initial commit

This commit is contained in:
surtur 2021-04-28 02:41:22 +02:00
commit 9f68d39731
Signed by: wanderer
GPG Key ID: 19CE1EC1D9E0486D
5 changed files with 271 additions and 0 deletions

30
.gitignore vendored Normal file

@ -0,0 +1,30 @@
### Terraform ###
# Local .terraform directories
**/.terraform/*
# .tfstate files
*.tfstate
*.tfstate.*
# Crash log files
crash.log
# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
# .tfvars files are managed as part of configuration and so should be included in
# version control.
#
# example.tfvars
# Ignore override files as they are usually used to override resources locally and so
# are not checked in
override.tf
override.tf.json
*_override.tf
*_override.tf.json
# Include override files you do wish to add to version control using negated pattern
# !example_override.tf
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

34
libvirt.tf Normal file

@ -0,0 +1,34 @@
terraform {
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.6.3"
}
}
}
provider "libvirt" {
uri = "qemu:///system"
}
resource "libvirt_domain" "terraform_libvirt" {
name = "terraform_libvirt"
console {
type = "pty"
target_type = "serial"
target_port = "0"
}
console {
type = "pty"
target_type = "virtio"
target_port = "1"
}
graphics {
type = "spice"
listen_type = "address"
autoport = true
}
}

55
vms/cloudinit.cfg Normal file

@ -0,0 +1,55 @@
#cloud-config
# vim: ft=yaml
runcmd:
- cat /etc/resolv.conf
- uname -r
ssh_pwauth: true
chpasswd:
list: |
root:1234
expire: false
users:
- name: victim
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
sudo: ['ALL=(ALL) NOPASSWD:ALL']
shell: /bin/bash
groups: wheel
- name: root
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
- name: ansible
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBtG6NCgdLHX4ztpfvYNRaslKWZcl6KdTc1DehVH4kAL
sudo: ['ALL=(ALL) NOPASSWD:ALL']
shell: /bin/bash
groups: wheel
ssh_publish_hostkeys:
enabled: false
ssh:
emit_keys_to_console: false
# hostname is set based on main.tf variables
preserve_hostname: false
fqdn: ${hostname}.${domainname}
hostname: ${hostname}
# reboot after fqdn is set to update the info in libvirt's dnsmasq
power_state:
delay: "+1"
mode: reboot
condition: true
packages:
- vim
- htop
- sudo
- python39 # for ansible
package_upgrade: true
package_reboot_if_required: true

114
vms/main.tf Normal file

@ -0,0 +1,114 @@
# tf provider declaration
terraform {
# required_version = ">= 0.13"
required_providers {
libvirt = {
source = "dmacvicar/libvirt"
version = "0.6.3"
}
}
}
# provider URI for libvirt
provider "libvirt" {
uri = "qemu:///system"
}
# server settings are defined in terraform.tfvars
# the variables here are the defaults in case no relevant terraform.tfvars setting is found
variable "projectname" {
type = string
default = "vms"
}
variable "hosts" {
default = {
"vm1" = {
name = "vm1",
vcpu = 1,
memory = "1024",
diskpool = "default",
disksize = "4000000000",
mac = "12:12:00:12:12:00",
},
}
}
variable "baseimagediskpool" {
type = string
default = "default"
}
variable "domainname" {
type = string
default = "domain.local"
}
variable "networkname" {
type = string
default = "default"
}
variable "sourceimage" {
type = string
default = "https://download.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2"
}
# base OS image
resource "libvirt_volume" "baseosimage" {
name = "baseosimage_${var.projectname}"
source = var.sourceimage
pool = var.baseimagediskpool
}
# vdisk creation
# vdisks are cloned from the base image for each of the "hosts"
resource "libvirt_volume" "qcow2_volume" {
for_each = var.hosts
name = "${each.value.name}.qcow2"
base_volume_id = libvirt_volume.baseosimage.id
pool = each.value.diskpool
format = "qcow2"
size = each.value.disksize
}
# Use cloudinit config file
# pass certain vars to cloudinit
data "template_file" "user_data" {
template = file("${path.module}/cloudinit.cfg")
for_each = var.hosts
vars = {
hostname = each.value.name
domainname = var.domainname
}
}
# cloudinit magic
resource "libvirt_cloudinit_disk" "commoninit" {
for_each = var.hosts
name = "commoninit_${each.value.name}.iso"
user_data = data.template_file.user_data[each.key].rendered
}
# default guest
resource "libvirt_domain" "default_guest" {
for_each = var.hosts
name = each.value.name
vcpu = each.value.vcpu
memory = each.value.memory
network_interface {
network_name = var.networkname
mac = each.value.mac
# do not wait for a lease if networkname == "host-bridge"
wait_for_lease = var.networkname == "host-bridge" ? false : true
}
disk {
volume_id = element(libvirt_volume.qcow2_volume[each.key].*.id, 1)
}
cloudinit = libvirt_cloudinit_disk.commoninit[each.key].id
}
output "hostnames" {
value = [libvirt_domain.default_guest.*]
}

38
vms/terraform.tfvars Normal file

@ -0,0 +1,38 @@
# project name
projectname = "vms"
# OS image
#sourceimage = "https://cloud.centos.org/centos/8/x86_64/images/CentOS-8-GenericCloud-8.3.2011-20201204.2.x86_64.qcow2"
sourceimage = "https://download.fedoraproject.org/pub/fedora/linux/releases/33/Cloud/x86_64/images/Fedora-Cloud-Base-33-1.2.x86_64.qcow2"
# the base image is the source image for all VMs created from it
baseimagediskpool = "default"
# domain and network settings
domainname = "local"
networkname = "default" # default==NAT
# host-specific settings
# RAM in bytes
# disk size in bytes (disk size must be greater than source image virtual size)
hosts = {
"victim" = {
name = "victim",
vcpu = 1,
memory = "512",
diskpool = "default",
disksize = "4300000000",
mac = "00:00:00:13:37:22",
},
"attacker" = {
name = "attacker",
vcpu = 1,
memory = "1024",
diskpool = "default",
disksize = "4300000000",
mac = "00:00:00:13:37:23",
},
}