initial commit
This commit is contained in:
commit
9f68d39731
GPG Key ID:
19CE1EC1D9E0486D
30
.gitignore
vendored
Normal file
30
.gitignore
vendored
Normal file
@ -0,0 +1,30 @@
|
||||
### Terraform ###
|
||||
# Local .terraform directories
|
||||
**/.terraform/*
|
||||
|
||||
# .tfstate files
|
||||
*.tfstate
|
||||
*.tfstate.*
|
||||
|
||||
# Crash log files
|
||||
crash.log
|
||||
|
||||
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
|
||||
# .tfvars files are managed as part of configuration and so should be included in
|
||||
# version control.
|
||||
#
|
||||
# example.tfvars
|
||||
|
||||
# Ignore override files as they are usually used to override resources locally and so
|
||||
# are not checked in
|
||||
override.tf
|
||||
override.tf.json
|
||||
*_override.tf
|
||||
*_override.tf.json
|
||||
|
||||
# Include override files you do wish to add to version control using negated pattern
|
||||
# !example_override.tf
|
||||
|
||||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
|
||||
# example: *tfplan*
|
||||
|
||||
34
libvirt.tf
Normal file
34
libvirt.tf
Normal file
@ -0,0 +1,34 @@
|
||||
terraform {
|
||||
required_providers {
|
||||
libvirt = {
|
||||
source = "dmacvicar/libvirt"
|
||||
version = "0.6.3"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider "libvirt" {
|
||||
uri = "qemu:///system"
|
||||
}
|
||||
|
||||
resource "libvirt_domain" "terraform_libvirt" {
|
||||
name = "terraform_libvirt"
|
||||
|
||||
console {
|
||||
type = "pty"
|
||||
target_type = "serial"
|
||||
target_port = "0"
|
||||
}
|
||||
|
||||
console {
|
||||
type = "pty"
|
||||
target_type = "virtio"
|
||||
target_port = "1"
|
||||
}
|
||||
|
||||
graphics {
|
||||
type = "spice"
|
||||
listen_type = "address"
|
||||
autoport = true
|
||||
}
|
||||
}
|
||||
55
vms/cloudinit.cfg
Normal file
55
vms/cloudinit.cfg
Normal file
@ -0,0 +1,55 @@
|
||||
#cloud-config
|
||||
# vim: ft=yaml
|
||||
|
||||
runcmd:
|
||||
- cat /etc/resolv.conf
|
||||
- uname -r
|
||||
|
||||
ssh_pwauth: true
|
||||
chpasswd:
|
||||
list: |
|
||||
root:1234
|
||||
expire: false
|
||||
|
||||
users:
|
||||
- name: victim
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
shell: /bin/bash
|
||||
groups: wheel
|
||||
- name: root
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
|
||||
- name: ansible
|
||||
ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
|
||||
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
||||
shell: /bin/bash
|
||||
groups: wheel
|
||||
|
||||
ssh_publish_hostkeys:
|
||||
enabled: false
|
||||
ssh:
|
||||
emit_keys_to_console: false
|
||||
|
||||
# hostname is set based on main.tf variables
|
||||
preserve_hostname: false
|
||||
fqdn: ${hostname}.${domainname}
|
||||
hostname: ${hostname}
|
||||
|
||||
|
||||
# reboot after fqdn is set to update the info in libvirt's dnsmasq
|
||||
power_state:
|
||||
delay: "+1"
|
||||
mode: reboot
|
||||
condition: true
|
||||
|
||||
packages:
|
||||
- vim
|
||||
- htop
|
||||
- sudo
|
||||
- python39 # for ansible
|
||||
|
||||
package_upgrade: true
|
||||
package_reboot_if_required: true
|
||||
114
vms/main.tf
Normal file
114
vms/main.tf
Normal file
@ -0,0 +1,114 @@
|
||||
# tf provider declaration
|
||||
terraform {
|
||||
# required_version = ">= 0.13"
|
||||
required_providers {
|
||||
libvirt = {
|
||||
source = "dmacvicar/libvirt"
|
||||
version = "0.6.3"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# provider URI for libvirt
|
||||
provider "libvirt" {
|
||||
uri = "qemu:///system"
|
||||
}
|
||||
|
||||
# server settings are defined in terraform.tfvars
|
||||
# the variables here are the defaults in case no relevant terraform.tfvars setting is found
|
||||
variable "projectname" {
|
||||
type = string
|
||||
default = "vms"
|
||||
}
|
||||
variable "hosts" {
|
||||
default = {
|
||||
"vm1" = {
|
||||
name = "vm1",
|
||||
vcpu = 1,
|
||||
memory = "1024",
|
||||
diskpool = "default",
|
||||
disksize = "4000000000",
|
||||
mac = "12:12:00:12:12:00",
|
||||
},
|
||||
}
|
||||
}
|
||||
variable "baseimagediskpool" {
|
||||
type = string
|
||||
default = "default"
|
||||
}
|
||||
variable "domainname" {
|
||||
type = string
|
||||
default = "domain.local"
|
||||
}
|
||||
variable "networkname" {
|
||||
type = string
|
||||
default = "default"
|
||||
}
|
||||
variable "sourceimage" {
|
||||
type = string
|
||||
default = "https://download.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2"
|
||||
}
|
||||
|
||||
# base OS image
|
||||
resource "libvirt_volume" "baseosimage" {
|
||||
name = "baseosimage_${var.projectname}"
|
||||
source = var.sourceimage
|
||||
pool = var.baseimagediskpool
|
||||
}
|
||||
|
||||
# vdisk creation
|
||||
# vdisks are cloned from the base image for each of the "hosts"
|
||||
resource "libvirt_volume" "qcow2_volume" {
|
||||
for_each = var.hosts
|
||||
name = "${each.value.name}.qcow2"
|
||||
base_volume_id = libvirt_volume.baseosimage.id
|
||||
pool = each.value.diskpool
|
||||
format = "qcow2"
|
||||
size = each.value.disksize
|
||||
}
|
||||
|
||||
# Use cloudinit config file
|
||||
# pass certain vars to cloudinit
|
||||
data "template_file" "user_data" {
|
||||
template = file("${path.module}/cloudinit.cfg")
|
||||
for_each = var.hosts
|
||||
vars = {
|
||||
hostname = each.value.name
|
||||
domainname = var.domainname
|
||||
}
|
||||
}
|
||||
|
||||
# cloudinit magic
|
||||
resource "libvirt_cloudinit_disk" "commoninit" {
|
||||
for_each = var.hosts
|
||||
name = "commoninit_${each.value.name}.iso"
|
||||
user_data = data.template_file.user_data[each.key].rendered
|
||||
}
|
||||
|
||||
# default guest
|
||||
resource "libvirt_domain" "default_guest" {
|
||||
for_each = var.hosts
|
||||
name = each.value.name
|
||||
vcpu = each.value.vcpu
|
||||
memory = each.value.memory
|
||||
|
||||
network_interface {
|
||||
network_name = var.networkname
|
||||
mac = each.value.mac
|
||||
# do not wait for a lease if networkname == "host-bridge"
|
||||
wait_for_lease = var.networkname == "host-bridge" ? false : true
|
||||
}
|
||||
|
||||
disk {
|
||||
volume_id = element(libvirt_volume.qcow2_volume[each.key].*.id, 1)
|
||||
}
|
||||
|
||||
cloudinit = libvirt_cloudinit_disk.commoninit[each.key].id
|
||||
|
||||
}
|
||||
|
||||
|
||||
output "hostnames" {
|
||||
value = [libvirt_domain.default_guest.*]
|
||||
}
|
||||
|
||||
38
vms/terraform.tfvars
Normal file
38
vms/terraform.tfvars
Normal file
@ -0,0 +1,38 @@
|
||||
# project name
|
||||
projectname = "vms"
|
||||
|
||||
# OS image
|
||||
#sourceimage = "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2"
|
||||
sourceimage = "https://download.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2"
|
||||
|
||||
# the base image is the source image for all VMs created from it
|
||||
baseimagediskpool = "default"
|
||||
|
||||
|
||||
# domain and network settings
|
||||
domainname = "local"
|
||||
networkname = "default" # default==NAT
|
||||
|
||||
|
||||
# host-specific settings
|
||||
# RAM in bytes
|
||||
# disk size in bytes (disk size must be greater than source image virtual size)
|
||||
hosts = {
|
||||
"victim" = {
|
||||
name = "victim",
|
||||
vcpu = 1,
|
||||
memory = "512",
|
||||
diskpool = "default",
|
||||
disksize = "4300000000",
|
||||
mac = "00:00:00:13:37:22",
|
||||
},
|
||||
"attacker" = {
|
||||
name = "attacker",
|
||||
vcpu = 1,
|
||||
memory = "1024",
|
||||
diskpool = "default",
|
||||
disksize = "4300000000",
|
||||
mac = "00:00:00:13:37:23",
|
||||
},
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user