Saturday, May 9, 2020

Ansible Playbook for Installing Vectr.io

Recently, I was introduced to Ansible and Vectr.io.  I chose to create a playbook to install Vectr.io on Ubuntu 18.04.  I also created a playbook to install docker.  Below are the playbooks that I created, you will need to modify for your environment.  


Docker Install Playbook

---
- name: This playbook adds the docker packages if necessary to Ubuntu 18.04 nd 20.04
# No docker repo for 20.04 of focal fosse - Using docker-ce from 18.04
hosts: all
become: 'yes'

tasks:
- name: Add Docker GPG apt Key
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present

- name: Install Docker Dependencies
apt:
pkg:
- curl
- unzip
- apt-transport-https
- ca-certificates
- software-properties-common
- python3-pip
- virtualenv
- python3-setuptools
update_cache: yes
state: latest

- name: Add Docker Repository
raw: add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable"
args:
executable: /bin/bash

- name: Install Docker Packages
apt:
pkg:
- docker-ce
- docker-ce-cli
- docker-compose
update_cache: yes
state: latest

- name: Install Docker Module for Python
pip:
name: docker

- name: Enable the docker service (May not be necessary)
systemd:
name: docker
enabled: yes
masked: no

- name: Verify the docker service is running
systemd:
name: docker
state: started


Vectr.io Install Playbook

---
- name: This playbook installs Vectr through Docker
# https://docs.vectr.io/Installation/
# Dependent on docker being installed on Ubuntu
# apt install python-pip python-dev if not installed
# pip install setuptools on ansible server
# Dependent on ansible server having docker compose installed pip install docker-compose
# You will get a CAS error until you set your /etc/hosts file to the IP hosting the docker container with vectr.local
# Connect with https://vectr.local:8081
hosts: all
# Comment the below line if you have root privileges
become: 'yes'

vars:
currentUser: "thepcn3rd"
VECTR_HOSTNAME: "vectr.local"
VECTR_DATA_KEY: "SomethingS1mple0"
CAS_ENCRYPT_MONGO_KEY: "SomethingS1mpl30"
MONGO_INITDB_ROOT_PASSWORD: "Someth1ngSimple"

tasks:
- name: Add /opt/vectr Directory
file:
path: /opt/vectr
state: directory
owner: "{{ currentUser }}"
group: "{{ currentUser }}"
mode: '0755'

- name: Download Vectr release 5.5.7 into /opt/vectr Directory
get_url:
url: https://github.com/SecurityRiskAdvisors/VECTR/releases/download/ce-5.5.7/sra-vectr-runtime-5.5.7-ce.zip
dest: /opt/vectr/vectr.zip

- name: Change permissions on the Downloaded File
file:
path: /opt/vectr/vectr.zip
owner: "{{ currentUser }}"
group: "{{ currentUser }}"
mode: '0644'

- name: Extract vectr.zip file
unarchive:
src: /opt/vectr/vectr.zip
dest: /opt/vectr
remote_src: yes

- name: Change permissions on Extracted Files
file:
path: /opt/vectr
state: directory
recurse: yes
owner: "{{ currentUser }}"
group: "{{ currentUser }}"
mode: '0644'

- name: Change permissions on Directory
file:
path: /opt/vectr
state: directory
owner: "{{ currentUser }}"
group: "{{ currentUser }}"
mode: '0755'


- name: Change .env file for Vectr prior to deployment VECTR_HOSTNAME
replace:
path: /opt/vectr/.env
regexp: '^VECTR_HOSTNAME=.+'
replace: 'VECTR_HOSTNAME={{ VECTR_HOSTNAME }}'

- name: Change .env file for Vectr prior to deployment VECTR_DATA_KEY
replace:
path: /opt/vectr/.env
regexp: '^VECTR_DATA_KEY=.+'
replace: 'VECTR_DATA_KEY={{ VECTR_DATA_KEY }}'

- name: Change .env file for Vectr prior to deployment CAS_ENCRYPT_MONGO_KEY
replace:
path: /opt/vectr/.env
regexp: '^CAS_ENCRYPT_MONGO_KEY=.+'
replace: 'CAS_ENCRYPT_MONGO_KEY={{ CAS_ENCRYPT_MONGO_KEY }}'

- name: Change .env file for Vectr prior to deployment MONGO_INITDB_ROOT_PASSWORD
replace:
path: /opt/vectr/.env
regexp: '^MONGO_INITDB_ROOT_PASSWORD=.+'
replace: 'MONGO_INITDB_ROOT_PASSWORD={{ MONGO_INITDB_ROOT_PASSWORD }}'

- name: Docker compose the vectr files we have prepared
raw: "docker-compose -f /opt/vectr/docker-compose.yml up -d"
args:
executable: /bin/bash




No comments:

Post a Comment

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...