Milestone 7 Deploying and Post Provisioning of BlueX Linux Servers - InaFricke/SEC-480 GitHub Wiki

7.1 Create a Rocky 9.1 Base VM

Create a Rocky Linux Minimal Base VM

Create a Rocky Linux Minimal Base VM (be sure to select minimal on the download page), you should have enough information to make this happen.

Make sure it is thin-provisioned.

  1. Download

  2. Upload to datastore 2

  3. create new VM

  1. Put it on datastore 2

  2. Configure

  1. Create a normal user and a root user

Username: ina PW: RB

Username: root PW: RB

Enable SSH

  1. do installation

  2. login as admin

curl -O https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/rhel-sealer.sh

  1. sudo yum install wget

  2. bash rhel-sealer.sh

  3. Login

  4. Poweroff

  5. Snapshot

7.2 DHCP on Blue8fw and a static (or dynamic) route on 480-fw

  1. Log in to 480-fw

  2. configure

  3. set protocols static route 10.0.5.0/24 next-hop 10.0.17.200 commit and save

ISSUE X FIX

configure
set interfaces ethernet eth0 address 10.0.5.2/24
delete interfaces ethernet eth0 address 10.0.8.1/24
commit
save
  1. show protocols static route

PlayBook

  1. inventory + vars, playbook vyos-dhcp-config.yml

Documentation is up to date

  1. Screenshot of DHCP config on Vyos

3 rocky linked clones

  1. Confirm base snapshot

  2. log in to vcenter

  1. Added Get-IPs function to the utils file
function Get-IPs {
    param (
        [string[]]$VMNames
    )
    foreach ($name in $VMNames) {
        Get-IP -VMName $name
    }
}
  1. update the driver file, comment out unnecessary parts ( vcenter connection, adapters, networks)

  1. Import the module Import-Module ./480-utils.psm1 -Force

  2. run it .\480.driver.ps1

7.3 Post Provisioning Rocky-1-3 with Ansible

  1. check if you have a key ls ~/.ssh/

  2. make key ssh-keygen -t rsa -b 4096

  3. create playbook named rocky-provision.yml

  4. Create inventory-ricky.yml using IPs from get-IP function, double check those are the same as ens34 because the nmcli used interface not variable.

  1. Run it

  1. Ended it early because it could not reconnect and confirm reboot after IPs changed (confirmed they rebooted on the console)

  2. Static IPs set

  1. SSH

Video

  1. Get-IPs before (DHCP addresses)
  2. The playbook run
  3. Get-IPs after (static addresses)
  4. SSH into one VM as deployer with no password
  5. sudo -i to show passwordless root

Post Provisioning Ubuntu 1-2 with Ansible

Cloning of Ubuntu base server

  1. Update driver file.

$SourceVM = "ubuntu.base.server"

$CloneName = "ubuntu-1"

  1. Repeat with ubuntu-2

  2. Get the IP's

  1. login to check IP's

user:rangeuser PW: RR32

ubuntu 1 - 10.0.5.83

ubuntu 2 - 10.0.5.84

  1. Create,

inventory-ubuntu.yml: defines the two Ubuntu hosts, their DHCP IPs, usernames, and static IPs as variables

ubuntu-provision.yml: the playbook with all the tasks

netplan.j2: the Jinja2 template that generates the static IP network config for each Ubuntu VM

  1. Pull from GitHub

  2. run in the ansible directory

  1. Staticaly assigned
  1. sudo -i with no password needed

Video

Before — run Get-IPs showing the DHCP addresses (10.0.5.83 and 10.0.5.84)

Run the playbook — show the successful output

After — run Get-IPs showing the static addresses (10.0.5.30 and 10.0.5.31)

SSH in as deployer to one of the VMs without a password and run sudo -i

Walk through all 3 files — inventory-ubuntu.yml, ubuntu-provision.yml, and netplan.j2