add inventories/custom/osseclab_minimal

Author: goffinet

inventories/custom/osseclab_minimal/group_vars/all

@@ -0,0 +1,54 @@
+---
+template: "{{ inventory_dir }}/templates/default_config.j2"
+gns3_url: "http://172.16.253.1"
+gns3_lab_user: "{{ ansible_user }}"
+gns3_lab_pass: "{{ ansible_ssh_pass }}"
+project_name: "osseclab"
+gns3_nodes_spec:
+  - name: "NAT"
+    template: "NAT"
+    x: 100
+    y: -200
+  - name: "gateway"
+    template: "gateway"
+    x: 0
+    y: -200
+  - name: "lan1"
+    template: "Ethernet switch"
+    x: -200
+    y: -50
+  - name: "srv1"
+    template: "linux-server"
+    x: -100
+    y: 50
+  - name: "lan2"
+    template: "Ethernet switch"
+    x: 200
+    y: -50
+  - name: "srv2"
+    template: "linux-server"
+    x: 300
+    y: 50
+  - name: "management"
+    template: "Ethernet switch"
+    x: 0
+    y: 200
+  - name: "controller"
+    template: "controller"
+    x: -100
+    y: 250
+  - name: "natctrl"
+    template: "NAT"
+    x: -350
+    y: 250
+gns3_links_spec:
+  - ["gateway", "Ethernet1", "NAT", "nat0"]
+  - ["gateway", "Ethernet0", "lan1", "Ethernet0"]
+  - ["gateway", "Ethernet2", "lan2", "Ethernet0"]
+  - ["lan1", "Ethernet2", "srv1", "Ethernet0"]
+  - ["lan2", "Ethernet2", "srv2", "Ethernet0"]
+  - ["natctrl", "nat0", "controller", "Ethernet1"]
+  - ["management", "Ethernet0", "controller", "Ethernet0"]
+  - ["management", "Ethernet2", "srv1", "Ethernet1"]
+  - ["management", "Ethernet4", "srv2", "Ethernet1"]
+  - ["management", "Ethernet5", "gateway", "Ethernet3"]

inventories/custom/osseclab_minimal/host_vars/controller

@@ -0,0 +1,7 @@
+---
+hostname: srv1
+interfaces:
+  - id: "System eth0"
+    ipv4_address: "11.12.13.1/24"
+    ipv4_dns: "11.12.13.1"
+login_prompt: "localhost login:"

inventories/custom/osseclab_minimal/host_vars/gateway

@@ -0,0 +1,3 @@
+---
+hostname: gateway
+domain: example.com

inventories/custom/osseclab_minimal/host_vars/srv1

@@ -0,0 +1,10 @@
+---
+hostname: srv1
+interfaces:
+  - id: "System eth0"
+    ipv4_address: "192.168.1.10/24"
+    ipv4_gateway: "192.168.1.1"
+    ipv4_dns: "192.168.1.1"
+#    ipv6_address: "2001:db8:acad:1060::50/64"
+#    ipv6_gateway: "fe80::d1:3"
+login_prompt: "localhost login:"

inventories/custom/osseclab_minimal/host_vars/srv2

@@ -0,0 +1,10 @@
+---
+hostname: srv2
+interfaces:
+  - id: "System eth0"
+    ipv4_address: "192.168.2.20/24"
+    ipv4_gateway: "192.168.2.1"
+    ipv4_dns: "192.168.1.1"
+#    ipv6_address: "2001:db8:acad:3085::50/64"
+#    ipv6_gateway: "fe80::3:3"
+login_prompt: "localhost login:"

inventories/custom/osseclab_minimal/hosts

@@ -0,0 +1,32 @@
+[openwrt]
+gateway
+
+[controllers]
+controller
+
+[servers]
+srv1
+srv2
+
+
+[end_hosts:children]
+servers
+
+[linux:children]
+end_hosts
+controllers
+
+[openwrt:vars]
+image_style=openwrt
+ansible_network_os=""
+ansible_connection=ssh
+
+[linux:vars]
+image_style=centos
+ansible_network_os=""
+ansible_connection=ssh
+
+[all:vars]
+ansible_user=root
+ansible_ssh_pass=testtest
+ansible_port=22

inventories/custom/osseclab_minimal/templates/clients_config.j2

@@ -0,0 +1,6 @@
+rm -f /etc/machine-id
+systemd-machine-id-setup
+hostnamectl set-hostname {{ hostname }}
+echo {{ hostname }} > /etc/hostname
+echo "" > /etc/motd
+sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config 

inventories/custom/osseclab_minimal/templates/controller_config.j2

@@ -0,0 +1,14 @@
+rm -f /etc/machine-id
+systemd-machine-id-setup
+hostnamectl set-hostname controller
+echo controller > /etc/hostname
+echo "" > /etc/motd
+sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config
+echo "curl -s https://raw.githubusercontent.com/goffinet/ansible-ccna-lab/master/tests/almalinux9-controller.sh -o setup.sh" > readme.txt
+echo "bash setup.sh ; reboot" >> readme.txt
+{% for interface in interfaces %}
+nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }}
+nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }}
+nmcli c up  "{{ interface['id'] }}"
+{% endfor %}
+#disown %1

inventories/custom/osseclab_minimal/templates/default_config.j2

@@ -0,0 +1,12 @@
+{% if inventory_hostname in groups['clients'] and image_style == "centos" %}
+{% include 'clients_config.j2' %}
+{% endif %}
+{% if inventory_hostname in groups['servers'] and image_style == "centos" %}
+{% include 'servers_config.j2' %}
+{% endif %}
+{% if inventory_hostname == "gateway" and image_style == "openwrt" %}
+{% include 'openwrt_config.j2' %}
+{% endif %}
+{% if inventory_hostname == "controller" and image_style == "centos" %}
+{% include 'controller_config.j2' %}
+{% endif %}

inventories/custom/osseclab_minimal/templates/openwrt_config.j2

@@ -0,0 +1,33 @@
+passwd {{ ansible_ssh_pass }}
+uci set network.lan2=interface
+uci set network.lan2.type='bridge'
+uci set network.lan2.ifname='eth2'
+uci set network.lan2.proto='static'
+uci set network.lan2.ipaddr='192.168.2.1'
+uci set network.lan2.netmask='255.255.255.0'
+uci set network.lan2.ip6assign='60'
+uci set network.management=interface
+uci set network.management.type='bridge'
+uci set network.management.ifname='eth3'
+uci set network.management.proto='dhcp'
+uci commit network
+/etc/init.d/network restart
+uci set dhcp.lan.domain='{{ domain }}'
+uci set dhcp.lan2.domain='{{ domain }}'
+uci set dhcp.lan2=dhcp
+uci set dhcp.lan2.interface='lan2'
+uci set dhcp.lan2.start='100'
+uci set dhcp.lan2.limit='150'
+uci set dhcp.lan2.leasetime='12h'
+uci set dhcp.lan2.dhcpv6='server'
+uci set dhcp.lan2.ra='server'
+uci commit dhcp
+/etc/init.d/odhcpd restart
+uci set firewall.@zone[0].network="$(uci get firewall.@zone[0].network) lan2"
+uci commit firewall
+/etc/init.d/firewall restart
+uci set system.@system[0].hostname="{{ hostname }}"
+uci commit system
+echo $(uci get system.@system[0].hostname) > /proc/sys/kernel/hostname
+/etc/init.d/dnsmasq reload
+opkg update && opkg install python3 openssh-sftp-server

inventories/custom/osseclab_minimal/templates/servers_config.j2

@@ -0,0 +1,12 @@
+rm -f /etc/machine-id
+systemd-machine-id-setup
+hostnamectl set-hostname {{ hostname }}
+echo {{ hostname }} > /etc/hostname
+sed -i 's/^#PermitRootLogin .*/PermitRootLogin yes/g' /etc/ssh/sshd_config
+{% for interface in interfaces %}
+nmcli c mod "{{ interface['id'] }}" ipv4.method manual ipv4.addresses {{ interface['ipv4_address'] }}
+nmcli c mod "{{ interface['id'] }}" ipv4.gateway {{ interface['ipv4_gateway'] }}
+nmcli c mod "{{ interface['id'] }}" ipv4.dns {{ interface['ipv4_dns'] }}
+nmcli c up  "{{ interface['id'] }}"
+{% endfor %}
+echo "" > /etc/motd