Terraform AMI Refresh, Windows 10 box refresh

Terraform/Pre-Built_AMIs.md

@@ -19,7 +19,7 @@ The supplied Terraform configuration can then be used to create EC2 instances an
 3. Create a private/public keypair to use to SSH into logger: `ssh-keygen -b 2048 -f ~/.ssh/id_logger`
 4. Copy the file at [/DetectionLab/Terraform/terraform.tfvars.example](./terraform.tfvars.example) to `/DetectionLab/Terraform/terraform.tfvars`
 5. In `terraform.tfvars`, provide overrides for the variables specified in [variables.tf](./variables.tf)
-6. From the `/DetectionLab/Terraform/` directory, run `terraform init` to setup the initial Terraform configuration
+6. From the `/DetectionLab/Terraform` directory, run `terraform init` to setup the initial Terraform configuration
 7. Run `terraform apply` to begin the provisioning process
 
 [![DetectionLab - Terraform](https://i.vimeocdn.com/video/777172792_640.webp)](https://vimeo.com/331695321)

Terraform/README.md

@@ -19,3 +19,14 @@ One method for spinning up DetectionLab in AWS is to begin by using Virtualbox o
 This method has the benefit of allowing users to customize the VMs before importing them to AWS.
 
 The instructions for deploying DetectionLab in AWS via this method are available here: [Build Your Own AMIs README](./VM_to_AMIs.md)
+
+
+### Current AMI Listing
+| Region | Name | AMI-ID |
+|--------|------|--------|
+| us-west-1 | detectionlab-dc    | ami-03e2df055c632a0dd |
+| us-west-1 | detectionlab-wef   | ami-03c82482c03a740c5 |
+| us-west-1 | detectionlab-win10 | ami-0a4644e74768900f7 |
+| us-east-1 | detectionlab-dc    | ami-0eba8a430eb9c0d92 |
+| us-east-1 | detectionlab-wef   | ami-077981880d8b81b6b |
+| us-east-1 | detectionlab-win10 | ami-0d1b75d4a41ff0e0a |

Terraform/VM_to_AMIs.md

@@ -28,18 +28,18 @@ The supplied Terraform configuration can then be used to create EC2 instances an
 
 7. Export the DetectionLab VMs as single file OVA files if they are not already in that format
 8. [Upload the OVAs to the S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/user-guide/upload-objects.html) you created in step three
-9. Edit the `logger.json`, `dc.json`, `wef.json` and `win10.json` files and modify the S3Bucket and S3Key headers to match the location of the OVA files in your S3 bucket.
+9. Edit the `dc.json`, `wef.json` and `win10.json` files and modify the S3Bucket and S3Key headers to match the location of the OVA files in your S3 bucket.
 10. Import the VMs from S3 as AMIs by running the following commands:
 ```
 aws ec2 import-image --description "dc" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/vm_import/dc.json
 aws ec2 import-image --description "wef" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/vm_import/wef.json
 aws ec2 import-image --description "win10" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/vm_import/win10.json
-aws ec2 import-image --description "logger" --license-type byol --disk-containers file:///path/to/DetectionLab/Terraform/vm_import/logger.json
 ```
 11. Check on the status of the importation with the following command:
 
   ```aws ec2 describe-import-image-tasks --import-task-ids <import-ami-xxxxxxxxxxxxxxxxx>```
 
-12. Fill out the variables in `/path/to/DetectionLab/Terraform/terraform.tfvars`
+12. Copy the file at [/DetectionLab/Terraform/terraform.tfvars.example](./terraform.tfvars.example) to `/DetectionLab/Terraform/terraform.tfvars`
-13. Run `terraform init` to setup the initial Terraform configuration
+13. Fill out the variables in `/DetectionLab/Terraform/terraform.tfvars`
-14. `cd /path/to/DetectionLab/Terraform/Method1 && terraform apply`
+14. Run `terraform init` to setup the initial Terraform configuration
+15. cd to `DetectionLab/Terraform` and run `terraform apply`

Terraform/main.tf

@@ -152,7 +152,7 @@ resource "aws_instance" "logger" {
   # Provision the AWS Ubuntu 16.04 AMI from scratch.
   provisioner "remote-exec" {
     inline = [
-      "sudo add-apt-repository universe && sudo apt-get update && sudo apt-get install -y git",
+      "sudo add-apt-repository universe && sudo apt-get -qq update && sudo apt-get -qq install -y git",
       "echo 'logger' | sudo tee /etc/hostname && sudo hostnamectl set-hostname logger",
       "sudo adduser --disabled-password --gecos \"\" vagrant && echo 'vagrant:vagrant' | sudo chpasswd",
       "sudo mkdir /home/vagrant/.ssh && sudo cp /home/ubuntu/.ssh/authorized_keys /home/vagrant/.ssh/authorized_keys && sudo chown -R vagrant:vagrant /home/vagrant/.ssh",
@@ -180,7 +180,8 @@ resource "aws_instance" "logger" {
 
 resource "aws_instance" "dc" {
   instance_type = "t2.medium"
-  ami = "${var.dc_ami}"
+  # Change the below variable to "${var.dc_ami}" if using hardcoded AMIs
+  ami = "${data.aws_ami.dc_ami.image_id}"
   tags {
     Name = "dc.windomain.local"
   }
@@ -194,7 +195,8 @@ resource "aws_instance" "dc" {
 
 resource "aws_instance" "wef" {
   instance_type = "t2.medium"
-  ami = "${var.wef_ami}"
+  # Change the below variable to "${var.wef_ami}" if using hardcoded AMIs
+  ami = "${data.aws_ami.wef_ami.image_id}"
   tags {
     Name = "wef.windomain.local"
   }
@@ -208,7 +210,8 @@ resource "aws_instance" "wef" {
 
 resource "aws_instance" "win10" {
   instance_type = "t2.medium"
-  ami = "${var.win10_ami}"
+  # Change the below variable to "${var.win10_ami}" if using hardcoded AMIs
+  ami = "${data.aws_ami.win10_ami.image_id}"
   tags {
     Name = "win10.windomain.local"
   }

Terraform/outputs.tf

@@ -1,3 +1,7 @@
+output region {
+  value = "${var.region}"
+}
+
 output "logger_public_ip" {
   value = "${aws_instance.logger.public_ip}"
 }
@@ -13,3 +17,15 @@ output "wef_public_ip" {
 output "win10_public_ip" {
   value = "${aws_instance.win10.public_ip}"
 }
+
+output "latest_dc_ami_id" {
+  value = "${data.aws_ami.dc_ami.image_id}"
+}
+
+output "latest_wef_ami_id" {
+  value = "${data.aws_ami.wef_ami.image_id}"
+}
+
+output "latest_win10_ami_id" {
+  value = "${data.aws_ami.wef_ami.image_id}"
+}

Terraform/variables.tf

@@ -35,22 +35,47 @@ variable "external_dns_servers" {
   default = ["8.8.8.8"]
 }
 
+# Use Data Sources to resolve the AMI-ID for the pre-built DC host
+data "aws_ami" "dc_ami" {
+  owners = ["505638924199"]
+  filter {
+    name = "name"
+    values = ["detectionlab-dc"]
+  }
+}
+
+ # Use Data Sources to resolve the AMI-ID for the pre-built WEF host
+data "aws_ami" "wef_ami" {
+  owners = ["505638924199"]
+  most_recent = true
+  filter {
+    name = "name"
+    values = ["detectionlab-wef"]
+  }
+}
+
+ # Use Data Sources to resolve the AMI-ID for the pre-built Win10 host
+data "aws_ami" "win10_ami" {
+  owners = ["505638924199"]
+  most_recent = true
+  filter {
+    name = "name"
+    values = ["detectionlab-win10"]
+  }
+}
+
 # The logger host uses the Amazon Ubuntu 16.04 image
 # If you are building your own AMIs, replace the default values below with
 # the AMI IDs
-variable "logger_ami" {
-  type = "string"
-  default = "ami-0693b32d066fade8a"
-}
 variable "dc_ami" {
   type = "string"
-  default = "ami-0f0f0aaba01986b10"
+  default = "ami-03e2df055c632a0dd"
 }
 variable "wef_ami" {
   type = "string"
-  default = "ami-02566cd6ca3b7c6ae"
+  default = "ami-03c82482c03a740c5"
 }
 variable "win10_ami" {
   type = "string"
-  default = "ami-06a8a101dac68a81a"
+  default = "ami-0a4644e74768900f7"
 }

Terraform/vm_import/logger.json

@@ -1,9 +0,0 @@
-[
-  {
-    "Description": "logger",
-    "Format": "ova",
-    "UserBucket": {
-        "S3Bucket": "YOUR_BUCKET_GOES_HERE",
-        "S3Key": "logger.ova"
-    }
-}]

ci/build_machine_bootstrap.sh

@@ -30,7 +30,7 @@ echo "Args: $ARGS"
 
 # Disable IPv6 - may help with the vagrant-reload plugin: https://github.com/hashicorp/vagrant/issues/8795#issuecomment-468945063
 echo "net.ipv6.conf.all.disable_ipv6=1" >> /etc/sysctl.conf
-sysctl -p /etc/sysctl.conf
+sysctl -p /etc/sysctl.conf > /dev/null
 
 if [[ "$VAGRANT_ONLY" -eq 1 ]] && [[ "$PACKER_ONLY" -eq 1 ]]; then
   echo "[$(date +%H:%M:%S)]: Somehow this build is configured as both packer-only and vagrant-only. This means something has gone horribly wrong."
@@ -70,6 +70,10 @@ if [ "$PACKER_ONLY" -eq 0 ]; then
     vagrant plugin install vagrant-reload
   fi
 
+  # Re-enable IPv6 - may help with the Vagrant Cloud slowness
+  echo "net.ipv6.conf.all.disable_ipv6=0" >> /etc/sysctl.conf
+  sysctl -p /etc/sysctl.conf > /dev/null
+
   # Make the Vagrant instances headless
   cd /opt/DetectionLab/Vagrant || exit 1
   sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile
@@ -80,8 +84,8 @@ if [ "$VAGRANT_ONLY" -eq 0 ]; then
   # Install Packer
   mkdir /opt/packer
   cd /opt/packer || exit 1
-  wget --progress=bar:force https://releases.hashicorp.com/packer/1.3.2/packer_1.3.2_linux_amd64.zip
+  wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.0/packer_1.4.0_linux_amd64.zip
-  unzip packer_1.3.2_linux_amd64.zip
+  unzip packer_1.4.0_linux_amd64.zip
   cp packer /usr/local/bin/packer
 
   # Make the Packer images headless

ci/manual_machine_bootstrap.sh

@@ -17,11 +17,8 @@ apt-get install -y linux-headers-"$(uname -r)" virtualbox-5.2 build-essential un
 pip install awscli --upgrade --user
 export PATH=$PATH:/root/.local/bin
 
-echo "building" > /var/www/html/index.html
-
 # Set up firewall
 ufw allow ssh
-ufw allow http
 ufw default allow outgoing
 ufw --force enable
 
@@ -41,8 +38,8 @@ sed -i 's/vb.gui = true/vb.gui = false/g' Vagrantfile
 # Install Packer
 mkdir /opt/packer
 cd /opt/packer || exit 1
-wget https://releases.hashicorp.com/packer/1.3.2/packer_1.3.2_linux_amd64.zip
+wget --progress=bar:force https://releases.hashicorp.com/packer/1.4.0/packer_1.4.0_linux_amd64.zip
-unzip packer_1.3.2_linux_amd64.zip
+unzip packer_1.4.0_linux_amd64.zip
 cp packer /usr/local/bin/packer
 
 # Make the Packer images headless

ci/manual_machine_bootstrap_vmware.sh

@@ -1,9 +1,9 @@
 #! /bin/bash
 
 # This script is used to manually prepare an Ubuntu 16.04 server for DetectionLab building
-
+export DEBIAN_FRONTEND=noninteractive
-SERIALNUMBER="TODO"
+export SERIALNUMBER="SECRET"
-LICENSEFILE="TODO"
+export LICENSEFILE="SECRET"
 
 sed -i 's/archive.ubuntu.com/us.archive.ubuntu.com/g' /etc/apt/sources.list
 
@@ -14,7 +14,7 @@ fi
 
 # Install VMWare Workstation 15
 apt-get update
-apt-get install -y linux-headers-"$(uname -r)" build-essential unzip git ufw apache2 python-pip
+apt-get install -y linux-headers-"$(uname -r)" build-essential unzip git ufw apache2 python-pip ubuntu-desktop
 pip install awscli --upgrade --user
 export PATH=$PATH:/root/.local/bin
 
@@ -22,11 +22,8 @@ wget -O VMware-Workstation-Full-15.0.4-12990004.x86_64.bundle "https://download3
 chmod +x VMware-Workstation-Full-15.0.4-12990004.x86_64.bundle
 sudo sh VMware-Workstation-Full-15.0.4-12990004.x86_64.bundle --console --required --eulas-agreed --set-setting vmware-workstation serialNumber $SERIALNUMBER
 
-echo "building" > /var/www/html/index.html
-
 # Set up firewall
 ufw allow ssh
-ufw allow http
 ufw default allow outgoing
 ufw --force enable
 
@@ -39,7 +36,8 @@ wget --progress=bar:force https://releases.hashicorp.com/vagrant/2.2.4/vagrant_2
 dpkg -i vagrant_2.2.4_x86_64.deb
 vagrant plugin install vagrant-reload
 vagrant plugin install vagrant-vmware-desktop
-vagrant plugin license vagrant-vmware-desktop $LICENSEFILE
+echo $LICENSEFILE | base64 -d > /tmp/license.lic
+vagrant plugin license vagrant-vmware-desktop /tmp/license.lic
 wget --progress=bar:force "https://releases.hashicorp.com/vagrant-vmware-utility/1.0.7/vagrant-vmware-utility_1.0.7_x86_64.deb"
 dpkg -i vagrant-vmware-utility_1.0.7_x86_64.deb