warnings = False
|
||||
ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
|
||||
interpreter_python = /usr/bin/python3
|
||||
|
||||
[ssh_connection]
|
||||
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
|
||||
pipelining = True
|
||||
control_path = /tmp/ansible-ssh-%%h-%%p-%%r
|
||||
ssh_args = -o ControlMaster=auto -o ControlPersist=60s
|
@@ -1,17 +1,30 @@
|
||||
---
|
||||
# Configuration globale pour la production
|
||||
# Configuration globale Production
|
||||
environment: production
|
||||
timezone: Europe/Paris
|
||||
python_interpreter: /usr/bin/python3
|
||||
|
||||
# Utilisateur Ansible
|
||||
ansible_user: ansible
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
|
||||
# Configuration SSH
|
||||
# Configuration réseau
|
||||
ssh_port: 22
|
||||
ssh_allow_users: ["ansible", "minecraft"]
|
||||
allowed_ssh_users: ["ansible", "minecraft"]
|
||||
fail2ban_enabled: true
|
||||
|
||||
# Configuration Firewall
|
||||
# Configuration Java
|
||||
java_version: "17"
|
||||
java_package: "openjdk-17-jdk"
|
||||
|
||||
# Configuration Minecraft
|
||||
minecraft_version: "1.21.6"
|
||||
spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
|
||||
minecraft_max_memory: "4G"
|
||||
minecraft_min_memory: "2G"
|
||||
|
||||
# Configuration backups
|
||||
backup_enabled: true
|
||||
backup_remote_host: "backup.example.com"
|
||||
backup_local_path: "/opt/minecraft/backups"
|
||||
backup_remote_path: "/backups/minecraft"
|
||||
|
||||
# Configuration sécurité
|
||||
firewall_enabled: true
|
||||
firewall_default_policy: deny
|
||||
automatic_updates: false
|
||||
hardening_enabled: true
|
@@ -1,27 +0,0 @@
|
||||
---
|
||||
# Configuration spécifique aux serveurs Minecraft
|
||||
minecraft_version: "1.21.6"
|
||||
minecraft_user: minecraft
|
||||
minecraft_group: minecraft
|
||||
minecraft_home: /opt/minecraft
|
||||
|
||||
# Chemins
|
||||
minecraft_sources_dir: "{{ minecraft_home }}/sources"
|
||||
minecraft_server_dir: "{{ minecraft_home }}/server"
|
||||
minecraft_tools_dir: "{{ minecraft_home }}/tools"
|
||||
minecraft_backups_dir: "{{ minecraft_home }}/backups"
|
||||
|
||||
# Configuration serveur
|
||||
minecraft_memory_min: "1G"
|
||||
minecraft_memory_max: "4G"
|
||||
minecraft_port: 25565
|
||||
minecraft_rcon_port: 25575
|
||||
minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
|
||||
|
||||
# Java
|
||||
java_version: 21
|
||||
|
||||
# Backups
|
||||
backup_retention_daily: 7
|
||||
backup_retention_weekly: 4
|
||||
backup_retention_monthly: 6
|
@@ -1,13 +1,19 @@
|
||||
---
|
||||
all:
|
||||
children:
|
||||
minecraft_servers:
|
||||
hosts:
|
||||
minecraft-prod-01:
|
||||
ansible_host: 192.168.1.100
|
||||
ansible_host: 10.0.1.10
|
||||
ansible_user: ansible
|
||||
ansible_ssh_private_key_file: ~/.ssh/ansible_key
|
||||
minecraft_server_name: "Production Server 01"
|
||||
minecraft_port: 25565
|
||||
minecraft_rcon_port: 25575
|
||||
minecraft-prod-02:
|
||||
ansible_host: 192.168.1.101
|
||||
ansible_host: 10.0.1.11
|
||||
ansible_user: ansible
|
||||
ansible_ssh_private_key_file: ~/.ssh/ansible_key
|
||||
minecraft_server_name: "Production Server 02"
|
||||
minecraft_port: 25565
|
||||
minecraft_rcon_port: 25575
|
||||
vars:
|
||||
environment: production
|
||||
backup_retention_days: 90
|
||||
update_schedule: "0 3 * * 0" # Dimanche 3h
|
@@ -1,17 +1,28 @@
|
||||
---
|
||||
# Configuration globale pour le staging
|
||||
# Configuration globale Staging
|
||||
environment: staging
|
||||
timezone: Europe/Paris
|
||||
python_interpreter: /usr/bin/python3
|
||||
|
||||
# Utilisateur Ansible
|
||||
ansible_user: ansible
|
||||
ansible_become: yes
|
||||
ansible_become_method: sudo
|
||||
|
||||
# Configuration SSH
|
||||
# Configuration réseau
|
||||
ssh_port: 22
|
||||
ssh_allow_users: ["ansible", "minecraft"]
|
||||
allowed_ssh_users: ["ansible", "minecraft", "developer"]
|
||||
fail2ban_enabled: false
|
||||
|
||||
# Configuration Firewall
|
||||
firewall_enabled: true
|
||||
firewall_default_policy: deny
|
||||
# Configuration Java
|
||||
java_version: "17"
|
||||
java_package: "openjdk-17-jdk"
|
||||
|
||||
# Configuration Minecraft
|
||||
minecraft_version: "1.21.6"
|
||||
spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
|
||||
minecraft_max_memory: "2G"
|
||||
minecraft_min_memory: "1G"
|
||||
|
||||
# Configuration backups
|
||||
backup_enabled: true
|
||||
backup_local_path: "/opt/minecraft/backups"
|
||||
|
||||
# Configuration sécurité
|
||||
firewall_enabled: false
|
||||
automatic_updates: true
|
||||
hardening_enabled: false
|
@@ -1,27 +0,0 @@
|
||||
---
|
||||
# Configuration spécifique aux serveurs Minecraft de staging
|
||||
minecraft_version: "1.21.6"
|
||||
minecraft_user: minecraft
|
||||
minecraft_group: minecraft
|
||||
minecraft_home: /opt/minecraft
|
||||
|
||||
# Chemins
|
||||
minecraft_sources_dir: "{{ minecraft_home }}/sources"
|
||||
minecraft_server_dir: "{{ minecraft_home }}/server"
|
||||
minecraft_tools_dir: "{{ minecraft_home }}/tools"
|
||||
minecraft_backups_dir: "{{ minecraft_home }}/backups"
|
||||
|
||||
# Configuration serveur (plus petite pour staging)
|
||||
minecraft_memory_min: "512M"
|
||||
minecraft_memory_max: "2G"
|
||||
minecraft_port: 25565
|
||||
minecraft_rcon_port: 25575
|
||||
minecraft_rcon_password: "{{ vault_minecraft_rcon_password }}"
|
||||
|
||||
# Java
|
||||
java_version: 21
|
||||
|
||||
# Backups (retention plus courte en staging)
|
||||
backup_retention_daily: 3
|
||||
backup_retention_weekly: 2
|
||||
backup_retention_monthly: 1
|
@@ -1,9 +1,13 @@
|
||||
---
|
||||
all:
|
||||
children:
|
||||
minecraft_servers:
|
||||
hosts:
|
||||
minecraft-staging-01:
|
||||
ansible_host: 192.168.1.200
|
||||
ansible_host: 10.0.2.10
|
||||
ansible_user: ansible
|
||||
ansible_ssh_private_key_file: ~/.ssh/ansible_key
|
||||
minecraft_server_name: "Staging Server 01"
|
||||
minecraft_port: 25565
|
||||
minecraft_rcon_port: 25575
|
||||
vars:
|
||||
environment: staging
|
||||
backup_retention_days: 30
|
||||
update_schedule: "0 2 * * *" # Tous les jours 2h
|
8
requirements.yml
Normal file
8
requirements.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
collections:
|
||||
- name: community.general
|
||||
version: ">=7.0.0"
|
||||
- name: ansible.posix
|
||||
version: ">=1.5.0"
|
||||
- name: community.crypto
|
||||
version: ">=2.15.0"
|
@@ -1,25 +1,22 @@
|
||||
---
|
||||
# Configuration par défaut pour le hardening
|
||||
# Configuration par défaut du durcissement serveur
|
||||
hardening_packages:
|
||||
- fail2ban
|
||||
- ufw
|
||||
- unattended-upgrades
|
||||
- logrotate
|
||||
- rsync
|
||||
|
||||
ssh_port: 22
|
||||
ssh_protocol: 2
|
||||
ssh_permit_root_login: "no"
|
||||
ssh_password_authentication: "no"
|
||||
ssh_pub_key_authentication: "yes"
|
||||
ssh_allow_users: ["ansible"]
|
||||
ssh_max_auth_tries: 3
|
||||
ssh_client_alive_interval: 300
|
||||
ssh_client_alive_count_max: 2
|
||||
|
||||
# Firewall
|
||||
fail2ban_jail_ssh_enabled: true
|
||||
fail2ban_jail_ssh_maxretry: 3
|
||||
fail2ban_jail_ssh_bantime: 3600
|
||||
|
||||
ufw_default_incoming: deny
|
||||
ufw_default_outgoing: allow
|
||||
ufw_allowed_ports:
|
||||
- 22/tcp
|
||||
- 25565/tcp
|
||||
- 25575/tcp
|
||||
|
||||
# Fail2ban
|
||||
fail2ban_enabled: true
|
||||
fail2ban_bantime: 3600
|
||||
fail2ban_findtime: 600
|
||||
fail2ban_maxretry: 3
|
@@ -0,0 +1,14 @@
|
||||
---
|
||||
- name: restart ssh
|
||||
ansible.builtin.service:
|
||||
name: ssh
|
||||
state: restarted
|
||||
|
||||
- name: restart fail2ban
|
||||
ansible.builtin.service:
|
||||
name: fail2ban
|
||||
state: restarted
|
||||
|
||||
- name: enable ufw
|
||||
community.general.ufw:
|
||||
state: enabled
|
@@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: Update apt cache for Debian/Ubuntu
|
||||
apt:
|
||||
- name: Mise à jour du cache des paquets (Debian/Ubuntu)
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
when: ansible_os_family == "Debian"
|
||||
tags: ['system-update']
|
||||
tags: [system-update]
|
@@ -1,11 +0,0 @@
|
||||
---
|
||||
- name: Configure SSH daemon
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
backup: yes
|
||||
mode: '0600'
|
||||
owner: root
|
||||
group: root
|
||||
notify: restart sshd
|
||||
tags: ['ssh-config']
|
@@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Installation des paquets de sécurité
|
||||
ansible.builtin.apt:
|
||||
name: "{{ hardening_packages }}"
|
||||
state: present
|
||||
when: ansible_os_family == "Debian"
|
||||
notify: restart fail2ban
|
@@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: Install UFW firewall
|
||||
package:
|
||||
name: ufw
|
||||
state: present
|
||||
tags: ['firewall-install']
|
10
roles/01-server_hardening/tasks/03-configure-ssh.yml
Normal file
10
roles/01-server_hardening/tasks/03-configure-ssh.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: Configuration SSH sécurisée
|
||||
ansible.builtin.template:
|
||||
src: sshd_config.j2
|
||||
dest: "{{ ssh_config_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
backup: yes
|
||||
notify: restart ssh
|
@@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: Configuration UFW - politique par défaut
|
||||
community.general.ufw:
|
||||
direction: "{{ item.direction }}"
|
||||
policy: "{{ item.policy }}"
|
||||
with_items:
|
||||
- { direction: 'incoming', policy: "{{ ufw_default_incoming }}" }
|
||||
- { direction: 'outgoing', policy: "{{ ufw_default_outgoing }}" }
|
||||
notify: enable ufw
|
@@ -1,7 +0,0 @@
|
||||
---
|
||||
- name: Install fail2ban
|
||||
package:
|
||||
name: fail2ban
|
||||
state: present
|
||||
when: fail2ban_enabled
|
||||
tags: ['fail2ban-install']
|
@@ -1,11 +0,0 @@
|
||||
---
|
||||
- name: Disable unused services
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
state: stopped
|
||||
enabled: no
|
||||
loop:
|
||||
- bluetooth
|
||||
- cups
|
||||
ignore_errors: yes
|
||||
tags: ['disable-services']
|
@@ -0,0 +1,9 @@
|
||||
---
|
||||
- name: Configuration Fail2Ban
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-jail.local.j2
|
||||
dest: "{{ fail2ban_config_path }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: restart fail2ban
|
8
roles/01-server_hardening/tasks/06-manage-ssh-keys.yml
Normal file
8
roles/01-server_hardening/tasks/06-manage-ssh-keys.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Ajout des clés SSH pour les administrateurs
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.user }}"
|
||||
state: present
|
||||
key: "{{ item.key }}"
|
||||
comment: "{{ item.comment | default('Admin key') }}"
|
||||
with_items: "{{ admin_ssh_keys | default([]) }}"
|
@@ -1,20 +1,21 @@
|
||||
---
|
||||
- name: Include system update tasks
|
||||
include_tasks: 01-update-system.yml
|
||||
tags: ['hardening', 'system-update']
|
||||
# Tâches principales du durcissement serveur
|
||||
- import_tasks: 01-update-system.yml
|
||||
tags: [hardening, system-update]
|
||||
|
||||
- name: Include SSH configuration tasks
|
||||
include_tasks: 02-configure-ssh.yml
|
||||
tags: ['hardening', 'ssh']
|
||||
- import_tasks: 02-install-security-packages.yml
|
||||
tags: [hardening, packages]
|
||||
|
||||
- name: Include firewall configuration tasks
|
||||
include_tasks: 03-configure-firewall.yml
|
||||
tags: ['hardening', 'firewall']
|
||||
- import_tasks: 03-configure-ssh.yml
|
||||
tags: [hardening, ssh]
|
||||
|
||||
- name: Include fail2ban installation tasks
|
||||
include_tasks: 04-install-fail2ban.yml
|
||||
tags: ['hardening', 'fail2ban']
|
||||
- import_tasks: 04-configure-firewall.yml
|
||||
tags: [hardening, firewall]
|
||||
when: firewall_enabled | default(true)
|
||||
|
||||
- name: Include additional hardening tasks
|
||||
include_tasks: 05-additional-hardening.yml
|
||||
tags: ['hardening', 'additional']
|
||||
- import_tasks: 05-configure-fail2ban.yml
|
||||
tags: [hardening, fail2ban]
|
||||
when: fail2ban_enabled | default(true)
|
||||
|
||||
- import_tasks: 06-manage-ssh-keys.yml
|
||||
tags: [hardening, ssh-keys]
|
12
roles/01-server_hardening/templates/fail2ban-jail.local.j2
Normal file
12
roles/01-server_hardening/templates/fail2ban-jail.local.j2
Normal file
@@ -0,0 +1,12 @@
|
||||
# Configuration Fail2Ban générée par Ansible
|
||||
|
||||
[DEFAULT]
|
||||
bantime = {{ fail2ban_jail_ssh_bantime }}
|
||||
findtime = 600
|
||||
maxretry = {{ fail2ban_jail_ssh_maxretry }}
|
||||
|
||||
[sshd]
|
||||
enabled = {{ fail2ban_jail_ssh_enabled | lower }}
|
||||
port = {{ ssh_port }}
|
||||
filter = sshd
|
||||
logpath = /var/log/auth.log
|
@@ -1,26 +0,0 @@
|
||||
[DEFAULT]
|
||||
# Fail2ban configuration for Minecraft server
|
||||
bantime = {{ fail2ban_bantime }}
|
||||
findtime = {{ fail2ban_findtime }}
|
||||
maxretry = {{ fail2ban_maxretry }}
|
||||
|
||||
# Email notifications (optional)
|
||||
# destemail = admin@example.com
|
||||
# sendername = Fail2Ban
|
||||
# sender = fail2ban@example.com
|
||||
# action = %(action_mwl)s
|
||||
|
||||
[sshd]
|
||||
enabled = true
|
||||
port = {{ ssh_port }}
|
||||
filter = sshd
|
||||
logpath = /var/log/auth.log
|
||||
maxretry = {{ fail2ban_maxretry }}
|
||||
|
||||
[minecraft]
|
||||
enabled = true
|
||||
port = {{ minecraft_port }}
|
||||
filter = minecraft
|
||||
logpath = {{ minecraft_server_dir }}/logs/latest.log
|
||||
maxretry = 5
|
||||
bantime = 7200
|
@@ -1,47 +1,21 @@
|
||||
# SSH configuration for Minecraft server
|
||||
# Configuration SSH sécurisée générée par Ansible
|
||||
Port {{ ssh_port }}
|
||||
Protocol {{ ssh_protocol }}
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||
Protocol 2
|
||||
|
||||
# Logging
|
||||
SyslogFacility AUTH
|
||||
LogLevel INFO
|
||||
|
||||
# Authentication
|
||||
LoginGraceTime 60
|
||||
# Authentification
|
||||
PermitRootLogin {{ ssh_permit_root_login }}
|
||||
StrictModes yes
|
||||
MaxAuthTries {{ ssh_max_auth_tries }}
|
||||
MaxSessions 10
|
||||
|
||||
PubkeyAuthentication {{ ssh_pub_key_authentication }}
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
|
||||
PasswordAuthentication {{ ssh_password_authentication }}
|
||||
PermitEmptyPasswords no
|
||||
ChallengeResponseAuthentication no
|
||||
KerberosAuthentication no
|
||||
GSSAPIAuthentication no
|
||||
MaxAuthTries {{ ssh_max_auth_tries }}
|
||||
PubkeyAuthentication yes
|
||||
|
||||
UsePAM yes
|
||||
|
||||
AllowUsers {{ ssh_allow_users | join(' ') }}
|
||||
|
||||
X11Forwarding no
|
||||
PrintMotd no
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
# Connection settings
|
||||
# Sessions
|
||||
ClientAliveInterval {{ ssh_client_alive_interval }}
|
||||
ClientAliveCountMax {{ ssh_client_alive_count_max }}
|
||||
TCPKeepAlive yes
|
||||
|
||||
# Restrict to specific users
|
||||
Match User {{ ssh_allow_users | join(',') }}
|
||||
AllowTcpForwarding no
|
||||
# Sécurité
|
||||
X11Forwarding no
|
||||
PermitTunnel no
|
||||
GatewayPorts no
|
||||
AllowAgentForwarding no
|
||||
UsePAM yes
|
||||
UseDNS no
|
||||
|
||||
# Utilisateurs autorisés
|
||||
AllowUsers {{ allowed_ssh_users | join(' ') }}
|
@@ -1,14 +0,0 @@
|
||||
# UFW rules for Minecraft server
|
||||
|
||||
# Default policies
|
||||
ufw --force reset
|
||||
ufw default {{ ufw_default_incoming }}
|
||||
ufw default {{ ufw_default_outgoing }}
|
||||
|
||||
# Allow specific ports
|
||||
{% for port in ufw_allowed_ports %}
|
||||
ufw allow {{ port }}
|
||||
{% endfor %}
|
||||
|
||||
# Enable UFW
|
||||
ufw --force enable
|
@@ -0,0 +1,14 @@
|
||||
---
|
||||
# Variables spécifiques au hardening
|
||||
required_packages_debian:
|
||||
- curl
|
||||
- wget
|
||||
- git
|
||||
- unzip
|
||||
- htop
|
||||
- vim
|
||||
- sudo
|
||||
- systemd
|
||||
|
||||
ssh_config_path: /etc/ssh/sshd_config
|
||||
fail2ban_config_path: /etc/fail2ban/jail.local
|
@@ -1,4 +1,8 @@
|
||||
---
|
||||
java_version: 21
|
||||
java_package: "openjdk-{{ java_version }}-jdk"
|
||||
java_home: "/usr/lib/jvm/java-{{ java_version }}-openjdk-amd64"
|
||||
# Configuration par défaut Java
|
||||
java_version: "17"
|
||||
java_packages:
|
||||
- openjdk-17-jdk
|
||||
- openjdk-17-jre
|
||||
|
||||
java_home_path: "/usr/lib/jvm/java-17-openjdk-amd64"
|
@@ -0,0 +1,4 @@
|
||||
---
|
||||
- name: update java alternatives
|
||||
ansible.builtin.command: update-java-alternatives --set java-1.{{ java_version }}.0-openjdk-amd64
|
||||
failed_when: false
|
@@ -1,7 +1,6 @@
|
||||
---
|
||||
- name: Check if Java is already installed
|
||||
command: java -version
|
||||
- name: Vérification de la présence de Java
|
||||
ansible.builtin.command: "{{ java_version_check_command }}"
|
||||
register: java_check
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
tags: ['java-check']
|
@@ -1,6 +1,7 @@
|
||||
---
|
||||
- name: Install OpenJDK
|
||||
package:
|
||||
name: "{{ java_package }}"
|
||||
- name: Installation des paquets Java
|
||||
ansible.builtin.apt:
|
||||
name: "{{ java_packages }}"
|
||||
state: present
|
||||
tags: ['java-install']
|
||||
update_cache: yes
|
||||
when: ansible_os_family == "Debian"
|
6
roles/02-installation-java/tasks/03-validate-java.yml
Normal file
6
roles/02-installation-java/tasks/03-validate-java.yml
Normal file
@@ -0,0 +1,6 @@
|
||||
---
|
||||
- name: Validation de l'installation Java
|
||||
ansible.builtin.command: java -version
|
||||
register: java_validation
|
||||
changed_when: false
|
||||
failed_when: "'openjdk version' not in java_validation.stderr"
|
@@ -1,6 +0,0 @@
|
||||
---
|
||||
- name: Verify Java installation
|
||||
command: java -version
|
||||
register: java_verify
|
||||
changed_when: false
|
||||
tags: ['java-verify']
|
@@ -1,7 +0,0 @@
|
||||
---
|
||||
- name: Set Java home environment variable
|
||||
lineinfile:
|
||||
path: /etc/environment
|
||||
line: "JAVA_HOME={{ java_home }}"
|
||||
state: present
|
||||
tags: ['java-validate']
|
@@ -1,17 +1,11 @@
|
||||
---
|
||||
- name: Include Java check tasks
|
||||
include_tasks: 01-check-java.yml
|
||||
tags: ['java', 'check']
|
||||
# Tâches principales installation Java
|
||||
- import_tasks: 01-check-java.yml
|
||||
tags: [java, check]
|
||||
|
||||
- name: Include Java installation tasks
|
||||
include_tasks: 02-install-java.yml
|
||||
- import_tasks: 02-install-java.yml
|
||||
tags: [java, install]
|
||||
when: java_installed is not defined or not java_installed
|
||||
tags: ['java', 'install']
|
||||
|
||||
- name: Include Java verification tasks
|
||||
include_tasks: 03-verify-java.yml
|
||||
tags: ['java', 'verify']
|
||||
|
||||
- name: Include Java validation tasks
|
||||
include_tasks: 04-validate-installation.yml
|
||||
tags: ['java', 'validate']
|
||||
- import_tasks: 03-validate-java.yml
|
||||
tags: [java, validate]
|
@@ -0,0 +1,4 @@
|
||||
---
|
||||
# Variables Java
|
||||
java_version_check_command: "java -version"
|
||||
java_required_version: "17"
|
@@ -1,14 +1,34 @@
|
||||
---
|
||||
minecraft_version: "1.21.6"
|
||||
# Configuration par défaut Minecraft
|
||||
minecraft_user: minecraft
|
||||
minecraft_group: minecraft
|
||||
minecraft_home: /opt/minecraft
|
||||
minecraft_memory_min: "1G"
|
||||
minecraft_memory_max: "4G"
|
||||
minecraft_version: "1.21.6"
|
||||
minecraft_port: 25565
|
||||
minecraft_rcon_port: 25575
|
||||
minecraft_rcon_password: "changeme"
|
||||
minecraft_max_memory: "4G"
|
||||
minecraft_min_memory: "2G"
|
||||
|
||||
# Répertoires
|
||||
minecraft_sources_dir: "{{ minecraft_home }}/sources"
|
||||
minecraft_server_dir: "{{ minecraft_home }}/server"
|
||||
minecraft_tools_dir: "{{ minecraft_home }}/tools"
|
||||
minecraft_backups_dir: "{{ minecraft_home }}/backups"
|
||||
minecraft_logs_dir: "{{ minecraft_home }}/logs"
|
||||
|
||||
# URLs
|
||||
spigot_build_tools_url: "https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar"
|
||||
mcrcon_version: "0.7.2"
|
||||
mcrcon_url: "https://github.com/Tiiffi/mcrcon/releases/download/v{{ mcrcon_version }}/mcrcon-{{ mcrcon_version }}-linux-x86-64.tar.gz"
|
||||
mcrcon_url: "https://github.com/Tiiffi/mcrcon/archive/refs/heads/master.zip"
|
||||
|
||||
# Configuration serveur
|
||||
server_properties:
|
||||
server-port: "{{ minecraft_port }}"
|
||||
enable-rcon: "true"
|
||||
rcon.port: "{{ minecraft_rcon_port }}"
|
||||
rcon.password: "{{ minecraft_rcon_password | default('changeme') }}"
|
||||
max-players: "20"
|
||||
difficulty: "normal"
|
||||
gamemode: "survival"
|
||||
pvp: "true"
|
||||
spawn-protection: "16"
|
||||
white-list: "false"
|
@@ -1,21 +1,14 @@
|
||||
---
|
||||
- name: reload systemd
|
||||
systemd:
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: yes
|
||||
|
||||
- name: enable minecraft service
|
||||
systemd:
|
||||
ansible.builtin.service:
|
||||
name: minecraft
|
||||
enabled: yes
|
||||
|
||||
- name: restart minecraft
|
||||
systemd:
|
||||
ansible.builtin.service:
|
||||
name: minecraft
|
||||
state: restarted
|
||||
enabled: yes
|
||||
|
||||
- name: start minecraft
|
||||
systemd:
|
||||
name: minecraft
|
||||
state: started
|
||||
enabled: yes
|
@@ -1,6 +1,14 @@
|
||||
---
|
||||
- name: Create minecraft group
|
||||
group:
|
||||
- name: Création du groupe minecraft
|
||||
ansible.builtin.group:
|
||||
name: "{{ minecraft_group }}"
|
||||
state: present
|
||||
tags: ['minecraft-user']
|
||||
|
||||
- name: Création de l'utilisateur minecraft
|
||||
ansible.builtin.user:
|
||||
name: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
home: "{{ minecraft_home }}"
|
||||
shell: /bin/bash
|
||||
create_home: yes
|
||||
state: present
|
@@ -1,15 +1,15 @@
|
||||
---
|
||||
- name: Create minecraft directories
|
||||
file:
|
||||
- name: Création des répertoires Minecraft
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
loop:
|
||||
- "{{ minecraft_home }}"
|
||||
with_items:
|
||||
- "{{ minecraft_sources_dir }}"
|
||||
- "{{ minecraft_server_dir }}"
|
||||
- "{{ minecraft_tools_dir }}"
|
||||
- "{{ minecraft_backups_dir }}"
|
||||
tags: ['minecraft-directories']
|
||||
- "{{ minecraft_logs_dir }}"
|
||||
- "{{ minecraft_server_dir }}/plugins"
|
@@ -1,9 +1,8 @@
|
||||
---
|
||||
- name: Download BuildTools.jar
|
||||
get_url:
|
||||
- name: Téléchargement de BuildTools
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ spigot_build_tools_url }}"
|
||||
dest: "{{ minecraft_sources_dir }}/BuildTools.jar"
|
||||
dest: "{{ minecraft_sources_dir }}/{{ build_tools_jar }}"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
tags: ['spigot-download']
|
@@ -1,17 +1,20 @@
|
||||
---
|
||||
- name: Download mcrcon
|
||||
get_url:
|
||||
url: "{{ mcrcon_url }}"
|
||||
dest: "{{ minecraft_tools_dir }}/mcrcon.tar.gz"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
tags: ['mcrcon-install']
|
||||
- name: Installation des dépendances pour mcrcon
|
||||
ansible.builtin.apt:
|
||||
name:
|
||||
- build-essential
|
||||
- git
|
||||
state: present
|
||||
|
||||
- name: Extract mcrcon
|
||||
unarchive:
|
||||
src: "{{ minecraft_tools_dir }}/mcrcon.tar.gz"
|
||||
dest: "{{ minecraft_tools_dir }}"
|
||||
remote_src: yes
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
tags: ['mcrcon-install']
|
||||
- name: Clone du repository mcrcon
|
||||
ansible.builtin.git:
|
||||
repo: https://github.com/Tiiffi/mcrcon.git
|
||||
dest: "{{ minecraft_tools_dir }}/mcrcon"
|
||||
version: master
|
||||
become_user: "{{ minecraft_user }}"
|
||||
|
||||
- name: Compilation de mcrcon
|
||||
ansible.builtin.command:
|
||||
cmd: make
|
||||
chdir: "{{ minecraft_tools_dir }}/mcrcon"
|
||||
become_user: "{{ minecraft_user }}"
|
@@ -1,19 +1,17 @@
|
||||
---
|
||||
- name: Compile Spigot server
|
||||
shell: |
|
||||
cd {{ minecraft_sources_dir }}
|
||||
java -jar BuildTools.jar --rev {{ minecraft_version }}
|
||||
become_user: "{{ minecraft_user }}"
|
||||
args:
|
||||
- name: Compilation de Spigot
|
||||
ansible.builtin.command:
|
||||
cmd: "java -jar {{ build_tools_jar }} --rev {{ minecraft_version }}"
|
||||
chdir: "{{ minecraft_sources_dir }}"
|
||||
creates: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar"
|
||||
tags: ['spigot-compile']
|
||||
become_user: "{{ minecraft_user }}"
|
||||
timeout: 1800
|
||||
|
||||
- name: Copy compiled Spigot to server directory
|
||||
copy:
|
||||
- name: Copie du JAR Spigot compilé
|
||||
ansible.builtin.copy:
|
||||
src: "{{ minecraft_sources_dir }}/spigot-{{ minecraft_version }}.jar"
|
||||
dest: "{{ minecraft_server_dir }}/spigot.jar"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
remote_src: yes
|
||||
tags: ['spigot-compile']
|
@@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: Génération de la configuration server.properties
|
||||
ansible.builtin.template:
|
||||
src: server.properties.j2
|
||||
dest: "{{ minecraft_server_dir }}/server.properties"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
notify: restart minecraft
|
||||
|
||||
- name: Acceptation de l'EULA
|
||||
ansible.builtin.lineinfile:
|
||||
path: "{{ minecraft_server_dir }}/eula.txt"
|
||||
line: "eula=true"
|
||||
create: yes
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
@@ -1,37 +0,0 @@
|
||||
---
|
||||
- name: Generate server.properties
|
||||
template:
|
||||
src: server.properties.j2
|
||||
dest: "{{ minecraft_server_dir }}/server.properties"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
tags: ['minecraft-config']
|
||||
|
||||
- name: Generate spigot.yml
|
||||
template:
|
||||
src: spigot.yml.j2
|
||||
dest: "{{ minecraft_server_dir }}/spigot.yml"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
tags: ['minecraft-config']
|
||||
|
||||
- name: Generate bukkit.yml
|
||||
template:
|
||||
src: bukkit.yml.j2
|
||||
dest: "{{ minecraft_server_dir }}/bukkit.yml"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
tags: ['minecraft-config']
|
||||
|
||||
- name: Accept EULA
|
||||
lineinfile:
|
||||
path: "{{ minecraft_server_dir }}/eula.txt"
|
||||
line: "eula=true"
|
||||
create: yes
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
tags: ['minecraft-config']
|
@@ -1,10 +1,11 @@
|
||||
---
|
||||
- name: Create systemd service file
|
||||
template:
|
||||
- name: Création du service systemd Minecraft
|
||||
ansible.builtin.template:
|
||||
src: minecraft.service.j2
|
||||
dest: /etc/systemd/system/minecraft.service
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify:
|
||||
- reload systemd
|
||||
- enable minecraft service
|
||||
tags: ['minecraft-service']
|
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Configuration de la rotation des logs
|
||||
ansible.builtin.template:
|
||||
src: minecraft-logrotate.j2
|
||||
dest: /etc/logrotate.d/minecraft
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
@@ -1,7 +0,0 @@
|
||||
---
|
||||
- name: Setup log rotation for Minecraft
|
||||
template:
|
||||
src: logrotate-minecraft.j2
|
||||
dest: /etc/logrotate.d/minecraft
|
||||
mode: '0644'
|
||||
tags: ['minecraft-logs']
|
@@ -1,9 +1,9 @@
|
||||
---
|
||||
- name: Configure ops.json
|
||||
template:
|
||||
- name: Génération du fichier ops.json
|
||||
ansible.builtin.template:
|
||||
src: ops.json.j2
|
||||
dest: "{{ minecraft_server_dir }}/ops.json"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
tags: ['minecraft-ops']
|
||||
notify: restart minecraft
|
10
roles/03-installation-minecraft/tasks/10-install-plugins.yml
Normal file
10
roles/03-installation-minecraft/tasks/10-install-plugins.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: Installation des plugins par défaut
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ item.url }}"
|
||||
dest: "{{ minecraft_server_dir }}/plugins/{{ item.name }}.jar"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
with_items: "{{ minecraft_plugins | default([]) }}"
|
||||
when: minecraft_plugins is defined
|
@@ -1,20 +0,0 @@
|
||||
---
|
||||
- name: Create plugins directory
|
||||
file:
|
||||
path: "{{ minecraft_server_dir }}/plugins"
|
||||
state: directory
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
tags: ['minecraft-plugins']
|
||||
|
||||
- name: Download plugins if specified
|
||||
get_url:
|
||||
url: "{{ item.url }}"
|
||||
dest: "{{ minecraft_server_dir }}/plugins/{{ item.name }}"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
loop: "{{ minecraft_plugins | default([]) }}"
|
||||
when: minecraft_plugins is defined
|
||||
tags: ['minecraft-plugins']
|
@@ -1,40 +1,31 @@
|
||||
---
|
||||
- name: Include user and group creation tasks
|
||||
include_tasks: 01-create-user-group.yml
|
||||
tags: ['minecraft', 'user']
|
||||
# Tâches principales installation Minecraft
|
||||
- import_tasks: 01-create-user-group.yml
|
||||
tags: [minecraft, user]
|
||||
|
||||
- name: Include directory creation tasks
|
||||
include_tasks: 02-create-directories.yml
|
||||
tags: ['minecraft', 'directories']
|
||||
- import_tasks: 02-create-directories.yml
|
||||
tags: [minecraft, directories]
|
||||
|
||||
- name: Include Spigot download tasks
|
||||
include_tasks: 03-download-spigot.yml
|
||||
tags: ['minecraft', 'download']
|
||||
- import_tasks: 03-download-spigot.yml
|
||||
tags: [minecraft, download]
|
||||
|
||||
- name: Include mcrcon installation tasks
|
||||
include_tasks: 04-install-mcrcon.yml
|
||||
tags: ['minecraft', 'mcrcon']
|
||||
- import_tasks: 04-install-mcrcon.yml
|
||||
tags: [minecraft, mcrcon]
|
||||
|
||||
- name: Include Spigot compilation tasks
|
||||
include_tasks: 05-compile-spigot.yml
|
||||
tags: ['minecraft', 'compile']
|
||||
- import_tasks: 05-compile-spigot.yml
|
||||
tags: [minecraft, compile]
|
||||
|
||||
- name: Include server configuration tasks
|
||||
include_tasks: 06-configure-server.yml
|
||||
tags: ['minecraft', 'configure']
|
||||
- import_tasks: 06-configure-minecraft.yml
|
||||
tags: [minecraft, configure]
|
||||
|
||||
- name: Include service creation tasks
|
||||
include_tasks: 07-create-service.yml
|
||||
tags: ['minecraft', 'service']
|
||||
- import_tasks: 07-create-service.yml
|
||||
tags: [minecraft, service]
|
||||
|
||||
- name: Include log rotation setup tasks
|
||||
include_tasks: 08-setup-log-rotation.yml
|
||||
tags: ['minecraft', 'logs']
|
||||
- import_tasks: 08-configure-logrotate.yml
|
||||
tags: [minecraft, logrotate]
|
||||
|
||||
- name: Include ops configuration tasks
|
||||
include_tasks: 09-configure-ops.yml
|
||||
tags: ['minecraft', 'ops']
|
||||
- import_tasks: 09-manage-ops.yml
|
||||
tags: [minecraft, ops]
|
||||
|
||||
- name: Include plugins setup tasks
|
||||
include_tasks: 10-setup-plugins.yml
|
||||
tags: ['minecraft', 'plugins']
|
||||
- import_tasks: 10-install-plugins.yml
|
||||
tags: [minecraft, plugins]
|
4
roles/03-installation-minecraft/templates/eula.txt.j2
Normal file
4
roles/03-installation-minecraft/templates/eula.txt.j2
Normal file
@@ -0,0 +1,4 @@
|
||||
# {{ ansible_managed }}
|
||||
# By changing the setting below to TRUE you are indicating your agreement to our EULA (https://aka.ms/MinecraftEULA).
|
||||
# Generated on {{ ansible_date_time.iso8601 }}
|
||||
eula=true
|
@@ -1,12 +0,0 @@
|
||||
{{ minecraft_server_dir }}/logs/*.log {
|
||||
daily
|
||||
missingok
|
||||
rotate 52
|
||||
compress
|
||||
delaycompress
|
||||
notifempty
|
||||
create 644 {{ minecraft_user }} {{ minecraft_group }}
|
||||
postrotate
|
||||
systemctl reload minecraft
|
||||
endscript
|
||||
}
|
@@ -0,0 +1,194 @@
|
||||
#!/bin/bash
|
||||
# {{ ansible_managed }}
|
||||
# Script de commandes utiles pour Minecraft
|
||||
|
||||
MCRCON="{{ minecraft_tools_dir }}/mcrcon"
|
||||
RCON_HOST="localhost"
|
||||
RCON_PORT="{{ rcon_port }}"
|
||||
RCON_PASS="{{ rcon_password }}"
|
||||
|
||||
# Fonction d'exécution RCON
|
||||
rcon() {
|
||||
$MCRCON -H $RCON_HOST -P $RCON_PORT -p "$RCON_PASS" "$@"
|
||||
}
|
||||
|
||||
# Commandes disponibles
|
||||
case "$1" in
|
||||
say)
|
||||
shift
|
||||
rcon "say $@"
|
||||
;;
|
||||
|
||||
list)
|
||||
rcon "list"
|
||||
;;
|
||||
|
||||
save)
|
||||
echo "Sauvegarde du monde..."
|
||||
rcon "save-all flush"
|
||||
echo "Sauvegarde terminée"
|
||||
;;
|
||||
|
||||
whitelist-add)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 whitelist-add <joueur>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "whitelist add $2"
|
||||
;;
|
||||
|
||||
whitelist-remove)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 whitelist-remove <joueur>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "whitelist remove $2"
|
||||
;;
|
||||
|
||||
whitelist-list)
|
||||
rcon "whitelist list"
|
||||
;;
|
||||
|
||||
ban)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 ban <joueur> [raison]"
|
||||
exit 1
|
||||
fi
|
||||
shift
|
||||
rcon "ban $@"
|
||||
;;
|
||||
|
||||
unban)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 unban <joueur>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "pardon $2"
|
||||
;;
|
||||
|
||||
kick)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 kick <joueur> [raison]"
|
||||
exit 1
|
||||
fi
|
||||
shift
|
||||
rcon "kick $@"
|
||||
;;
|
||||
|
||||
op)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 op <joueur>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "op $2"
|
||||
;;
|
||||
|
||||
deop)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 deop <joueur>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "deop $2"
|
||||
;;
|
||||
|
||||
tp)
|
||||
if [ -z "$3" ]; then
|
||||
echo "Usage: $0 tp <joueur1> <joueur2>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "tp $2 $3"
|
||||
;;
|
||||
|
||||
gamemode)
|
||||
if [ -z "$3" ]; then
|
||||
echo "Usage: $0 gamemode <mode> <joueur>"
|
||||
echo "Modes: survival, creative, adventure, spectator"
|
||||
exit 1
|
||||
fi
|
||||
rcon "gamemode $2 $3"
|
||||
;;
|
||||
|
||||
time)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 time <set|add> <valeur>"
|
||||
exit 1
|
||||
fi
|
||||
shift
|
||||
rcon "time $@"
|
||||
;;
|
||||
|
||||
weather)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 weather <clear|rain|thunder> [durée]"
|
||||
exit 1
|
||||
fi
|
||||
shift
|
||||
rcon "weather $@"
|
||||
;;
|
||||
|
||||
difficulty)
|
||||
if [ -z "$2" ]; then
|
||||
echo "Usage: $0 difficulty <peaceful|easy|normal|hard>"
|
||||
exit 1
|
||||
fi
|
||||
rcon "difficulty $2"
|
||||
;;
|
||||
|
||||
give)
|
||||
if [ -z "$3" ]; then
|
||||
echo "Usage: $0 give <joueur> <item> [quantité]"
|
||||
exit 1
|
||||
fi
|
||||
shift
|
||||
rcon "give $@"
|
||||
;;
|
||||
|
||||
reload)
|
||||
echo "Rechargement de la configuration..."
|
||||
rcon "reload"
|
||||
echo "Configuration rechargée"
|
||||
;;
|
||||
|
||||
stop)
|
||||
echo "Arrêt du serveur..."
|
||||
rcon "stop"
|
||||
;;
|
||||
|
||||
console)
|
||||
# Mode console interactif
|
||||
echo "Mode console RCON (tapez 'exit' pour quitter)"
|
||||
while true; do
|
||||
read -p "minecraft> " cmd
|
||||
if [ "$cmd" = "exit" ]; then
|
||||
break
|
||||
fi
|
||||
rcon "$cmd"
|
||||
done
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "Commandes Minecraft disponibles:"
|
||||
echo ""
|
||||
echo " $0 say <message> - Envoyer un message à tous"
|
||||
echo " $0 list - Liste des joueurs connectés"
|
||||
echo " $0 save - Sauvegarder le monde"
|
||||
echo " $0 whitelist-add <joueur> - Ajouter à la whitelist"
|
||||
echo " $0 whitelist-remove <joueur> - Retirer de la whitelist"
|
||||
echo " $0 whitelist-list - Afficher la whitelist"
|
||||
echo " $0 ban <joueur> [raison] - Bannir un joueur"
|
||||
echo " $0 unban <joueur> - Débannir un joueur"
|
||||
echo " $0 kick <joueur> [raison] - Expulser un joueur"
|
||||
echo " $0 op <joueur> - Donner les droits OP"
|
||||
echo " $0 deop <joueur> - Retirer les droits OP"
|
||||
echo " $0 tp <joueur1> <joueur2> - Téléporter un joueur"
|
||||
echo " $0 gamemode <mode> <joueur> - Changer le mode de jeu"
|
||||
echo " $0 time <set|add> <valeur> - Gérer le temps"
|
||||
echo " $0 weather <type> [durée] - Changer la météo"
|
||||
echo " $0 difficulty <niveau> - Changer la difficulté"
|
||||
echo " $0 give <joueur> <item> [qty] - Donner des objets"
|
||||
echo " $0 reload - Recharger la configuration"
|
||||
echo " $0 stop - Arrêter le serveur"
|
||||
echo " $0 console - Mode console interactif"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
@@ -0,0 +1,13 @@
|
||||
{{ minecraft_server_dir }}/logs/*.log {
|
||||
daily
|
||||
rotate {{ logrotate_config.rotate }}
|
||||
size {{ logrotate_config.size }}
|
||||
{% if logrotate_config.compress %}compress{% endif %}
|
||||
{% if logrotate_config.delaycompress %}delaycompress{% endif %}
|
||||
missingok
|
||||
notifempty
|
||||
create 644 {{ minecraft_user }} {{ minecraft_group }}
|
||||
postrotate
|
||||
systemctl reload minecraft || true
|
||||
endscript
|
||||
}
|
@@ -7,11 +7,11 @@ Type=forking
|
||||
User={{ minecraft_user }}
|
||||
Group={{ minecraft_group }}
|
||||
WorkingDirectory={{ minecraft_server_dir }}
|
||||
ExecStart=/usr/bin/java -Xms{{ minecraft_memory_min }} -Xmx{{ minecraft_memory_max }} -jar {{ minecraft_server_dir }}/spigot.jar nogui
|
||||
ExecStop={{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} stop
|
||||
RemainAfterExit=yes
|
||||
RestartSec=15
|
||||
Restart=always
|
||||
ExecStart=/usr/bin/java -Xmx{{ minecraft_max_memory }} -Xms{{ minecraft_min_memory }} -jar spigot.jar nogui
|
||||
ExecStop={{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} stop
|
||||
KillMode=none
|
||||
TimeoutStopSec=120
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@@ -1,10 +1,10 @@
|
||||
[
|
||||
{% for op in minecraft_ops | default([]) %}
|
||||
{% for admin in minecraft_admins | default([]) %}
|
||||
{
|
||||
"uuid": "{{ op.uuid }}",
|
||||
"name": "{{ op.name }}",
|
||||
"level": {{ op.level | default(4) }},
|
||||
"bypassesPlayerLimit": {{ op.bypass_limit | default(false) | lower }}
|
||||
"uuid": "{{ admin.uuid }}",
|
||||
"name": "{{ admin.name }}",
|
||||
"level": {{ admin.level | default(4) }},
|
||||
"bypassesPlayerLimit": {{ admin.bypass_limit | default(false) | lower }}
|
||||
}{% if not loop.last %},{% endif %}
|
||||
{% endfor %}
|
||||
]
|
@@ -1,24 +1,38 @@
|
||||
#Minecraft server properties
|
||||
server-name=Spigot Server
|
||||
server-port={{ minecraft_port }}
|
||||
max-players=20
|
||||
gamemode=survival
|
||||
difficulty=normal
|
||||
hardcore=false
|
||||
white-list=false
|
||||
enforce-whitelist=false
|
||||
pvp=true
|
||||
spawn-protection=16
|
||||
#Minecraft server properties généré par Ansible
|
||||
generator-settings=
|
||||
op-permission-level=4
|
||||
allow-flight=false
|
||||
enable-rcon=true
|
||||
rcon.port={{ minecraft_rcon_port }}
|
||||
rcon.password={{ minecraft_rcon_password }}
|
||||
motd=Minecraft Spigot Server managed by Ansible
|
||||
online-mode=true
|
||||
spawn-monsters=true
|
||||
generate-structures=true
|
||||
view-distance=10
|
||||
level-seed=
|
||||
allow-nether=true
|
||||
level-name=world
|
||||
enable-query=false
|
||||
allow-flight=false
|
||||
announce-player-achievements=true
|
||||
server-port={{ minecraft_port }}
|
||||
max-world-size=29999984
|
||||
level-type=default
|
||||
enable-rcon={{ server_properties['enable-rcon'] }}
|
||||
level-seed=
|
||||
force-gamemode=false
|
||||
server-ip=
|
||||
max-build-height=256
|
||||
spawn-npcs=true
|
||||
white-list={{ server_properties['white-list'] }}
|
||||
spawn-animals=true
|
||||
hardcore=false
|
||||
snooper-enabled=true
|
||||
resource-pack-sha1=
|
||||
online-mode=true
|
||||
resource-pack=
|
||||
pvp={{ server_properties['pvp'] }}
|
||||
difficulty={{ server_properties['difficulty'] }}
|
||||
enable-command-block=false
|
||||
gamemode={{ server_properties['gamemode'] }}
|
||||
player-idle-timeout=0
|
||||
max-players={{ server_properties['max-players'] }}
|
||||
max-tick-time=60000
|
||||
spawn-monsters=true
|
||||
view-distance=10
|
||||
generate-structures=true
|
||||
spawn-protection={{ server_properties['spawn-protection'] }}
|
||||
motd=Un serveur Minecraft avec Spigot
|
||||
rcon.port={{ minecraft_rcon_port }}
|
||||
rcon.password={{ minecraft_rcon_password | default('changeme') }}
|
@@ -0,0 +1,19 @@
|
||||
---
|
||||
# Variables Minecraft
|
||||
minecraft_service_name: minecraft
|
||||
spigot_jar_name: "spigot-{{ minecraft_version }}.jar"
|
||||
build_tools_jar: "BuildTools.jar"
|
||||
|
||||
# Plugins par défaut
|
||||
default_plugins:
|
||||
- name: "WorldEdit"
|
||||
url: "https://dev.bukkit.org/projects/worldedit/files/latest"
|
||||
- name: "Vault"
|
||||
url: "https://dev.bukkit.org/projects/vault/files/latest"
|
||||
|
||||
# Configuration logs
|
||||
logrotate_config:
|
||||
rotate: 30
|
||||
size: "100M"
|
||||
compress: true
|
||||
delaycompress: true
|
@@ -1,8 +0,0 @@
|
||||
---
|
||||
backup_retention_daily: 7
|
||||
backup_retention_weekly: 4
|
||||
backup_retention_monthly: 6
|
||||
backup_compression: true
|
||||
backup_remote_host: ""
|
||||
backup_remote_user: ""
|
||||
backup_remote_path: ""
|
@@ -0,0 +1,5 @@
|
||||
---
|
||||
- name: reload cron
|
||||
ansible.builtin.service:
|
||||
name: cron
|
||||
state: reloaded
|
12
roles/04-backups/tasks/01-create-backup-structure.yml
Normal file
12
roles/04-backups/tasks/01-create-backup-structure.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
- name: Création de la structure des sauvegardes
|
||||
ansible.builtin.file:
|
||||
path: "{{ minecraft_backups_dir }}/{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
with_items:
|
||||
- daily
|
||||
- weekly
|
||||
- monthly
|
@@ -1,14 +0,0 @@
|
||||
---
|
||||
- name: Create backup directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
loop:
|
||||
- "{{ minecraft_backups_dir }}/daily"
|
||||
- "{{ minecraft_backups_dir }}/weekly"
|
||||
- "{{ minecraft_backups_dir }}/monthly"
|
||||
- "{{ minecraft_backups_dir }}/scripts"
|
||||
tags: ['backup-structure']
|
@@ -1,27 +0,0 @@
|
||||
---
|
||||
- name: Create daily backup script
|
||||
template:
|
||||
src: backup-daily.sh.j2
|
||||
dest: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
tags: ['backup-scripts']
|
||||
|
||||
- name: Create weekly backup script
|
||||
template:
|
||||
src: backup-weekly.sh.j2
|
||||
dest: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
tags: ['backup-scripts']
|
||||
|
||||
- name: Create monthly backup script
|
||||
template:
|
||||
src: backup-monthly.sh.j2
|
||||
dest: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
tags: ['backup-scripts']
|
17
roles/04-backups/tasks/02-setup-daily-backup.yml
Normal file
17
roles/04-backups/tasks/02-setup-daily-backup.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Création du script de sauvegarde quotidienne
|
||||
ansible.builtin.template:
|
||||
src: backup-daily.sh.j2
|
||||
dest: "{{ backup_script_path }}/minecraft-backup-daily.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Configuration cron pour sauvegarde quotidienne
|
||||
ansible.builtin.cron:
|
||||
name: "Minecraft Daily Backup"
|
||||
minute: "0"
|
||||
hour: "2"
|
||||
job: "{{ backup_script_path }}/minecraft-backup-daily.sh"
|
||||
user: "{{ minecraft_user }}"
|
||||
state: present
|
@@ -1,29 +0,0 @@
|
||||
---
|
||||
- name: Setup daily backup cron job
|
||||
cron:
|
||||
name: "Minecraft daily backup"
|
||||
user: "{{ minecraft_user }}"
|
||||
minute: "0"
|
||||
hour: "2"
|
||||
job: "{{ minecraft_backups_dir }}/scripts/backup-daily.sh"
|
||||
tags: ['backup-cron']
|
||||
|
||||
- name: Setup weekly backup cron job
|
||||
cron:
|
||||
name: "Minecraft weekly backup"
|
||||
user: "{{ minecraft_user }}"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
weekday: "0"
|
||||
job: "{{ minecraft_backups_dir }}/scripts/backup-weekly.sh"
|
||||
tags: ['backup-cron']
|
||||
|
||||
- name: Setup monthly backup cron job
|
||||
cron:
|
||||
name: "Minecraft monthly backup"
|
||||
user: "{{ minecraft_user }}"
|
||||
minute: "0"
|
||||
hour: "4"
|
||||
day: "1"
|
||||
job: "{{ minecraft_backups_dir }}/scripts/backup-monthly.sh"
|
||||
tags: ['backup-cron']
|
18
roles/04-backups/tasks/03-setup-weekly-backup.yml
Normal file
18
roles/04-backups/tasks/03-setup-weekly-backup.yml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: Création du script de sauvegarde hebdomadaire
|
||||
ansible.builtin.template:
|
||||
src: backup-weekly.sh.j2
|
||||
dest: "{{ backup_script_path }}/minecraft-backup-weekly.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Configuration cron pour sauvegarde hebdomadaire
|
||||
ansible.builtin.cron:
|
||||
name: "Minecraft Weekly Backup"
|
||||
minute: "0"
|
||||
hour: "3"
|
||||
weekday: "0"
|
||||
job: "{{ backup_script_path }}/minecraft-backup-weekly.sh"
|
||||
user: "{{ minecraft_user }}"
|
||||
state: present
|
18
roles/04-backups/tasks/04-setup-monthly-backup.yml
Normal file
18
roles/04-backups/tasks/04-setup-monthly-backup.yml
Normal file
@@ -0,0 +1,18 @@
|
||||
---
|
||||
- name: Création du script de sauvegarde mensuelle
|
||||
ansible.builtin.template:
|
||||
src: backup-monthly.sh.j2
|
||||
dest: "{{ backup_script_path }}/minecraft-backup-monthly.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Configuration cron pour sauvegarde mensuelle
|
||||
ansible.builtin.cron:
|
||||
name: "Minecraft Monthly Backup"
|
||||
minute: "0"
|
||||
hour: "4"
|
||||
day: "1"
|
||||
job: "{{ backup_script_path }}/minecraft-backup-monthly.sh"
|
||||
user: "{{ minecraft_user }}"
|
||||
state: present
|
@@ -1,9 +0,0 @@
|
||||
---
|
||||
- name: Create restore script
|
||||
template:
|
||||
src: restore.sh.j2
|
||||
dest: "{{ minecraft_backups_dir }}/scripts/restore.sh"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
tags: ['backup-restore']
|
8
roles/04-backups/tasks/05-setup-restore-script.yml
Normal file
8
roles/04-backups/tasks/05-setup-restore-script.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Création du script de restauration
|
||||
ansible.builtin.template:
|
||||
src: restore.sh.j2
|
||||
dest: "{{ backup_script_path }}/minecraft-restore.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
@@ -1,16 +1,16 @@
|
||||
---
|
||||
- name: Include backup structure setup tasks
|
||||
include_tasks: 01-setup-backup-structure.yml
|
||||
tags: ['backup', 'setup']
|
||||
# Tâches principales sauvegardes
|
||||
- import_tasks: 01-create-backup-structure.yml
|
||||
tags: [backup, structure]
|
||||
|
||||
- name: Include backup scripts creation tasks
|
||||
include_tasks: 02-create-backup-scripts.yml
|
||||
tags: ['backup', 'scripts']
|
||||
- import_tasks: 02-setup-daily-backup.yml
|
||||
tags: [backup, daily]
|
||||
|
||||
- name: Include cron jobs setup tasks
|
||||
include_tasks: 03-setup-cron-jobs.yml
|
||||
tags: ['backup', 'cron']
|
||||
- import_tasks: 03-setup-weekly-backup.yml
|
||||
tags: [backup, weekly]
|
||||
|
||||
- name: Include restore script setup tasks
|
||||
include_tasks: 04-setup-restore-script.yml
|
||||
tags: ['backup', 'restore']
|
||||
- import_tasks: 04-setup-monthly-backup.yml
|
||||
tags: [backup, monthly]
|
||||
|
||||
- import_tasks: 05-setup-restore-script.yml
|
||||
tags: [backup, restore]
|
@@ -1,29 +1,25 @@
|
||||
#!/bin/bash
|
||||
# Script de sauvegarde quotidienne Minecraft
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_DIR="{{ minecraft_backups_dir }}/daily"
|
||||
SERVER_DIR="{{ minecraft_server_dir }}"
|
||||
SOURCE_DIR="{{ minecraft_server_dir }}"
|
||||
DATE=$(date +%Y%m%d_%H%M%S)
|
||||
BACKUP_NAME="minecraft_daily_${DATE}"
|
||||
BACKUP_NAME="minecraft-daily-${DATE}"
|
||||
RETENTION={{ backup_retention_daily }}
|
||||
|
||||
# Stop server for consistent backup
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
|
||||
# Notification du début de sauvegarde
|
||||
echo "$(date): Début de la sauvegarde quotidienne"
|
||||
|
||||
# Commande save-all via rcon si le serveur est en cours
|
||||
{{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} save-all || true
|
||||
sleep 5
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
|
||||
|
||||
# Create backup
|
||||
rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
|
||||
# Création de la sauvegarde
|
||||
rsync {{ rsync_options }} --exclude 'logs' "${SOURCE_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
|
||||
|
||||
# Re-enable saving
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
|
||||
# Nettoyage des anciennes sauvegardes
|
||||
find "${BACKUP_DIR}" -type d -name "minecraft-daily-*" -mtime +${RETENTION} -exec rm -rf {} + 2>/dev/null || true
|
||||
|
||||
# Compress backup if enabled
|
||||
{% if backup_compression %}
|
||||
tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
|
||||
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
|
||||
{% endif %}
|
||||
|
||||
# Clean old backups
|
||||
find "${BACKUP_DIR}" -name "minecraft_daily_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +${RETENTION} -delete
|
||||
|
||||
echo "Daily backup completed: ${BACKUP_NAME}"
|
||||
echo "$(date): Sauvegarde quotidienne terminée: ${BACKUP_NAME}"
|
@@ -1,29 +1,24 @@
|
||||
#!/bin/bash
|
||||
# Script de sauvegarde mensuelle Minecraft
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_DIR="{{ minecraft_backups_dir }}/monthly"
|
||||
SERVER_DIR="{{ minecraft_server_dir }}"
|
||||
SOURCE_DIR="{{ minecraft_server_dir }}"
|
||||
DATE=$(date +%Y%m%d_%H%M%S)
|
||||
BACKUP_NAME="minecraft_monthly_${DATE}"
|
||||
BACKUP_NAME="minecraft-monthly-${DATE}"
|
||||
RETENTION={{ backup_retention_monthly }}
|
||||
|
||||
# Stop server for consistent backup
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
|
||||
sleep 5
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
|
||||
echo "$(date): Début de la sauvegarde mensuelle"
|
||||
|
||||
# Create backup
|
||||
rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
|
||||
# Commande save-all via rcon
|
||||
{{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} save-all || true
|
||||
sleep 10
|
||||
|
||||
# Re-enable saving
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
|
||||
# Création de la sauvegarde
|
||||
rsync {{ rsync_options }} "${SOURCE_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
|
||||
|
||||
# Compress backup if enabled
|
||||
{% if backup_compression %}
|
||||
tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
|
||||
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
|
||||
{% endif %}
|
||||
# Nettoyage des anciennes sauvegardes (mois)
|
||||
find "${BACKUP_DIR}" -type d -name "minecraft-monthly-*" -mtime +$((${RETENTION} * 30)) -exec rm -rf {} + 2>/dev/null || true
|
||||
|
||||
# Clean old backups
|
||||
find "${BACKUP_DIR}" -name "minecraft_monthly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 30)) -delete
|
||||
|
||||
echo "Monthly backup completed: ${BACKUP_NAME}"
|
||||
echo "$(date): Sauvegarde mensuelle terminée: ${BACKUP_NAME}"
|
@@ -1,29 +1,24 @@
|
||||
#!/bin/bash
|
||||
# Script de sauvegarde hebdomadaire Minecraft
|
||||
|
||||
set -e
|
||||
|
||||
BACKUP_DIR="{{ minecraft_backups_dir }}/weekly"
|
||||
SERVER_DIR="{{ minecraft_server_dir }}"
|
||||
SOURCE_DIR="{{ minecraft_server_dir }}"
|
||||
DATE=$(date +%Y%m%d_%H%M%S)
|
||||
BACKUP_NAME="minecraft_weekly_${DATE}"
|
||||
BACKUP_NAME="minecraft-weekly-${DATE}"
|
||||
RETENTION={{ backup_retention_weekly }}
|
||||
|
||||
# Stop server for consistent backup
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-all
|
||||
echo "$(date): Début de la sauvegarde hebdomadaire"
|
||||
|
||||
# Commande save-all via rcon
|
||||
{{ minecraft_tools_dir }}/mcrcon/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password | default('changeme') }} save-all || true
|
||||
sleep 5
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-off
|
||||
|
||||
# Create backup
|
||||
rsync -av --delete "${SERVER_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
|
||||
# Création de la sauvegarde
|
||||
rsync {{ rsync_options }} "${SOURCE_DIR}/" "${BACKUP_DIR}/${BACKUP_NAME}/"
|
||||
|
||||
# Re-enable saving
|
||||
{{ minecraft_tools_dir }}/mcrcon -H 127.0.0.1 -P {{ minecraft_rcon_port }} -p {{ minecraft_rcon_password }} save-on
|
||||
# Nettoyage des anciennes sauvegardes (semaines)
|
||||
find "${BACKUP_DIR}" -type d -name "minecraft-weekly-*" -mtime +$((${RETENTION} * 7)) -exec rm -rf {} + 2>/dev/null || true
|
||||
|
||||
# Compress backup if enabled
|
||||
{% if backup_compression %}
|
||||
tar -czf "${BACKUP_DIR}/${BACKUP_NAME}.tar.gz" -C "${BACKUP_DIR}" "${BACKUP_NAME}"
|
||||
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
|
||||
{% endif %}
|
||||
|
||||
# Clean old backups
|
||||
find "${BACKUP_DIR}" -name "minecraft_weekly_*" -type {% if backup_compression %}f{% else %}d{% endif %} -mtime +$((${RETENTION} * 7)) -delete
|
||||
|
||||
echo "Weekly backup completed: ${BACKUP_NAME}"
|
||||
echo "$(date): Sauvegarde hebdomadaire terminée: ${BACKUP_NAME}"
|
@@ -1,59 +1,53 @@
|
||||
#!/bin/bash
|
||||
# Script de restauration Minecraft
|
||||
|
||||
BACKUP_TYPE="$1" # daily, weekly, monthly
|
||||
BACKUP_DATE="$2" # YYYYMMDD_HHMMSS format
|
||||
SERVER_DIR="{{ minecraft_server_dir }}"
|
||||
BACKUP_BASE_DIR="{{ minecraft_backups_dir }}"
|
||||
set -e
|
||||
|
||||
if [ $# -ne 2 ]; then
|
||||
echo "Usage: $0 <backup_type> <backup_date>"
|
||||
echo "Example: $0 daily 20241201_020000"
|
||||
echo "Available backups:"
|
||||
echo "Daily:"
|
||||
ls -1 "${BACKUP_BASE_DIR}/daily/" | grep minecraft_daily
|
||||
echo "Weekly:"
|
||||
ls -1 "${BACKUP_BASE_DIR}/weekly/" | grep minecraft_weekly
|
||||
echo "Monthly:"
|
||||
ls -1 "${BACKUP_BASE_DIR}/monthly/" | grep minecraft_monthly
|
||||
echo "Usage: $0 <type> <backup_name>"
|
||||
echo "Types: daily, weekly, monthly"
|
||||
echo "Exemple: $0 daily minecraft-daily-20240127_020000"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
BACKUP_NAME="minecraft_${BACKUP_TYPE}_${BACKUP_DATE}"
|
||||
BACKUP_DIR="${BACKUP_BASE_DIR}/${BACKUP_TYPE}"
|
||||
TYPE=$1
|
||||
BACKUP_NAME=$2
|
||||
BACKUP_DIR="{{ minecraft_backups_dir }}/${TYPE}"
|
||||
TARGET_DIR="{{ minecraft_server_dir }}"
|
||||
|
||||
{% if backup_compression %}
|
||||
BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}.tar.gz"
|
||||
{% else %}
|
||||
BACKUP_FILE="${BACKUP_DIR}/${BACKUP_NAME}"
|
||||
{% endif %}
|
||||
|
||||
if [ ! -e "${BACKUP_FILE}" ]; then
|
||||
echo "Backup not found: ${BACKUP_FILE}"
|
||||
if [ ! -d "${BACKUP_DIR}/${BACKUP_NAME}" ]; then
|
||||
echo "Erreur: Sauvegarde ${BACKUP_NAME} introuvable dans ${BACKUP_DIR}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Stop Minecraft server
|
||||
systemctl stop minecraft
|
||||
echo "ATTENTION: Cette opération va remplacer les données actuelles du serveur."
|
||||
read -p "Voulez-vous continuer? (y/N): " -n 1 -r
|
||||
echo
|
||||
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
|
||||
echo "Restauration annulée."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Backup current server (just in case)
|
||||
RESTORE_BACKUP_DIR="${BACKUP_BASE_DIR}/restore_backup"
|
||||
mkdir -p "${RESTORE_BACKUP_DIR}"
|
||||
mv "${SERVER_DIR}" "${RESTORE_BACKUP_DIR}/server_before_restore_$(date +%Y%m%d_%H%M%S)"
|
||||
# Arrêt du serveur
|
||||
echo "Arrêt du serveur Minecraft..."
|
||||
systemctl stop minecraft || true
|
||||
sleep 5
|
||||
|
||||
# Restore from backup
|
||||
{% if backup_compression %}
|
||||
mkdir -p "${SERVER_DIR}"
|
||||
tar -xzf "${BACKUP_FILE}" -C "${BACKUP_DIR}"
|
||||
rsync -av "${BACKUP_DIR}/${BACKUP_NAME}/" "${SERVER_DIR}/"
|
||||
rm -rf "${BACKUP_DIR}/${BACKUP_NAME}"
|
||||
{% else %}
|
||||
rsync -av "${BACKUP_FILE}/" "${SERVER_DIR}/"
|
||||
{% endif %}
|
||||
# Sauvegarde du répertoire actuel
|
||||
CURRENT_BACKUP="${TARGET_DIR}.backup-$(date +%Y%m%d_%H%M%S)"
|
||||
echo "Sauvegarde du répertoire actuel vers ${CURRENT_BACKUP}"
|
||||
cp -r "${TARGET_DIR}" "${CURRENT_BACKUP}"
|
||||
|
||||
# Fix permissions
|
||||
chown -R {{ minecraft_user }}:{{ minecraft_group }} "${SERVER_DIR}"
|
||||
# Restauration
|
||||
echo "Restauration de ${BACKUP_NAME}..."
|
||||
rsync {{ rsync_options }} "${BACKUP_DIR}/${BACKUP_NAME}/" "${TARGET_DIR}/"
|
||||
|
||||
# Start Minecraft server
|
||||
# Correction des permissions
|
||||
chown -R {{ minecraft_user }}:{{ minecraft_group }} "${TARGET_DIR}"
|
||||
|
||||
# Redémarrage du serveur
|
||||
echo "Redémarrage du serveur Minecraft..."
|
||||
systemctl start minecraft
|
||||
|
||||
echo "Restore completed from: ${BACKUP_FILE}"
|
||||
echo "Restauration terminée avec succès."
|
||||
echo "Sauvegarde de l'ancienne version disponible dans: ${CURRENT_BACKUP}"
|
@@ -0,0 +1,10 @@
|
||||
---
|
||||
# Variables sauvegardes
|
||||
backup_script_path: /usr/local/bin
|
||||
minecraft_backup_source: "{{ minecraft_server_dir }}"
|
||||
minecraft_backup_dest: "{{ minecraft_backups_dir }}"
|
||||
|
||||
backup_types:
|
||||
- daily
|
||||
- weekly
|
||||
- monthly
|
@@ -1,5 +1,6 @@
|
||||
---
|
||||
update_check_interval: daily
|
||||
ssh_keys_check_enabled: true
|
||||
system_update_check_enabled: true
|
||||
spigot_update_check_enabled: true
|
||||
# Configuration par défaut des mises à jour
|
||||
update_check_enabled: true
|
||||
update_system_packages: false
|
||||
spigot_update_check_url: "https://hub.spigotmc.org/versions/"
|
||||
update_backup_before: true
|
@@ -1,7 +1,5 @@
|
||||
---
|
||||
- name: reboot if needed
|
||||
reboot:
|
||||
reboot_timeout: 300
|
||||
when:
|
||||
- ansible_kernel != ansible_kernel_before_update | default(ansible_kernel)
|
||||
- reboot_required | default(false)
|
||||
- name: restart minecraft
|
||||
ansible.builtin.service:
|
||||
name: minecraft
|
||||
state: restarted
|
@@ -1,14 +1,9 @@
|
||||
---
|
||||
- name: Check for new SSH keys in authorized_keys
|
||||
stat:
|
||||
path: /home/{{ ansible_user }}/.ssh/authorized_keys
|
||||
register: ssh_keys_stat
|
||||
|
||||
- name: Update SSH keys if changed
|
||||
authorized_key:
|
||||
user: "{{ ansible_user }}"
|
||||
key: "{{ item }}"
|
||||
- name: Vérification des nouvelles clés SSH
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.user }}"
|
||||
state: present
|
||||
loop: "{{ ssh_public_keys | default([]) }}"
|
||||
when: ssh_public_keys is defined
|
||||
tags: ['ssh-keys-update']
|
||||
key: "{{ item.key }}"
|
||||
comment: "{{ item.comment | default('Admin key') }}"
|
||||
with_items: "{{ admin_ssh_keys | default([]) }}"
|
||||
when: admin_ssh_keys is defined
|
@@ -1,23 +1,23 @@
|
||||
---
|
||||
- name: Check for system updates (Debian/Ubuntu)
|
||||
apt:
|
||||
- name: Vérification des mises à jour système disponibles
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
cache_valid_time: 3600
|
||||
register: apt_cache_update
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Check available upgrades
|
||||
shell: apt list --upgradable 2>/dev/null | grep -v WARNING | wc -l
|
||||
register: available_upgrades
|
||||
changed_when: false
|
||||
- name: Liste des paquets à mettre à jour
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
dry_run: yes
|
||||
register: system_updates_check
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Apply system updates if available
|
||||
apt:
|
||||
upgrade: yes
|
||||
- name: Application des mises à jour système si nécessaire
|
||||
ansible.builtin.apt:
|
||||
upgrade: dist
|
||||
autoremove: yes
|
||||
autoclean: yes
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
- available_upgrades.stdout | int > 1
|
||||
notify: reboot if needed
|
||||
- update_system_packages | default(false)
|
||||
- system_updates_check.changed
|
@@ -1,26 +1,22 @@
|
||||
---
|
||||
- name: Get current Spigot version
|
||||
stat:
|
||||
path: "{{ minecraft_server_dir }}/spigot.jar"
|
||||
register: current_spigot
|
||||
|
||||
- name: Check latest Spigot version available
|
||||
uri:
|
||||
url: "https://api.papermc.io/v2/projects/paper/versions"
|
||||
method: GET
|
||||
return_content: yes
|
||||
register: spigot_versions_api
|
||||
- name: Lecture de la version actuelle
|
||||
ansible.builtin.slurp:
|
||||
src: "{{ current_version_file }}"
|
||||
register: current_version_content
|
||||
failed_when: false
|
||||
|
||||
- name: Parse latest version
|
||||
- name: Définition de la version actuelle
|
||||
set_fact:
|
||||
latest_spigot_version: "{{ (spigot_versions_api.json.versions | last) if spigot_versions_api.json is defined else minecraft_version }}"
|
||||
current_spigot_version: "{{ (current_version_content.content | b64decode).strip() if current_version_content.content is defined else 'unknown' }}"
|
||||
|
||||
- name: Compare versions
|
||||
- name: Vérification de la dernière version Spigot disponible
|
||||
ansible.builtin.uri:
|
||||
url: "{{ spigot_update_check_url }}{{ minecraft_version }}.json"
|
||||
method: GET
|
||||
return_content: yes
|
||||
register: spigot_version_check
|
||||
failed_when: false
|
||||
|
||||
- name: Détermination si une mise à jour est disponible
|
||||
set_fact:
|
||||
new_spigot_available: "{{ latest_spigot_version != minecraft_version }}"
|
||||
when: latest_spigot_version is defined
|
||||
|
||||
- name: Display version information
|
||||
debug:
|
||||
msg: "Current: {{ minecraft_version }}, Latest: {{ latest_spigot_version | default('Unknown') }}, Update available: {{ new_spigot_available | default(false) }}"
|
||||
spigot_update_available: "{{ minecraft_version != current_spigot_version }}"
|
@@ -1,16 +1,16 @@
|
||||
---
|
||||
- name: Create temporary build directory
|
||||
file:
|
||||
path: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}"
|
||||
- name: Création du répertoire de build temporaire
|
||||
ansible.builtin.file:
|
||||
path: "{{ temp_build_dir }}"
|
||||
state: directory
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
|
||||
- name: Download BuildTools for new version
|
||||
get_url:
|
||||
- name: Téléchargement de BuildTools pour la nouvelle version
|
||||
ansible.builtin.get_url:
|
||||
url: "{{ spigot_build_tools_url }}"
|
||||
dest: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/BuildTools.jar"
|
||||
dest: "{{ temp_build_dir }}/BuildTools.jar"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
13
roles/05-update/tasks/05-compile-new-spigot.yml
Normal file
13
roles/05-update/tasks/05-compile-new-spigot.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: Compilation de la nouvelle version Spigot
|
||||
ansible.builtin.command:
|
||||
cmd: "java -jar BuildTools.jar --rev {{ minecraft_version }}"
|
||||
chdir: "{{ temp_build_dir }}"
|
||||
creates: "{{ temp_build_dir }}/spigot-{{ minecraft_version }}.jar"
|
||||
become_user: "{{ minecraft_user }}"
|
||||
timeout: 1800
|
||||
register: spigot_compile_result
|
||||
|
||||
- name: Marquage du succès de compilation
|
||||
set_fact:
|
||||
spigot_compilation_success: "{{ spigot_compile_result.rc == 0 }}"
|
@@ -1,38 +0,0 @@
|
||||
---
|
||||
- name: Compile new Spigot version
|
||||
shell: |
|
||||
cd {{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}
|
||||
java -jar BuildTools.jar --rev {{ latest_spigot_version }}
|
||||
become_user: "{{ minecraft_user }}"
|
||||
args:
|
||||
creates: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar"
|
||||
register: spigot_compile_result
|
||||
|
||||
- name: Set compilation success flag
|
||||
set_fact:
|
||||
new_spigot_compiled: "{{ spigot_compile_result.rc == 0 }}"
|
||||
|
||||
- name: Create new server directory
|
||||
file:
|
||||
path: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}"
|
||||
state: directory
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0755'
|
||||
when: new_spigot_compiled
|
||||
|
||||
- name: Copy new Spigot jar to new server directory
|
||||
copy:
|
||||
src: "{{ minecraft_sources_dir }}/build_{{ latest_spigot_version }}/spigot-{{ latest_spigot_version }}.jar"
|
||||
dest: "{{ minecraft_server_dir }}_{{ latest_spigot_version }}/spigot.jar"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
remote_src: yes
|
||||
when: new_spigot_compiled
|
||||
|
||||
- name: Copy configuration files to new server directory
|
||||
shell: |
|
||||
cp -r {{ minecraft_server_dir }}/* {{ minecraft_server_dir }}_{{ latest_spigot_version }}/
|
||||
chown -R {{ minecraft_user }}:{{ minecraft_group }} {{ minecraft_server_dir }}_{{ latest_spigot_version }}
|
||||
when: new_spigot_compiled
|
@@ -1,29 +1,31 @@
|
||||
---
|
||||
- name: Stop Minecraft service
|
||||
systemd:
|
||||
name: minecraft
|
||||
state: stopped
|
||||
- name: Sauvegarde avant mise à jour
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ backup_script_path }}/minecraft-backup-daily.sh"
|
||||
when: update_backup_before | default(true)
|
||||
|
||||
- name: Create version switch script
|
||||
template:
|
||||
- name: Génération du script de changement de version
|
||||
ansible.builtin.template:
|
||||
src: version-switch.sh.j2
|
||||
dest: "{{ minecraft_tools_dir }}/version-switch.sh"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
dest: "{{ update_script_path }}/minecraft-version-switch.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0755'
|
||||
|
||||
- name: Execute version switch
|
||||
shell: "{{ minecraft_tools_dir }}/version-switch.sh {{ minecraft_version }} {{ latest_spigot_version }}"
|
||||
become_user: "{{ minecraft_user }}"
|
||||
register: version_switch_result
|
||||
- name: Exécution du changement de version
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ update_script_path }}/minecraft-version-switch.sh {{ minecraft_version }}"
|
||||
notify: restart minecraft
|
||||
|
||||
- name: Update minecraft_version variable
|
||||
set_fact:
|
||||
minecraft_version: "{{ latest_spigot_version }}"
|
||||
when: version_switch_result.rc == 0
|
||||
- name: Mise à jour du fichier de version
|
||||
ansible.builtin.copy:
|
||||
content: "{{ minecraft_version }}"
|
||||
dest: "{{ current_version_file }}"
|
||||
owner: "{{ minecraft_user }}"
|
||||
group: "{{ minecraft_group }}"
|
||||
mode: '0644'
|
||||
|
||||
- name: Start Minecraft service
|
||||
systemd:
|
||||
name: minecraft
|
||||
state: started
|
||||
when: version_switch_result.rc == 0
|
||||
- name: Nettoyage du répertoire temporaire
|
||||
ansible.builtin.file:
|
||||
path: "{{ temp_build_dir }}"
|
||||
state: absent
|
@@ -1,13 +0,0 @@
|
||||
---
|
||||
- name: Clean up old build directories
|
||||
file:
|
||||
path: "{{ minecraft_sources_dir }}/build_{{ item }}"
|
||||
state: absent
|
||||
loop: "{{ old_versions | default([]) }}"
|
||||
|
||||
- name: Clean up old server directories
|
||||
file:
|
||||
path: "{{ minecraft_server_dir }}_{{ item }}"
|
||||
state: absent
|
||||
loop: "{{ old_versions | default([]) }}"
|
||||
when: cleanup_old_versions | default(true)
|
@@ -1,34 +1,23 @@
|
||||
---
|
||||
- name: Include SSH keys check tasks
|
||||
include_tasks: 01-check-ssh-keys.yml
|
||||
when: ssh_keys_check_enabled
|
||||
tags: ['update', 'ssh-keys']
|
||||
# Tâches principales mises à jour
|
||||
- import_tasks: 01-check-ssh-keys.yml
|
||||
tags: [update, ssh-keys]
|
||||
|
||||
- name: Include system updates check tasks
|
||||
include_tasks: 02-check-system-updates.yml
|
||||
when: system_update_check_enabled
|
||||
tags: ['update', 'system']
|
||||
- import_tasks: 02-check-system-updates.yml
|
||||
tags: [update, system]
|
||||
when: update_system_packages | default(false)
|
||||
|
||||
- name: Include Spigot version check tasks
|
||||
include_tasks: 03-check-spigot-version.yml
|
||||
when: spigot_update_check_enabled
|
||||
tags: ['update', 'spigot']
|
||||
- import_tasks: 03-check-spigot-version.yml
|
||||
tags: [update, spigot-version]
|
||||
|
||||
- name: Include new Spigot download tasks
|
||||
include_tasks: 04-download-new-spigot.yml
|
||||
when: new_spigot_available | default(false)
|
||||
tags: ['update', 'download']
|
||||
- import_tasks: 04-download-new-spigot.yml
|
||||
tags: [update, spigot-download]
|
||||
when: spigot_update_available | default(false)
|
||||
|
||||
- name: Include new version compilation tasks
|
||||
include_tasks: 05-compile-new-version.yml
|
||||
when: new_spigot_available | default(false)
|
||||
tags: ['update', 'compile']
|
||||
- import_tasks: 05-compile-new-spigot.yml
|
||||
tags: [update, spigot-compile]
|
||||
when: spigot_update_available | default(false)
|
||||
|
||||
- name: Include version switch tasks
|
||||
include_tasks: 06-switch-versions.yml
|
||||
when: new_spigot_compiled | default(false)
|
||||
tags: ['update', 'switch']
|
||||
|
||||
- name: Include cleanup tasks
|
||||
include_tasks: 07-cleanup.yml
|
||||
tags: ['update', 'cleanup']
|
||||
- import_tasks: 06-switch-versions.yml
|
||||
tags: [update, spigot-switch]
|
||||
when: spigot_update_available | default(false) and spigot_compilation_success | default(false)
|
@@ -1,18 +1,55 @@
|
||||
#!/bin/bash
|
||||
# Script de changement de version Minecraft
|
||||
|
||||
OLD_VERSION="$1"
|
||||
NEW_VERSION="$2"
|
||||
SERVER_DIR="{{ minecraft_server_dir }}"
|
||||
BACKUP_DIR="{{ minecraft_backups_dir }}/version_backup"
|
||||
set -e
|
||||
|
||||
# Create backup directory
|
||||
if [ $# -ne 1 ]; then
|
||||
echo "Usage: $0 <version>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
NEW_VERSION=$1
|
||||
MINECRAFT_DIR="{{ minecraft_server_dir }}"
|
||||
TEMP_BUILD_DIR="{{ temp_build_dir }}"
|
||||
BACKUP_DIR="${MINECRAFT_DIR}/backup-$(date +%Y%m%d_%H%M%S)"
|
||||
|
||||
echo "Changement vers la version ${NEW_VERSION}"
|
||||
|
||||
# Vérification que le nouveau JAR existe
|
||||
if [ ! -f "${TEMP_BUILD_DIR}/spigot-${NEW_VERSION}.jar" ]; then
|
||||
echo "Erreur: Fichier spigot-${NEW_VERSION}.jar introuvable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Arrêt du serveur
|
||||
echo "Arrêt du serveur Minecraft..."
|
||||
systemctl stop minecraft || true
|
||||
sleep 10
|
||||
|
||||
# Sauvegarde de l'ancienne version
|
||||
echo "Sauvegarde de l'ancienne version..."
|
||||
mkdir -p "${BACKUP_DIR}"
|
||||
cp "${MINECRAFT_DIR}/spigot.jar" "${BACKUP_DIR}/spigot-old.jar" 2>/dev/null || true
|
||||
|
||||
# Backup current version
|
||||
mv "${SERVER_DIR}" "${BACKUP_DIR}/server_${OLD_VERSION}_$(date +%Y%m%d_%H%M%S)"
|
||||
# Copie de la nouvelle version
|
||||
echo "Installation de la nouvelle version..."
|
||||
cp "${TEMP_BUILD_DIR}/spigot-${NEW_VERSION}.jar" "${MINECRAFT_DIR}/spigot.jar"
|
||||
chown {{ minecraft_user }}:{{ minecraft_group }} "${MINECRAFT_DIR}/spigot.jar"
|
||||
|
||||
# Switch to new version
|
||||
mv "${SERVER_DIR}_${NEW_VERSION}" "${SERVER_DIR}"
|
||||
# Test de démarrage
|
||||
echo "Test de la nouvelle version..."
|
||||
systemctl start minecraft
|
||||
|
||||
echo "Version switched from ${OLD_VERSION} to ${NEW_VERSION}"
|
||||
exit 0
|
||||
# Vérification que le serveur démarre correctement
|
||||
sleep 30
|
||||
if systemctl is-active --quiet minecraft; then
|
||||
echo "Mise à jour réussie vers la version ${NEW_VERSION}"
|
||||
echo "Ancienne version sauvegardée dans: ${BACKUP_DIR}"
|
||||
else
|
||||
echo "Erreur: La nouvelle version ne démarre pas correctement"
|
||||
echo "Restauration de l'ancienne version..."
|
||||
systemctl stop minecraft || true
|
||||
cp "${BACKUP_DIR}/spigot-old.jar" "${MINECRAFT_DIR}/spigot.jar" 2>/dev/null || true
|
||||
systemctl start minecraft
|
||||
exit 1
|
||||
fi
|
@@ -0,0 +1,5 @@
|
||||
---
|
||||
# Variables mises à jour
|
||||
update_script_path: /usr/local/bin
|
||||
temp_build_dir: "/tmp/minecraft-build"
|
||||
current_version_file: "{{ minecraft_server_dir }}/.version"
|
23
scripts/test-connection.sh
Normal file
23
scripts/test-connection.sh
Normal file
@@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
# Test de connexion aux serveurs
|
||||
|
||||
echo "=== Test de connexion aux serveurs ==="
|
||||
|
||||
# Test staging
|
||||
echo "Test de connexion à staging..."
|
||||
ansible -i inventories/staging/hosts.yml minecraft_servers -m ping
|
||||
|
||||
# Test production
|
||||
echo "Test de connexion à production..."
|
||||
ansible -i inventories/production/hosts.yml minecraft_servers -m ping
|
||||
|
||||
echo ""
|
||||
echo "=== Test de privilèges sudo ==="
|
||||
|
||||
# Test sudo staging
|
||||
echo "Test sudo sur staging..."
|
||||
ansible -i inventories/staging/hosts.yml minecraft_servers -b -m command -a "whoami"
|
||||
|
||||
# Test sudo production
|
||||
echo "Test sudo sur production..."
|
||||
ansible -i inventories/production/hosts.yml minecraft_servers -b -m command -a "whoami"
|
21
secrets.example
Normal file
21
secrets.example
Normal file
@@ -0,0 +1,21 @@
|
||||
# Fichier des secrets à configurer dans Gitea
|
||||
# Copier ces variables dans les secrets de votre repository Gitea
|
||||
|
||||
# Variables SSH
|
||||
ANSIBLE_SSH_PRIVATE_KEY=<votre_clé_ssh_privée_base64>
|
||||
ANSIBLE_SSH_PUBLIC_KEY=<votre_clé_ssh_publique>
|
||||
|
||||
# Variables serveur
|
||||
MINECRAFT_ADMIN_PASSWORD=<mot_de_passe_admin_minecraft>
|
||||
BACKUP_SSH_KEY=<clé_ssh_pour_backups_distants>
|
||||
|
||||
# Variables réseau
|
||||
ALLOWED_SSH_IPS=<liste_des_ips_autorisées_ssh>
|
||||
MINECRAFT_RCON_PASSWORD=<mot_de_passe_rcon>
|
||||
|
||||
# Variables base de données (si nécessaire)
|
||||
DB_PASSWORD=<mot_de_passe_base_de_données>
|
||||
|
||||
# Variables notification
|
||||
DISCORD_WEBHOOK=<webhook_discord_pour_notifications>
|
||||
SLACK_TOKEN=<token_slack_pour_notifications>
|
9
site.yml
9
site.yml
@@ -1,11 +1,16 @@
|
||||
---
|
||||
- name: Deploy Minecraft Spigot Server
|
||||
- name: Installation complète serveur Minecraft Spigot
|
||||
hosts: minecraft_servers
|
||||
remote_user: ansible
|
||||
become: yes
|
||||
serial: 1
|
||||
gather_facts: yes
|
||||
|
||||
roles:
|
||||
- 01-server_hardening
|
||||
- 02-installation-java
|
||||
- 03-installation-minecraft
|
||||
- 04-backups
|
||||
- 05-update
|
||||
|
||||
vars_files:
|
||||
- "inventories/{{ inventory_dir | basename }}/group_vars/all.yml"
|
Reference in New Issue
Block a user