Convert Exchange to a Terraform module

2021-05-08 15:13:05 -07:00
parent 8c8c7f760c
commit bb41499a27
28 changed files with 112 additions and 85 deletions
--- a/Azure/Ansible/inventory.yml
+++ b/Azure/Ansible/inventory.yml
@@ -11,3 +11,7 @@ wef:
 win10:
  hosts:
    z.z.z.z:
+
+exchange:
+  hosts:
+    # v.v.v.v:
--- a/Azure/Ansible/roles/exchange/tasks/main.yml
+++ b/Azure/Ansible/roles/exchange/tasks/main.yml
@@ -0,0 +1,137 @@
+---
+
+- name: Hostname -> EXCHANGE
+  win_hostname:
+    name: EXCHANGE
+  register: res
+
+- name: Reboot
+  win_reboot:
+  when: res.reboot_required
+
+- name: Set HostOnly DNS Address
+  win_dns_client:
+    adapter_names: '*'
+    ipv4_addresses:
+      - 192.168.38.102
+      - 8.8.8.8
+    log_path: C:\dns_log.txt
+
+- name: Install git
+  win_chocolatey:
+    name: git
+    state: present
+
+- name: Check if existing DetectionLab directory
+  win_stat:
+    path: 'c:\DetectionLab'
+  register: dir
+
+- name: Git clone Detectionlab
+  win_shell: git clone https://github.com/clong/DetectionLab.git
+  args:
+    chdir: 'c:\'
+  when: not dir.stat.exists
+
+- name: Copy scripts to c:\vagrant
+  win_shell: Copy-Item -Recurse c:\DetectionLab\Vagrant c:\vagrant
+
+- name: Join the Domain
+  win_shell: .\\provision.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: exchange_join_domain
+  changed_when: "'HasSucceeded : True' in exchange_join_domain.stdout"
+
+- debug: msg="{{ exchange_join_domain.stdout_lines }}"
+
+- name: Reboot After Joining the Domain
+  win_reboot:
+    msg: "Joining the domain. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Install Exchange Prereqs
+  win_command: powershell.exe .\\install-exchange.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: exchange_prereqs
+  changed_when: "'A reboot is required to continue installation of exchange.' in exchange_prereqs.stdout"
+
+- debug: msg="{{ exchange_prereqs.stdout_lines }}"
+
+- name: Reboot After Installing Exchange PreReqs
+  win_reboot:
+    msg: "Exchange Prereqs installed. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Download Exchange ISO and Mount It
+  win_shell: .\\install-exchange.ps1
+  args:
+    chdir: 'c:\vagrant\scripts'
+  register: download_exchange_iso
+
+- name: Prepare Schema
+  win_package:
+    path: F:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /PrepareSchema
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN\vagrant
+    ansible_become_password: vagrant
+  register: prepare_schema
+
+- name: Prepare AD
+  win_package:
+    path: F:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /PrepareAD
+      /OrganizationName: DetectionLab
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN\vagrant
+    ansible_become_password: vagrant
+  register: prepare_ad
+
+- name: Install Exchange
+  win_package:
+    path: F:\Setup.exe
+    arguments: >-
+      /IAcceptExchangeServerLicenseTerms
+      /Mode:Install
+      /Role:Mailbox
+    product_id: '{CD981244-E9B8-405A-9026-6AEB9DCEF1F1}'
+  vars:
+    ansible_become: yes
+    ansible_become_method: runas
+    ansible_become_user: WINDOMAIN\vagrant
+    ansible_become_password: vagrant
+  register: install_exchange
+
+- name: Reboot after Exchange Installation
+  win_reboot:
+    msg: "Exchange installed. Rebooting..."
+    pre_reboot_delay: 5
+    reboot_timeout: 600
+    post_reboot_delay: 60
+
+- name: Clear Event Logs
+  win_shell: "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+
+- name: Configure EXCHANGE with raw Commands
+  win_shell: "{{ item }}"
+  with_items:
+    - "wevtutil el | Select-String -notmatch \"Microsoft-Windows-LiveId\" | Foreach-Object {wevtutil cl \"$_\"}"
+    - "Set-SmbServerConfiguration -AuditSmb1Access $true -Force"
+
+
--- a/Azure/Terraform/exchange.tf
+++ b/Azure/Terraform/exchange.tf
@@ -0,0 +1,10 @@
+## Remove the block comment to enable the creation of the Exchange server
+/*
+module "exchange" {
+  source = "./modules/exchange"
+  resource_group_name = azurerm_resource_group.detectionlab.name
+  region = var.region
+  subnet_id = azurerm_subnet.detectionlab-subnet.id
+}
+*/
+
--- a/Azure/Terraform/modules/exchange/locals.tf
+++ b/Azure/Terraform/modules/exchange/locals.tf
@@ -0,0 +1,3 @@
+locals {  
+  exchange_url    = "https://${azurerm_public_ip.exchange-publicip.ip_address}"
+}
--- a/Azure/Terraform/modules/exchange/main.tf
+++ b/Azure/Terraform/modules/exchange/main.tf
@@ -0,0 +1,86 @@
+# https://github.com/terraform-providers/terraform-provider-azurerm/blob/1940d84dba45e41b2f1f868a22d7f7af1adea8a0/examples/virtual-machines/virtual_machine/vm-joined-to-active-directory/modules/active-directory/2-virtual-machine.tf
+locals {
+    custom_data_content  = file("${path.module}/../../files/winrm.ps1")
+}
+
+resource "azurerm_virtual_machine" "exchange" {
+  name = "exchange.windomain.local"
+  location = var.region
+  resource_group_name  = var.resource_group_name
+  network_interface_ids = [azurerm_network_interface.exchange-nic.id]
+  vm_size               = "Standard_D3_v2"
+
+  delete_os_disk_on_termination = true
+
+  storage_image_reference {
+    publisher = "MicrosoftWindowsServer"
+    offer     = "WindowsServer"
+    sku       = "2016-Datacenter"
+    version   = "latest"
+  }
+
+  os_profile {
+    computer_name  = "exchange"
+    admin_username = "vagrant"
+    admin_password = "Vagrant123"
+    custom_data    = local.custom_data_content
+  }
+
+  os_profile_windows_config {
+    provision_vm_agent        = true
+    enable_automatic_upgrades = false
+
+    # Auto-Login's required to configure WinRM
+    additional_unattend_config {
+      pass         = "oobeSystem"
+      component    = "Microsoft-Windows-Shell-Setup"
+      setting_name = "AutoLogon"
+      content      = "<AutoLogon><Password><Value>Vagrant123</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>vagrant</Username></AutoLogon>"
+    }
+
+    # Unattend config is to enable basic auth in WinRM, required for the provisioner stage.
+    # https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/examples/virtual-machines/provisioners/windows/files/FirstLogonCommands.xml
+    additional_unattend_config {
+      pass         = "oobeSystem"
+      component    = "Microsoft-Windows-Shell-Setup"
+      setting_name = "FirstLogonCommands"
+      content      = file("${path.module}/../../files/FirstLogonCommands.xml")
+    }
+  }
+
+  storage_os_disk {
+    name              = "OsDiskExchange"
+    caching           = "ReadWrite"
+    create_option     = "FromImage"
+    managed_disk_type = "Standard_LRS"
+  }
+
+  tags = {
+    role = "exchange"
+  }
+}
+
+resource "azurerm_network_interface" "exchange-nic" {
+  name = "exchange-nic"
+  location = var.region
+  resource_group_name  = var.resource_group_name
+
+  ip_configuration {
+    name                          = "myNicConfiguration"
+    subnet_id                     = var.subnet_id
+    private_ip_address_allocation = "Static"
+    private_ip_address            = "192.168.38.106"
+    public_ip_address_id          = azurerm_public_ip.exchange-publicip.id
+  }
+}
+
+resource "azurerm_public_ip" "exchange-publicip" {
+  name                = "exchange-public-ip"
+  location            = var.region
+  resource_group_name = var.resource_group_name
+  allocation_method   = "Static"
+
+  tags = {
+    role = "exchange"
+  }
+}
--- a/Azure/Terraform/modules/exchange/outputs.tf
+++ b/Azure/Terraform/modules/exchange/outputs.tf
@@ -0,0 +1,7 @@
+output "exchange_public_ip" {
+  value = azurerm_public_ip.exchange-publicip
+}
+
+output "exchange_url" {
+  value = local.exchange_url
+}
--- a/Azure/Terraform/modules/exchange/variables.tf
+++ b/Azure/Terraform/modules/exchange/variables.tf
@@ -0,0 +1,11 @@
+variable "resource_group_name" {
+  type = string
+}
+
+variable "region" {
+  type = string
+}
+
+variable "subnet_id" {
+  type = string
+}
--- a/Azure/build_ansible_inventory.sh
+++ b/Azure/build_ansible_inventory.sh
@@ -24,6 +24,7 @@ TF_OUTPUT=$(terraform output)
 DC_IP=$(echo "$TF_OUTPUT" | grep -E -o "dc_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
 WEF_IP=$(echo "$TF_OUTPUT" | grep -E -o "wef_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
 WIN10_IP=$(echo "$TF_OUTPUT" | grep -E -o "win10_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')
+EXCHANGE_IP=$(echo "$TF_OUTPUT" | grep -E -o "exchange_public_ip = ([0-9]{1,3}[\.]){3}[0-9]{1,3}" | cut -d '=' -f 2 | tr -d ' ')

 # Don't update unless there's default values in inventory.yml
 GREP_COUNT=$(grep -E -c 'x\.x\.x\.x|y\.y\.y\.y|z\.z\.z\.z' ../Ansible/inventory.yml)
@@ -37,5 +38,10 @@ fi
 echo "Replacing the default values in DetectionLab/Azure/Ansible/inventory.yml..."
 sed -i.bak "s/x.x.x.x/$DC_IP/g; s/y.y.y.y/$WEF_IP/g; s/z.z.z.z/$WIN10_IP/g" ../Ansible/inventory.yml

+if [ ! -e "$EXCHANGE_IP" ]; then
+  echo "Exchange server found! Adding the IP to the Ansible inventory..."
+  sed -i.bak "s/# v.v.v.v/$EXCHANGE_IP/g" ../Ansible/inventory.yml
+fi
+
 echo "Displaying the updated inventory.yml below!"
 cat ../Ansible/inventory.yml