Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2025-07-02 04:52:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Use FQCNs

Browse source
This commit is contained in:
Sebastian Haderecker 2021-02-13 17:46:28 +01:00
parent bb8d2f27c6
commit b014f73045
7 changed files with 26 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
cloud/ansible/openstack/roles/check/tasks/main.yaml
View file

@ -1,5 +1,5 @@
- name: Install dependencies - name: Install dependencies
package: ansible.builtin.package:
name: name:
- gcc - gcc
- python3-dev - python3-dev
@ -8,12 +8,12 @@
state: present state: present
- name: Install openstacksdk - name: Install openstacksdk
pip: ansible.builtin.pip:
name: openstacksdk name: openstacksdk
executable: pip3 executable: pip3
- name: Check if agent forwarding is enabled - name: Check if agent forwarding is enabled
fail: ansible.builtin.fail:
msg: Please enable agent forwarding to allow Ansible to connect to the remote host! msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
ignore_errors: yes ignore_errors: yes
when: lookup('env','SSH_AUTH_SOCK') == "" when: lookup('env','SSH_AUTH_SOCK') == ""

10
cloud/ansible/openstack/roles/create_net/tasks/main.yaml
View file

@ -1,22 +1,22 @@
- name: Create security group - name: Create security group
os_security_group: openstack.cloud.security_group:
cloud: open-telekom-cloud cloud: open-telekom-cloud
name: sg-tpot-any name: sg-tpot-any
description: tpot any-any description: tpot any-any
- name: Add rules to security group - name: Add rules to security group
os_security_group_rule: openstack.cloud.security_group_rule:
cloud: open-telekom-cloud cloud: open-telekom-cloud
security_group: sg-tpot-any security_group: sg-tpot-any
remote_ip_prefix: 0.0.0.0/0 remote_ip_prefix: 0.0.0.0/0
- name: Create network - name: Create network
os_network: openstack.cloud.network:
cloud: open-telekom-cloud cloud: open-telekom-cloud
name: network-tpot name: network-tpot
- name: Create subnet - name: Create subnet
os_subnet: openstack.cloud.subnet:
cloud: open-telekom-cloud cloud: open-telekom-cloud
network_name: network-tpot network_name: network-tpot
name: subnet-tpot name: subnet-tpot
@ -26,7 +26,7 @@
- 8.8.8.8 - 8.8.8.8
- name: Create router - name: Create router
os_router: openstack.cloud.router:
cloud: open-telekom-cloud cloud: open-telekom-cloud
name: router-tpot name: router-tpot
interfaces: interfaces:

6
cloud/ansible/openstack/roles/create_vm/tasks/main.yaml
View file

@ -1,9 +1,9 @@
- name: Generate T-Pot name - name: Generate T-Pot name
set_fact: ansible.builtin.set_fact:
tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}" tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}"
- name: Create instance - name: Create instance
os_server: openstack.cloud.server:
cloud: open-telekom-cloud cloud: open-telekom-cloud
name: "{{ tpot_name.stdout }}" name: "{{ tpot_name.stdout }}"
availability_zone: "{{ availability_zone }}" availability_zone: "{{ availability_zone }}"
@ -18,7 +18,7 @@
register: tpot register: tpot
- name: Add instance to inventory - name: Add instance to inventory
add_host: ansible.builtin.add_host:
hostname: "{{ tpot_name.stdout }}" hostname: "{{ tpot_name.stdout }}"
ansible_host: "{{ tpot.server.public_v4 }}" ansible_host: "{{ tpot.server.public_v4 }}"
groups: tpot groups: tpot

4
cloud/ansible/openstack/roles/custom_ews/tasks/main.yaml
View file

@ -1,5 +1,5 @@
- name: Copy ews configuration file - name: Copy ews configuration file
template: ansible.builtin.template:
src: ews.cfg src: ews.cfg
dest: /data/ews/conf dest: /data/ews/conf
owner: root owner: root
@ -7,7 +7,7 @@
mode: 0644 mode: 0644
- name: Patching tpot.yml with custom ews configuration file - name: Patching tpot.yml with custom ews configuration file
lineinfile: ansible.builtin.lineinfile:
path: /opt/tpot/etc/tpot.yml path: /opt/tpot/etc/tpot.yml
insertafter: "/opt/ewsposter/ews.ip" insertafter: "/opt/ewsposter/ews.ip"
line: " - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg" line: " - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"

4
cloud/ansible/openstack/roles/custom_hpfeeds/tasks/main.yaml
View file

@ -1,5 +1,5 @@
- name: Copy hpfeeds configuration file - name: Copy hpfeeds configuration file
copy: ansible.builtin.copy:
src: hpfeeds.cfg src: hpfeeds.cfg
dest: /data/ews/conf dest: /data/ews/conf
owner: tpot owner: tpot
@ -8,5 +8,5 @@
register: config register: config
- name: Applying hpfeeds settings - name: Applying hpfeeds settings
command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg ansible.builtin.command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
when: config.changed == true when: config.changed == true

18
cloud/ansible/openstack/roles/install/tasks/main.yaml
View file

@ -1,29 +1,29 @@
- name: Waiting for SSH connection - name: Waiting for SSH connection
wait_for_connection: ansible.builtin.wait_for_connection:
- name: Gathering facts - name: Gathering facts
setup: ansible.builtin.setup:
- name: Cloning T-Pot install directory - name: Cloning T-Pot install directory
git: ansible.builtin.git:
repo: "https://github.com/telekom-security/tpotce.git" repo: "https://github.com/telekom-security/tpotce.git"
dest: /root/tpot dest: /root/tpot
- name: Prepare to set user password - name: Prepare to set user password
set_fact: ansible.builtin.set_fact:
user_name: "{{ ansible_user }}" user_name: "{{ ansible_user }}"
user_salt: "s0mew1ck3dTpoT" user_salt: "s0mew1ck3dTpoT"
no_log: true no_log: true
- name: Changing password for user {{ user_name }} - name: Changing password for user {{ user_name }}
user: ansible.builtin.user:
name: "{{ ansible_user }}" name: "{{ ansible_user }}"
password: "{{ user_password | password_hash('sha512', user_salt) }}" password: "{{ user_password | password_hash('sha512', user_salt) }}"
state: present state: present
shell: /bin/bash shell: /bin/bash
- name: Copy T-Pot configuration file - name: Copy T-Pot configuration file
template: ansible.builtin.template:
src: ../../../../../../iso/installer/tpot.conf.dist src: ../../../../../../iso/installer/tpot.conf.dist
dest: /root/tpot.conf dest: /root/tpot.conf
owner: root owner: root
@ -31,15 +31,15 @@
mode: 0644 mode: 0644
- name: Install T-Pot on instance - be patient, this might take 15 to 30 minutes depending on the connection speed. - name: Install T-Pot on instance - be patient, this might take 15 to 30 minutes depending on the connection speed.
command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
- name: Delete T-Pot configuration file - name: Delete T-Pot configuration file
file: ansible.builtin.file:
path: /root/tpot.conf path: /root/tpot.conf
state: absent state: absent
- name: Change unattended-upgrades to take default action - name: Change unattended-upgrades to take default action
blockinfile: ansible.builtin.blockinfile:
dest: /etc/apt/apt.conf.d/50unattended-upgrades dest: /etc/apt/apt.conf.d/50unattended-upgrades
block: | block: |
Dpkg::Options { Dpkg::Options {

4
cloud/ansible/openstack/roles/reboot/tasks/main.yaml
View file

@ -1,10 +1,10 @@
- name: Finally rebooting T-Pot - name: Finally rebooting T-Pot
command: shutdown -r now ansible.builtin.command: shutdown -r now
async: 1 async: 1
poll: 0 poll: 0
- name: Next login options - name: Next login options
debug: ansible.builtin.debug:
msg: msg:
- "***** SSH Access:" - "***** SSH Access:"
- "***** ssh {{ ansible_user }}@{{ ansible_host }} -p 64295" - "***** ssh {{ ansible_user }}@{{ ansible_host }} -p 64295"