Initial commit for Open Telekom Cloud Showcase

- ECS creation via Open Telekom Cloud API
- T-Pot deployment with Ansible playbook

cloud/.ecs_settings.sh

@@ -0,0 +1,10 @@
+# Set password for user linux
+linuxpass=LiNuXuSeRPaSs
+
+# Set ECS related stuff
+vpcname=your-vpc
+subnet=your-subnet
+keyname=your-KeyPair
+az=eu-de-03
+secgroup=your-sg
+instance=s2.medium.8

cloud/.gitignore

@@ -0,0 +1,8 @@
+# Ansible
+*.retry
+
+# Generated hosts
+hosts/
+
+# Cloned git repository
+otc-tools/

cloud/.otc_env.sh

@@ -0,0 +1,5 @@
+export OS_USERNAME=your_api_user
+export OS_PASSWORD=your_password
+export OS_USER_DOMAIN_NAME=OTC-EU-DE-000000000010000XXXXX
+export OS_PROJECT_NAME=eu-de
+export OS_AUTH_URL=https://iam.eu-de.otc.t-systems.com/v3

cloud/ansible/install.yaml

@@ -0,0 +1,15 @@
+
+---
+# This playbook deploys a T-Pot
+
+- hosts: TPOT
+  remote_user: linux
+  become: yes
+  become_user: root
+  become_method: sudo
+  gather_facts: no
+
+  roles:
+    - install
+
+

cloud/ansible/roles/install/tasks/main.yaml

@@ -0,0 +1,54 @@
+- name: Waiting for SSH connection
+  wait_for_connection:
+    delay: 30
+    timeout: 300
+
+- name: Gathering Facts
+  setup:
+
+- name: Cloning t-pot install directory
+  git:
+    repo: 'https://github.com/dtag-dev-sec/tpotce.git'
+    dest: /root/tpot
+
+- name: Prepare to set user password 
+  set_fact:
+    user_password: "{{ lookup('env', 'LINUX_PASS') }}"
+    user_salt: 's0mew1ck3dTpoT'
+
+- name: Changing password for user linux to {{ user_password }}
+  user:
+   name: "linux"
+   password: "{{ user_password | password_hash('sha512', user_salt) }}"
+   state: present
+   shell: /bin/bash
+   update_password: always
+
+- name: Copy t-pot configuration file
+  template:
+    src: ../templates/tpot.conf
+    dest: /root
+    owner: root
+    group: root
+    mode: 0644
+
+- name: Install t-pot on ECS -  be patient, this might take 15 to 30 minutes depending on the connection speed. No further output is given. 
+  raw: /root/tpot/iso/installer/install.sh --type=auto --conf=/root/tpot.conf
+
+- name: Delete t-pot configuration file
+  file:
+    path: /root/tpot.conf
+    state: absent
+
+- name: Change unattended-upgrades to take default action
+  blockinfile:
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
+    block: |
+      Dpkg::Options {
+        "--force-confdef";
+        "--force-confold";
+      }
+
+- name: Finally rebooting t-pot in one minute - make sure your next login is on port 64295 or via https:// on port 64297
+  shell: /sbin/shutdown -r -t 1
+  become: true

cloud/ansible/roles/install/templates/tpot.conf

@@ -0,0 +1,5 @@
+# tpot configuration file
+# myCONF_TPOT_FLAVOR=[STANDARD, SENSOR, INDUSTRIAL, COLLECTOR, NEXTGEN, LEGACY]
+myCONF_TPOT_FLAVOR='STANDARD'
+myCONF_WEB_USER='webuser'
+myCONF_WEB_PW='w3b$ecret'

cloud/deploy_ansible_otc_t-pot.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+# Import ECS settings
+source .ecs_settings.sh
+
+# Import OTC authentication credentials
+source .otc_env.sh
+
+# Password is later used by Ansible
+export LINUX_PASS=$linuxpass
+
+# Ignore ssh host keys as they are new anyway
+export ANSIBLE_HOST_KEY_CHECKING=False
+
+# Create hosts directory
+mkdir -p hosts
+
+# Create random ID
+HPNAME=t-pot-otc-$(pwgen -ns 6 -1)
+
+# Get otc-tools
+echo "### Cloning otc-tools..."
+git clone https://github.com/OpenTelekomCloud/otc-tools.git  2>/dev/null
+
+# Create ECS via OTC API
+echo "### Creating new ECS host via OTC API..."
+./otc-tools/otc.sh ecs create \
+    --instance-type       $instance\
+    --instance-name       $HPNAME\
+    --image-name          Standard_Debian_9_latest\
+    --subnet-name         $subnet\
+    --vpc-name            $vpcname\
+    --security-group-name $secgroup\
+    --admin-pass          $linuxpass\
+    --key-name            $keyname\
+    --public              true\
+    --disksize            128\
+    --disktype            SATA\
+    --az	          $az\
+    --wait \
+2> /dev/null
+
+if [ "$(uname)" == "Darwin" ]; then
+   PUBIP=$(./otc-tools/otc.sh ecs list 2>/dev/null | grep $HPNAME|cut -d "," -f2 |cut -d "\"" -f 2)
+else
+   PUBIP=$(./otc-tools/otc.sh ecs list 2>/dev/null | grep $HPNAME|cut -d " " -f17)
+fi
+
+echo "[TPOT]" > ./hosts/$HPNAME
+echo $PUBIP  HPNAME=$HPNAME>> ./hosts/$HPNAME
+echo "### NEW HOST $HPNAME ON IP $PUBIP"
+
+ansible-playbook -i ./hosts/$HPNAME ./ansible/install.yaml
+echo "***********************************************"
+echo "*****        SSH TO TARGET: "
+echo "*****        ssh linux@$PUBIP -p 64295"
+echo "***********************************************"