Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-04-28 19:28:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #815 from shaderecker/cloud-updates

Browse source 
Cloud updates (Ansible & Terraform)
This commit is contained in:
Marco Ochse 2021-04-15 17:35:57 +02:00 committed by GitHub
commit 8abd1be5bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 157 additions and 122 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cloud/.gitignore vendored
View file

@ -6,5 +6,5 @@
**/terraform.* **/terraform.*
# OpenStack clouds # OpenStack clouds
clouds.yaml **/clouds.yaml
secure.yaml **/secure.yaml

20
cloud/ansible/openstack/roles/create_net/tasks/main.yaml
View file

@ -1,33 +1,33 @@
- name: Create security group - name: Create security group
openstack.cloud.security_group: openstack.cloud.security_group:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
name: sg-tpot-any name: sg-tpot-ansible
description: tpot any-any description: Security Group for T-Pot
- name: Add rules to security group - name: Add rules to security group
openstack.cloud.security_group_rule: openstack.cloud.security_group_rule:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
security_group: sg-tpot-any security_group: sg-tpot-ansible
remote_ip_prefix: 0.0.0.0/0 remote_ip_prefix: 0.0.0.0/0
- name: Create network - name: Create network
openstack.cloud.network: openstack.cloud.network:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
name: network-tpot name: network-tpot-ansible
- name: Create subnet - name: Create subnet
openstack.cloud.subnet: openstack.cloud.subnet:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
network_name: network-tpot network_name: network-tpot-ansible
name: subnet-tpot name: subnet-tpot-ansible
cidr: 192.168.0.0/24 cidr: 192.168.0.0/24
dns_nameservers: dns_nameservers:
- 1.1.1.1 - 100.125.4.25
- 8.8.8.8 - 100.125.129.199
- name: Create router - name: Create router
openstack.cloud.router: openstack.cloud.router:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
name: router-tpot name: router-tpot-ansible
interfaces: interfaces:
- subnet-tpot - subnet-tpot-ansible

6
cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
View file

@ -11,10 +11,10 @@
boot_from_volume: yes boot_from_volume: yes
volume_size: "{{ volume_size }}" volume_size: "{{ volume_size }}"
key_name: "{{ key_name }}" key_name: "{{ key_name }}"
timeout: 200 auto_ip: yes
flavor: "{{ flavor }}" flavor: "{{ flavor }}"
security_groups: sg-tpot-any security_groups: sg-tpot-ansible
network: network-tpot network: network-tpot-ansible
register: tpot register: tpot
- name: Add instance to inventory - name: Add instance to inventory

13
cloud/terraform/README.md
View file

@ -37,12 +37,13 @@ This can easily be extended to support other [Terraform providers](https://regis
<a name="what-created-otc"></a> <a name="what-created-otc"></a>
### Open Telekom Cloud (OTC) ### Open Telekom Cloud (OTC)
* ECS instance: * ECS instance:
* s2.medium.8 (1 vCPU, 8 GB RAM) * s3.medium.8 (1 vCPU, 8 GB RAM)
* 128 GB disk * 128 GB disk
* Debian 10 * Debian 10
* Public EIP * Public EIP
* Security Group * Security Group
* Network, Subnet, Router (= Virtual Private Cloud [VPC]) * All TCP/UDP ports are open to the Internet
* Virtual Private Cloud (VPC) and Subnet
<a name="pre"></a> <a name="pre"></a>
## Prerequisites ## Prerequisites
@ -90,11 +91,13 @@ In `aws/variables.tf`, you can change the additional variables:
<a name="variables-otc"></a> <a name="variables-otc"></a>
### Open Telekom Cloud (OTC) ### Open Telekom Cloud (OTC)
In `otc/variables.tf`, you can change the additional variables: In `otc/variables.tf`, you can change the additional variables:
* `ecs_flavor`
* `ecs_disk_size`
* `availability_zone` * `availability_zone`
* `flavor`
* `key_pair` - Specify an existing SSH key pair * `key_pair` - Specify an existing SSH key pair
* `volume_size` * `eip_size`
Furthermore you can configure the naming of the created infrastructure (per default everything gets prefixed with "tpot-", e.g. "tpot-router").
... and some more, but these are the most relevant.
<a name="initialising"></a> <a name="initialising"></a>
## Initialising ## Initialising

4
cloud/terraform/aws/main.tf
View file

@ -60,7 +60,7 @@ resource "aws_instance" "tpot" {
volume_size = 128 volume_size = 128
delete_on_termination = true delete_on_termination = true
} }
user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password}) user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
vpc_security_group_ids = [aws_security_group.tpot.id] vpc_security_group_ids = [aws_security_group.tpot.id]
associate_public_ip_address = true associate_public_ip_address = true
} }

18
cloud/terraform/aws/variables.tf
View file

@ -55,7 +55,7 @@ variable "ec2_ami" {
} }
} }
# cloud-init configuration ## cloud-init configuration ##
variable "timezone" { variable "timezone" {
default = "UTC" default = "UTC"
} }
@ -63,20 +63,30 @@ variable "timezone" {
variable "linux_password" { variable "linux_password" {
#default = "LiNuXuSeRPaSs#" #default = "LiNuXuSeRPaSs#"
description = "Set a password for the default user" description = "Set a password for the default user"
validation {
condition = length(var.linux_password) > 0
error_message = "Please specify a password for the default user."
}
} }
# These will go in the generated tpot.conf file ## These will go in the generated tpot.conf file ##
variable "tpot_flavor" { variable "tpot_flavor" {
default = "STANDARD" default = "STANDARD"
description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]" description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
} }
variable "web_user" { variable "web_user" {
default = "webuser" default = "webuser"
description = "Set a username for the web user" description = "Set a username for the web user"
} }
variable "web_password" { variable "web_password" {
#default = "w3b$ecret" #default = "w3b$ecret"
description = "Set a password for the web user" description = "Set a password for the web user"
validation {
condition = length(var.web_password) > 0
error_message = "Please specify a password for the web user."
}
} }

2
cloud/terraform/aws/versions.tf
View file

@ -2,7 +2,7 @@ terraform {
required_version = ">= 0.13" required_version = ">= 0.13"
required_providers { required_providers {
aws = { aws = {
source = "hashicorp/aws" source = "hashicorp/aws"
version = "3.26.0" version = "3.26.0"
} }
} }

53
cloud/terraform/otc/.terraform.lock.hcl
View file

@ -2,38 +2,37 @@
# Manual edits may be lost in future updates. # Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/random" { provider "registry.terraform.io/hashicorp/random" {
version = "3.0.1" version = "3.1.0"
constraints = "~> 3.0.1" constraints = "~> 3.1.0"
hashes = [ hashes = [
"h1:SzM8nt2wzLMI28A3CWAtW25g3ZCm1O4xD0h3Ps/rU1U=", "h1:BZMEPucF+pbu9gsPk0G0BHx7YP04+tKdq2MrRDF1EDM=",
"zh:0d4f683868324af056a9eb2b06306feef7c202c88dbbe6a4ad7517146a22fb50", "zh:2bbb3339f0643b5daa07480ef4397bd23a79963cc364cdfbb4e86354cb7725bc",
"zh:4824b3c7914b77d41dfe90f6f333c7ac9860afb83e2a344d91fbe46e5dfbec26", "zh:3cd456047805bf639fbf2c761b1848880ea703a054f76db51852008b11008626",
"zh:4b82e43712f3cf0d0cbc95b2cbcd409ba8f0dc7848fdfb7c13633c27468ed04a", "zh:4f251b0eda5bb5e3dc26ea4400dba200018213654b69b4a5f96abee815b4f5ff",
"zh:78b3a2b860c3ebc973a794000015f5946eb59b82705d701d487475406b2612f1", "zh:7011332745ea061e517fe1319bd6c75054a314155cb2c1199a5b01fe1889a7e2",
"zh:88bc65197bd74ff408d147b32f0045372ae3a3f2a2fdd7f734f315d988c0e4a2", "zh:738ed82858317ccc246691c8b85995bc125ac3b4143043219bd0437adc56c992",
"zh:91bd3c9f625f177f3a5d641a64e54d4b4540cb071070ecda060a8261fb6eb2ef", "zh:7dbe52fac7bb21227acd7529b487511c91f4107db9cc4414f50d04ffc3cab427",
"zh:a6818842b28d800f784e0c93284ff602b0c4022f407e4750da03f50b853a9a2c", "zh:a3a9251fb15f93e4cfc1789800fc2d7414bbc18944ad4c5c98f466e6477c42bc",
"zh:c4a1a2b52abd05687e6cfded4a789dcd7b43e7a746e4d02dd1055370cf9a994d", "zh:a543ec1a3a8c20635cf374110bd2f87c07374cf2c50617eee2c669b3ceeeaa9f",
"zh:cf65041bf12fc3bde709c1d267dbe94142bc05adcabc4feb17da3b12249132ac", "zh:d9ab41d556a48bd7059f0810cf020500635bfc696c9fc3adab5ea8915c1d886b",
"zh:e385e00e7425dda9d30b74ab4ffa4636f4b8eb23918c0b763f0ffab84ece0c5c", "zh:d9e13427a7d011dbd654e591b0337e6074eef8c3b9bb11b2e39eaaf257044fd7",
"zh:f7605bd1437752114baf601bdf6931debe6dc6bfe3006eb7e9bb9080931dca8a",
] ]
} }
provider "registry.terraform.io/opentelekomcloud/opentelekomcloud" { provider "registry.terraform.io/opentelekomcloud/opentelekomcloud" {
version = "1.22.5" version = "1.23.6"
constraints = "1.22.5" constraints = "~> 1.23.4"
hashes = [ hashes = [
"h1:H20WxSx+j2JyrqHAgqsrV3rMWEOEZVEQuA7upz/1IgY=", "h1:B/1Md957jWaDgFqsJDzmJc75KwL0eC/PCVuZ8HV5xSc=",
"zh:276ab06e7c011351fc5a803fea0321a9d12b1353bd43f5389f3bbf491e31fc41", "zh:1aa79010869d082157fb44fc83c3bff4e40938ec0ca916f704d974c7f7ca39e4",
"zh:3191dc598ea4e4c99d08a2b1a5f65710dbcc1a892b1f9dde7b52515f32028319", "zh:3155b8366828ce50231f69962b55df1e2261ed63c44bb64e2c950dd68769df1b",
"zh:43db37c5fb6a886ce3bbc2aa730854476da7dd0340622ad874998041fa96f7a2", "zh:4a909617aa96a6d8aead14f56996ad94e0a1cae9d28e8df1ddae19c2095ed337",
"zh:45f3e2677a4c35bd88d435c906224092e0dde17055a203b474da2eeacffbf9b7", "zh:4f71046719632b4b90f88d29d8ba88915ee6ad66cd9d7ebe84a7459013e5003a",
"zh:504568581e561130fc0a9ceb6514e9664c67e3a89cd6c912f64c82f0a0305a30", "zh:67e4d10b2db79ad78ae2ec8d9dfac53c4721028f97f4436a7aa45e80b1beefd3",
"zh:5646c76cbe710fd0acde409cdcfb352dd53a282c0207e46e33ac5714d0eaa0b9", "zh:7f12541fc5a3513e5522ff2bd5fee17d1e67bfe64f9ef59d03863fc7389e12ce",
"zh:578b0f5d43f156f86ca6a63604da6e968f035d0b4bf6ccfc83db284fd31057f6", "zh:86fadabfc8307cf6084a412ffc9c797ec94932d08bc663a3fcebf98101e951f6",
"zh:784459b8350dc650f01e6866bcec0632e8b5a8733d81e6ed53bc8cc1254abb92", "zh:98744b39c2bfe3e8e6f929f750a689971071b257f3f066f669f93c8e0b76d179",
"zh:970aa873a81994cddf84279b255d3f51a4138b23cb9162707cefb84042451bfc", "zh:c363d41debb060804e2c6bd9cb50b4e8daa37362299e3ea74e187265cd85f2ca",
"zh:e892b8b6225a46067586b8e54a7102ac1b0fc296b4851dab3d4cc185de538d66",
"zh:f8c4699eebe99ac93d9cdccfcc809a5bd3d6c238be136d5a26c4e812ef30ec32",
] ]
} }

72
cloud/terraform/otc/main.tf
View file

@ -14,24 +14,18 @@ resource "opentelekomcloud_networking_secgroup_rule_v2" "secgroup_rule_1" {
security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id security_group_id = opentelekomcloud_networking_secgroup_v2.secgroup_1.id
} }
resource "opentelekomcloud_networking_network_v2" "network_1" { resource "opentelekomcloud_vpc_v1" "vpc_1" {
name = var.network_name name = var.vpc_name
cidr = var.vpc_cidr
} }
resource "opentelekomcloud_networking_subnet_v2" "subnet_1" { resource "opentelekomcloud_vpc_subnet_v1" "subnet_1" {
name = var.subnet_name name = var.subnet_name
network_id = opentelekomcloud_networking_network_v2.network_1.id cidr = var.subnet_cidr
cidr = "192.168.0.0/24" vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
dns_nameservers = ["1.1.1.1", "8.8.8.8"]
}
resource "opentelekomcloud_networking_router_v2" "router_1" { gateway_ip = var.subnet_gateway_ip
name = var.router_name dns_list = ["100.125.4.25", "100.125.129.199"]
}
resource "opentelekomcloud_networking_router_interface_v2" "router_interface_1" {
router_id = opentelekomcloud_networking_router_v2.router_1.id
subnet_id = opentelekomcloud_networking_subnet_v2.subnet_1.id
} }
resource "random_id" "tpot" { resource "random_id" "tpot" {
@ -39,33 +33,35 @@ resource "random_id" "tpot" {
prefix = var.ecs_prefix prefix = var.ecs_prefix
} }
resource "opentelekomcloud_compute_instance_v2" "ecs_1" { resource "opentelekomcloud_ecs_instance_v1" "ecs_1" {
name = random_id.tpot.b64_std
image_id = data.opentelekomcloud_images_image_v2.debian.id
flavor = var.ecs_flavor
vpc_id = opentelekomcloud_vpc_v1.vpc_1.id
nics {
network_id = opentelekomcloud_vpc_subnet_v1.subnet_1.id
}
system_disk_size = var.ecs_disk_size
security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.id]
availability_zone = var.availability_zone availability_zone = var.availability_zone
name = random_id.tpot.b64_std key_name = var.key_pair
flavor_name = var.flavor user_data = templatefile("../cloud-init.yaml", { timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password })
key_pair = var.key_pair }
security_groups = [opentelekomcloud_networking_secgroup_v2.secgroup_1.name]
user_data = templatefile("../cloud-init.yaml", {timezone = var.timezone, password = var.linux_password, tpot_flavor = var.tpot_flavor, web_user = var.web_user, web_password = var.web_password})
network { resource "opentelekomcloud_vpc_eip_v1" "eip_1" {
name = opentelekomcloud_networking_network_v2.network_1.name publicip {
type = "5_bgp"
} }
bandwidth {
block_device { name = "bandwidth-${random_id.tpot.b64_std}"
uuid = data.opentelekomcloud_images_image_v2.debian.id size = var.eip_size
source_type = "image" share_type = "PER"
volume_size = var.volume_size
destination_type = "volume"
delete_on_termination = "true"
} }
depends_on = [opentelekomcloud_networking_router_interface_v2.router_interface_1]
} }
resource "opentelekomcloud_networking_floatingip_v2" "floatip_1" { resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_1" {
} floating_ip = opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address
instance_id = opentelekomcloud_ecs_instance_v1.ecs_1.id
resource "opentelekomcloud_compute_floatingip_associate_v2" "fip_2" {
floating_ip = opentelekomcloud_networking_floatingip_v2.floatip_1.address
instance_id = opentelekomcloud_compute_instance_v2.ecs_1.id
} }

6
cloud/terraform/otc/outputs.tf
View file

@ -1,11 +1,11 @@
output "Admin_UI" { output "Admin_UI" {
value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64294" value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64294"
} }
output "SSH_Access" { output "SSH_Access" {
value = "ssh -p 64295 linux@${opentelekomcloud_networking_floatingip_v2.floatip_1.address}" value = "ssh -p 64295 linux@${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}"
} }
output "Web_UI" { output "Web_UI" {
value = "https://${opentelekomcloud_networking_floatingip_v2.floatip_1.address}:64297" value = "https://${opentelekomcloud_vpc_eip_v1.eip_1.publicip.0.ip_address}:64297"
} }

2
cloud/terraform/otc/provider.tf
View file

@ -1,3 +1,3 @@
provider "opentelekomcloud" { provider "opentelekomcloud" {
cloud = "open-telekom-cloud" cloud = "open-telekom-cloud"
} }

71
cloud/terraform/otc/variables.tf
View file

@ -1,4 +1,4 @@
# cloud-init configuration ## cloud-init configuration ##
variable "timezone" { variable "timezone" {
default = "UTC" default = "UTC"
} }
@ -6,66 +6,93 @@ variable "timezone" {
variable "linux_password" { variable "linux_password" {
#default = "LiNuXuSeRPaSs#" #default = "LiNuXuSeRPaSs#"
description = "Set a password for the default user" description = "Set a password for the default user"
validation {
condition = length(var.linux_password) > 0
error_message = "Please specify a password for the default user."
}
} }
# Cloud resources name configuration ## Security Group ##
variable "secgroup_name" { variable "secgroup_name" {
default = "tpot-secgroup" default = "sg-tpot"
} }
variable "secgroup_desc" { variable "secgroup_desc" {
default = "T-Pot Security Group" default = "Security Group for T-Pot"
} }
variable "network_name" { ## Virtual Private Cloud ##
default = "tpot-network" variable "vpc_name" {
default = "vpc-tpot"
} }
variable "vpc_cidr" {
default = "192.168.0.0/16"
}
## Subnet ##
variable "subnet_name" { variable "subnet_name" {
default = "tpot-subnet" default = "subnet-tpot"
} }
variable "router_name" { variable "subnet_cidr" {
default = "tpot-router" default = "192.168.0.0/24"
} }
variable "subnet_gateway_ip" {
default = "192.168.0.1"
}
## Elastic Cloud Server ##
variable "ecs_prefix" { variable "ecs_prefix" {
default = "tpot-" default = "tpot-"
} }
# ECS configuration variable "ecs_flavor" {
variable "availability_zone" { default = "s3.medium.8"
default = "eu-de-03"
description = "Select an availability zone"
} }
variable "flavor" { variable "ecs_disk_size" {
default = "s3.medium.8" default = "128"
description = "Select a compute flavor" }
variable "availability_zone" {
default = "eu-de-03"
} }
variable "key_pair" { variable "key_pair" {
#default = "" #default = ""
description = "Specify your SSH key pair" description = "Specify your SSH key pair"
validation {
condition = length(var.key_pair) > 0
error_message = "Please specify a Key Pair."
}
} }
variable "volume_size" { ## Elastic IP ##
default = "128" variable "eip_size" {
description = "Set the volume size" default = "100"
} }
# These will go in the generated tpot.conf file ## These will go in the generated tpot.conf file ##
variable "tpot_flavor" { variable "tpot_flavor" {
default = "STANDARD" default = "STANDARD"
description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]" description = "Specify your tpot flavor [STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, MEDICAL]"
} }
variable "web_user" { variable "web_user" {
default = "webuser" default = "webuser"
description = "Set a username for the web user" description = "Set a username for the web user"
} }
variable "web_password" { variable "web_password" {
#default = "w3b$ecret" #default = "w3b$ecret"
description = "Set a password for the web user" description = "Set a password for the web user"
validation {
condition = length(var.web_password) > 0
error_message = "Please specify a password for the web user."
}
} }

8
cloud/terraform/otc/versions.tf
View file

@ -2,12 +2,12 @@ terraform {
required_version = ">= 0.13" required_version = ">= 0.13"
required_providers { required_providers {
opentelekomcloud = { opentelekomcloud = {
source = "opentelekomcloud/opentelekomcloud" source = "opentelekomcloud/opentelekomcloud"
version = "1.22.5" version = "~> 1.23.4"
} }
random = { random = {
source = "hashicorp/random" source = "hashicorp/random"
version = "~> 3.0.1" version = "~> 3.1.0"
} }
} }
} }