Milestone 7 ‐ Deploying and Post Provisioning of BlueX Linux Servers - ryanm292002/SEC480 GitHub Wiki

7.1

  1. Download Rocky ISO (https://rockylinux.org/download/)

  2. Go to ESXI, Upload the iso to datastore, register a new VM and create the base VM for Rocky.

  3. Run the script found @ https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/rhel-sealer.sh

  4. Sudo yum install wget

  5. Wget 'https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/rhel-sealer.sh'

  6. Create base snapshot

  7. Create a deployer user aswell on the 3 boxes

  • adduser deployer
  • passwd deployer
  • usermod -aG wheel deployer

7.2

(Adding static route to the blue network on 480-fw)

  1. Firstly my 480-fw is on pfsense so the setup is a little different.

  2. Add gateway in the webconfig of pfsense: Systems > routing > gateways > Add+

  • Lan
  • Name=bluefirewallroute
  • Gateway=10.0.17.200
  1. Add static route Systems > routing > static routes
  • destination network = 10.0.5.0/24
  • Gateway = bluefirewallroute

  1. Create the new inventory file // playbook for provisioning DHCP Playbook link: https://github.com/ryanm292002/SEC480/blob/main/ansible/vyos-blue.yml Inventory yaml file: https://github.com/ryanm292002/SEC480/blob/main/ansible/fw-blue1-vars.yaml

  2. Run the playbook, go to blue fw and run config, show service to see the new dhcp information added for reference

  3. Creating 3 rocky clones that grab dhcp address from the new blue pool created on bluefw:

  • Use cloner function x3 and create rocky-1, rocky-2 and rocky-3

  1. Run network-adapt function x3 to change the network adapters of the 3 machines to the bluenetwork so they can grab from newly created dhcp pool

  2. run get-ip to test the 3 machines have properly grabbed a new ip

7.3

inventory file: playbook:

  • add a public key for the deployer user

  • Create a sudoers drop-in file for no password elevation to root by deployer

  • change the hostname

  • change the dhcp ip address to static (10.0.5.10,11,12)

  • Turn off the machines and create a safety before ansible snapshot before continuing with the rocky boxes

  • Ensure deployer user was created and in sudo group

  1. Create ssh key on mgmt box to put into ansible inventory file (vars section)

image

  1. Paste the ssh key into the public_key variable inside of the inventory file

  2. Run the rocky playbook with the linux inventory file which will add ubuntu in 7.4

7.4

  • Create 2 new ubuntu boxes with the cloner function, make sure to put on the blue network and they should grab dhcp addresses automatically.

  • Created the default user as "rangeuser" on the ubuntu base vm

  • Cat the netplan and copy it over as a template to j2 file on mgmt box

  • Cloned machines will grab same dhcp address if machine-id isnt deleted: sudo rm /etc/machine-id sudo systemd-machine-id-setup sudo reboot

  1. All that was really changed from the rocky playbook was the netplan configuration which was a little different from rocky which uses nmcli:

image

  1. Added ubuntu boxes to inventory file under 'ubuntu'

  2. Run the play book

image