diff --git a/README.md b/README.md index b84b9d1..c5a2ebe 100644 --- a/README.md +++ b/README.md @@ -128,15 +128,6 @@ For Documentation please open http://localhost:3333 in your browser ![Hashiqube Integrations](images/logo-qube.png?raw=true "Hashiqube Integrations") -## Hashiqube basic usage -* Vault http://localhost:8200 -* Nomad http://localhost:4646 -* Consul http://localhost:8500 -* Waypoint on Nomad https://localhost:9702 -* Waypoint on Minikube https://localhost:19702 -* Boundary http://localhost:19200 -* Docsify http://localhost:3333 - ## Other * LDAP can be accessed on ldap://localhost:389 * Localstack web http://localhost:8080 @@ -239,12 +230,32 @@ For suggestions, feedback and queries please branch or and submit a Pull Request Lead Automation Architect [riaan.nolan@servian.com](mailto:riaan.nolan@servian.com) https://www.linkedin.com/in/riaannolan/ -## About me +## About +Hashiqube has been created to help Engineers, Developers and anyone who wants to practise, learn or demo Hashicorp products to get started quickly with a local lab. + +### About Hashiqube +Hashiqube runs all the Hashicorp products and a host of other popular Open Source software taht is heavily used in the industry. + +Once you have done `vagrant up --provision` you will have access to Vault, Nomad, Consul, Boundary, Waypoint and this documnetation page on your local computer. + +* Vault http://localhost:8200 `vagrant up --provision-with basetools,vault` +* Nomad http://localhost:4646 `vagrant up --provision-with basetools,docker,nomad` +* Consul http://localhost:8500 `vagrant up --provision-with basetools,consul` +* Waypoint on Nomad https://localhost:9702 `vagrant up --provision-with basetools,docker,waypoint` +* Waypoint on Minikube https://localhost:19702 `vagrant up --provision-with basetools,docker,waypoint-kubernetes-minikube` +* Boundary http://localhost:19200 `vagrant up --provision-with basetools,boundary` +* Docsify http://localhost:3333 `vagrant up --provision-with basetools,docsify` + +In addition to the Core Hashicorp products, Hashiqube also runs a host of other popular Open Source integrations that are heavily used within the industry today. + +![Hashiqube Integrations](images/logo-qube.png?raw=true "Hashiqube Integrations") + +### About Me My name is Riaan Nolan and I was born in South Africa. I started out as a Web Developer in 2000 and from there progressed into Systems Administration, with a strong focus on Automation, Infrastrtucture and Configuration as Code. I have worked for Multi-National companies in Portugal, Germany, China, South Africa, United States and Australia. -You are welcome to connect with me on Linkedin https://www.linkedin.com/in/riaannolan/ +You are welcome to connect with me on Linkedin https://www.linkedin.com/in/riaannolan/
Credly profile: https://www.credly.com/users/riaan-nolan.e657145c ![My Hashicorp Badges](images/hashicorp-badges.png?raw=true "My Hashicorp Badges") diff --git a/SUMMARY.md b/SUMMARY.md index 0d76c89..189d3a6 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -3,7 +3,6 @@ * [Ansible](ansible/README.md) * [Ansible-tower](ansible-tower/README.md) * [Apache-airflow](apache-airflow/README.md) - * [Code-server](code-server/README.md) * [Database](database/README.md) * [Dbt](dbt/README.md) * [Docker](docker/README.md) diff --git a/ansible/README.md b/ansible/README.md index a268a73..3318ea7 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -4,54 +4,102 @@ https://www.ansible.com/ ## About Ansible is an open-source software provisioning, configuration management, and application-deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well as Microsoft Windows. It includes its own declarative language to describe system configuration. -## Provision +## Molecule +https://molecule.readthedocs.io/en/latest/ -`vagrant up --provision-with ansible_local` +Molecule project is designed to aid in the development and testing of Ansible roles and can speed up local development of Ansible roles and playbooks in magnetude! -``` -Bringing machine 'user.local.dev' up with 'virtualbox' provider... -==> user.local.dev: Checking if box 'ubuntu/xenial64' version '20190918.0.0' is up to date... -==> user.local.dev: [vagrant-hostsupdater] Checking for host entries -==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 user.local.dev -==> user.local.dev: [vagrant-hostsupdater] found entry for: 10.9.99.10 user.local.dev -==> user.local.dev: Running provisioner: ansible_local... - user.local.dev: Installing Ansible... - user.local.dev: Installing pip... (for Ansible installation) -Vagrant has automatically selected the compatibility mode '2.0' -according to the Ansible version installed (2.9.2). +Molecule provides support for testing with multiple instances, operating systems and distributions, virtualization providers, test frameworks and testing scenarios. + +Molecule encourages an approach that results in consistently developed roles that are well-written, easily understood and maintained. + +Molecule supports only the latest two major versions of Ansible (N/N-1), meaning that if the latest version is 2.9.x, we will also test our code with 2.8.x. + +## Practicle example +Molecule sue providers such as docker or virtualbox to create the target instances to run the playbook against. + +The Targets are configured in molecule/molecule.yml -Alternatively, the compatibility mode can be specified in your Vagrantfile: -https://www.vagrantup.com/docs/provisioning/ansible_common.html#compatibility_mode +For this example we will use: +- Ubuntu 22.04 +- Windows 2019 - user.local.dev: Running ansible-playbook... -cd /vagrant && PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ansible-playbook --limit="user.local.dev" --inventory-file=/tmp/vagrant-ansible/inventory --extra-vars=\{\"www\":\{\"package\":\"apache2\",\"service\":\"apache2\",\"docroot\":\"/var/www/html\"\}\} --become -v ansible/playbook.yml -Using /etc/ansible/ansible.cfg as config file +### Run Molecule (From your local Laptop) -PLAY [all] ********************************************************************* +From the Hashiqube Cloned repo do: +`cd ansible/roles/ansible-role-example-role && ./run.sh` -TASK [Gathering Facts] ********************************************************* -ok: [user.local.dev] +## Gotcha's (Sorry!!) +- M1 and M2 Mac Architectures are NOT supported at this stage +- Hyper-V is not supported at this stage +- Your Vagrant version on Windows and in WSL *MUST* be the same +- Installing WSL could give error: `Catastrophic failure` +``` +PS C:\Windows\system32> wsl --install +Installing: Windows Subsystem for Linux +Catastrophic failure +``` +Restart laptop, run this installation command again, and make sure nothing is downloading in the background at the same time when running the command. + + +- WSL Ubuntu Install could give error: `An error occurred during installation. Distribution Name: 'Ubuntu' Error Code: 0x8000ffff` +``` +PS C:\WINDOWS\system32> wsl --install -d ubuntu +Installing: Ubuntu +An error occurred during installation. Distribution Name: 'Ubuntu' Error Code: 0x8000ffff +``` +Follow this link: https://askubuntu.com/questions/1434150/wsl-ubuntu-installation-fails-with-the-error-please-restart-wsl-with-the-follo and +https://learn.microsoft.com/en-us/windows/wsl/install-manual#step-4---download-the-linux-kernel-update-package -TASK [www : Install Web Service] *********************************************** -[WARNING]: Updating cache and auto-installing missing dependency: python-apt +Note : Run ``` wsl --install -d Ubuntu ``` in **non administrative** mode in powershell -changed: [user.local.dev] => {"cache_update_time": 1578606518, "cache_updated": false, "changed": true, "stderr": "", "stderr_lines": [], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n apache2-bin apache2-data apache2-utils libapr1 libaprutil1\n libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0\nSuggested packages:\n www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom\nThe following NEW packages will be installed:\n apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1\n libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0\n0 upgraded, 9 newly installed, 0 to remove and 6 not upgraded.\nNeed to get 1546 kB of archives.\nAfter this operation, 6375 kB of additional disk space will be used.\nGet:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 libapr1 amd64 1.5.2-3 [86.0 kB]\nGet:2 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1 amd64 1.5.4-1build1 [77.1 kB]\nGet:3 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1-dbd-sqlite3 amd64 1.5.4-1build1 [10.6 kB]\nGet:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1-ldap amd64 1.5.4-1build1 [8720 B]\nGet:5 http://archive.ubuntu.com/ubuntu xenial/main amd64 liblua5.1-0 amd64 5.1.5-8ubuntu1 [102 kB]\nGet:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-bin amd64 2.4.18-2ubuntu3.14 [930 kB]\nGet:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.14 [82.1 kB]\nGet:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-data all 2.4.18-2ubuntu3.14 [162 kB]\nGet:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2 amd64 2.4.18-2ubuntu3.14 [86.5 kB]\nFetched 1546 kB in 3s (496 kB/s)\nSelecting previously unselected package libapr1:amd64.\r\n(Reading database ... \r(Reading database ... 5%\r(Reading database ... 10%\r(Reading database ... 15%\r(Reading database ... 20%\r(Reading database ... 25%\r(Reading database ... 30%\r(Reading database ... 35%\r(Reading database ... 40%\r(Reading database ... 45%\r(Reading database ... 50%\r(Reading database ... 55%\r(Reading database ... 60%\r(Reading database ... 65%\r(Reading database ... 70%\r(Reading database ... 75%\r(Reading database ... 80%\r(Reading database ... 85%\r(Reading database ... 90%\r(Reading database ... 95%\r(Reading database ... 100%\r(Reading database ... 107448 files and directories currently installed.)\r\nPreparing to unpack .../libapr1_1.5.2-3_amd64.deb ...\r\nUnpacking libapr1:amd64 (1.5.2-3) ...\r\nSelecting previously unselected package libaprutil1:amd64.\r\nPreparing to unpack .../libaprutil1_1.5.4-1build1_amd64.deb ...\r\nUnpacking libaprutil1:amd64 (1.5.4-1build1) ...\r\nSelecting previously unselected package libaprutil1-dbd-sqlite3:amd64.\r\nPreparing to unpack .../libaprutil1-dbd-sqlite3_1.5.4-1build1_amd64.deb ...\r\nUnpacking libaprutil1-dbd-sqlite3:amd64 (1.5.4-1build1) ...\r\nSelecting previously unselected package libaprutil1-ldap:amd64.\r\nPreparing to unpack .../libaprutil1-ldap_1.5.4-1build1_amd64.deb ...\r\nUnpacking libaprutil1-ldap:amd64 (1.5.4-1build1) ...\r\nSelecting previously unselected package liblua5.1-0:amd64.\r\nPreparing to unpack .../liblua5.1-0_5.1.5-8ubuntu1_amd64.deb ...\r\nUnpacking liblua5.1-0:amd64 (5.1.5-8ubuntu1) ...\r\nSelecting previously unselected package apache2-bin.\r\nPreparing to unpack .../apache2-bin_2.4.18-2ubuntu3.14_amd64.deb ...\r\nUnpacking apache2-bin (2.4.18-2ubuntu3.14) ...\r\nSelecting previously unselected package apache2-utils.\r\nPreparing to unpack .../apache2-utils_2.4.18-2ubuntu3.14_amd64.deb ...\r\nUnpacking apache2-utils (2.4.18-2ubuntu3.14) ...\r\nSelecting previously unselected package apache2-data.\r\nPreparing to unpack .../apache2-data_2.4.18-2ubuntu3.14_all.deb ...\r\nUnpacking apache2-data (2.4.18-2ubuntu3.14) ...\r\nSelecting previously unselected package apache2.\r\nPreparing to unpack .../apache2_2.4.18-2ubuntu3.14_amd64.deb ...\r\nUnpacking apache2 (2.4.18-2ubuntu3.14) ...\r\nProcessing triggers for libc-bin (2.23-0ubuntu11) ...\r\nProcessing triggers for man-db (2.7.5-1) ...\r\nProcessing triggers for ufw (0.35-0ubuntu2) ...\r\nProcessing triggers for systemd (229-4ubuntu21.23) ...\r\nProcessing triggers for ureadahead (0.100.0-19.1) ...\r\nSetting up libapr1:amd64 (1.5.2-3) ...\r\nSetting up libaprutil1:amd64 (1.5.4-1build1) ...\r\nSetting up libaprutil1-dbd-sqlite3:amd64 (1.5.4-1build1) ...\r\nSetting up libaprutil1-ldap:amd64 (1.5.4-1build1) ...\r\nSetting up liblua5.1-0:amd64 (5.1.5-8ubuntu1) ...\r\nSetting up apache2-bin (2.4.18-2ubuntu3.14) ...\r\nSetting up apache2-utils (2.4.18-2ubuntu3.14) ...\r\nSetting up apache2-data (2.4.18-2ubuntu3.14) ...\r\nSetting up apache2 (2.4.18-2ubuntu3.14) ...\r\nEnabling module mpm_event.\r\nEnabling module authz_core.\r\nEnabling module authz_host.\r\nEnabling module authn_core.\r\nEnabling module auth_basic.\r\nEnabling module access_compat.\r\nEnabling module authn_file.\r\nEnabling module authz_user.\r\nEnabling module alias.\r\nEnabling module dir.\r\nEnabling module autoindex.\r\nEnabling module env.\r\nEnabling module mime.\r\nEnabling module negotiation.\r\nEnabling module setenvif.\r\nEnabling module filter.\r\nEnabling module deflate.\r\nEnabling module status.\r\nEnabling conf charset.\r\nEnabling conf localized-error-pages.\r\nEnabling conf other-vhosts-access-log.\r\nEnabling conf security.\r\nEnabling conf serve-cgi-bin.\r\nEnabling site 000-default.\r\nProcessing triggers for libc-bin (2.23-0ubuntu11) ...\r\nProcessing triggers for systemd (229-4ubuntu21.23) ...\r\nProcessing triggers for ureadahead (0.100.0-19.1) ...\r\nProcessing triggers for ufw (0.35-0ubuntu2) ...\r\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", " apache2-bin apache2-data apache2-utils libapr1 libaprutil1", " libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0", "Suggested packages:", " www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom", "The following NEW packages will be installed:", " apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1", " libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.1-0", "0 upgraded, 9 newly installed, 0 to remove and 6 not upgraded.", "Need to get 1546 kB of archives.", "After this operation, 6375 kB of additional disk space will be used.", "Get:1 http://archive.ubuntu.com/ubuntu xenial/main amd64 libapr1 amd64 1.5.2-3 [86.0 kB]", "Get:2 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1 amd64 1.5.4-1build1 [77.1 kB]", "Get:3 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1-dbd-sqlite3 amd64 1.5.4-1build1 [10.6 kB]", "Get:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 libaprutil1-ldap amd64 1.5.4-1build1 [8720 B]", "Get:5 http://archive.ubuntu.com/ubuntu xenial/main amd64 liblua5.1-0 amd64 5.1.5-8ubuntu1 [102 kB]", "Get:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-bin amd64 2.4.18-2ubuntu3.14 [930 kB]", "Get:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-utils amd64 2.4.18-2ubuntu3.14 [82.1 kB]", "Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2-data all 2.4.18-2ubuntu3.14 [162 kB]", "Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apache2 amd64 2.4.18-2ubuntu3.14 [86.5 kB]", "Fetched 1546 kB in 3s (496 kB/s)", "Selecting previously unselected package libapr1:amd64.", "(Reading database ... ", "(Reading database ... 5%", "(Reading database ... 10%", "(Reading database ... 15%", "(Reading database ... 20%", "(Reading database ... 25%", "(Reading database ... 30%", "(Reading database ... 35%", "(Reading database ... 40%", "(Reading database ... 45%", "(Reading database ... 50%", "(Reading database ... 55%", "(Reading database ... 60%", "(Reading database ... 65%", "(Reading database ... 70%", "(Reading database ... 75%", "(Reading database ... 80%", "(Reading database ... 85%", "(Reading database ... 90%", "(Reading database ... 95%", "(Reading database ... 100%", "(Reading database ... 107448 files and directories currently installed.)", "Preparing to unpack .../libapr1_1.5.2-3_amd64.deb ...", "Unpacking libapr1:amd64 (1.5.2-3) ...", "Selecting previously unselected package libaprutil1:amd64.", "Preparing to unpack .../libaprutil1_1.5.4-1build1_amd64.deb ...", "Unpacking libaprutil1:amd64 (1.5.4-1build1) ...", "Selecting previously unselected package libaprutil1-dbd-sqlite3:amd64.", "Preparing to unpack .../libaprutil1-dbd-sqlite3_1.5.4-1build1_amd64.deb ...", "Unpacking libaprutil1-dbd-sqlite3:amd64 (1.5.4-1build1) ...", "Selecting previously unselected package libaprutil1-ldap:amd64.", "Preparing to unpack .../libaprutil1-ldap_1.5.4-1build1_amd64.deb ...", "Unpacking libaprutil1-ldap:amd64 (1.5.4-1build1) ...", "Selecting previously unselected package liblua5.1-0:amd64.", "Preparing to unpack .../liblua5.1-0_5.1.5-8ubuntu1_amd64.deb ...", "Unpacking liblua5.1-0:amd64 (5.1.5-8ubuntu1) ...", "Selecting previously unselected package apache2-bin.", "Preparing to unpack .../apache2-bin_2.4.18-2ubuntu3.14_amd64.deb ...", "Unpacking apache2-bin (2.4.18-2ubuntu3.14) ...", "Selecting previously unselected package apache2-utils.", "Preparing to unpack .../apache2-utils_2.4.18-2ubuntu3.14_amd64.deb ...", "Unpacking apache2-utils (2.4.18-2ubuntu3.14) ...", "Selecting previously unselected package apache2-data.", "Preparing to unpack .../apache2-data_2.4.18-2ubuntu3.14_all.deb ...", "Unpacking apache2-data (2.4.18-2ubuntu3.14) ...", "Selecting previously unselected package apache2.", "Preparing to unpack .../apache2_2.4.18-2ubuntu3.14_amd64.deb ...", "Unpacking apache2 (2.4.18-2ubuntu3.14) ...", "Processing triggers for libc-bin (2.23-0ubuntu11) ...", "Processing triggers for man-db (2.7.5-1) ...", "Processing triggers for ufw (0.35-0ubuntu2) ...", "Processing triggers for systemd (229-4ubuntu21.23) ...", "Processing triggers for ureadahead (0.100.0-19.1) ...", "Setting up libapr1:amd64 (1.5.2-3) ...", "Setting up libaprutil1:amd64 (1.5.4-1build1) ...", "Setting up libaprutil1-dbd-sqlite3:amd64 (1.5.4-1build1) ...", "Setting up libaprutil1-ldap:amd64 (1.5.4-1build1) ...", "Setting up liblua5.1-0:amd64 (5.1.5-8ubuntu1) ...", "Setting up apache2-bin (2.4.18-2ubuntu3.14) ...", "Setting up apache2-utils (2.4.18-2ubuntu3.14) ...", "Setting up apache2-data (2.4.18-2ubuntu3.14) ...", "Setting up apache2 (2.4.18-2ubuntu3.14) ...", "Enabling module mpm_event.", "Enabling module authz_core.", "Enabling module authz_host.", "Enabling module authn_core.", "Enabling module auth_basic.", "Enabling module access_compat.", "Enabling module authn_file.", "Enabling module authz_user.", "Enabling module alias.", "Enabling module dir.", "Enabling module autoindex.", "Enabling module env.", "Enabling module mime.", "Enabling module negotiation.", "Enabling module setenvif.", "Enabling module filter.", "Enabling module deflate.", "Enabling module status.", "Enabling conf charset.", "Enabling conf localized-error-pages.", "Enabling conf other-vhosts-access-log.", "Enabling conf security.", "Enabling conf serve-cgi-bin.", "Enabling site 000-default.", "Processing triggers for libc-bin (2.23-0ubuntu11) ...", "Processing triggers for systemd (229-4ubuntu21.23) ...", "Processing triggers for ureadahead (0.100.0-19.1) ...", "Processing triggers for ufw (0.35-0ubuntu2) ..."]} +## Ansible Role Example Role +An example Ansible Role that you can use which covers, Red Hat, Centos, Ubuntu, Debian and Windows Targets. -TASK [www : Ensure the default Apache port is 8888] **************************** -changed: [user.local.dev] => {"backup": "", "changed": true, "msg": "line replaced"} +Further reading see: [__Ansible Role Example Role__](ansible/roles/ansible-role-example-role/#ansible-role-example-role) -TASK [www : Start Web Service] ************************************************* -changed: [user.local.dev] => {"changed": true, "enabled": true, "name": "apache2", "state": "started", "status": {"ActiveEnterTimestamp": "Thu 2020-01-09 21:48:49 UTC", "ActiveEnterTimestampMonotonic": "2494292617", "ActiveExitTimestampMonotonic": "0", "ActiveState": "active", "After": "system.slice local-fs.target systemd-journald-dev-log.socket remote-fs.target network-online.target nss-lookup.target systemd-journald.socket basic.target sysinit.target", "AllowIsolate": "no", "AmbientCapabilities": "0", "AssertResult": "yes", "AssertTimestamp": "Thu 2020-01-09 21:48:48 UTC", "AssertTimestampMonotonic": "2493192728", "Before": "graphical.target multi-user.target shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "18446744073709551615", "CPUAccounting": "no", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "18446744073709551615", "CPUUsageNSec": "18446744073709551615", "CanIsolate": "no", "CanReload": "yes", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "18446744073709551615", "ConditionResult": "yes", "ConditionTimestamp": "Thu 2020-01-09 21:48:48 UTC", "ConditionTimestampMonotonic": "2493192728", "Conflicts": "shutdown.target", "ControlGroup": "/system.slice/apache2.service", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "LSB: Apache2 web server", "DevicePolicy": "auto", "Documentation": "man:systemd-sysv-generator(8)", "DropInPaths": "/lib/systemd/system/apache2.service.d/apache2-systemd.conf", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecReload": "{ path=/etc/init.d/apache2 ; argv[]=/etc/init.d/apache2 reload ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStart": "{ path=/etc/init.d/apache2 ; argv[]=/etc/init.d/apache2 start ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "ExecStop": "{ path=/etc/init.d/apache2 ; argv[]=/etc/init.d/apache2 stop ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/run/systemd/generator.late/apache2.service", "GuessMainPID": "no", "IOScheduling": "0", "Id": "apache2.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "no", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestamp": "Thu 2020-01-09 21:48:48 UTC", "InactiveExitTimestampMonotonic": "2493204305", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KillMode": "process", "KillSignal": "15", "LimitAS": "18446744073709551615", "LimitASSoft": "18446744073709551615", "LimitCORE": "18446744073709551615", "LimitCORESoft": "0", "LimitCPU": "18446744073709551615", "LimitCPUSoft": "18446744073709551615", "LimitDATA": "18446744073709551615", "LimitDATASoft": "18446744073709551615", "LimitFSIZE": "18446744073709551615", "LimitFSIZESoft": "18446744073709551615", "LimitLOCKS": "18446744073709551615", "LimitLOCKSSoft": "18446744073709551615", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "4096", "LimitNOFILESoft": "1024", "LimitNPROC": "15733", "LimitNPROCSoft": "15733", "LimitRSS": "18446744073709551615", "LimitRSSSoft": "18446744073709551615", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "18446744073709551615", "LimitRTTIMESoft": "18446744073709551615", "LimitSIGPENDING": "15733", "LimitSIGPENDINGSoft": "15733", "LimitSTACK": "18446744073709551615", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "MainPID": "0", "MemoryAccounting": "no", "MemoryCurrent": "18446744073709551615", "MemoryLimit": "18446744073709551615", "MountFlags": "0", "NFileDescriptorStore": "0", "Names": "apache2.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "PrivateDevices": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "ProtectHome": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "Requires": "sysinit.target system.slice", "Restart": "no", "RestartUSec": "100ms", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "SourcePath": "/etc/init.d/apache2", "StandardError": "inherit", "StandardInput": "null", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitInterval": "10000000", "StartupBlockIOWeight": "18446744073709551615", "StartupCPUShares": "18446744073709551615", "StateChangeTimestamp": "Thu 2020-01-09 21:48:49 UTC", "StateChangeTimestampMonotonic": "2494292617", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "running", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "no", "TasksCurrent": "18446744073709551615", "TasksMax": "18446744073709551615", "TimeoutStartUSec": "5min", "TimeoutStopUSec": "5min", "TimerSlackNSec": "50000", "Transient": "no", "Type": "forking", "UMask": "0022", "UnitFilePreset": "enabled", "UnitFileState": "bad", "UtmpMode": "init", "WantedBy": "graphical.target multi-user.target", "Wants": "network-online.target", "WatchdogTimestamp": "Thu 2020-01-09 21:48:49 UTC", "WatchdogTimestampMonotonic": "2494292577", "WatchdogUSec": "0"}} +## Ansible Galaxy Roles +Ansible Galaxy is the Ansible's official community hub for sharing Ansible roles. It is a community and a shared resource hub where people can download roles or Playbooks -TASK [www : Copy Web Content] ************************************************** -changed: [user.local.dev] => {"changed": true, "checksum": "eeb6344345c842f9b69d80f7fb0bf5f0825a9235", "dest": "/var/www/html/index.html", "gid": 0, "group": "root", "md5sum": "8cedffd782f97637137ef3e69275fec9", "mode": "0644", "owner": "root", "size": 31, "src": "/home/vagrant/.ansible/tmp/ansible-tmp-1578606533.26-112733599191524/source", "state": "file", "uid": 0} +To download community roles and playbooks from remote repositories you need a requirements.txt file foe example -PLAY RECAP ********************************************************************* -user.local.dev : ok=5 changed=4 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 ``` +- src: 'https://github.com/ansible-lockdown/RHEL8-CIS' + version: '1.3.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/RHEL7-CIS' + version: '1.1.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/UBUNTU22-CIS' + version: 'main' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/UBUNTU20-CIS' + version: '1.1.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/UBUNTU18-CIS' + version: '1.3.0' + scm: 'git' -## Summary -We have used the ansible_local Vagrant Provisioner to install and configure Apache2 web server on the Vagrant. -You can now open http://localhost:8888 +- src: 'https://github.com/ansible-lockdown/Windows-2016-CIS' + version: '1.2.1' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/Windows-2019-CIS' + version: '1.1.1' + scm: 'git' + +- src: 'https://github.com/star3am/ansible-role-win_openssh' + version: 'ssh-playbook-test' + scm: 'git' + +- src: 'https://github.com/elastic/ansible-elasticsearch' + version: 'v7.17.0' + scm: 'git' +``` -In [Hashicorp/Packer](../hashicorp/README#packer) we also use Ansible to configure a Docker container when we do `packer build`. This enables us to keep our configuration in one place, and it keeps our Dockerfile/Vagrantfile/AWS User data small and consistent across technologies. +You can then download them by using this command: +`ansible-galaxy install -f -r ansible/galaxy/requirements.yml -p ansible/galaxy/roles/` diff --git a/ansible/galaxy/requirements.yml b/ansible/galaxy/requirements.yml new file mode 100644 index 0000000..0d09b41 --- /dev/null +++ b/ansible/galaxy/requirements.yml @@ -0,0 +1,35 @@ +- src: 'https://github.com/ansible-lockdown/RHEL8-CIS' + version: '1.3.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/RHEL7-CIS' + version: '1.1.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/UBUNTU22-CIS' + version: 'main' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/UBUNTU20-CIS' + version: '1.1.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/UBUNTU18-CIS' + version: '1.3.0' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/Windows-2016-CIS' + version: '1.2.1' + scm: 'git' + +- src: 'https://github.com/ansible-lockdown/Windows-2019-CIS' + version: '1.1.1' + scm: 'git' + +- src: 'https://github.com/star3am/ansible-role-win_openssh' + version: 'ssh-playbook-test' + scm: 'git' + +- src: 'https://github.com/elastic/ansible-elasticsearch' + version: 'v7.17.0' + scm: 'git' diff --git a/ansible/requirements.txt b/ansible/requirements.txt new file mode 100644 index 0000000..fa46611 --- /dev/null +++ b/ansible/requirements.txt @@ -0,0 +1,68 @@ +wheel==0.36.2 +ansible==4.1.0 +ansible-core==2.11.2 +ansible-lint==5.0.12 +arrow==1.1.1 +bcrypt==3.2.0 +binaryornot==0.4.4 +bracex==2.1.1 +Cerberus==1.3.2 +certifi==2021.5.30 +cffi==1.14.5 +chardet==4.0.0 +click +click-help-colors==0.9 +colorama==0.4.4 +commonmark==0.9.1 +cookiecutter==1.7.3 +cryptography==3.4.7 +distro==1.5.0 +docker==5.0.0 +enrich==1.2.6 +hvac==0.10.14 +idna==2.10 +Jinja2==3.0.1 +jinja2-time==0.2.0 +jmespath==0.10.0 +junit-xml==1.9 +MarkupSafe==2.0.1 +molecule==3.3.4 +molecule-vagrant==0.6.1 +ntlm-auth==1.5.0 +packaging==20.9 +paramiko==2.7.2 +passlib +pip==20.3.3 +pluggy==0.13.1 +poyo==0.5.0 +pycparser==2.20 +Pygments==2.9.0 +PyNaCl==1.4.0 +pyparsing==2.4.7 +pypsrp==0.5.0 +pyspnego==0.1.6 +python-dateutil==2.8.1 +python-slugify==5.0.2 +python-vagrant==0.5.15 +pywinrm==0.4.2 +PyYAML==5.4.1 +requests==2.25.1 +requests-ntlm==1.1.0 +resolvelib==0.5.4 +rich==10.4.0 +ruamel.yaml==0.17.10 +ruamel.yaml.clib==0.2.4 +selinux==0.2.1 +setuptools==51.1.1 +six==1.16.0 +subprocess-tee==0.3.2 +tenacity==7.0.0 +text-unidecode==1.3 +urllib3==1.26.6 +wcmatch==8.2 +websocket-client==1.1.0 +wheel==0.36.2 +xmltodict==0.12.0 +yamllint +ansible-tower-cli +awxkit diff --git a/ansible/roles/ansible-role-example-role/.gitattributes b/ansible/roles/ansible-role-example-role/.gitattributes new file mode 100644 index 0000000..6313b56 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/.gitattributes @@ -0,0 +1 @@ +* text=auto eol=lf diff --git a/ansible/roles/ansible-role-example-role/.gitignore b/ansible/roles/ansible-role-example-role/.gitignore new file mode 100644 index 0000000..653c65f --- /dev/null +++ b/ansible/roles/ansible-role-example-role/.gitignore @@ -0,0 +1,34 @@ +.venv +*.swp +*.retry +.DS_Store +.vscode-root +test.yml +tests/local-test.yml +tests/.vagrant +tests/Vagrantfile +tests/test-inv +tests/*.html +tests/*.txt +tests/*.retry +.Python +.molecule/ +bin/ +/etc/ +include/ +lib/ +pip-selfcheck.json +share/ +inventory +.vagrant +packer_cache +output-virtualbox-iso/ +**.log +**.box +**.iso +variables.json +# MS VS IDE +.code-workspace +ansible-venv/ +packer/winrm-listener +packer/inventory-tmp.yml diff --git a/ansible/roles/ansible-role-example-role/.yamllint b/ansible/roles/ansible-role-example-role/.yamllint new file mode 100644 index 0000000..8827676 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/.yamllint @@ -0,0 +1,33 @@ +--- +# Based on ansible-lint config +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + colons: + max-spaces-after: -1 + level: error + commas: + max-spaces-after: -1 + level: error + comments: disable + comments-indentation: disable + document-start: disable + empty-lines: + max: 3 + level: error + hyphens: + level: error + indentation: disable + key-duplicates: enable + line-length: disable + new-line-at-end-of-file: disable + new-lines: + type: unix + trailing-spaces: disable + truthy: disable diff --git a/ansible/roles/ansible-role-example-role/README.md b/ansible/roles/ansible-role-example-role/README.md new file mode 100644 index 0000000..c14f29c --- /dev/null +++ b/ansible/roles/ansible-role-example-role/README.md @@ -0,0 +1,175 @@ +# Ansible Role Example Role +ansible-role-example-role + +## About +This is an Ansible Example Role used for training and development + +## Gotcha's (Sorry!!) +- M1 and M2 Mac Architectures are NOT supported at this stage +- Hyper-V is not supported at this stage +- Your Vagrant version on Windows and in WSL *MUST* be the same +- Installing WSL could give error: `Catastrophic failure` +``` +PS C:\Windows\system32> wsl --install +Installing: Windows Subsystem for Linux +Catastrophic failure +``` +Restart laptop, run this installation command again, and make sure nothing is downloading in the background at the same time when running the command. + + +- WSL Ubuntu Install could give error: `An error occurred during installation. Distribution Name: 'Ubuntu' Error Code: 0x8000ffff` +``` +PS C:\WINDOWS\system32> wsl --install -d ubuntu +Installing: Ubuntu +An error occurred during installation. Distribution Name: 'Ubuntu' Error Code: 0x8000ffff +``` +Follow this link: https://askubuntu.com/questions/1434150/wsl-ubuntu-installation-fails-with-the-error-please-restart-wsl-with-the-follo and +https://learn.microsoft.com/en-us/windows/wsl/install-manual#step-4---download-the-linux-kernel-update-package + +Note : Run ``` wsl --install -d Ubuntu ``` in **non administrative** mode in powershell + +![wsl.png](./wsl.png) + +``` +PS C:\Users\User> wsl --shutdown +PS C:\Users\User> wsl --unregister Ubuntu +``` +- If you have error when creating python virtual env: ![image-1.png](./image-1.png) +Close WSL and run `Restart-Service -Name "LxssManager"` as **Administrator in Powershell**, restart WSL and `./run.sh` again + +- If you have error when bringing up VM: `vagrant was unable to communicate with the guest machine within the configured time period` +![image-5.png](./image-5.png) +Set WSL Ubuntu Distro to version 1: run `wsl --set-version Ubuntu 1` in powershell, restart WSL and run `./run.sh` again + +## Get Started! Dependencies (The Tools you will need) +:bulb: __IMPORTANT__ Install these Tools first, before we start actually using Molecule to develop our Ansible Roles + +- Git - https://git-scm.com +- VSCode - https://code.visualstudio.com +- Vagrant - https://www.vagrantup.com +- Virtualbox - https://www.virtualbox.org +- Python and Pip - https://www.python.org +- Windows Subsystem for Linux WSL (Windows Operating System), install as **Administrator in Powershell** - https://learn.microsoft.com/en-us/windows/wsl/install +- WSL Ubuntu Distro, install as **Non-Administrator in Powershell** `wsl --install -d Ubuntu` +- Set WSL Ubuntu Distro to version 1 `wsl --set-version Ubuntu 1` +- SSHPass - https://www.cyberciti.biz/faq/how-to-install-sshpass-on-macos-os-x/ + +## Supported OSs for this Ansible Role +The Role supports the following Operating Systems and versions +See: `molecule/default/molecule.yml` + +| Name | Docker | Virtualbox | Hyper-V | Host Arch | Host OS +|------|--------|------------|---------|-----------|---------| +| Windows 2016 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Windows 2019 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Redhat 7.9 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Redhat 8.3 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Centos 7.7 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Centos 8.3 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Ubuntu 18.04 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Ubuntu 20.04 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Ubuntu 22.04 | ✘ | ✓ | ✘ | amd64 | Windows, Mac, Linux | +| Debian 9 | ✘ | ✘ | ✘ | amd64 | Windows, Mac, Linux | +| Debian 10 | ✘ | ✘ | ✘ | amd64 | Windows, Mac, Linux | + +## Instructions +Here is how you can get up and running quickly, this section is devided into `Windows using Windows Subsystem for Linux WSL` and `Mac OSX` (Sorry Intel Mac's only at this stage) and Linux + +### Windows (Ubuntu with WSL) and Linux (Ubuntu recommended) +Install all the Tools you need in the [__Get Started Section__](#get-started-dependencies-the-tools-you-will-need) + +Install Python + +``` +sudo apt update && sudo apt-get install -y python3 python3-pip python3-dev python3-virtualenv python3-venv +sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 1 --force +sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1 --force +``` +Install SSHPass program + +``` +sudo apt-get install -y sshpass +``` + +Install Hashicorp Package Sources + +``` +wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg + +echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list + +sudo apt update && sudo apt install vagrant + +echo 1 > /proc/sys/fs/binfmt_misc/WSLInterop +``` + +Install Powershell in Ubuntu on WSL + +``` +sudo apt-get install -y wget apt-transport-https software-properties-common + +wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" + +sudo dpkg -i packages-microsoft-prod.deb + +sudo apt-get update + +sudo apt-get install -y powershell +``` + +Now let's run Molecule by going into the source directory where you cloned this repo, usually in Ubuntu on WSL somewhere under `/mnt/c/....` + +and do + +`./run.sh` + + +Allow all 3 types of network when set up Firewall for VirtualBox +![image-2.png](./image-2.png) + +### Mac +Install all the Tools you need in the [__Get Started Section__](#get-started-dependencies-the-tools-you-will-need) + +Install SSHPass + +``` +brew tap esolitos/ipa +brew install esolitos/ipa/sshpass +brew install sshpass +``` + +Now let's run Molecule by going into the source directory where you cloned this repo + +and do + +`./run.sh` + +After Molecule bringing up the Ubuntu VM in VirtualBox, to test connection to vagrant in VM, open a new WSL Ubuntu window, and run `ssh vagrant@127.0.0.1 -p 3225` or `ssh vagrant@localhost -p 3225`. Login with password: `vagrant`. + +Succesful ouput should be as below: +![image-4.png](./image-4.png) + + + +## Ansible Molecule on Windows using Windows Subsystem for Linux (Ubuntu) WSL, Vagrant and Virtualbox +![Ansible Molecule on Windows](images/molecule-run-on-wsl-windows.png?raw=true "Ansible Moleculeon Windows") + +## Ansible Molecule on Mac Intel, Vagrant and Virtualbox +![Ansible Molecule on Mac Intel](images/molecule-run-on-mac-intel.png?raw=true "Ansible Moleculeon Mac Intel") + +## Links +- https://developer.hashicorp.com/vagrant/docs/other/wsl#path-modifications +- https://stackoverflow.com/questions/45375933/vagrant-wsl-cant-access-virtualbox +- https://learn.microsoft.com/en-us/windows/wsl/install +- https://molecule.readthedocs.io/en/latest/getting-started.html +- https://www.ansible.com/hubfs//AnsibleFest%20ATL%20Slide%20Decks/Practical%20Ansible%20Testing%20with%20Molecule.pdf +- https://www.jeffgeerling.com/blog/2018/testing-your-ansible-roles-molecule +- https://app.vagrantup.com/jborean93 +- https://github.com/jborean93/packer-windoze + +## Common Errors + +``` +fatal: [ansible-role-example-role-ubuntu-2204]: FAILED! => {"msg": "to use the 'ssh' connection type with passwords or pkcs11_provider, you must install the sshpass program"} +``` +Did you install the SSHPass application? See [__Get Started Section__](#get-started-dependencies-the-tools-you-will-need) diff --git a/ansible/roles/ansible-role-example-role/ansible.cfg b/ansible/roles/ansible-role-example-role/ansible.cfg new file mode 100644 index 0000000..f7fb37c --- /dev/null +++ b/ansible/roles/ansible-role-example-role/ansible.cfg @@ -0,0 +1,25 @@ +[defaults] +remote_tmp=/tmp +host_key_checking=False +display_skipped_hosts=True +system_warnings=False +command_warnings=False +nocows=1 +retry_files_save_path=/dev/null +library=~/.ansible/plugins/modules:/usr/share/ansible/plugins/modules:./library + +[privilege_escalation] + +[paramiko_connection] +record_host_keys=False + +[ssh_connection] +transfer_method=scp + +[accelerate] + +[selinux] + +[colors] + +[diff] diff --git a/ansible/roles/ansible-role-example-role/defaults/main.yml b/ansible/roles/ansible-role-example-role/defaults/main.yml new file mode 100644 index 0000000..481afed --- /dev/null +++ b/ansible/roles/ansible-role-example-role/defaults/main.yml @@ -0,0 +1,8 @@ +--- +vm_name: "vm-name" +vm_ip: "0.0.0.0" +version_number: "20210703201014" +windows_enable_ssh: true +var_bool: false +var_int: 1 +var_string: "Ansible Role Example Role" \ No newline at end of file diff --git a/ansible/roles/ansible-role-example-role/files/.gitkeep b/ansible/roles/ansible-role-example-role/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/ansible-role-example-role/handlers/main.yml b/ansible/roles/ansible-role-example-role/handlers/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/handlers/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/ansible-role-example-role/image-1.png b/ansible/roles/ansible-role-example-role/image-1.png new file mode 100644 index 0000000..c3700d5 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/image-1.png differ diff --git a/ansible/roles/ansible-role-example-role/image-2.png b/ansible/roles/ansible-role-example-role/image-2.png new file mode 100644 index 0000000..8c2d352 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/image-2.png differ diff --git a/ansible/roles/ansible-role-example-role/image-3.png b/ansible/roles/ansible-role-example-role/image-3.png new file mode 100644 index 0000000..49df835 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/image-3.png differ diff --git a/ansible/roles/ansible-role-example-role/image-4.png b/ansible/roles/ansible-role-example-role/image-4.png new file mode 100644 index 0000000..7fdb203 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/image-4.png differ diff --git a/ansible/roles/ansible-role-example-role/image-5.png b/ansible/roles/ansible-role-example-role/image-5.png new file mode 100644 index 0000000..65eb40e Binary files /dev/null and b/ansible/roles/ansible-role-example-role/image-5.png differ diff --git a/ansible/roles/ansible-role-example-role/image.png b/ansible/roles/ansible-role-example-role/image.png new file mode 100644 index 0000000..c3700d5 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/image.png differ diff --git a/ansible/roles/ansible-role-example-role/images/.gitkeep b/ansible/roles/ansible-role-example-role/images/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/ansible-role-example-role/images/molecule-run-on-mac-intel.png b/ansible/roles/ansible-role-example-role/images/molecule-run-on-mac-intel.png new file mode 100644 index 0000000..c2f7806 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/images/molecule-run-on-mac-intel.png differ diff --git a/ansible/roles/ansible-role-example-role/images/molecule-run-on-wsl-windows.png b/ansible/roles/ansible-role-example-role/images/molecule-run-on-wsl-windows.png new file mode 100644 index 0000000..e062c59 Binary files /dev/null and b/ansible/roles/ansible-role-example-role/images/molecule-run-on-wsl-windows.png differ diff --git a/ansible/roles/ansible-role-example-role/meta/main.yml b/ansible/roles/ansible-role-example-role/meta/main.yml new file mode 100644 index 0000000..6f96785 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/meta/main.yml @@ -0,0 +1,38 @@ +galaxy_info: + role_name: ansible_role_example_role + author: riaan_nolan + description: Automation Engineer + company: Servian PTY Ltd + + license: MIT + + min_ansible_version: 2.9 + + platforms: + - name: Centos + versions: + - 7.7 + - 8.4 + - name: Debian + versions: + - 9.0 + - 10.0 + - name: Ubuntu + versions: + - 18.04 + - 20.04 + - name: RedHat + versions: + - 8.3 + - 7.9 + - name: Windows + versions: + - 2019 + - 2016 + - 2012 + + galaxy_tags: [soe, factory, hashicorp, packer] + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/ansible/roles/ansible-role-example-role/molecule/default/INSTALL.rst b/ansible/roles/ansible-role-example-role/molecule/default/INSTALL.rst new file mode 100644 index 0000000..0c4bf5c --- /dev/null +++ b/ansible/roles/ansible-role-example-role/molecule/default/INSTALL.rst @@ -0,0 +1,23 @@ +********************************* +Vagrant driver installation guide +********************************* + +Requirements +============ + +* Vagrant +* Virtualbox, Parallels, VMware Fusion, VMware Workstation or VMware Desktop + +Install +======= + +Please refer to the `Virtual environment`_ documentation for installation best +practices. If not using a virtual environment, please consider passing the +widely recommended `'--user' flag`_ when invoking ``pip``. + +.. _Virtual environment: https://virtualenv.pypa.io/en/latest/ +.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site + +.. code-block:: bash + + $ pip install 'molecule_vagrant' diff --git a/ansible/roles/ansible-role-example-role/molecule/default/converge.yml b/ansible/roles/ansible-role-example-role/molecule/default/converge.yml new file mode 100644 index 0000000..3455720 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/molecule/default/converge.yml @@ -0,0 +1,7 @@ +--- +- name: Converge + hosts: all + tasks: + - name: "Include ansible-role-example-role" + include_role: + name: "ansible-role-example-role" \ No newline at end of file diff --git a/ansible/roles/ansible-role-example-role/molecule/default/molecule.yml b/ansible/roles/ansible-role-example-role/molecule/default/molecule.yml new file mode 100644 index 0000000..9c787e0 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/molecule/default/molecule.yml @@ -0,0 +1,290 @@ +--- +# +# Molecule using Vagrant + Virtualbox so we can test playbooks on Linux and Windows +# +#galaxy_info: +# role_name: ansible_role_example_role + +dependency: + name: galaxy + +driver: + name: vagrant + provider: + name: virtualbox + +lint: | + set -e + ansible-lint tasks/main.yml + +platforms: +# - name: ansible-role-example-role-centos-83 +# box: bento/centos-8.3 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3221 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-centos-77 +# box: bento/centos-7.7 +# memory: 256 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3222 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-debian-10 +# box: bento/debian-10 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3223 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-debian-9 +# box: bento/debian-9 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3224 +# provision: true +# state: up +# groups: +# - linux + - name: ansible-role-example-role-ubuntu-2204 + box: bento/ubuntu-22.04 + memory: 1024 + cpus: 1 + config_options: + ssh.keep_alive: yes + ssh.remote_user: "'vagrant'" + ssh.password: "'vagrant'" + interfaces: + - network_name: forwarded_port + guest: 22 + host: 3225 + provision: true + groups: + - linux + - name: ansible-role-example-role-windows-2019 + box: jborean93/WindowsServer2019 + memory: 1024 + cpus: 1 + config_options: + vm.communicator: "'winrm'" + winrm.remote_user: "'vagrant'" + winrm.password: "'vagrant'" + interfaces: + - network_name: forwarded_port + guest: 5986 + host: 59970 + provision: true + groups: + - windows +# - name: ansible-role-example-role-ubuntu-2004 +# box: bento/ubuntu-20.04 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3226 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-ubuntu-1804 +# box: bento/ubuntu-18.04 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3227 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-redhat-83 +# box: generic/rhel8 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3228 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-redhat-79 +# box: generic/rhel7 +# memory: 512 +# cpus: 1 +# config_options: +# ssh.keep_alive: yes +# ssh.remote_user: "'vagrant'" +# ssh.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 22 +# host: 3229 +# provision: true +# state: up +# groups: +# - linux +# - name: ansible-role-example-role-windows-2016 +# box: jborean93/WindowsServer2016 +# memory: 1024 +# cpus: 1 +# config_options: +# vm.communicator: "'winrm'" +# winrm.remote_user: "'vagrant'" +# winrm.password: "'vagrant'" +# interfaces: +# - network_name: forwarded_port +# guest: 5986 +# host: 59967 +# provision: true +# state: up +# groups: +# - windows +provisioner: + name: ansible + connection_options: + ansible_ssh_user: vagrant + log: true + inventory: + host_vars: + ansible-role-example-role-windows-2019: + ansible_become: false + ansible_user: vagrant + ansible_password: vagrant + ansible_port: 59970 + ansible_host: 127.0.0.1 + ansible_connection: winrm + ansible_winrm_scheme: https + ansible_winrm_server_cert_validation: ignore + ansible-role-example-role-ubuntu-2204: + ansible_connection: ssh + ansible_port: 3225 + ansible_user: vagrant + ansible_password: vagrant + ansible_host: 127.0.0.1 +# ansible-role-example-role-centos-83: +# ansible_connection: ssh +# ansible_port: 3221 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-centos-77: +# ansible_connection: ssh +# ansible_port: 3222 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-debian-10: +# ansible_connection: ssh +# ansible_port: 3223 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-debian-9: +# ansible_connection: ssh +# ansible_port: 3224 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-ubuntu-2004: +# ansible_connection: ssh +# ansible_port: 3225 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-ubuntu-1804: +# ansible_connection: ssh +# ansible_port: 3226 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-redhat-83: +# ansible_connection: ssh +# ansible_port: 3227 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-redhat-79: +# ansible_connection: ssh +# ansible_port: 3228 +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_host: 127.0.0.1 +# ansible-role-example-role-windows-2016: +# ansible_become: false +# ansible_user: vagrant +# ansible_password: vagrant +# ansible_port: 59967 +# ansible_host: 127.0.0.1 +# ansible_connection: winrm +# ansible_winrm_scheme: https +# ansible_winrm_server_cert_validation: ignore + group_vars: + linux: + ansible_become: true + windows: + ansible_become_user: Administrator + ansible_become_method: runas + lint: + name: ansible-lint + +scenario: + name: default + converge_sequence: + - create + - converge + +verifier: + name: ansible diff --git a/ansible/roles/ansible-role-example-role/molecule/default/verify.yml b/ansible/roles/ansible-role-example-role/molecule/default/verify.yml new file mode 100644 index 0000000..a82dd6f --- /dev/null +++ b/ansible/roles/ansible-role-example-role/molecule/default/verify.yml @@ -0,0 +1,9 @@ +--- +# This is an example playbook to execute Ansible tests. + +- name: Verify + hosts: all + tasks: + - name: Example assertion + assert: + that: true diff --git a/ansible/roles/ansible-role-example-role/requirements.txt b/ansible/roles/ansible-role-example-role/requirements.txt new file mode 100644 index 0000000..1687d3f --- /dev/null +++ b/ansible/roles/ansible-role-example-role/requirements.txt @@ -0,0 +1,16 @@ +vagranttoansible +yamllint +ansible +ansible-lint +wheel +pywinrm +requests +docker +molecule +junit_xml +# latest version has network bug https://github.com/ansible-community/molecule-vagrant/pull/105/files +molecule-vagrant==0.6.1 +python-vagrant +pypsrp +hvac +molecule-virtup diff --git a/ansible/roles/ansible-role-example-role/run.sh b/ansible/roles/ansible-role-example-role/run.sh new file mode 100755 index 0000000..bad4965 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/run.sh @@ -0,0 +1,24 @@ +#!/bin/bash +echo "Set Environment Variables" +export PIP_DISABLE_PIP_VERSION_CHECK=1 +export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES +export VAGRANT_WSL_ENABLE_WINDOWS_ACCESS="1" +export PATH="$PATH:/mnt/c/Program Files/Oracle/VirtualBox:/mnt/c/Windows/System32" +echo "Create Python Virtual Environment" +python -m venv ansible-venv +source ./ansible-venv/bin/activate +echo "Check Python and Pip Versions" +python -V +pip -V +echo "Install Python Pip Packages" +pip install -r requirements.txt --quiet +echo "Running Ansible Lint" +ansible-lint -v || true +echo "Running Ansible Molecule" +molecule destroy +rm -rf ~/.cache/molecule +#molecule create +#molecule converge -- -v --list-tags +molecule converge -- -v +#molecule destroy +#molecule test diff --git a/ansible/roles/ansible-role-example-role/site.yml b/ansible/roles/ansible-role-example-role/site.yml new file mode 100644 index 0000000..f8a0991 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/site.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + # DO NOT specify become here, do it in the tasks because this role supports Windows and Linux + # become: true + vars: + is_container: false + + roles: + - role: "{{ playbook_dir }}" diff --git a/ansible/roles/ansible-role-example-role/tasks/deb.yml b/ansible/roles/ansible-role-example-role/tasks/deb.yml new file mode 100755 index 0000000..c928f05 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/tasks/deb.yml @@ -0,0 +1,84 @@ +--- + +#- name: "Ansible | List all known variables and facts" +# debug: +# var: hostvars[inventory_hostname] +# verbosity: 1 + +- name: OS + debug: + msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_distribution_release }} on {{ ansible_facts['system_vendor'] }}" + tags: + - always + +- name: VM Name and IP + debug: + msg: "vm_name: {{ vm_name }} vm_ip: {{ vm_ip }}" + tags: + - always + +- set_fact: + cloud: "google" + when: + ansible_facts['system_vendor'] == 'Google' + tags: + - always + +- set_fact: + cloud: "azure" + when: + ansible_facts['system_vendor'] == 'Microsoft Corporation' + tags: + - always + +- set_fact: + cloud: "amazon" + when: + ansible_facts['system_vendor'] == 'Xen' + tags: + - always + +- set_fact: + cloud: "vagrant" + when: + ansible_facts['system_vendor'] == 'innotek GmbH' + tags: + - always + +- name: Write Ansible hostvars to file + copy: + content: "{{ hostvars[inventory_hostname] }}" + dest: /soe-{{ version_number }}.json + mode: "0644" + tags: + - day0 + +# WARNING!! This is just a POC normally we would not enter a password in clear text +- name: Ensure user ansible is present + ansible.builtin.user: + name: ansible + password: "{{ 'aix1rii3Bahshuleikei5y'|password_hash('sha512') }}" + #password: "$6$IBULZeGd6UP6Jkg3$QqdevUQs.VDuMnT8prurhLuz3PErfoUHXg0/culpF4uj8RdZJ7UyuOG9LAz2B16Nao1jFe5X.NIKw0eYBKyXO1" + update_password: on_create + comment: Ansible Tower + uid: 1040 + shell: /bin/bash + groups: users,sudo + append: yes + tags: + - day0 + +- name: Update apt repo and cache + apt: + update_cache: yes + force_apt_get: yes + cache_valid_time: 3600 + tags: + - day1 + +- name: Upgrade all packages + apt: + upgrade: dist + force_apt_get: yes + tags: + - day1 diff --git a/ansible/roles/ansible-role-example-role/tasks/el.yml b/ansible/roles/ansible-role-example-role/tasks/el.yml new file mode 100755 index 0000000..2666e13 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/tasks/el.yml @@ -0,0 +1,126 @@ +--- +# if you want to list all variables for this host, uncomment this +#- name: "Ansible | List all known variables and facts" +# debug: +# var: hostvars[inventory_hostname] +# verbosity: 1 + +# set custom facts which we can use later on +- set_fact: + cloud: "google" + when: + ansible_facts['system_vendor'] == 'Google' + +- set_fact: + cloud: "azure" + when: + ansible_facts['system_vendor'] == 'Microsoft Corporation' + +- set_fact: + cloud: "amazon" + when: + ansible_facts['system_vendor'] == 'Xen' + +- set_fact: + cloud: "vagrant" + when: + ansible_facts['system_vendor'] == 'innotek GmbH' + +- name: "Cloud" + debug: + msg: "Cloud: {{ cloud }}" + +- name: "OS" + debug: + msg: "{{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_distribution_release }} on {{ cloud }}" + +- name: "Write Ansible hostvars to file" + copy: + content: "{{ hostvars[inventory_hostname] }}" + dest: /soe-{{ version_number }}.json + mode: "0644" + +# https://fedoraproject.org/wiki/EPEL#Quickstart +# we dont have a Redhat Subscription Manager or Satelite Server so we use EPEL +# we use the URL to the RPM, because dnf and yum cannot find the epel repo +- name: "Enable EPEL Repository" + yum: + name: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_facts['distribution_major_version'] }}.noarch.rpm" + state: present + disable_gpg_check: yes + ignore_errors: true + +# rpm -ql epel-release +# dnf repository-packages epel list +# dnf repolist -v +- name: "Ensure package manager repositories are configured | Get repo list" + command: dnf repolist + changed_when: false + failed_when: false + register: dnf_configured + check_mode: no + args: + warn: false + +- name: "Ensure package manager repositories are configured | Display repo list" + debug: + msg: + - "Alert! Below are the configured repos. Please review and make sure all allign with site policy" + - "{{ dnf_configured.stdout_lines }}" + +- name: "Get repo files list " + command: ls -l /etc/yum.repos.d/ + register: ls_l_etc_yum_dot_repos_dot_d + +- name: "Ensure package manager repositories are configured | Display repo list" + debug: + msg: + - "Alert! Below are the configured repos. Please review and make sure all allign with site policy" + - "{{ ls_l_etc_yum_dot_repos_dot_d.stdout_lines }}" + +- name: "Install Package dependencies" + dnf: + name: "{{ item }}" + state: present + with_items: + - aide + - ipset + - firewalld + ignore_errors: true + when: + (ansible_facts['system_vendor'] == 'Xen' + and ansible_facts['distribution'] == "RedHat" + and ansible_facts['distribution_major_version'] == "8") + +# amazon-ebs.redhat-83: TASK [/Users/riaannolan/workspace/servian.com/soe-image-factory/ansible/RHEL8-CIS : SCORED | 1.4.1 | PATCH | Ensure AIDE is installed | Install AIDE] *** +# amazon-ebs.redhat-83: fatal: [none]: FAILED! => {"changed": false, "failures": ["No package aide available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} +# amazon-ebs.redhat-83: failed: [none] (item=firewalld) => {"ansible_loop_var": "item", "changed": false, "failures": ["No package firewalld available."], "item": "firewalld", "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} +# amazon-ebs.redhat-83: TASK [/Users/riaannolan/workspace/servian.com/soe-image-factory/ansible/RHEL8-CIS : SCORED | 3.4.1.1 | PATCH | Ensure a Firewall package is installed] *** +# amazon-ebs.redhat-83: fatal: [none]: FAILED! => {"changed": false, "failures": ["No package firewalld available."], "msg": "Failed to install some of the specified packages", "rc": 1, "results": []} +# FIX RHEL8-CIS SCORED | 1.4.1 | PATCH | Ensure AIDE is installed +# FIX RHEL8-CIS SCORED | 3.4.1.1 | PATCH | Ensure a Firewall package is installed +- name: "FIX RHEL8-CIS SCORED | 1.4.1 | PATCH | Ensure X is installed" + yum: + name: "{{ item }}" + state: present + disable_gpg_check: yes + with_items: + - http://mirror.centos.org/centos/8/AppStream/x86_64/os/Packages/aide-0.16-14.el8.x86_64.rpm + when: + (ansible_facts['system_vendor'] == 'innotek GmbH' + and ansible_facts['distribution'] == "RedHat" + and ansible_facts['distribution_major_version'] == "8") + ignore_errors: true + +- name: "FIX RHEL7-CIS AUTOMATED | 1.4.1 | PATCH | Ensure X is installed" + yum: + name: "{{ item }}" + state: present + disable_gpg_check: yes + with_items: + - http://mirror.centos.org/centos/7/os/x86_64/Packages/aide-0.15.1-13.el7.x86_64.rpm + when: + (ansible_facts['system_vendor'] == 'innotek GmbH' + and ansible_facts['distribution'] == "RedHat" + and ansible_facts['distribution_major_version'] == "7") + ignore_errors: true diff --git a/ansible/roles/ansible-role-example-role/tasks/main.yml b/ansible/roles/ansible-role-example-role/tasks/main.yml new file mode 100755 index 0000000..b2b5202 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/tasks/main.yml @@ -0,0 +1,40 @@ +--- + +- include: el.yml + when: > + (ansible_facts['distribution'] == "RedHat" + and ansible_facts['distribution_major_version'] == "8") + or + (ansible_facts['distribution'] == "RedHat" + and ansible_facts['distribution_major_version'] == "7") + or + (ansible_facts['distribution'] == "CentOS" + and ansible_facts['distribution_major_version'] == "8") + or + (ansible_facts['distribution'] == "CentOS" + and ansible_facts['distribution_major_version'] == "7") + +- include: deb.yml + when: > + (ansible_facts['distribution'] == "Ubuntu" + and ansible_facts['distribution_major_version'] == "18") + or + (ansible_facts['distribution'] == "Ubuntu" + and ansible_facts['distribution_major_version'] == "20") + or + (ansible_facts['distribution'] == "Debian" + and ansible_facts['distribution_major_version'] == "9") + or + (ansible_facts['distribution'] == "Debian" + and ansible_facts['distribution_major_version'] == "10") + +- include: windows.yml + when: > + (ansible_facts['distribution_major_version'] == "10" + and ansible_facts['distribution'] is match("Microsoft Windows Server 2019.*")) + or + (ansible_facts['distribution_major_version'] == "10" + and ansible_facts['distribution'] is match("Microsoft Windows Server 2016.*")) + or + (ansible_facts['distribution_major_version'] == "6" + and ansible_facts['distribution'] is match("Microsoft Windows Server 2012.*")) \ No newline at end of file diff --git a/ansible/roles/ansible-role-example-role/tasks/windows.yml b/ansible/roles/ansible-role-example-role/tasks/windows.yml new file mode 100755 index 0000000..14c50fe --- /dev/null +++ b/ansible/roles/ansible-role-example-role/tasks/windows.yml @@ -0,0 +1,163 @@ +--- + +#- name: "Ansible | List all known variables and facts" +# debug: +# var: hostvars[inventory_hostname] +# verbosity: 1 + +- name: OS + debug: + msg: "{{ ansible_distribution }} on {{ ansible_facts['system_vendor'] }}" + +- set_fact: + cloud: "google" + when: + ansible_facts['system_vendor'] == 'Google' + +- set_fact: + cloud: "azure" + when: + ansible_facts['system_vendor'] == 'Microsoft Corporation' + +- set_fact: + cloud: "amazon" + when: + ansible_facts['system_vendor'] == 'Xen' + +- set_fact: + cloud: "vagrant" + when: + ansible_facts['system_vendor'] == 'innotek GmbH' + +- name: Get OS System Info + ansible.windows.win_shell: "systeminfo | findstr /B 'OS'" + register: windows_systeminfo + +- debug: var=windows_systeminfo.stdout_lines + +- name: Write Ansible hostvars to file + copy: + content: "{{ hostvars[inventory_hostname] }}" + dest: C:/soe-{{ version_number }}.json + mode: "0644" +# +- name: DEBUG - print hostvars + ansible.windows.win_shell: type C:/soe-{{ version_number }}.json + register: hostvarsPrinter + +- debug: var=hostvarsPrinter.stdout_lines + +# Create Ansible user for Tower +- name: Ensure user ansible is present + ansible.windows.win_user: + name: ansible + password: "aix1rii3Bahshuleikei5y" + update_password: always + state: present + groups: + - Users + - Administrators + +#- name: Create win_update log folder +# ansible.windows.win_file: +# path: C:\ansible_win_update_logs +# state: directory +# +#- name: Windows Update +# ansible.windows.win_updates: +# category_names: +# - Application +# - Connectors +# - CriticalUpdates +# - DefinitionUpdates +# - DeveloperKits +# - FeaturePacks +# - Guidance +# - SecurityUpdates +# - ServicePacks +# - Tools +# - UpdateRollups +# - Updates +# - Upgrades +# reboot: yes +# log_path: C:\ansible_win_update_logs\ansible_win_update.txt + +#- name: DEBUG - print win_update log +# ansible.windows.win_shell: type C:\ansible_win_update_logs\ansible_win_update.txt +# register: winUpdatePrinter + +#- debug: var=winUpdatePrinter.stdout_lines + +#- name: OS_disk +# win_shell: Get-PSDrive +# register: os_disk +# +#- debug: var=os_disk.stdout_lines +# +#- name: OS_memory +# debug: +# msg: "{{ ansible_memtotal_mb }}" +# +#- name: OS_service +# win_shell: Get-Service | Where-Object {$_.Status -EQ "Running"} +# register: os_services +# ignore_errors: true +# +#- debug: var=os_services.stdout_lines +# +#- name: OS_server_DNS +# win_shell: Get-DnsClientServerAddress +# register: server_DNS +# ignore_errors: true +# +#- debug: var=server_DNS.stdout_lines +# +#- name: Check if Windows Defendender is running +# win_shell: Get-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender" +# register: WindowsDefenderStatus +# ignore_errors: true +# +#- debug: var=WindowsDefenderStatus.stdout_lines +# +#- name: OS_Domain +# win_shell: Get-WmiObject Win32_ComputerSystem +# register: os_domain +# ignore_errors: true +# +#- debug: var=os_domain.stdout_lines +# +#- name: Run net localgroup Administrators +# win_shell: net localgroup Administrators +# register: net_localgroup_Administrators +# ignore_errors: true +# +#- debug: var=net_localgroup_Administrators.stdout_lines +# +#- name: "Allow Remote Desktop Protocol (rdp) connections" +# win_shell: "New-NetFirewallRule -Name rdp -DisplayName 'Remote Desktop Protocol (rdp)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 3389" +# ignore_errors: true +# +#- name: "Run netstat /p tcp /a | findstr 3389" +# win_shell: "netstat /p tcp /a | findstr 3389" +# register: netstat_findstr_3389 +# ignore_errors: true +# +#- debug: var=netstat_findstr_3389.stdout_lines +# +#- name: "Allow OpenSSH Server (sshd) connections" +# win_shell: "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22" +# ignore_errors: true +# +#- name: "Run netstat /p tcp /a | findstr 22" +# win_shell: "netstat /p tcp /a | findstr 22" +# register: netstat_findstr_22 +# ignore_errors: true +# +#- debug: var=netstat_findstr_22.stdout_lines + +- name: "Run Get-LocalUser | Select *" + win_shell: "Get-LocalUser | Select *" + register: get_local_user + ignore_errors: true + +- debug: var=get_local_user.stdout_lines diff --git a/ansible/roles/ansible-role-example-role/templates/.gitkeep b/ansible/roles/ansible-role-example-role/templates/.gitkeep new file mode 100644 index 0000000..5733f77 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/templates/.gitkeep @@ -0,0 +1 @@ +# Directory \ No newline at end of file diff --git a/ansible/roles/ansible-role-example-role/vars/main.yml b/ansible/roles/ansible-role-example-role/vars/main.yml new file mode 100644 index 0000000..ed97d53 --- /dev/null +++ b/ansible/roles/ansible-role-example-role/vars/main.yml @@ -0,0 +1 @@ +--- diff --git a/ansible/roles/ansible-role-example-role/wsl.PNG b/ansible/roles/ansible-role-example-role/wsl.PNG new file mode 100644 index 0000000..2c8c8fe Binary files /dev/null and b/ansible/roles/ansible-role-example-role/wsl.PNG differ diff --git a/database/mssql.sh b/database/mssql.sh index c3eabe1..7b8120f 100644 --- a/database/mssql.sh +++ b/database/mssql.sh @@ -1,9 +1,27 @@ #!/bin/bash # https://hub.docker.com/_/microsoft-mssql-server # https://www.vaultproject.io/docs/secrets/databases/mssql.html - +echo -e '\e[38;5;198m'"++++ " +echo -e '\e[38;5;198m'"++++ Cleanup" +echo -e '\e[38;5;198m'"++++ " sudo docker stop mssql sudo docker rm mssql +yes | sudo docker system prune -a +yes | sudo docker system prune --volumes +if pgrep -x "vault" >/dev/null +then + echo -e '\e[38;5;198m'"++++ " + echo -e '\e[38;5;198m'"++++ Vault is running" + echo -e '\e[38;5;198m'"++++ " +else + echo -e '\e[38;5;198m'"++++ " + echo -e '\e[38;5;198m'"++++ Ensure Vault is running.." + echo -e '\e[38;5;198m'"++++ " + sudo bash /vagrant/hashicorp/vault.sh +fi +export VAULT_ADDR=http://127.0.0.1:8200 +vault status + # yes | sudo docker system prune -a # yes | sudo docker system prune --volumes sudo docker run \ diff --git a/database/mysql.sh b/database/mysql.sh index 1d7b552..3459d25 100644 --- a/database/mysql.sh +++ b/database/mysql.sh @@ -1,10 +1,30 @@ #!/bin/bash # https://hub.docker.com/_/mysql # https://www.vaultproject.io/docs/secrets/mysql/index.html +echo -e '\e[38;5;198m'"++++ " +echo -e '\e[38;5;198m'"++++ Cleanup" +echo -e '\e[38;5;198m'"++++ " sudo docker stop mysql sudo docker rm mysql yes | sudo docker system prune -a yes | sudo docker system prune --volumes +if pgrep -x "vault" >/dev/null +then + echo -e '\e[38;5;198m'"++++ " + echo -e '\e[38;5;198m'"++++ Vault is running" + echo -e '\e[38;5;198m'"++++ " +else + echo -e '\e[38;5;198m'"++++ " + echo -e '\e[38;5;198m'"++++ Ensure Vault is running.." + echo -e '\e[38;5;198m'"++++ " + sudo bash /vagrant/hashicorp/vault.sh +fi +export VAULT_ADDR=http://127.0.0.1:8200 +vault status + +echo -e '\e[38;5;198m'"++++ " +echo -e '\e[38;5;198m'"++++ Bring up a MySQL database on Docker" +echo -e '\e[38;5;198m'"++++ " sudo DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install mysql-client sudo docker run \ --memory 512M \ @@ -14,24 +34,44 @@ sudo docker run \ -d mysql:latest \ --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci sleep 60; +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Show databases" +echo -e '\e[38;5;198m'"++++ " mysql -h 127.0.0.1 -u root -ppassword -e "show databases;" +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Create Vault MySQL user" +echo -e '\e[38;5;198m'"++++ " mysql -h 127.0.0.1 -u root -ppassword -e "CREATE USER 'vault'@'%' IDENTIFIED BY 'password';" +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Grant MySQL user \"vault\" acces" +echo -e '\e[38;5;198m'"++++ " mysql -h 127.0.0.1 -u root -ppassword -e "GRANT ALL PRIVILEGES ON *.* TO 'vault'@'%' WITH GRANT OPTION;" mysql -h 127.0.0.1 -u root -ppassword -e "GRANT CREATE USER ON *.* to 'vault'@'%';" +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Enable Vault secrets database engine" +echo -e '\e[38;5;198m'"++++ " vault secrets enable database +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Create Vault database mysqldb config" +echo -e '\e[38;5;198m'"++++ " vault write database/config/mysqldb plugin_name=mysql-database-plugin connection_url='{{username}}:{{password}}@tcp(localhost:3306)/' allowed_roles='mysql-role' username='vault' password='password' +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Create Vault role" +echo -e '\e[38;5;198m'"++++ " vault write database/roles/mysql-role db_name=mysqldb creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT ALL PRIVILEGES ON mysqldb.* TO '{{name}}'@'%';" default_ttl='5m' max_ttl='5m' +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Show MySQL users" +echo -e '\e[38;5;198m'"++++ " mysql -h 127.0.0.1 -u root -ppassword -e "SELECT User, Host from mysql.user;" +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Ask Vault to create MySQL user with access" +echo -e '\e[38;5;198m'"++++ " vault read database/creds/mysql-role +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Now show MySQL users again, with new Vault user created" +echo -e '\e[38;5;198m'"++++ " mysql -h 127.0.0.1 -u root -ppassword -e "SELECT User, Host from mysql.user;" +echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Instructions" echo -e '\e[38;5;198m'"++++ mysql -h 127.0.0.1 -u root -ppassword" +echo -e '\e[38;5;198m'"++++ " diff --git a/database/postgresql.sh b/database/postgresql.sh index 316f9fa..90267fb 100644 --- a/database/postgresql.sh +++ b/database/postgresql.sh @@ -1,45 +1,40 @@ #!/bin/bash # https://hub.docker.com/_/postgres # https://www.vaultproject.io/docs/secrets/databases/postgresql - echo -e '\e[38;5;198m'"++++ " -echo -e '\e[38;5;198m'"++++ Ensure postgres docker container is running" +echo -e '\e[38;5;198m'"++++ Cleanup" echo -e '\e[38;5;198m'"++++ " sudo docker stop postgres sudo docker rm postgres yes | sudo docker system prune -a yes | sudo docker system prune --volumes -sudo docker run --name postgres -e POSTGRES_USER=root \ - -e POSTGRES_PASSWORD=rootpassword \ - -d -p 5432:5432 postgres - -sleep 15; - -echo -e '\e[38;5;198m'"++++ " -echo -e '\e[38;5;198m'"++++ Ensure postgresql-client is installed" -echo -e '\e[38;5;198m'"++++ " -sudo apt-get install -y postgresql-client libpq-dev python3.9-dev - if pgrep -x "vault" >/dev/null then echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Vault is running" echo -e '\e[38;5;198m'"++++ " - echo -e '\e[38;5;198m'"" - echo -e '\e[38;5;198m'"++++ " - echo -e '\e[38;5;198m'"++++ Vault status" - echo -e '\e[38;5;198m'"++++ " - vault status else echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Ensure Vault is running.." echo -e '\e[38;5;198m'"++++ " sudo bash /vagrant/hashicorp/vault.sh - echo -e '\e[38;5;198m'"++++ " - echo -e '\e[38;5;198m'"++++ Vault status" - echo -e '\e[38;5;198m'"++++ " - vault status fi +export VAULT_ADDR=http://127.0.0.1:8200 +vault status + +echo -e '\e[38;5;198m'"++++ " +echo -e '\e[38;5;198m'"++++ Ensure postgres docker container is running" +echo -e '\e[38;5;198m'"++++ " +sudo docker run --name postgres -e POSTGRES_USER=root \ + -e POSTGRES_PASSWORD=rootpassword \ + -d -p 5432:5432 postgres + +sleep 15; + +echo -e '\e[38;5;198m'"++++ " +echo -e '\e[38;5;198m'"++++ Ensure postgresql-client is installed" +echo -e '\e[38;5;198m'"++++ " +sudo apt-get install -y postgresql-client libpq-dev python3.9-dev echo -e '\e[38;5;198m'"++++ " echo -e '\e[38;5;198m'"++++ Source /etc/environment" diff --git a/hashicorp/README.md b/hashicorp/README.md index b2dde6d..853ebd1 100644 --- a/hashicorp/README.md +++ b/hashicorp/README.md @@ -111,663 +111,13 @@ Packer will build a Docker container, use the Shell and Ansible provisioners, An https://learn.hashicorp.com/vault/getting-started/secrets-engines https://docs.ansible.com/ansible/latest/plugins/lookup/hashi_vault.html -We currently create with Packer: +Packer Templates can be found in hashicorp/packer/linux and hashicorp/packer/windows -__Linux__ +You can build local Windows and Ubuntu boxes with packer using these commands -* Docker: Ubuntu configured with Ansible +You must be in the directory hashiqube/hashicorp/packer -__Windows__ - -_Thanks to StefanScherer:_
-_https://github.com/StefanScherer/packer-windows_
-_https://github.com/StefanScherer/windows-docker-machine_
-_and_
-_joefitzgerald https://github.com/joefitzgerald/packer-windows_
-_and_
-_haxorof https://github.com/haxorof/packer-rhel_
-* Azure: Windows VM -* Vagrant: -* VMWare: -* Docker: -* HyperV: - -https://github.com/StefanScherer/packer-windows - -### Build Windows Virtualbox-iso - -__On your Host computer__ in `hashiqube/hashicorp/packer/windows` folder, please do: - -*~/workspace/hashiqube/hashicorp/packer/windows $* `packer inspect windows_2019.json` -``` -Optional variables and their defaults: - - autounattend = ./answer_files/2019/Autounattend.xml - disk_size = 61440 - disk_type_id = 1 - headless = true - hyperv_switchname = {{env `hyperv_switchname`}} - iso_checksum = 221F9ACBC727297A56674A0F1722B8AC7B6E840B4E1FFBDD538A9ED0DA823562 - iso_checksum_type = sha256 - iso_url = https://software-download.microsoft.com/download/sg/17763.379.190312-0539.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso - manually_download_iso_from = https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019 - restart_timeout = 5m - virtio_win_iso = ~/virtio-win.iso - winrm_timeout = 2h - -Builders: - - hyperv-iso - qemu - virtualbox-iso - vmware-iso - -Provisioners: - - windows-shell - powershell - windows-restart - windows-shell - -Note: If your build names contain user variables or template -functions such as 'timestamp', these are processed at build time, -and therefore only show in their raw form here. -``` - -*~/workspace/hashiqube/hashicorp/packer/windows $* `packer build --only=virtualbox-iso windows_2019.json` - -``` -virtualbox-iso: output will be in this color. - -==> virtualbox-iso: Retrieving ISO -==> virtualbox-iso: Trying https://software-download.microsoft.com/download/sg/17763.379.190312-0539.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso -==> virtualbox-iso: Trying https://software-download.microsoft.com/download/sg/17763.379.190312-0539.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso?checksum=sha256%3A221F9ACBC727297A56674A0F1722B8AC7B6E840B4E1FFBDD538A9ED0DA823562 -==> virtualbox-iso: https://software-download.microsoft.com/download/sg/17763.379.190312-0539.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us.iso?checksum=sha256%3A221F9ACBC727297A56674A0F1722B8AC7B6E840B4E1FFBDD538A9ED0DA823562 => /Users/riaannolan/workspace/hashiqube/hashicorp/packer/windows/packer_cache/c918dc8dbd1474b3d3cfe001787f98e93e18ae0e.iso -==> virtualbox-iso: Creating floppy disk... - virtualbox-iso: Copying files flatly from floppy_files - virtualbox-iso: Copying file: ./answer_files/2019/Autounattend.xml - virtualbox-iso: Copying file: ./scripts/disable-screensaver.ps1 - virtualbox-iso: Copying file: ./scripts/disable-winrm.ps1 - virtualbox-iso: Copying file: ./scripts/enable-winrm.ps1 - virtualbox-iso: Copying file: ./scripts/microsoft-updates.bat - virtualbox-iso: Copying file: ./scripts/win-updates.ps1 - virtualbox-iso: Copying file: ./scripts/unattend.xml - virtualbox-iso: Copying file: ./scripts/sysprep.bat - virtualbox-iso: Done copying files from floppy_files - virtualbox-iso: Collecting paths from floppy_dirs - virtualbox-iso: Resulting paths from floppy_dirs : [] - virtualbox-iso: Done copying paths from floppy_dirs -==> virtualbox-iso: Creating ephemeral key pair for SSH communicator... -==> virtualbox-iso: Created ephemeral SSH key pair for communicator -==> virtualbox-iso: Creating virtual machine... -==> virtualbox-iso: Creating hard drive... -==> virtualbox-iso: Attaching floppy disk... -==> virtualbox-iso: Creating forwarded port mapping for communicator (SSH, WinRM, etc) (host port 3409) -==> virtualbox-iso: Starting the virtual machine... - virtualbox-iso: The VM will be run headless, without a GUI. If you want to - virtualbox-iso: view the screen of the VM, connect via VRDP without a password to - virtualbox-iso: rdp://127.0.0.1:5915 -==> virtualbox-iso: Waiting 2m0s for boot... -==> virtualbox-iso: Typing the boot command... -==> virtualbox-iso: Using winrm communicator to connect: 127.0.0.1 -==> virtualbox-iso: Waiting for WinRM to become available... -==> virtualbox-iso: #< CLIXML - virtualbox-iso: WinRM connected. -==> virtualbox-iso: System.Management.Automation.PSCustomObjectSystem.Object1Preparing modules for first use.0-1-1Completed-1 1Preparing modules for first use.0-1-1Completed-1 -==> virtualbox-iso: Connected to WinRM! -==> virtualbox-iso: Uploading VirtualBox version info (6.0.14) -==> virtualbox-iso: Provisioning with windows-shell... -==> virtualbox-iso: Provisioning with shell script: ./scripts/vm-guest-tools.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if not exist "C:\Windows\Temp\7z1900-x64.msi" (powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" 0if not exist "C:\Windows\Temp\7z1900-x64.msi" (powershell -Command "Start-Sleep 5 ; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" 0msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if "virtualbox-iso" EQU "vmware-iso" goto :vmware - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if "virtualbox-iso" EQU "virtualbox-iso" goto :virtualbox - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" (move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp ) - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" (powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/6.0.10/VBoxGuestAdditions_6.0.10.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" 0cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox" - virtualbox-iso: - virtualbox-iso: 7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21 - virtualbox-iso: - virtualbox-iso: Scanning the drive for archives: - virtualbox-iso: 1 file, 77162496 bytes (74 MiB) - virtualbox-iso: - virtualbox-iso: Extracting archive: C:\Windows\Temp\VBoxGuestAdditions.iso - virtualbox-iso: - virtualbox-iso: WARNINGS: - virtualbox-iso: There are data after the end of archive - virtualbox-iso: - virtualbox-iso: -- - virtualbox-iso: Path = C:\Windows\Temp\VBoxGuestAdditions.iso - virtualbox-iso: Type = Iso - virtualbox-iso: WARNINGS: - virtualbox-iso: There are data after the end of archive - virtualbox-iso: Physical Size = 76853248 - virtualbox-iso: Tail Size = 309248 - virtualbox-iso: Created = 2019-07-12 01:13:14 - virtualbox-iso: Modified = 2019-07-12 01:13:14 - virtualbox-iso: - virtualbox-iso: Everything is Ok - virtualbox-iso: - virtualbox-iso: Archives with Warnings: 1 - virtualbox-iso: - virtualbox-iso: Warnings: 1 - virtualbox-iso: Folders: 3 - virtualbox-iso: Files: 38 - virtualbox-iso: Size: 76740482 - virtualbox-iso: Compressed: 77162496 - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>cmd /c for %i in (C:\Windows\Temp\virtualbox\cert\vbox*.cer) do C:\Windows\Temp\virtualbox\cert\VBoxCertUtil add-trusted-publisher %i --root %i - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>C:\Windows\Temp\virtualbox\cert\VBoxCertUtil add-trusted-publisher C:\Windows\Temp\virtualbox\cert\vbox-sha1.cer --root C:\Windows\Temp\virtualbox\cert\vbox-sha1.cer - virtualbox-iso: VBoxCertUtil.exe: info: Successfully added 'C:\Windows\Temp\virtualbox\cert\vbox-sha1.cer' as trusted publisher - virtualbox-iso: VBoxCertUtil.exe: info: Successfully added 'C:\Windows\Temp\virtualbox\cert\vbox-sha1.cer' as root - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>C:\Windows\Temp\virtualbox\cert\VBoxCertUtil add-trusted-publisher C:\Windows\Temp\virtualbox\cert\vbox-sha256.cer --root C:\Windows\Temp\virtualbox\cert\vbox-sha256.cer - virtualbox-iso: VBoxCertUtil.exe: info: Successfully added 'C:\Windows\Temp\virtualbox\cert\vbox-sha256.cer' as trusted publisher - virtualbox-iso: VBoxCertUtil.exe: info: Successfully added 'C:\Windows\Temp\virtualbox\cert\vbox-sha256.cer' as root - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>cmd /c C:\Windows\Temp\virtualbox\VBoxWindowsAdditions.exe /S - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rd /S /Q "C:\Windows\Temp\virtualbox" - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>goto :done - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi -==> virtualbox-iso: Provisioning with shell script: ./scripts/enable-rdp.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389 - virtualbox-iso: Ok. - virtualbox-iso: - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f - virtualbox-iso: The operation completed successfully. -==> virtualbox-iso: Provisioning with Powershell... -==> virtualbox-iso: Provisioning with powershell script: ./scripts/debloat-windows.ps1 - virtualbox-iso: Downloading debloat zip - virtualbox-iso: Disable Windows Defender - virtualbox-iso: -==> virtualbox-iso: Uninstall-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid: -==> virtualbox-iso: 'Windows-Defender-Features'. The name was not found. -==> virtualbox-iso: At C:\Windows\Temp\script-5e1aeb39-0fd2-6a09-688e-4196b41ad17f.ps1:20 char:5 - virtualbox-iso: Success Restart Needed Exit Code Feature Result - virtualbox-iso: ------- -------------- --------- -------------- - virtualbox-iso: False No InvalidArgs {} - virtualbox-iso: Optimize Windows Update - virtualbox-iso: Disable automatic download and installation of Windows updates - virtualbox-iso: Disable seeding of updates to other computers via Group Policies - virtualbox-iso: - virtualbox-iso: Property : {} - virtualbox-iso: PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOpti - virtualbox-iso: mization - virtualbox-iso: PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows - virtualbox-iso: PSChildName : DeliveryOptimization - virtualbox-iso: PSDrive : HKLM - virtualbox-iso: PSProvider : Microsoft.PowerShell.Core\Registry - virtualbox-iso: PSIsContainer : True - virtualbox-iso: SubKeyCount : 0 - virtualbox-iso: View : Default - virtualbox-iso: Handle : Microsoft.Win32.SafeHandles.SafeRegistryHandle - virtualbox-iso: ValueCount : 0 - virtualbox-iso: Name : HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization - virtualbox-iso: - virtualbox-iso: Disable 'Updates are available' message - virtualbox-iso: - virtualbox-iso: SUCCESS: The file (or folder): "C:\Windows\System32\MusNotification.exe" now owned by user "VAGRANT-2019\vagrant". - virtualbox-iso: processed file: C:\Windows\System32\MusNotification.exe - virtualbox-iso: Successfully processed 1 files; Failed processing 0 files - virtualbox-iso: - virtualbox-iso: SUCCESS: The file (or folder): "C:\Windows\System32\MusNotificationUx.exe" now owned by user "VAGRANT-2019\vagrant". - virtualbox-iso: processed file: C:\Windows\System32\MusNotificationUx.exe - virtualbox-iso: Successfully processed 1 files; Failed processing 0 files -==> virtualbox-iso: + Uninstall-WindowsFeature Windows-Defender-Features -==> virtualbox-iso: + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -==> virtualbox-iso: + CategoryInfo : InvalidArgument: (Windows-Defender-Features:String) [Uninstall-WindowsFeature], Exceptio -==> virtualbox-iso: n -==> virtualbox-iso: + FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.RemoveWindowsFeatureCommand -==> virtualbox-iso: Restarting Machine -==> virtualbox-iso: Waiting for machine to restart... -==> virtualbox-iso: A system shutdown is in progress.(1115) - virtualbox-iso: VAGRANT-2019 restarted. -==> virtualbox-iso: #< CLIXML -==> virtualbox-iso: System.Management.Automation.PSCustomObjectSystem.Object1Preparing modules for first use.0-1-1Completed-1 -==> virtualbox-iso: Machine successfully restarted, moving on -==> virtualbox-iso: Provisioning with windows-shell... -==> virtualbox-iso: Provisioning with shell script: ./scripts/pin-powershell.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rem https://connect.microsoft.com/PowerShell/feedback/details/1609288/pin-to-taskbar-no-longer-working-in-windows-10 - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>copy "A:\WindowsPowerShell.lnk" "C:\Users\vagrant\AppData\Local\Temp\Windows PowerShell.lnk" - virtualbox-iso: The system cannot find the file specified. -==> virtualbox-iso: 'A:\PinTo10.exe' is not recognized as an internal or external command, -==> virtualbox-iso: operable program or batch file. - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>A:\PinTo10.exe /PTFOL01:'C:\Users\vagrant\AppData\Local\Temp' /PTFILE01:'Windows PowerShell.lnk' - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>exit /b 0 -==> virtualbox-iso: Provisioning with shell script: ./scripts/set-winrm-automatic.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>echo Set WinRM start type to auto - virtualbox-iso: Set WinRM start type to auto - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>sc config winrm start= auto - virtualbox-iso: [SC] ChangeServiceConfig SUCCESS -==> virtualbox-iso: Provisioning with shell script: ./scripts/uac-enable.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v EnableLUA /t REG_DWORD /d 1 - virtualbox-iso: The operation completed successfully. -==> virtualbox-iso: Provisioning with shell script: ./scripts/compile-dotnet-assemblies.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if "AMD64" == "AMD64" goto 64BIT - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>C:\Windows\microsoft.net\framework\v4.0.30319\ngen.exe update /force /queue 1>NUL - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>C:\Windows\microsoft.net\framework64\v4.0.30319\ngen.exe update /force /queue 1>NUL - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>C:\Windows\microsoft.net\framework\v4.0.30319\ngen.exe executequeueditems 1>NUL - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>C:\Windows\microsoft.net\framework64\v4.0.30319\ngen.exe executequeueditems 1>NUL - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>exit 0 -==> virtualbox-iso: Provisioning with shell script: ./scripts/dis-updates.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rem http://www.windows-commandline.com/disable-automatic-updates-command-line/ - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f - virtualbox-iso: The operation completed successfully. - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rem remove optional WSUS server settings - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" /f - virtualbox-iso: The operation completed successfully. - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rem even harder, disable windows update service - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rem sc config wuauserv start= disabled - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rem net stop wuauserv - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>set logfile=C:\Windows\Temp\win-updates.log - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if exist C:\Windows\Temp\win-updates.log ( - virtualbox-iso: echo Show Windows Updates log file C:\Windows\Temp\win-updates.log - virtualbox-iso: dir C:\Windows\Temp\win-updates.log - virtualbox-iso: type C:\Windows\Temp\win-updates.log - virtualbox-iso: rem output of type command is not fully shown in packer/ssh session, so try PowerShell - virtualbox-iso: rem but it will hang if log file is about 22 KByte - virtualbox-iso: rem powershell -command "Get-Content C:\Windows\Temp\win-updates.log" - virtualbox-iso: echo End of Windows Updates log file C:\Windows\Temp\win-updates.log - virtualbox-iso: ) -==> virtualbox-iso: Provisioning with shell script: ./scripts/compact.bat - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if "virtua" == "hyperv" ( - virtualbox-iso: echo "Skip compact steps in Hyper-V build." - virtualbox-iso: goto :eof - virtualbox-iso: ) - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if not exist "C:\Windows\Temp\7z1900-x64.msi" (powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" 0msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if not exist "C:\Windows\Temp\ultradefrag.zip" (powershell -Command "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://downloads.sourceforge.net/project/ultradefrag/stable-release/6.1.0/ultradefrag-portable-6.1.0.bin.amd64.zip', 'C:\Windows\Temp\ultradefrag.zip')" 0if not exist "C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe" (cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\ultradefrag.zip -oC:\Windows\Temp" ) - virtualbox-iso: - virtualbox-iso: 7-Zip 19.00 (x64) : Copyright (c) 1999-2018 Igor Pavlov : 2019-02-21 - virtualbox-iso: - virtualbox-iso: Scanning the drive for archives: - virtualbox-iso: 1 file, 768893 bytes (751 KiB) - virtualbox-iso: - virtualbox-iso: Extracting archive: C:\Windows\Temp\ultradefrag.zip - virtualbox-iso: -- - virtualbox-iso: Path = C:\Windows\Temp\ultradefrag.zip - virtualbox-iso: Type = zip - virtualbox-iso: Physical Size = 768893 - virtualbox-iso: - virtualbox-iso: Everything is Ok - virtualbox-iso: - virtualbox-iso: Folders: 5 - virtualbox-iso: Files: 166 - virtualbox-iso: Size: 2433004 - virtualbox-iso: Compressed: 768893 - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if not exist "C:\Windows\Temp\SDelete.zip" ( - virtualbox-iso: powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://download.sysinternals.com/files/SDelete.zip', 'C:\Windows\Temp\SDelete.zip')" 0if not exist "C:\Windows\Temp\sdelete.exe" (cmd /c ""C:\Program Files\7-Zip\7z.exe" x C:\Windows\Temp\SDelete.zip -oC:\Windows\Temp" ) - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>net stop wuauserv - virtualbox-iso: -==> virtualbox-iso: The Windows Update service is not started. -==> virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>rmdir /S /Q C:\Windows\SoftwareDistribution\Download - virtualbox-iso: -==> virtualbox-iso: More help is available by typing NET HELPMSG 3521. - virtualbox-iso: C:\Users\vagrant>mkdir C:\Windows\SoftwareDistribution\Download - virtualbox-iso: -==> virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>net start wuauserv - virtualbox-iso: The Windows Update service is starting. - virtualbox-iso: The Windows Update service was started successfully. - virtualbox-iso: - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if "virtualbox-iso" NEQ "hyperv-iso" ( - virtualbox-iso: cmd /c C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe --optimize --repeat C: - virtualbox-iso: cmd /c C:\Windows\System32\reg.exe ADD HKCU\Software\Sysinternals\SDelete /v EulaAccepted /t REG_DWORD /d 1 /f - virtualbox-iso: cmd /c C:\Windows\Temp\sdelete.exe -q -z C: - virtualbox-iso: ) - virtualbox-iso: UltraDefrag 6.1.0, Copyright (c) UltraDefrag Development Team, 2007-2013. - virtualbox-iso: UltraDefrag comes with ABSOLUTELY NO WARRANTY. This is free software, - virtualbox-iso: and you are welcome to redistribute it under certain conditions. - virtualbox-iso: - virtualbox-iso: C: defrag: 100.00% complete, 7 passes needed, fragmented/total = 6/205593 - virtualbox-iso: The operation completed successfully. - virtualbox-iso: - virtualbox-iso: SDelete - Secure Delete v1.61 - virtualbox-iso: Copyright (C) 1999-2012 Mark Russinovich - virtualbox-iso: Sysinternals - www.sysinternals.com - virtualbox-iso: - virtualbox-iso: SDelete is set for 1 pass. - virtualbox-iso: Free space cleaned on C:\ - virtualbox-iso: 1 drives zapped - virtualbox-iso: -==> virtualbox-iso: Gracefully halting virtual machine... - virtualbox-iso: -==> virtualbox-iso: The service name is invalid. -==> virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>net stop tiledatamodelsvc -==> virtualbox-iso: More help is available by typing NET HELPMSG 2185. -==> virtualbox-iso: - virtualbox-iso: - virtualbox-iso: C:\Users\vagrant>if exist a:\unattend.xml (c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:a:\unattend.xml ) else ( - virtualbox-iso: del /F \Windows\System32\Sysprep\unattend.xml - virtualbox-iso: c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /quiet - virtualbox-iso: ) - virtualbox-iso: Removing floppy drive... -==> virtualbox-iso: Preparing to export machine... - virtualbox-iso: Deleting forwarded port mapping for the communicator (SSH, WinRM, etc) (host port 3409) -==> virtualbox-iso: Exporting virtual machine... - virtualbox-iso: Executing: export WindowsServer2019 --output output-virtualbox-iso/WindowsServer2019.ovf -==> virtualbox-iso: Deregistering and deleting VM... -==> virtualbox-iso: Running post-processor: vagrant -==> virtualbox-iso (vagrant): Creating Vagrant box for 'virtualbox' provider - virtualbox-iso (vagrant): Copying from artifact: output-virtualbox-iso/WindowsServer2019-disk001.vmdk - virtualbox-iso (vagrant): Copying from artifact: output-virtualbox-iso/WindowsServer2019.ovf - virtualbox-iso (vagrant): Renaming the OVF to box.ovf... - virtualbox-iso (vagrant): Using custom Vagrantfile: vagrantfile-windows_2016.template - virtualbox-iso (vagrant): Compressing: Vagrantfile - virtualbox-iso (vagrant): Compressing: WindowsServer2019-disk001.vmdk - virtualbox-iso (vagrant): Compressing: box.ovf - virtualbox-iso (vagrant): Compressing: metadata.json -Build 'virtualbox-iso' finished. - -==> Builds finished. The artifacts of successful builds are: ---> virtualbox-iso: 'virtualbox' provider box: windows_2019_virtualbox.box -``` - -*~/workspace/hashiqube/hashicorp/packer/windows $* `ls -lah | grep box` -``` --rw-r--r-- 1 riaannolan staff 4.5G 12 Jan 21:18 windows_2019_virtualbox.box -``` - -### Build RedHat Virtualbox-iso - -__On your Host computer__ in `hashiqube/hashicorp/packer/linux/rhel` folder, please do: - -*~/workspace/hashiqube/hashicorp/packer/linux/rhel $* `packer build --only=virtualbox-iso rhel8.json` - -``` -virtualbox-iso: output will be in this color. - -==> virtualbox-iso: Retrieving Guest additions -==> virtualbox-iso: Trying /Applications/VirtualBox.app/Contents/MacOS/VBoxGuestAdditions.iso -==> virtualbox-iso: Trying /Applications/VirtualBox.app/Contents/MacOS/VBoxGuestAdditions.iso -==> virtualbox-iso: /Applications/VirtualBox.app/Contents/MacOS/VBoxGuestAdditions.iso => /Users/riaannolan/workspace/hashiqube/hashicorp/packer/linux/rhel/packer_cache/7784a55a71d48a1e9b5c487431438fef0f19d87f.iso -==> virtualbox-iso: Retrieving ISO -==> virtualbox-iso: Trying iso/rhel-8.1-x86_64-dvd.iso -==> virtualbox-iso: Trying iso/rhel-8.1-x86_64-dvd.iso?checksum=sha256%3A2323ad44d75df1a1e83048a34e196ddfedcd6c0f6c49ea59bf08095e3bb9ef65 -==> virtualbox-iso: iso/rhel-8.1-x86_64-dvd.iso?checksum=sha256%3A2323ad44d75df1a1e83048a34e196ddfedcd6c0f6c49ea59bf08095e3bb9ef65 => /Users/riaannolan/workspace/hashiqube/hashicorp/packer/linux/rhel/packer_cache/e0829642bf518828676fda5c2502fd75ea3a305b.iso -==> virtualbox-iso: Starting HTTP server on port 8182 -==> virtualbox-iso: Creating virtual machine... -==> virtualbox-iso: Creating hard drive... -==> virtualbox-iso: Creating forwarded port mapping for communicator (SSH, WinRM, etc) (host port 2429) -==> virtualbox-iso: Executing custom VBoxManage commands... - virtualbox-iso: Executing: modifyvm packer-rhel-8-x86_64 --memory 1024 - virtualbox-iso: Executing: modifyvm packer-rhel-8-x86_64 --cpus 2 -==> virtualbox-iso: Starting the virtual machine... - virtualbox-iso: The VM will be run headless, without a GUI. If you want to - virtualbox-iso: view the screen of the VM, connect via VRDP without a password to - virtualbox-iso: rdp://127.0.0.1:5919 -==> virtualbox-iso: Waiting 10s for boot... -==> virtualbox-iso: Typing the boot command... -==> virtualbox-iso: Using ssh communicator to connect: 127.0.0.1 -==> virtualbox-iso: Waiting for SSH to become available... -==> virtualbox-iso: Connected to SSH! -==> virtualbox-iso: Uploading VirtualBox version info (6.0.14) -==> virtualbox-iso: Uploading VirtualBox guest additions ISO... -==> virtualbox-iso: Provisioning with shell script: scripts/cleanup.sh -==> virtualbox-iso: dd: error writing '/EMPTY': No space left on device -==> virtualbox-iso: 5882+0 records in -==> virtualbox-iso: 5881+0 records out -==> virtualbox-iso: 6166740992 bytes (6.2 GB, 5.7 GiB) copied, 11.4726 s, 538 MB/s -==> virtualbox-iso: Gracefully halting virtual machine... -==> virtualbox-iso: Preparing to export machine... - virtualbox-iso: Deleting forwarded port mapping for the communicator (SSH, WinRM, etc) (host port 2429) -==> virtualbox-iso: Exporting virtual machine... - virtualbox-iso: Executing: export packer-rhel-8-x86_64 --output output-virtualbox-iso/packer-rhel-8-x86_64.ovf -==> virtualbox-iso: Deregistering and deleting VM... -==> virtualbox-iso: Running post-processor: vagrant -==> virtualbox-iso (vagrant): Creating Vagrant box for 'virtualbox' provider - virtualbox-iso (vagrant): Copying from artifact: output-virtualbox-iso/packer-rhel-8-x86_64-disk001.vmdk - virtualbox-iso (vagrant): Copying from artifact: output-virtualbox-iso/packer-rhel-8-x86_64.ovf - virtualbox-iso (vagrant): Renaming the OVF to box.ovf... - virtualbox-iso (vagrant): Compressing: Vagrantfile - virtualbox-iso (vagrant): Compressing: box.ovf - virtualbox-iso (vagrant): Compressing: metadata.json - virtualbox-iso (vagrant): Compressing: packer-rhel-8-x86_64-disk001.vmdk -Build 'virtualbox-iso' finished. - -==> Builds finished. The artifacts of successful builds are: ---> virtualbox-iso: 'virtualbox' provider box: builds/virtualbox-rhel-8.box -``` - -### Build Ubuntu Docker-image - -__On your Host computer OR in the VM__ please do:
-*~/workspace/hashiqube/hashicorp/packer/linux/ubuntu $* `vagrant ssh -c "cd /vagrant/hashicorp/packer/linux/ubuntu; packer build ubuntu16.04.json"` -``` -docker: output will be in this color. - -==> docker: Creating a temporary directory for sharing data... -==> docker: Pulling Docker image: ubuntu:16.04 - docker: 16.04: Pulling from library/ubuntu - docker: 3386e6af03b0: Pulling fs layer - docker: 49ac0bbe6c8e: Pulling fs layer - docker: d1983a67e104: Pulling fs layer - docker: 1a0f3a523f04: Pulling fs layer - docker: 1a0f3a523f04: Waiting - docker: 49ac0bbe6c8e: Verifying Checksum - docker: 49ac0bbe6c8e: Download complete - docker: d1983a67e104: Verifying Checksum - docker: d1983a67e104: Download complete - docker: 1a0f3a523f04: Verifying Checksum - docker: 1a0f3a523f04: Download complete - docker: 3386e6af03b0: Verifying Checksum - docker: 3386e6af03b0: Download complete - docker: 3386e6af03b0: Pull complete - docker: 49ac0bbe6c8e: Pull complete - docker: d1983a67e104: Pull complete - docker: 1a0f3a523f04: Pull complete - docker: Digest: sha256:181800dada370557133a502977d0e3f7abda0c25b9bbb035f199f5eb6082a114 - docker: Status: Downloaded newer image for ubuntu:16.04 - docker: docker.io/library/ubuntu:16.04 -==> docker: Starting docker container... - docker: Run command: docker run -v /home/vagrant/.packer.d/tmp020519102:/packer-files -d -i -t --name default ubuntu:16.04 /bin/bash - docker: Container ID: e377a38c8c09fc55c3ac85a61357c2125323d85a4582ab20814a44771145c0bc -==> docker: Using docker communicator to connect: 172.17.0.7 -==> docker: Provisioning with shell script: /tmp/packer-shell695982158 - docker: Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB] - docker: Get:2 http://archive.ubuntu.com/ubuntu xenial InRelease [247 kB] - docker: Get:3 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB] - docker: Get:4 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages [1031 kB] - docker: Get:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB] - docker: Get:6 http://security.ubuntu.com/ubuntu xenial-security/restricted amd64 Packages [12.7 kB] - docker: Get:7 http://security.ubuntu.com/ubuntu xenial-security/universe amd64 Packages [595 kB] - docker: Get:8 http://security.ubuntu.com/ubuntu xenial-security/multiverse amd64 Packages [6280 B] - docker: Get:9 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages [1558 kB] - docker: Get:10 http://archive.ubuntu.com/ubuntu xenial/restricted amd64 Packages [14.1 kB] - docker: Get:11 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages [9827 kB] - docker: Get:12 http://archive.ubuntu.com/ubuntu xenial/multiverse amd64 Packages [176 kB] - docker: Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [1408 kB] - docker: Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/restricted amd64 Packages [13.1 kB] - docker: Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [998 kB] - docker: Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/multiverse amd64 Packages [19.3 kB] - docker: Get:17 http://archive.ubuntu.com/ubuntu xenial-backports/main amd64 Packages [7942 B] - docker: Get:18 http://archive.ubuntu.com/ubuntu xenial-backports/universe amd64 Packages [8807 B] - docker: Fetched 16.2 MB in 19s (842 kB/s) - docker: Reading package lists... - docker: Reading package lists... - docker: Building dependency tree... - docker: Reading state information... - docker: The following additional packages will be installed: - docker: file libapt-inst2.0 libexpat1 libffi6 libmagic1 libpython-stdlib - docker: libpython2.7-minimal libpython2.7-stdlib libsqlite3-0 libssl1.0.0 - docker: mime-support python-minimal python2.7 python2.7-minimal - docker: Suggested packages: - docker: python-doc python-tk python2.7-doc binutils binfmt-support - docker: The following NEW packages will be installed: - docker: apt-utils file libapt-inst2.0 libexpat1 libffi6 libmagic1 libpython-stdlib - docker: libpython2.7-minimal libpython2.7-stdlib libsqlite3-0 libssl1.0.0 - docker: mime-support python python-minimal python2.7 python2.7-minimal - docker: 0 upgraded, 16 newly installed, 0 to remove and 0 not upgraded. - docker: Need to get 5971 kB of archives. - docker: After this operation, 27.0 MB of additional disk space will be used. - docker: Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpython2.7-minimal amd64 2.7.12-1ubuntu0~16.04.9 [338 kB] - docker: Get:2 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python2.7-minimal amd64 2.7.12-1ubuntu0~16.04.9 [1262 kB] - docker: Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python-minimal amd64 2.7.12-1~16.04 [28.1 kB] - docker: Get:4 http://archive.ubuntu.com/ubuntu xenial/main amd64 mime-support all 3.59ubuntu1 [31.0 kB] - docker: Get:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libexpat1 amd64 2.1.0-7ubuntu0.16.04.5 [71.5 kB] - docker: Get:6 http://archive.ubuntu.com/ubuntu xenial/main amd64 libffi6 amd64 3.2.1-4 [17.8 kB] - docker: Get:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libsqlite3-0 amd64 3.11.0-1ubuntu1.3 [397 kB] - docker: Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libssl1.0.0 amd64 1.0.2g-1ubuntu4.15 [1084 kB] - docker: Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpython2.7-stdlib amd64 2.7.12-1ubuntu0~16.04.9 [1884 kB] - docker: Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python2.7 amd64 2.7.12-1ubuntu0~16.04.9 [224 kB] - docker: Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libpython-stdlib amd64 2.7.12-1~16.04 [7768 B] - docker: Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python amd64 2.7.12-1~16.04 [137 kB] - docker: Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libapt-inst2.0 amd64 1.2.32 [55.8 kB] - docker: Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 apt-utils amd64 1.2.32 [196 kB] - docker: Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libmagic1 amd64 1:5.25-2ubuntu1.3 [216 kB] - docker: Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 file amd64 1:5.25-2ubuntu1.3 [21.3 kB] -==> docker: debconf: delaying package configuration, since apt-utils is not installed - docker: Fetched 5971 kB in 38s (155 kB/s) - docker: Selecting previously unselected package libpython2.7-minimal:amd64. - docker: (Reading database ... 4781 files and directories currently installed.) - docker: Preparing to unpack .../libpython2.7-minimal_2.7.12-1ubuntu0~16.04.9_amd64.deb ... - docker: Unpacking libpython2.7-minimal:amd64 (2.7.12-1ubuntu0~16.04.9) ... - docker: Selecting previously unselected package python2.7-minimal. - docker: Preparing to unpack .../python2.7-minimal_2.7.12-1ubuntu0~16.04.9_amd64.deb ... - docker: Unpacking python2.7-minimal (2.7.12-1ubuntu0~16.04.9) ... - docker: Selecting previously unselected package python-minimal. - docker: Preparing to unpack .../python-minimal_2.7.12-1~16.04_amd64.deb ... - docker: Unpacking python-minimal (2.7.12-1~16.04) ... - docker: Selecting previously unselected package mime-support. - docker: Preparing to unpack .../mime-support_3.59ubuntu1_all.deb ... - docker: Unpacking mime-support (3.59ubuntu1) ... - docker: Selecting previously unselected package libexpat1:amd64. - docker: Preparing to unpack .../libexpat1_2.1.0-7ubuntu0.16.04.5_amd64.deb ... - docker: Unpacking libexpat1:amd64 (2.1.0-7ubuntu0.16.04.5) ... - docker: Selecting previously unselected package libffi6:amd64. - docker: Preparing to unpack .../libffi6_3.2.1-4_amd64.deb ... - docker: Unpacking libffi6:amd64 (3.2.1-4) ... - docker: Selecting previously unselected package libsqlite3-0:amd64. - docker: Preparing to unpack .../libsqlite3-0_3.11.0-1ubuntu1.3_amd64.deb ... - docker: Unpacking libsqlite3-0:amd64 (3.11.0-1ubuntu1.3) ... - docker: Selecting previously unselected package libssl1.0.0:amd64. - docker: Preparing to unpack .../libssl1.0.0_1.0.2g-1ubuntu4.15_amd64.deb ... - docker: Unpacking libssl1.0.0:amd64 (1.0.2g-1ubuntu4.15) ... - docker: Selecting previously unselected package libpython2.7-stdlib:amd64. - docker: Preparing to unpack .../libpython2.7-stdlib_2.7.12-1ubuntu0~16.04.9_amd64.deb ... - docker: Unpacking libpython2.7-stdlib:amd64 (2.7.12-1ubuntu0~16.04.9) ... - docker: Selecting previously unselected package python2.7. - docker: Preparing to unpack .../python2.7_2.7.12-1ubuntu0~16.04.9_amd64.deb ... - docker: Unpacking python2.7 (2.7.12-1ubuntu0~16.04.9) ... - docker: Selecting previously unselected package libpython-stdlib:amd64. - docker: Preparing to unpack .../libpython-stdlib_2.7.12-1~16.04_amd64.deb ... - docker: Unpacking libpython-stdlib:amd64 (2.7.12-1~16.04) ... - docker: Processing triggers for libc-bin (2.23-0ubuntu11) ... - docker: Setting up libpython2.7-minimal:amd64 (2.7.12-1ubuntu0~16.04.9) ... - docker: Setting up python2.7-minimal (2.7.12-1ubuntu0~16.04.9) ... - docker: Linking and byte-compiling packages for runtime python2.7... - docker: Setting up python-minimal (2.7.12-1~16.04) ... - docker: Selecting previously unselected package python. - docker: (Reading database ... 5592 files and directories currently installed.) - docker: Preparing to unpack .../python_2.7.12-1~16.04_amd64.deb ... - docker: Unpacking python (2.7.12-1~16.04) ... - docker: Selecting previously unselected package libapt-inst2.0:amd64. - docker: Preparing to unpack .../libapt-inst2.0_1.2.32_amd64.deb ... - docker: Unpacking libapt-inst2.0:amd64 (1.2.32) ... - docker: Selecting previously unselected package apt-utils. - docker: Preparing to unpack .../apt-utils_1.2.32_amd64.deb ... - docker: Unpacking apt-utils (1.2.32) ... - docker: Selecting previously unselected package libmagic1:amd64. - docker: Preparing to unpack .../libmagic1_1%3a5.25-2ubuntu1.3_amd64.deb ... - docker: Unpacking libmagic1:amd64 (1:5.25-2ubuntu1.3) ... - docker: Selecting previously unselected package file. - docker: Preparing to unpack .../file_1%3a5.25-2ubuntu1.3_amd64.deb ... - docker: Unpacking file (1:5.25-2ubuntu1.3) ... - docker: Processing triggers for libc-bin (2.23-0ubuntu11) ... - docker: Setting up mime-support (3.59ubuntu1) ... - docker: Setting up libexpat1:amd64 (2.1.0-7ubuntu0.16.04.5) ... - docker: Setting up libffi6:amd64 (3.2.1-4) ... - docker: Setting up libsqlite3-0:amd64 (3.11.0-1ubuntu1.3) ... - docker: Setting up libssl1.0.0:amd64 (1.0.2g-1ubuntu4.15) ... - docker: debconf: unable to initialize frontend: Dialog - docker: debconf: (TERM is not set, so the dialog frontend is not usable.) - docker: debconf: falling back to frontend: Readline - docker: debconf: unable to initialize frontend: Readline - docker: debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.1 /usr/local/share/perl/5.22.1 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base .) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.) - docker: debconf: falling back to frontend: Teletype - docker: Setting up libpython2.7-stdlib:amd64 (2.7.12-1ubuntu0~16.04.9) ... - docker: Setting up python2.7 (2.7.12-1ubuntu0~16.04.9) ... - docker: Setting up libpython-stdlib:amd64 (2.7.12-1~16.04) ... - docker: Setting up python (2.7.12-1~16.04) ... - docker: Setting up libapt-inst2.0:amd64 (1.2.32) ... - docker: Setting up apt-utils (1.2.32) ... - docker: Setting up libmagic1:amd64 (1:5.25-2ubuntu1.3) ... - docker: Setting up file (1:5.25-2ubuntu1.3) ... - docker: Processing triggers for libc-bin (2.23-0ubuntu11) ... -==> docker: Provisioning with Ansible... -==> docker: Executing Ansible: *****a*****n*****s*****i*****b*****l*****e*****-*****p*****l*****a*****y*****b*****o*****o*****k***** *****-*****-*****e*****x*****t*****r*****a*****-*****v*****a*****r*****s***** *****p*****a*****c*****k*****e*****r*****_*****b*****u*****i*****l*****d*****_*****n*****a*****m*****e*****=*****d*****o*****c*****k*****e*****r***** *****p*****a*****c*****k*****e*****r*****_*****b*****u*****i*****l*****d*****e*****r*****_*****t*****y*****p*****e*****=*****d*****o*****c*****k*****e*****r***** *****-*****o***** *****I*****d*****e*****n*****t*****i*****t*****i*****e*****s*****O*****n*****l*****y*****=*****y*****e*****s***** *****-*****i***** *****/*****t*****m*****p*****/*****p*****a*****c*****k*****e*****r*****-*****p*****r*****o*****v*****i*****s*****i*****o*****n*****e*****r*****-*****a*****n*****s*****i*****b*****l*****e*****5*****7*****2*****7*****8*****3*****2*****8*****6***** *****/*****v*****a*****g*****r*****a*****n*****t*****/*****h*****a*****s*****h*****i*****c*****o*****r*****p*****/*****p*****a*****c*****k*****e*****r*****/*****l*****i*****n*****u*****x*****/*****u*****b*****u*****n*****t*****u*****/*****p*****l*****a*****y*****b*****o*****o*****k*****.*****y*****m*****l***** *****-*****e***** *****a*****n*****s*****i*****b*****l*****e*****_*****s*****s*****h*****_*****p*****r*****i*****v*****a*****t*****e*****_*****k*****e*****y*****_*****f*****i*****l*****e*****=*****/*****t*****m*****p*****/*****a*****n*****s*****i*****b*****l*****e*****-*****k*****e*****y*****9*****3*****3*****0*****2*****8*****8*****5*****1***** *****-*****-*****e*****x*****t*****r*****a*****-*****v*****a*****r*****s***** *****a*****n*****s*****i*****b*****l*****e*****_*****h*****o*****s*****t*****=*****d*****e*****f*****a*****u*****l*****t***** *****a*****n*****s*****i*****b*****l*****e*****_*****c*****o*****n*****n*****e*****c*****t*****i*****o*****n*****=*****d*****o*****c*****k*****e*****r***** - docker: - docker: PLAY [A demo to run ansible in a docker container] ***************************** - docker: - docker: TASK [Gathering Facts] ********************************************************* - docker: ok: [default] - docker: - docker: TASK [Add a file to root's home dir] ******************************************* - docker: changed: [default] - docker: - docker: PLAY RECAP ********************************************************************* - docker: default : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 - docker: -==> docker: Killing the container: e377a38c8c09fc55c3ac85a61357c2125323d85a4582ab20814a44771145c0bc -Build 'docker' finished. - -==> Builds finished. The artifacts of successful builds are: ---> docker: Exported Docker file: -``` +Now you can run `./run.sh` ## Terraform https://www.terraform.io/ diff --git a/hashicorp/packer/all/ubuntu-1804.pkr.hcl b/hashicorp/packer/all/ubuntu-1804.pkr.hcl new file mode 120000 index 0000000..fbfa29e --- /dev/null +++ b/hashicorp/packer/all/ubuntu-1804.pkr.hcl @@ -0,0 +1 @@ +../linux/ubuntu/ubuntu-1804.pkr.hcl \ No newline at end of file diff --git a/hashicorp/packer/all/ubuntu-2004.pkr.hcl b/hashicorp/packer/all/ubuntu-2004.pkr.hcl new file mode 120000 index 0000000..58ec769 --- /dev/null +++ b/hashicorp/packer/all/ubuntu-2004.pkr.hcl @@ -0,0 +1 @@ +../linux/ubuntu/ubuntu-2004.pkr.hcl \ No newline at end of file diff --git a/hashicorp/packer/all/ubuntu-2204.pkr.hcl b/hashicorp/packer/all/ubuntu-2204.pkr.hcl new file mode 120000 index 0000000..1ddbe4b --- /dev/null +++ b/hashicorp/packer/all/ubuntu-2204.pkr.hcl @@ -0,0 +1 @@ +../linux/ubuntu/ubuntu-2204.pkr.hcl \ No newline at end of file diff --git a/hashicorp/packer/all/variables.pkr.hcl b/hashicorp/packer/all/variables.pkr.hcl new file mode 120000 index 0000000..fd60b53 --- /dev/null +++ b/hashicorp/packer/all/variables.pkr.hcl @@ -0,0 +1 @@ +../variables.pkr.hcl \ No newline at end of file diff --git a/hashicorp/packer/all/windows-2016.pkr.hcl b/hashicorp/packer/all/windows-2016.pkr.hcl new file mode 120000 index 0000000..59bcf15 --- /dev/null +++ b/hashicorp/packer/all/windows-2016.pkr.hcl @@ -0,0 +1 @@ +../windows/windowsserver/windows-2016.pkr.hcl \ No newline at end of file diff --git a/hashicorp/packer/all/windows-2019.pkr.hcl b/hashicorp/packer/all/windows-2019.pkr.hcl new file mode 120000 index 0000000..05aa7b7 --- /dev/null +++ b/hashicorp/packer/all/windows-2019.pkr.hcl @@ -0,0 +1 @@ +../windows/windowsserver/windows-2019.pkr.hcl \ No newline at end of file diff --git a/hashicorp/packer/linux/ubuntu/templates/ubuntu/1804/Vagrantfile.tpl b/hashicorp/packer/linux/ubuntu/templates/ubuntu/1804/Vagrantfile.tpl new file mode 100644 index 0000000..766f2b5 --- /dev/null +++ b/hashicorp/packer/linux/ubuntu/templates/ubuntu/1804/Vagrantfile.tpl @@ -0,0 +1,17 @@ +Vagrant.configure("2") do |config| + config.vm.define "source", autostart: false do |source| + source.vm.box = "ubuntu/bionic64" + config.ssh.insert_key = false + end + config.vm.define "output" do |output| + output.vm.box = "ubuntu-1804" + output.vm.box_url = "file://package.box" + config.ssh.insert_key = false + end + config.vm.provider :virtualbox do |vb| + vb.memory = 1024 + vb.cpus = 2 + vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] + end + config.vm.synced_folder ".", "/vagrant", disabled: true +end diff --git a/hashicorp/packer/linux/ubuntu/templates/ubuntu/2004/Vagrantfile.tpl b/hashicorp/packer/linux/ubuntu/templates/ubuntu/2004/Vagrantfile.tpl new file mode 100644 index 0000000..398798c --- /dev/null +++ b/hashicorp/packer/linux/ubuntu/templates/ubuntu/2004/Vagrantfile.tpl @@ -0,0 +1,17 @@ +Vagrant.configure("2") do |config| + config.vm.define "source", autostart: false do |source| + source.vm.box = "ubuntu/focal64" + config.ssh.insert_key = false + end + config.vm.define "output" do |output| + output.vm.box = "ubuntu-2004" + output.vm.box_url = "file://package.box" + config.ssh.insert_key = false + end + config.vm.provider :virtualbox do |vb| + vb.memory = 1024 + vb.cpus = 2 + vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] + end + config.vm.synced_folder ".", "/vagrant", disabled: true +end diff --git a/hashicorp/packer/linux/ubuntu/templates/ubuntu/2204/Vagrantfile.tpl b/hashicorp/packer/linux/ubuntu/templates/ubuntu/2204/Vagrantfile.tpl new file mode 100644 index 0000000..4761f0b --- /dev/null +++ b/hashicorp/packer/linux/ubuntu/templates/ubuntu/2204/Vagrantfile.tpl @@ -0,0 +1,17 @@ +Vagrant.configure("2") do |config| + config.vm.define "source", autostart: false do |source| + source.vm.box = "ubuntu/jammy64" + config.ssh.insert_key = false + end + config.vm.define "output" do |output| + output.vm.box = "ubuntu-2204" + output.vm.box_url = "file://package.box" + config.ssh.insert_key = false + end + config.vm.provider :virtualbox do |vb| + vb.memory = 1024 + vb.cpus = 2 + vb.customize [ "modifyvm", :id, "--uartmode1", "disconnected" ] + end + config.vm.synced_folder ".", "/vagrant", disabled: true +end diff --git a/hashicorp/packer/linux/ubuntu/ubuntu-1804.pkr.hcl b/hashicorp/packer/linux/ubuntu/ubuntu-1804.pkr.hcl new file mode 100644 index 0000000..f8d301c --- /dev/null +++ b/hashicorp/packer/linux/ubuntu/ubuntu-1804.pkr.hcl @@ -0,0 +1,146 @@ +# Hashicorp Packer +# +# https://www.packer.io/ +# + +# source blocks are generated from your builders; a source can be referenced in +# build blocks. A build block runs provisioner and post-processors on a +# source. Read the documentation for source blocks here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/source +source "azure-arm" "ubuntu-1804" { + client_id = "${var.azure_client_id}" + client_secret = "${var.azure_client_secret}" + #tenant_id = "${var.azure_tenant_id}" + subscription_id = "${var.azure_subscription_id}" + image_offer = "UbuntuServer" + image_publisher = "Canonical" + image_sku = "18_04-lts-gen2" + image_version = "latest" + managed_image_name = "ubuntu-1804" + location = "${var.azure_region}" + managed_image_resource_group_name = "resourcegroup" + os_type = "linux" + vm_size = "Standard_DS2_v2" + shared_image_gallery_destination { + gallery_name = "SharedImageGallery" + image_name = "ubuntu-1804" + image_version = "${local.azure_version_number}" + replication_regions = ["${var.azure_region}"] + resource_group = "resourcegroup" + } + azure_tags = { + vm_name = "ubuntu-1804" + } +} + +source "amazon-ebs" "ubuntu-1804" { + source_ami_filter { + filters = { + name = "*/hvm-ssd/ubuntu-bionic-18.04-amd64-server*" + architecture = "x86_64" + } + owners = ["099720109477"] + most_recent = true + } + access_key = "${var.aws_access_key}" + secret_key = "${var.aws_secret_key}" + region = "${var.aws_region}" + instance_type = "${var.aws_instance_type}" + ssh_username = "ubuntu" + ami_name = "ubuntu-1804-${local.version_number}" + tags = { + vm_name = "ubuntu-1804" + } +} + +source "googlecompute" "ubuntu-1804" { + project_id = "${var.gcp_project_id}" + account_file = "${var.gcp_account_file}" + disk_size = "${var.disk_size}" + image_name = "ubuntu-1804-${local.version_number}" + source_image_family = "ubuntu-1804-lts" + ssh_username = "packer" + zone = "${var.gcp_zone}" + image_labels = { + vm_name = "ubuntu-1804" + } + image_family = "soe-ubuntu-1804-lts" +} + +source "vagrant" "ubuntu-1804" { + source_path = "ubuntu/bionic64" + template = "linux/ubuntu/templates/ubuntu/1804/Vagrantfile.tpl" + provider = "virtualbox" + teardown_method = "suspend" + skip_package = true + communicator = "ssh" + box_name = "ubuntu-1804" + output_dir = "${var.build_directory}/ubuntu-1804/vagrant" +} + +# a build block invokes sources and runs provisioning steps on them. The +# documentation for build blocks can be found here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/build +build { + sources = ["source.vagrant.ubuntu-1804", "source.azure-arm.ubuntu-1804", "source.amazon-ebs.ubuntu-1804", "source.googlecompute.ubuntu-1804"] + + provisioner "shell" { + inline = [ + "cat /etc/os-release" + ] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + extra_arguments = [ + #"-v", + "--extra-vars", "ansible_become=true version_number=${local.version_number}" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--extra-vars", "foo=bar" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/UBUNTU18-CIS/site.yml" + only = ["vagrant.ubuntu-1804", "azure-arm.ubuntu-1804", "googlecompute.ubuntu-1804"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--extra-vars", "system_is_ec2=true" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/UBUNTU18-CIS/site.yml" + only = ["amazon-ebs.ubuntu-1804"] + } + + provisioner "shell-local" { + inline = ["curl -s https://api.ipify.org/?format=none"] + } + + provisioner "shell" { + execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" + inline = ["/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"] + inline_shebang = "/bin/sh -x" + only = ["azure-arm.ubuntu-1804"] + } +} diff --git a/hashicorp/packer/linux/ubuntu/ubuntu-2004.pkr.hcl b/hashicorp/packer/linux/ubuntu/ubuntu-2004.pkr.hcl new file mode 100644 index 0000000..ace32c4 --- /dev/null +++ b/hashicorp/packer/linux/ubuntu/ubuntu-2004.pkr.hcl @@ -0,0 +1,146 @@ +# Hashicorp Packer +# +# https://www.packer.io/ +# + +# source blocks are generated from your builders; a source can be referenced in +# build blocks. A build block runs provisioner and post-processors on a +# source. Read the documentation for source blocks here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/source +source "azure-arm" "ubuntu-2004" { + client_id = "${var.azure_client_id}" + client_secret = "${var.azure_client_secret}" + #tenant_id = "${var.azure_tenant_id}" + subscription_id = "${var.azure_subscription_id}" + image_offer = "0001-com-ubuntu-server-focal" + image_publisher = "Canonical" + image_sku = "20_04-lts-gen2" + image_version = "latest" + managed_image_name = "ubuntu-2004" + location = "${var.azure_region}" + managed_image_resource_group_name = "resourcegroup" + os_type = "linux" + vm_size = "Standard_DS2_v2" + shared_image_gallery_destination { + gallery_name = "SharedImageGallery" + image_name = "ubuntu-2004" + image_version = "${local.azure_version_number}" + replication_regions = ["${var.azure_region}"] + resource_group = "resourcegroup" + } + azure_tags = { + vm_name = "ubuntu-2004" + } +} + +source "amazon-ebs" "ubuntu-2004" { + source_ami_filter { + filters = { + name = "*ubuntu-focal-20.04-amd64-server*" + architecture = "x86_64" + } + owners = ["099720109477"] + most_recent = true + } + access_key = "${var.aws_access_key}" + secret_key = "${var.aws_secret_key}" + region = "${var.aws_region}" + instance_type = "${var.aws_instance_type}" + ssh_username = "ubuntu" + ami_name = "ubuntu-2004-${local.version_number}" + tags = { + vm_name = "ubuntu-2004" + } +} + +source "googlecompute" "ubuntu-2004" { + project_id = "${var.gcp_project_id}" + account_file = "${var.gcp_account_file}" + disk_size = "${var.disk_size}" + image_name = "ubuntu-2004-${local.version_number}" + source_image_family = "ubuntu-2004-lts" + ssh_username = "packer" + zone = "${var.gcp_zone}" + image_labels = { + vm_name = "ubuntu-2004" + } + image_family = "soe-ubuntu-2004-lts" +} + +source "vagrant" "ubuntu-2004" { + source_path = "ubuntu/focal64" + template = "linux/ubuntu/templates/ubuntu/2004/Vagrantfile.tpl" + provider = "virtualbox" + teardown_method = "suspend" + skip_package = true + communicator = "ssh" + box_name = "ubuntu-2004" + output_dir = "${var.build_directory}/ubuntu-2004/vagrant" +} + +# a build block invokes sources and runs provisioning steps on them. The +# documentation for build blocks can be found here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/build +build { + sources = ["source.vagrant.ubuntu-2004", "source.azure-arm.ubuntu-2004", "source.amazon-ebs.ubuntu-2004", "source.googlecompute.ubuntu-2004"] + + provisioner "shell" { + inline = ["cat /etc/os-release"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--tags", "always,day0", + "--extra-vars", "ansible_become=true version_number=${local.version_number}" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--extra-vars", "foo=bar" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/UBUNTU20-CIS/site.yml" + only = ["vagrant.ubuntu-2004", "azure-arm.ubuntu-2004", "googlecompute.ubuntu-2004"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + extra_arguments = [ + #"-v", + "--extra-vars", "foo=bar" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/UBUNTU20-CIS/site.yml" + only = ["amazon-ebs.ubuntu-2004"] + } + + provisioner "shell-local" { + inline = ["curl -s https://api.ipify.org/?format=none"] + } + + provisioner "shell" { + execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" + inline = ["/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"] + inline_shebang = "/bin/sh -x" + only = ["azure-arm.ubuntu-2004"] + } +} + diff --git a/hashicorp/packer/linux/ubuntu/ubuntu-2204.pkr.hcl b/hashicorp/packer/linux/ubuntu/ubuntu-2204.pkr.hcl new file mode 100644 index 0000000..36730db --- /dev/null +++ b/hashicorp/packer/linux/ubuntu/ubuntu-2204.pkr.hcl @@ -0,0 +1,147 @@ +# Hashicorp Packer +# +# https://www.packer.io/ +# + +# source blocks are generated from your builders; a source can be referenced in +# build blocks. A build block runs provisioner and post-processors on a +# source. Read the documentation for source blocks here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/source +source "azure-arm" "ubuntu-2204" { + client_id = "${var.azure_client_id}" + client_secret = "${var.azure_client_secret}" + #tenant_id = "${var.azure_tenant_id}" + subscription_id = "${var.azure_subscription_id}" + image_offer = "0001-com-ubuntu-server-jammy" + image_publisher = "Canonical" + image_sku = "22_04-lts-gen2" + image_version = "latest" + managed_image_name = "ubuntu-2204" + location = "${var.azure_region}" + managed_image_resource_group_name = "resourcegroup" + os_type = "linux" + vm_size = "Standard_DS2_v2" + shared_image_gallery_destination { + gallery_name = "SharedImageGallery" + image_name = "ubuntu-2204" + image_version = "${local.azure_version_number}" + replication_regions = ["${var.azure_region}"] + resource_group = "resourcegroup" + } + azure_tags = { + vm_name = "ubuntu-2204" + } +} + +source "amazon-ebs" "ubuntu-2204" { + source_ami_filter { + filters = { + name = "*ubuntu-jammy-22.04-amd64-server*" + architecture = "x86_64" + } + owners = ["099720109477"] + most_recent = true + } + access_key = "${var.aws_access_key}" + secret_key = "${var.aws_secret_key}" + region = "${var.aws_region}" + instance_type = "${var.aws_instance_type}" + ssh_username = "ubuntu" + ami_name = "ubuntu-2204-${local.version_number}" + tags = { + vm_name = "ubuntu-2204" + } +} + +source "googlecompute" "ubuntu-2204" { + project_id = "${var.gcp_project_id}" + account_file = "${var.gcp_account_file}" + disk_size = "${var.disk_size}" + image_name = "ubuntu-2204-${local.version_number}" + source_image_family = "ubuntu-2204-lts" + ssh_username = "packer" + zone = "${var.gcp_zone}" + image_labels = { + vm_name = "ubuntu-2204" + } + image_family = "soe-ubuntu-2204-lts" +} + +source "vagrant" "ubuntu-2204" { + source_path = "ubuntu/jammy64" + template = "linux/ubuntu/templates/ubuntu/2204/Vagrantfile.tpl" + provider = "virtualbox" + teardown_method = "suspend" + skip_package = true + communicator = "ssh" + box_name = "ubuntu-2204" + output_dir = "${var.build_directory}/ubuntu-2204/vagrant" +} + +# a build block invokes sources and runs provisioning steps on them. The +# documentation for build blocks can be found here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/build +build { + sources = ["source.vagrant.ubuntu-2204", "source.azure-arm.ubuntu-2204", "source.amazon-ebs.ubuntu-2204", "source.googlecompute.ubuntu-2204"] + + provisioner "shell" { + inline = ["cat /etc/os-release"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--tags", "always,day0", + "--extra-vars", "ansible_become=true version_number=${local.version_number}" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--extra-vars", "foo=bar" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/UBUNTU22-CIS/site.yml" + only = ["vagrant.ubuntu-2204", "azure-arm.ubuntu-2204", "googlecompute.ubuntu-2204"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + extra_arguments = [ + #"-v", + "--extra-vars", "foo=bar" + ] + ansible_ssh_extra_args = [ + "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/UBUNTU22-CIS/site.yml" + only = ["amazon-ebs.ubuntu-2204"] + } + + provisioner "shell-local" { + inline = ["curl -s https://api.ipify.org/?format=none"] + } + + provisioner "shell" { + execute_command = "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'" + inline = ["/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"] + inline_shebang = "/bin/sh -x" + only = ["azure-arm.ubuntu-2204"] + } +} + diff --git a/hashicorp/packer/run.sh b/hashicorp/packer/run.sh new file mode 100755 index 0000000..6a7ec95 --- /dev/null +++ b/hashicorp/packer/run.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +echo -e "++++ " +echo -e "++++ Check if packer is installed" +echo -e "++++ " +if ! [ -x "$(command -v packer)" ]; then + echo 'Error: packer is not installed.' >&2 + exit 1 +else + echo "Packer version installed: "$(packer -v) +fi + +echo -e "++++ " +echo -e "++++ Check if ansible is installed" +echo -e "++++ " +scripts/install-ansible.sh + +echo -e "++++ " +echo -e "++++ Run Packer" +echo -e "++++ " +packer build -force -only='vagrant.ubuntu-2204' all \ No newline at end of file diff --git a/hashicorp/packer/scripts/ansible.sh b/hashicorp/packer/scripts/ansible.sh new file mode 100755 index 0000000..319522d --- /dev/null +++ b/hashicorp/packer/scripts/ansible.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +echo -e "++++ " +echo -e "++++ Set Environment Variables" +echo -e "++++ " +export PIP_DISABLE_PIP_VERSION_CHECK=1 +export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES +export CRYPTOGRAPHY_DONT_BUILD_RUST=1 + +echo -e "++++ " +echo -e "++++ Create Python Virtual Environment in ../../ansible/ansible-venv" +echo -e "++++ " +python3 -m venv ../../ansible/ansible-venv + +echo -e "++++ " +echo -e "++++ Activate Python Virtual Environment in ../../ansible/ansible-venv" +echo -e "++++ " +source ../../ansible/ansible-venv/bin/activate + +echo -e "++++ " +echo -e "++++ Check Python and Pip Versions" +echo -e "++++ " +python3 -V +pip3 -V + +ANSIBLE_FORCE_COLOR=1 ANSIBLE_LOAD_CALLBACK_PLUGINS=1 PYTHONUNBUFFERED=1 ansible-playbook "$@" diff --git a/hashicorp/packer/scripts/install-ansible.sh b/hashicorp/packer/scripts/install-ansible.sh new file mode 100755 index 0000000..66f162d --- /dev/null +++ b/hashicorp/packer/scripts/install-ansible.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +echo -e "++++ " +echo -e "++++ Set Environment Variables" +echo -e "++++ " +export PIP_DISABLE_PIP_VERSION_CHECK=1 +export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES +export CRYPTOGRAPHY_DONT_BUILD_RUST=1 + +echo -e "++++ " +echo -e "++++ Create Python Virtual Environment in ../../ansible/ansible-venv" +echo -e "++++ " +python3 -m venv ../../ansible/ansible-venv + +echo -e "++++ " +echo -e "++++ Activate Python Virtual Environment in ../../ansible/ansible-venv" +echo -e "++++ " +source ../../ansible/ansible-venv/bin/activate + +echo -e "++++ " +echo -e "++++ Check Python and Pip Versions" +echo -e "++++ " +python3 -V +pip3 -V + +echo -e "++++ " +echo -e "++++ Install Python Pip Packages" +echo -e "++++ " +pip3 install -r ../../ansible/requirements.txt --no-cache-dir --quiet + +echo -e "++++ " +echo -e "++++ Install Ansible Galaxy Roles" +echo -e "++++ " +ansible-galaxy install -f -r ../../ansible/galaxy/requirements.yml -p ../../ansible/galaxy/roles/ diff --git a/hashicorp/packer/variables.pkr.hcl b/hashicorp/packer/variables.pkr.hcl new file mode 100644 index 0000000..8280656 --- /dev/null +++ b/hashicorp/packer/variables.pkr.hcl @@ -0,0 +1,137 @@ +# All generated input variables will be of 'string' type as this is how Packer JSON +# views them; you can change their type later on. Read the variables type +# constraints documentation +# https://www.packer.io/docs/templates/hcl_templates/variables#type-constraints for more info. + +# locals blocks +locals { + version_number = formatdate("YYYYMMDDhhmm", timestamp()) + azure_version_number = formatdate("YYYY.MM.DDhhmm", timestamp()) +} + +# variables +variable "build_directory" { + type = string + default = "./output" +} + +variable "cpus" { + type = string + default = "2" +} + +variable "memory" { + type = string + default = "512" +} + +variable "disk_size" { + type = string + default = "1024" +} + +variable "aws_access_key" { + type = string + default = "${env("AWS_ACCESS_KEY")}" +} + +variable "aws_secret_key" { + type = string + default = "${env("AWS_SECRET_ACCESS_KEY")}" +} + +variable "aws_region" { + type = string + default = "ap-south-1" +} + +variable "aws_instance_type" { + type = string + default = "t2.medium" +} + +variable "aws_source_ami_centos-79" { + type = string + default = "ami-0ffc7af9c06de0077" +} + +variable "aws_source_ami_centos-83" { + type = string + default = "ami-0c8ad4b0ff2d20c79" +} + +variable "aws_source_ami_redhat-79" { + type = string + default = "ami-00d05da9ad5c69bfd" +} + +variable "aws_source_ami_redhat-83" { + type = string + default = "ami-02a403e9f22ebf62b" +} + +variable "aws_source_ami_ubuntu-1804" { + type = string + default = "ami-0bd1a64868721e9ef" +} + +variable "aws_source_ami_ubuntu-2004" { + type = string + default = "ami-0b9e641f013a385af" +} + +variable "azure_client_id" { + type = string + default = "${env("AZURE_CLIENT_ID")}" +} + +variable "azure_client_secret" { + type = string + default = "${env("AZURE_CLIENT_SECRET")}" + sensitive = true +} + +variable "azure_resource_group" { + type = string + default = "resourcegroup" # "${env("AZURE_RESOURCE_GROUP")}" +} + +variable "azure_shared_image_gallery" { + type = string + default = "SharedImageGallery" # "${env("AZURE_SHARED_IMAGE_GALLERY")}" +} + +variable "azure_subscription_id" { + type = string + default = "${env("AZURE_SUBSCRIPTION_ID")}" +} + +variable "azure_tenant_id" { + type = string + default = "${env("AZURE_TENANT_ID")}" +} + +variable "azure_region" { + type = string + default = "Australia East" +} + +variable "gcp_account_file" { + type = string + default = "${env("GCP_ACCOUNT_FILE")}" +} + +variable "gcp_project_id" { + type = string + default = "${env("GCP_PROJECT_ID")}" +} + +variable "gcp_zone" { + type = string + default = "australia-southeast1-a" +} + +variable "image_version_number" { + type = string + default = "1970.01.010000" +} diff --git a/hashicorp/packer/windows/windowsserver/scripts/ConfigureRemotingForAnsible.ps1 b/hashicorp/packer/windows/windowsserver/scripts/ConfigureRemotingForAnsible.ps1 new file mode 100644 index 0000000..7e039bb --- /dev/null +++ b/hashicorp/packer/windows/windowsserver/scripts/ConfigureRemotingForAnsible.ps1 @@ -0,0 +1,453 @@ +#Requires -Version 3.0 + +# Configure a Windows host for remote management with Ansible +# ----------------------------------------------------------- +# +# This script checks the current WinRM (PS Remoting) configuration and makes +# the necessary changes to allow Ansible to connect, authenticate and +# execute PowerShell commands. +# +# All events are logged to the Windows EventLog, useful for unattended runs. +# +# Use option -Verbose in order to see the verbose output messages. +# +# Use option -CertValidityDays to specify how long this certificate is valid +# starting from today. So you would specify -CertValidityDays 3650 to get +# a 10-year valid certificate. +# +# Use option -ForceNewSSLCert if the system has been SysPreped and a new +# SSL Certificate must be forced on the WinRM Listener when re-running this +# script. This is necessary when a new SID and CN name is created. +# +# Use option -EnableCredSSP to enable CredSSP as an authentication option. +# +# Use option -DisableBasicAuth to disable basic authentication. +# +# Use option -SkipNetworkProfileCheck to skip the network profile check. +# Without specifying this the script will only run if the device's interfaces +# are in DOMAIN or PRIVATE zones. Provide this switch if you want to enable +# WinRM on a device with an interface in PUBLIC zone. +# +# Use option -SubjectName to specify the CN name of the certificate. This +# defaults to the system's hostname and generally should not be specified. + +# Written by Trond Hindenes +# Updated by Chris Church +# Updated by Michael Crilly +# Updated by Anton Ouzounov +# Updated by Nicolas Simond +# Updated by Dag Wieërs +# Updated by Jordan Borean +# Updated by Erwan Quélin +# Updated by David Norman +# +# Version 1.0 - 2014-07-06 +# Version 1.1 - 2014-11-11 +# Version 1.2 - 2015-05-15 +# Version 1.3 - 2016-04-04 +# Version 1.4 - 2017-01-05 +# Version 1.5 - 2017-02-09 +# Version 1.6 - 2017-04-18 +# Version 1.7 - 2017-11-23 +# Version 1.8 - 2018-02-23 +# Version 1.9 - 2018-09-21 + +# Support -Verbose option +[CmdletBinding()] + +Param ( + [string]$SubjectName = $env:COMPUTERNAME, + [int]$CertValidityDays = 1095, + [switch]$SkipNetworkProfileCheck, + $CreateSelfSignedCert = $true, + [switch]$ForceNewSSLCert, + [switch]$GlobalHttpFirewallAccess, + [switch]$DisableBasicAuth = $false, + [switch]$EnableCredSSP +) + +Function Write-Log +{ + $Message = $args[0] + Write-EventLog -LogName Application -Source $EventSource -EntryType Information -EventId 1 -Message $Message +} + +Function Write-VerboseLog +{ + $Message = $args[0] + Write-Verbose $Message + Write-Log $Message +} + +Function Write-HostLog +{ + $Message = $args[0] + Write-Output $Message + Write-Log $Message +} + +Function New-LegacySelfSignedCert +{ + Param ( + [string]$SubjectName, + [int]$ValidDays = 1095 + ) + + $hostnonFQDN = $env:computerName + $hostFQDN = [System.Net.Dns]::GetHostByName(($env:computerName)).Hostname + $SignatureAlgorithm = "SHA256" + + $name = New-Object -COM "X509Enrollment.CX500DistinguishedName.1" + $name.Encode("CN=$SubjectName", 0) + + $key = New-Object -COM "X509Enrollment.CX509PrivateKey.1" + $key.ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider" + $key.KeySpec = 1 + $key.Length = 4096 + $key.SecurityDescriptor = "D:PAI(A;;0xd01f01ff;;;SY)(A;;0xd01f01ff;;;BA)(A;;0x80120089;;;NS)" + $key.MachineContext = 1 + $key.Create() + + $serverauthoid = New-Object -COM "X509Enrollment.CObjectId.1" + $serverauthoid.InitializeFromValue("1.3.6.1.5.5.7.3.1") + $ekuoids = New-Object -COM "X509Enrollment.CObjectIds.1" + $ekuoids.Add($serverauthoid) + $ekuext = New-Object -COM "X509Enrollment.CX509ExtensionEnhancedKeyUsage.1" + $ekuext.InitializeEncode($ekuoids) + + $cert = New-Object -COM "X509Enrollment.CX509CertificateRequestCertificate.1" + $cert.InitializeFromPrivateKey(2, $key, "") + $cert.Subject = $name + $cert.Issuer = $cert.Subject + $cert.NotBefore = (Get-Date).AddDays(-1) + $cert.NotAfter = $cert.NotBefore.AddDays($ValidDays) + + $SigOID = New-Object -ComObject X509Enrollment.CObjectId + $SigOID.InitializeFromValue(([Security.Cryptography.Oid]$SignatureAlgorithm).Value) + + [string[]] $AlternativeName += $hostnonFQDN + $AlternativeName += $hostFQDN + $IAlternativeNames = New-Object -ComObject X509Enrollment.CAlternativeNames + + foreach ($AN in $AlternativeName) + { + $AltName = New-Object -ComObject X509Enrollment.CAlternativeName + $AltName.InitializeFromString(0x3,$AN) + $IAlternativeNames.Add($AltName) + } + + $SubjectAlternativeName = New-Object -ComObject X509Enrollment.CX509ExtensionAlternativeNames + $SubjectAlternativeName.InitializeEncode($IAlternativeNames) + + [String[]]$KeyUsage = ("DigitalSignature", "KeyEncipherment") + $KeyUsageObj = New-Object -ComObject X509Enrollment.CX509ExtensionKeyUsage + $KeyUsageObj.InitializeEncode([int][Security.Cryptography.X509Certificates.X509KeyUsageFlags]($KeyUsage)) + $KeyUsageObj.Critical = $true + + $cert.X509Extensions.Add($KeyUsageObj) + $cert.X509Extensions.Add($ekuext) + $cert.SignatureInformation.HashAlgorithm = $SigOID + $CERT.X509Extensions.Add($SubjectAlternativeName) + $cert.Encode() + + $enrollment = New-Object -COM "X509Enrollment.CX509Enrollment.1" + $enrollment.InitializeFromRequest($cert) + $certdata = $enrollment.CreateRequest(0) + $enrollment.InstallResponse(2, $certdata, 0, "") + + # extract/return the thumbprint from the generated cert + $parsed_cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 + $parsed_cert.Import([System.Text.Encoding]::UTF8.GetBytes($certdata)) + + return $parsed_cert.Thumbprint +} + +Function Enable-GlobalHttpFirewallAccess +{ + Write-Verbose "Forcing global HTTP firewall access" + # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing + $fw = New-Object -ComObject HNetCfg.FWPolicy2 + + # try to find/enable the default rule first + $add_rule = $false + $matching_rules = $fw.Rules | Where-Object { $_.Name -eq "Windows Remote Management (HTTP-In)" } + $rule = $null + If ($matching_rules) { + If ($matching_rules -isnot [Array]) { + Write-Verbose "Editing existing single HTTP firewall rule" + $rule = $matching_rules + } + Else { + # try to find one with the All or Public profile first + Write-Verbose "Found multiple existing HTTP firewall rules..." + $rule = $matching_rules | ForEach-Object { $_.Profiles -band 4 }[0] + + If (-not $rule -or $rule -is [Array]) { + Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)" + # oh well, just pick the first one + $rule = $matching_rules[0] + } + } + } + + If (-not $rule) { + Write-Verbose "Creating a new HTTP firewall rule" + $rule = New-Object -ComObject HNetCfg.FWRule + $rule.Name = "Windows Remote Management (HTTP-In)" + $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]" + $add_rule = $true + } + + $rule.Profiles = 0x7FFFFFFF + $rule.Protocol = 6 + $rule.LocalPorts = 5985 + $rule.RemotePorts = "*" + $rule.LocalAddresses = "*" + $rule.RemoteAddresses = "*" + $rule.Enabled = $true + $rule.Direction = 1 + $rule.Action = 1 + $rule.Grouping = "Windows Remote Management" + + If ($add_rule) { + $fw.Rules.Add($rule) + } + + Write-Verbose "HTTP firewall rule $($rule.Name) updated" +} + +# Setup error handling. +Trap +{ + $_ + Exit 1 +} +$ErrorActionPreference = "Stop" + +# Get the ID and security principal of the current user account +$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent() +$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID) + +# Get the security principal for the Administrator role +$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator + +# Check to see if we are currently running "as Administrator" +if (-Not $myWindowsPrincipal.IsInRole($adminRole)) +{ + Write-Output "ERROR: You need elevated Administrator privileges in order to run this script." + Write-Output " Start Windows PowerShell by using the Run as Administrator option." + Exit 2 +} + +$EventSource = $MyInvocation.MyCommand.Name +If (-Not $EventSource) +{ + $EventSource = "Powershell CLI" +} + +If ([System.Diagnostics.EventLog]::Exists('Application') -eq $False -or [System.Diagnostics.EventLog]::SourceExists($EventSource) -eq $False) +{ + New-EventLog -LogName Application -Source $EventSource +} + +# Detect PowerShell version. +If ($PSVersionTable.PSVersion.Major -lt 3) +{ + Write-Log "PowerShell version 3 or higher is required." + Throw "PowerShell version 3 or higher is required." +} + +# Find and start the WinRM service. +Write-Verbose "Verifying WinRM service." +If (!(Get-Service "WinRM")) +{ + Write-Log "Unable to find the WinRM service." + Throw "Unable to find the WinRM service." +} +ElseIf ((Get-Service "WinRM").Status -ne "Running") +{ + Write-Verbose "Setting WinRM service to start automatically on boot." + Set-Service -Name "WinRM" -StartupType Automatic + Write-Log "Set WinRM service to start automatically on boot." + Write-Verbose "Starting WinRM service." + Start-Service -Name "WinRM" -ErrorAction Stop + Write-Log "Started WinRM service." + +} + +# WinRM should be running; check that we have a PS session config. +If (!(Get-PSSessionConfiguration -Verbose:$false) -or (!(Get-ChildItem WSMan:\localhost\Listener))) +{ + If ($SkipNetworkProfileCheck) { + Write-Verbose "Enabling PS Remoting without checking Network profile." + Enable-PSRemoting -SkipNetworkProfileCheck -Force -ErrorAction Stop + Write-Log "Enabled PS Remoting without checking Network profile." + } + Else { + Write-Verbose "Enabling PS Remoting." + Enable-PSRemoting -Force -ErrorAction Stop + Write-Log "Enabled PS Remoting." + } +} +Else +{ + Write-Verbose "PS Remoting is already enabled." +} + +# Ensure LocalAccountTokenFilterPolicy is set to 1 +# https://github.com/ansible/ansible/issues/42978 +$token_path = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" +$token_prop_name = "LocalAccountTokenFilterPolicy" +$token_key = Get-Item -Path $token_path +$token_value = $token_key.GetValue($token_prop_name, $null) +if ($token_value -ne 1) { + Write-Verbose "Setting LocalAccountTOkenFilterPolicy to 1" + if ($null -ne $token_value) { + Remove-ItemProperty -Path $token_path -Name $token_prop_name + } + New-ItemProperty -Path $token_path -Name $token_prop_name -Value 1 -PropertyType DWORD > $null +} + +# Make sure there is a SSL listener. +$listeners = Get-ChildItem WSMan:\localhost\Listener +If (!($listeners | Where-Object {$_.Keys -like "TRANSPORT=HTTPS"})) +{ + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + # Create the hashtables of settings to be used. + $valueset = @{ + Hostname = $SubjectName + CertificateThumbprint = $thumbprint + } + + $selectorset = @{ + Transport = "HTTPS" + Address = "*" + } + + Write-Verbose "Enabling SSL listener." + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + Write-Log "Enabled SSL listener." +} +Else +{ + Write-Verbose "SSL listener is already active." + + # Force a new SSL cert on Listener if the $ForceNewSSLCert + If ($ForceNewSSLCert) + { + + # We cannot use New-SelfSignedCertificate on 2012R2 and earlier + $thumbprint = New-LegacySelfSignedCert -SubjectName $SubjectName -ValidDays $CertValidityDays + Write-HostLog "Self-signed SSL certificate generated; thumbprint: $thumbprint" + + $valueset = @{ + CertificateThumbprint = $thumbprint + Hostname = $SubjectName + } + + # Delete the listener for SSL + $selectorset = @{ + Address = "*" + Transport = "HTTPS" + } + Remove-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset + + # Add new Listener with new SSL cert + New-WSManInstance -ResourceURI 'winrm/config/Listener' -SelectorSet $selectorset -ValueSet $valueset + } +} + +# Check for basic authentication. +$basicAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object {$_.Name -eq "Basic"} + +If ($DisableBasicAuth) +{ + If (($basicAuthSetting.Value) -eq $true) + { + Write-Verbose "Disabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $false + Write-Log "Disabled basic auth support." + } + Else + { + Write-Verbose "Basic auth is already disabled." + } +} +Else +{ + If (($basicAuthSetting.Value) -eq $false) + { + Write-Verbose "Enabling basic auth support." + Set-Item -Path "WSMan:\localhost\Service\Auth\Basic" -Value $true + Write-Log "Enabled basic auth support." + } + Else + { + Write-Verbose "Basic auth is already enabled." + } +} + +# If EnableCredSSP if set to true +If ($EnableCredSSP) +{ + # Check for CredSSP authentication + $credsspAuthSetting = Get-ChildItem WSMan:\localhost\Service\Auth | Where-Object {$_.Name -eq "CredSSP"} + If (($credsspAuthSetting.Value) -eq $false) + { + Write-Verbose "Enabling CredSSP auth support." + Enable-WSManCredSSP -role server -Force + Write-Log "Enabled CredSSP auth support." + } +} + +If ($GlobalHttpFirewallAccess) { + Enable-GlobalHttpFirewallAccess +} + +# Configure firewall to allow WinRM HTTPS connections. +$fwtest1 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" +$fwtest2 = netsh advfirewall firewall show rule name="Allow WinRM HTTPS" profile=any +If ($fwtest1.count -lt 5) +{ + Write-Verbose "Adding firewall rule to allow WinRM HTTPS." + netsh advfirewall firewall add rule profile=any name="Allow WinRM HTTPS" dir=in localport=5986 protocol=TCP action=allow + Write-Log "Added firewall rule to allow WinRM HTTPS." +} +ElseIf (($fwtest1.count -ge 5) -and ($fwtest2.count -lt 5)) +{ + Write-Verbose "Updating firewall rule to allow WinRM HTTPS for any profile." + netsh advfirewall firewall set rule name="Allow WinRM HTTPS" new profile=any + Write-Log "Updated firewall rule to allow WinRM HTTPS for any profile." +} +Else +{ + Write-Verbose "Firewall rule already exists to allow WinRM HTTPS." +} + +# Test a remoting connection to localhost, which should work. +$httpResult = Invoke-Command -ComputerName "localhost" -ScriptBlock {$env:COMPUTERNAME} -ErrorVariable httpError -ErrorAction SilentlyContinue +$httpsOptions = New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck + +$httpsResult = New-PSSession -UseSSL -ComputerName "localhost" -SessionOption $httpsOptions -ErrorVariable httpsError -ErrorAction SilentlyContinue + +If ($httpResult -and $httpsResult) +{ + Write-Verbose "HTTP: Enabled | HTTPS: Enabled" +} +ElseIf ($httpsResult -and !$httpResult) +{ + Write-Verbose "HTTP: Disabled | HTTPS: Enabled" +} +ElseIf ($httpResult -and !$httpsResult) +{ + Write-Verbose "HTTP: Enabled | HTTPS: Disabled" +} +Else +{ + Write-Log "Unable to establish an HTTP or HTTPS remoting session." + Throw "Unable to establish an HTTP or HTTPS remoting session." +} +Write-VerboseLog "PS Remoting has been successfully configured for Ansible." diff --git a/hashicorp/packer/windows/windowsserver/scripts/bootstrap.txt b/hashicorp/packer/windows/windowsserver/scripts/bootstrap.txt new file mode 100644 index 0000000..074b42e --- /dev/null +++ b/hashicorp/packer/windows/windowsserver/scripts/bootstrap.txt @@ -0,0 +1,47 @@ + + +# MAKE SURE IN YOUR PACKER CONFIG TO SET: +# +# +# "winrm_username": "Administrator", +# "winrm_insecure": true, +# "winrm_use_ssl": true, +# +# + + +write-output "Running User Data Script" +write-host "(host) Running User Data Script" + +Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore + +# Don't set this before Set-ExecutionPolicy as it throws an error +$ErrorActionPreference = "stop" + +# Remove HTTP listener +Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse + +# Create a self-signed certificate to let ssl work +$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer" +New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force + +# WinRM +write-output "Setting up WinRM" +write-host "(host) setting up WinRM" + +cmd.exe /c winrm quickconfig -q +cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}' +cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}' +cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}' +cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}' +cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}' +cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}' +cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}' +cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}" +cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes +cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986" +cmd.exe /c net stop winrm +cmd.exe /c sc config winrm start= auto +cmd.exe /c net start winrm + + diff --git a/hashicorp/packer/windows/windowsserver/windows-2016.pkr.hcl b/hashicorp/packer/windows/windowsserver/windows-2016.pkr.hcl new file mode 100644 index 0000000..2d5eac5 --- /dev/null +++ b/hashicorp/packer/windows/windowsserver/windows-2016.pkr.hcl @@ -0,0 +1,221 @@ +# Hashicorp Packer +# +# https://www.packer.io/ +# + +# source blocks are generated from your builders; a source can be referenced in +# build blocks. A build block runs provisioner and post-processors on a +# source. Read the documentation for source blocks here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/source +source "azure-arm" "windows-2016" { + client_id = "${var.azure_client_id}" + client_secret = "${var.azure_client_secret}" + #tenant_id = "${var.azure_tenant_id}" + subscription_id = "${var.azure_subscription_id}" + image_offer = "WindowsServer" + image_publisher = "MicrosoftWindowsServer" + image_sku = "2016-Datacenter" + image_version = "latest" + managed_image_name = "windows-2016" + location = "${var.azure_region}" + managed_image_resource_group_name = "resourcegroup" + os_type = "windows" + vm_size = "Standard_DS2_v2" + communicator = "winrm" + winrm_insecure = true + winrm_use_ssl = true + winrm_username = "packer_user" + shared_image_gallery_destination { + gallery_name = "SharedImageGallery" + image_name = "windows-2016" + image_version = "${local.azure_version_number}" + replication_regions = ["${var.azure_region}"] + resource_group = "resourcegroup" + } + azure_tags = { + vm_name = "windows-2016" + } +} + +source "amazon-ebs" "windows-2016" { + force_deregister = true + access_key = "${var.aws_access_key}" + secret_key = "${var.aws_secret_key}" + region = "${var.aws_region}" + ami_name = "windows-2016-${local.version_number}" + instance_type = "${var.aws_instance_type}" + user_data_file = "./windows/windowsserver/scripts/bootstrap.txt" + communicator = "winrm" + winrm_username = "Administrator" + winrm_insecure = true + winrm_use_ssl = true + source_ami_filter { + filters = { + name = "Windows_Server-2016-English-Full-Base*" + root-device-type = "ebs" + virtualization-type = "hvm" + } + most_recent = true + owners = ["801119661308"] + } +} + +source "googlecompute" "windows-2016" { + project_id = "${var.gcp_project_id}" + account_file = "${var.gcp_account_file}" + disk_size = "${var.disk_size}" + image_name = "windows-2016-${local.version_number}" + source_image_family = "windows-2016" + communicator = "winrm" + winrm_insecure = true + winrm_use_ssl = true + winrm_username = "packer_user" + zone = "${var.gcp_zone}" + metadata = { + windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}" + } + image_labels = { + vm_name = "windows-2016" + } + image_family = "soe-windows-2016" +} + +source "vagrant" "windows-2016" { + source_path = "jborean93/WindowsServer2016" + provider = "virtualbox" + # the Vagrant builder currently only supports the ssh communicator + communicator = "ssh" + ssh_username = "vagrant" + ssh_password = "vagrant" + teardown_method = "suspend" + skip_package = true + box_name = "windows-2016" + output_dir = "${var.build_directory}/windows-2016/vagrant" +} + +# a build block invokes sources and runs provisioning steps on them. The +# documentation for build blocks can be found here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/build +build { + sources = ["source.azure-arm.windows-2016", "source.amazon-ebs.windows-2016", "source.googlecompute.windows-2016", "source.vagrant.windows-2016"] + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + ansible_env_vars = [ + "ANSIBLE_HOST_KEY_CHECKING=False", + "ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'", + "ANSIBLE_NOCOLOR=True" + ] + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_ssh_pass=${build.User} version_number=${local.version_number} ansible_shell_type=cmd ansible_shell_executable=None" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + only = ["vagrant.windows-2016"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + ansible_env_vars = [ + "ANSIBLE_HOST_KEY_CHECKING=False", + "ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'", + "ANSIBLE_NOCOLOR=True" + ] + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_ssh_pass=${build.User} version_number=${local.version_number} ansible_shell_type=cmd ansible_shell_executable=None rule_2_3_1_5=false win_skip_for_test=true rule_2_3_1_1=false" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/Windows-2016-CIS/site.yml" + only = ["vagrant.windows-2016"] + } + + provisioner "powershell" { + script = "./windows/windowsserver/scripts/ConfigureRemotingForAnsible.ps1" + only = ["azure-arm.windows-2016"] + } + + provisioner "ansible" { + command = "./packer/scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_winrm_server_cert_validation=ignore ansible_connection=winrm ansible_shell_type=powershell ansible_shell_executable=None ansible_user=${build.User}" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + only = ["amazon-ebs.windows-2016", "googlecompute.windows-2016", "azure-arm.windows-2016"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_winrm_server_cert_validation=ignore ansible_connection=winrm ansible_shell_type=powershell ansible_shell_executable=None ansible_user=${build.User} section01_patch=true section02_patch=false section09_patch=true section17_patch=true section18_patch=false section19_patch=false rule_2_3_1_5=false rule_2_3_1_6=false" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/Windows-2016-CIS/site.yml" + only = ["amazon-ebs.windows-2016", "googlecompute.windows-2016", "azure-arm.windows-2016"] + } + + provisioner "shell-local" { + inline = ["curl -s https://api.ipify.org/?format=none"] + } + + provisioner "powershell" { + inline = [ + "Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State", + "C:\\windows\\system32/sysprep\\sysprep.exe /oobe /generalize /quiet /quit /mode:vm", + "while($true) { $imageState = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State | Select ImageState; if($imageState.ImageState -ne 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { Write-Output $imageState.ImageState; Start-Sleep -s 10 } else { break } }" + ] + only = ["azure-arm.windows-2016"] + } + + # Install EC2Launch + provisioner "powershell" { + inline = [ + "Write-Host \"Download EC2Launch to temp folder $env:Temp\"", + "Invoke-WebRequest -Uri https://s3.amazonaws.com/ec2-downloads-windows/EC2Launch/latest/EC2-Windows-Launch.zip -OutFile $env:Temp/EC2-Windows-Launch.zip", + "Invoke-WebRequest -Uri https://s3.amazonaws.com/ec2-downloads-windows/EC2Launch/latest/install.ps1 -OutFile $env:Temp/EC2Launch-Install.ps1", + "Write-Host Install EC2Launch", + "Invoke-Expression -Command $env:Temp/EC2Launch-Install.ps1" + ] + only = ["amazon-ebs.windows-2016"] + } + + # Print out EC2Launch Version + provisioner "powershell" { + inline = [ + "Write-Host EC2Launch Version", + "Test-ModuleManifest -Path \"C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Module\\Ec2Launch.psd1\""] + only = ["amazon-ebs.windows-2016"] + } + + provisioner "powershell" { + inline = [ + "C:/ProgramData/Amazon/EC2-Windows/Launch/Scripts/InitializeInstance.ps1 -Schedule", + "C:/ProgramData/Amazon/EC2-Windows/Launch/Scripts/SysprepInstance.ps1 -NoShutdown" + ] + only = ["amazon-ebs.windows-2016"] + } + + provisioner "powershell" { + inline = [ + "Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State", + "GCESysprep -no_shutdown" + ] + only = ["googlecompute.windows-2016"] + } +} diff --git a/hashicorp/packer/windows/windowsserver/windows-2019.pkr.hcl b/hashicorp/packer/windows/windowsserver/windows-2019.pkr.hcl new file mode 100644 index 0000000..1d44553 --- /dev/null +++ b/hashicorp/packer/windows/windowsserver/windows-2019.pkr.hcl @@ -0,0 +1,243 @@ +# Hashicorp Packer +# +# https://www.packer.io/ +# + +# source blocks are generated from your builders; a source can be referenced in +# build blocks. A build block runs provisioner and post-processors on a +# source. Read the documentation for source blocks here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/source +source "azure-arm" "windows-2019" { + client_id = "${var.azure_client_id}" + client_secret = "${var.azure_client_secret}" + #tenant_id = "${var.azure_tenant_id}" + subscription_id = "${var.azure_subscription_id}" + image_offer = "WindowsServer" + image_publisher = "MicrosoftWindowsServer" + image_sku = "2019-Datacenter" + image_version = "latest" + managed_image_name = "windows-2019" + location = "${var.azure_region}" + managed_image_resource_group_name = "resourcegroup" + os_type = "windows" + vm_size = "Standard_DS2_v2" + communicator = "winrm" + winrm_username = "packer_user" + winrm_insecure = true + winrm_use_ssl = true + shared_image_gallery_destination { + gallery_name = "SharedImageGallery" + image_name = "windows-2019" + image_version = "${local.azure_version_number}" + replication_regions = ["${var.azure_region}"] + resource_group = "resourcegroup" + } + azure_tags = { + vm_name = "windows-2019" + image_version = "${local.version_number}" + } +} + +source "amazon-ebs" "windows-2019" { + force_deregister = true + access_key = "${var.aws_access_key}" + secret_key = "${var.aws_secret_key}" + region = "${var.aws_region}" + ami_name = "windows-2019-${local.version_number}" + instance_type = "${var.aws_instance_type}" + user_data_file = "./windows/windowsserver/scripts/bootstrap.txt" + communicator = "winrm" + winrm_username = "Administrator" + winrm_insecure = true + winrm_use_ssl = true + source_ami_filter { + filters = { + name = "Windows_Server-2019-English-Full-Base*" + root-device-type = "ebs" + virtualization-type = "hvm" + } + most_recent = true + owners = ["801119661308"] + } +} + +source "googlecompute" "windows-2019" { + project_id = "${var.gcp_project_id}" + account_file = "${var.gcp_account_file}" + disk_size = "${var.disk_size}" + image_name = "windows-2019-${local.version_number}" + source_image_family = "windows-2019" + communicator = "winrm" + winrm_username = "packer_user" + winrm_insecure = true + winrm_use_ssl = true + zone = "${var.gcp_zone}" + metadata = { + windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}" + } + image_labels = { + vm_name = "windows-2019" + } + image_family = "soe-windows-2019" +} + +source "vagrant" "windows-2019" { + source_path = "jborean93/WindowsServer2019" + provider = "virtualbox" + # the Vagrant builder currently only supports the ssh communicator + communicator = "ssh" + ssh_username = "vagrant" + ssh_password = "vagrant" + teardown_method = "suspend" + skip_package = true + box_name = "windows-2019" + output_dir = "${var.build_directory}/windows-2019/vagrant" +} + +# a build block invokes sources and runs provisioning steps on them. The +# documentation for build blocks can be found here: +# https://www.packer.io/docs/templates/hcl_templates/blocks/build +build { + sources = ["source.azure-arm.windows-2019", "source.amazon-ebs.windows-2019", "source.googlecompute.windows-2019", "source.vagrant.windows-2019"] + + provisioner "powershell" { + script = "./windows/windowsserver/scripts/ConfigureRemotingForAnsible.ps1" + only = ["azure-arm.windows-2019"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + ansible_env_vars = [ + "ANSIBLE_HOST_KEY_CHECKING=False", + "ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'", + "ANSIBLE_NOCOLOR=True" + ] + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_ssh_pass=${build.User} version_number=${local.version_number} ansible_shell_type=cmd ansible_shell_executable=None" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + only = ["vagrant.windows-2019"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "vagrant" + use_proxy = false + ansible_env_vars = [ + "ANSIBLE_HOST_KEY_CHECKING=False", + "ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'", + "ANSIBLE_NOCOLOR=True" + ] + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_ssh_pass=vagrant version_number=${local.version_number} ansible_shell_type=cmd ansible_shell_executable=None rule_2_3_1_5=false win_skip_for_test=true rule_2_3_1_1=false" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/Windows-2019-CIS/site.yml" + only = ["vagrant.windows-2019"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "vagrant" + use_proxy = false + ansible_env_vars = [ + "ANSIBLE_HOST_KEY_CHECKING=False", + "ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'", + "ANSIBLE_NOCOLOR=True" + ] + extra_arguments = [ + # "-vvv", + "--extra-vars", + "ansible_ssh_pass=vagrant version_number=${local.version_number} ansible_shell_type=cmd ansible_shell_executable=None ansbile_become=yes ansible_become_method=runas" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-vm-config/site.yml" + only = ["vagrant.windows-2019"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_winrm_server_cert_validation=ignore version_number=${local.version_number}" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + only = ["amazon-ebs.windows-2019", "googlecompute.windows-2019", "azure-arm.windows-2019"] + } + + /* + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_winrm_server_cert_validation=ignore version_number=${local.version_number}" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/ansible-role-win_openssh/site.yml" + only = ["amazon-ebs.windows-2019", "googlecompute.windows-2019", "azure-arm.windows-2019"] + } + */ + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_winrm_server_cert_validation=ignore version_number=${local.version_number}" + ] + host_alias = "none" + playbook_file = "../../ansible/roles/ansible-role-example-role/site.yml" + only = ["amazon-ebs.windows-2019", "googlecompute.windows-2019", "azure-arm.windows-2019"] + } + + provisioner "ansible" { + command = "./scripts/ansible.sh" + user = "${build.User}" + use_proxy = false + extra_arguments = [ + #"-v", + "--extra-vars", + "ansible_winrm_server_cert_validation=ignore section02_patch=false rule_2_3_1_5=false rule_2_3_1_1=false win_skip_for_test=true rule_2_3_1_5=false rule_2_3_1_6=false" + ] + host_alias = "none" + playbook_file = "../../ansible/galaxy/roles/Windows-2019-CIS/site.yml" + only = ["amazon-ebs.windows-2019", "googlecompute.windows-2019", "azure-arm.windows-2019"] + } + + provisioner "shell-local" { + inline = ["curl -s https://api.ipify.org/?format=none"] + } + + provisioner "powershell" { + inline = [ + "Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State", + "C:\\windows\\system32/sysprep\\sysprep.exe /oobe /generalize /quiet /quit /mode:vm", + "while($true) { $imageState = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State | Select ImageState; if($imageState.ImageState -ne 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { Write-Output $imageState.ImageState; Start-Sleep -s 10 } else { break } }" + ] + only = ["azure-arm.windows-2019"] + } + + provisioner "powershell" { + inline = [ + "Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State", + "GCESysprep -no_shutdown" + ] + only = ["googlecompute.windows-2019"] + } +}