-
-
Notifications
You must be signed in to change notification settings - Fork 14
Using Ansible Playbooks
Terry can build various types of servers. At runtime, Terry will dynamically generate an Ansible inventory file which will be used to populate the playbook variables. That inventory is located at <operation-name>/ansible/inventory/hosts.
Using the inventory structure generated by Terry, all servers are configured using Ansible. For the playbooks to work, a couple of assumptions are made:
- SSH is available from your network. If deploying to a private cloud that is behind a firewall, make sure you can route to that IP address
- The host is running Debian
Since the needs of each red team are different, your team may need to expand the capabilities of a playbook. To do so, there is the extended_plays section in the configuration. In this section, you can define custom playbooks as well as any extra variables you may want to run against the deployed server.
NOTE: All custom playbooks MUST live in the
./playbooks/customdirectory AND thepathvalue below MUST only be the name of the playbook inside of the./playbooks/customdirectory for these to work
Let us say you want to set the hostnames of all teamservers to "teamserver" whenever you run the create command. Let us also assume you do not want to hardcode the new hostname into a playbook, but rather pass it in dynamically. You can easily do this by adding a custom playbook.
In this example, your playbook will live at ./playbooks/custom/set-hostname.yml and looks like the following:
---
- name: Set custom hostname for teamservers
gather_facts: true
hosts: teamserver
become: true
tasks:
- name: Set the hostname of the teamserver to a new hostname
ansible.builtin.hostname:
name: "{{ new_hostname }}"
Now in your Terry configuration file, you can add the following to ansible_configuration.extended_plays.create:
create:
- path: set-hostname.yml
extra_vars:
new_hostname: "teamserver"It is possible that you may want to re-run only one playbook against some servers (or even against servers deployed by Terry). This is not recommended, but I assume you are an adult who makes their own decisions. Here are the helpful hints.
To configure a "base" server with all the "base" configuration needed for all the other scripts to run, you can run the command below:
ansible-playbook ./playbooks/prep-all-systems.yml -i ./<deployments-dir>/<operation-name>/ansible/inventory/hosts --private-key Additional configuration is made to each of the specific types of servers.
Use Terry at your own risk. I do not claim responsibility for any changes to the code that may break your configurations. I also do not condone any illegal actions performed after using this tool.