mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-07-02 04:52:11 +00:00
Use FQCNs
This commit is contained in:
Sebastian Haderecker
parent
bb8d2f27c6
commit
b014f73045
7 changed files with 26 additions and 26 deletions
|
|
@ -1,5 +1,5 @@
|
|||
- name: Install dependencies
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- gcc
|
||||
- python3-dev
|
||||
|
|
@ -8,12 +8,12 @@
|
|||
state: present
|
||||
|
||||
- name: Install openstacksdk
|
||||
pip:
|
||||
ansible.builtin.pip:
|
||||
name: openstacksdk
|
||||
executable: pip3
|
||||
|
||||
- name: Check if agent forwarding is enabled
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: Please enable agent forwarding to allow Ansible to connect to the remote host!
|
||||
ignore_errors: yes
|
||||
when: lookup('env','SSH_AUTH_SOCK') == ""
|
||||
|
|
|
|||
|
|
@ -1,22 +1,22 @@
|
|||
- name: Create security group
|
||||
os_security_group:
|
||||
openstack.cloud.security_group:
|
||||
cloud: open-telekom-cloud
|
||||
name: sg-tpot-any
|
||||
description: tpot any-any
|
||||
|
||||
- name: Add rules to security group
|
||||
os_security_group_rule:
|
||||
openstack.cloud.security_group_rule:
|
||||
cloud: open-telekom-cloud
|
||||
security_group: sg-tpot-any
|
||||
remote_ip_prefix: 0.0.0.0/0
|
||||
|
||||
- name: Create network
|
||||
os_network:
|
||||
openstack.cloud.network:
|
||||
cloud: open-telekom-cloud
|
||||
name: network-tpot
|
||||
|
||||
- name: Create subnet
|
||||
os_subnet:
|
||||
openstack.cloud.subnet:
|
||||
cloud: open-telekom-cloud
|
||||
network_name: network-tpot
|
||||
name: subnet-tpot
|
||||
|
|
@ -26,7 +26,7 @@
|
|||
- 8.8.8.8
|
||||
|
||||
- name: Create router
|
||||
os_router:
|
||||
openstack.cloud.router:
|
||||
cloud: open-telekom-cloud
|
||||
name: router-tpot
|
||||
interfaces:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
- name: Generate T-Pot name
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
tpot_name: "t-pot-ansible-{{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=6') }}"
|
||||
|
||||
- name: Create instance
|
||||
os_server:
|
||||
openstack.cloud.server:
|
||||
cloud: open-telekom-cloud
|
||||
name: "{{ tpot_name.stdout }}"
|
||||
availability_zone: "{{ availability_zone }}"
|
||||
|
|
@ -18,7 +18,7 @@
|
|||
register: tpot
|
||||
|
||||
- name: Add instance to inventory
|
||||
add_host:
|
||||
ansible.builtin.add_host:
|
||||
hostname: "{{ tpot_name.stdout }}"
|
||||
ansible_host: "{{ tpot.server.public_v4 }}"
|
||||
groups: tpot
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
- name: Copy ews configuration file
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: ews.cfg
|
||||
dest: /data/ews/conf
|
||||
owner: root
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
mode: 0644
|
||||
|
||||
- name: Patching tpot.yml with custom ews configuration file
|
||||
lineinfile:
|
||||
ansible.builtin.lineinfile:
|
||||
path: /opt/tpot/etc/tpot.yml
|
||||
insertafter: "/opt/ewsposter/ews.ip"
|
||||
line: " - /data/ews/conf/ews.cfg:/opt/ewsposter/ews.cfg"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
- name: Copy hpfeeds configuration file
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: hpfeeds.cfg
|
||||
dest: /data/ews/conf
|
||||
owner: tpot
|
||||
|
|
@ -8,5 +8,5 @@
|
|||
register: config
|
||||
|
||||
- name: Applying hpfeeds settings
|
||||
command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
|
||||
ansible.builtin.command: /opt/tpot/bin/hpfeeds_optin.sh --conf=/data/ews/conf/hpfeeds.cfg
|
||||
when: config.changed == true
|
||||
|
|
|
|||
|
|
@ -1,29 +1,29 @@
|
|||
- name: Waiting for SSH connection
|
||||
wait_for_connection:
|
||||
ansible.builtin.wait_for_connection:
|
||||
|
||||
- name: Gathering facts
|
||||
setup:
|
||||
ansible.builtin.setup:
|
||||
|
||||
- name: Cloning T-Pot install directory
|
||||
git:
|
||||
ansible.builtin.git:
|
||||
repo: "https://github.com/telekom-security/tpotce.git"
|
||||
dest: /root/tpot
|
||||
|
||||
- name: Prepare to set user password
|
||||
set_fact:
|
||||
ansible.builtin.set_fact:
|
||||
user_name: "{{ ansible_user }}"
|
||||
user_salt: "s0mew1ck3dTpoT"
|
||||
no_log: true
|
||||
|
||||
- name: Changing password for user {{ user_name }}
|
||||
user:
|
||||
ansible.builtin.user:
|
||||
name: "{{ ansible_user }}"
|
||||
password: "{{ user_password | password_hash('sha512', user_salt) }}"
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
|
||||
- name: Copy T-Pot configuration file
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: ../../../../../../iso/installer/tpot.conf.dist
|
||||
dest: /root/tpot.conf
|
||||
owner: root
|
||||
|
|
@ -31,15 +31,15 @@
|
|||
mode: 0644
|
||||
|
||||
- name: Install T-Pot on instance - be patient, this might take 15 to 30 minutes depending on the connection speed.
|
||||
command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
|
||||
ansible.builtin.command: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
|
||||
|
||||
- name: Delete T-Pot configuration file
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /root/tpot.conf
|
||||
state: absent
|
||||
|
||||
- name: Change unattended-upgrades to take default action
|
||||
blockinfile:
|
||||
ansible.builtin.blockinfile:
|
||||
dest: /etc/apt/apt.conf.d/50unattended-upgrades
|
||||
block: |
|
||||
Dpkg::Options {
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
- name: Finally rebooting T-Pot
|
||||
command: shutdown -r now
|
||||
ansible.builtin.command: shutdown -r now
|
||||
async: 1
|
||||
poll: 0
|
||||
|
||||
- name: Next login options
|
||||
debug:
|
||||
ansible.builtin.debug:
|
||||
msg:
|
||||
- "***** SSH Access:"
|
||||
- "***** ssh {{ ansible_user }}@{{ ansible_host }} -p 64295"
|
||||
|
|
|
|||
Loading…
Reference in a new issue