diff --git a/terraform/dos/.gitignore b/terraform/dos/.gitignore new file mode 100644 index 0000000..6087da3 --- /dev/null +++ b/terraform/dos/.gitignore @@ -0,0 +1,44 @@ +# Compiled files +*.tfstate +*.tfstate.backup +*.tfstate.lock.info + +# logs +*.log + +# Directories +.terraform/ +.vagrant/ + +# SSH Keys +*.pem + +# Backup files +*.bak + +# Ignored Terraform files +*gitignore*.tf + +# Ignore Mac .DS_Store files +.DS_Store + +# Ignored vscode files +.vscode/ + +# Ignore Any Generated JSON Files +operations/automation-script/apply.json +operations/automation-script/configversion.json +operations/automation-script/run.template.json +operations/automation-script/run.json +operations/automation-script/variable.template.json +operations/automation-script/variable.json +operations/automation-script/workspace.template.json +operations/automation-script/workspace.json +operations/sentinel-policies-scripts/create-policy.template.json +operations/sentinel-policies-scripts/create-policy.json +operations/variable-scripts/variable.template.json +operations/variable-scripts/variable.json + +# Sentinel runtime directory +.sentinel +dos diff --git a/terraform/dos/.terraform.lock.hcl b/terraform/dos/.terraform.lock.hcl new file mode 100644 index 0000000..c656267 --- /dev/null +++ b/terraform/dos/.terraform.lock.hcl @@ -0,0 +1,60 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/dmacvicar/libvirt" { + version = "0.7.1" + constraints = "~> 0.7.0" + hashes = [ + "h1:1yEJVPVFkRkbRY63+sFRAWau/eJ0xlecHWLCV8spkWU=", + "zh:1c59f2ab68da6326637ee8b03433e84af76b3e3562f251a7f2aa239a7b262a8d", + "zh:236e24ecf036e99d9d1e2081a39dc9cb4b8993850a37141a1449f20750f883d6", + "zh:4519c22b1f00c1d37d60ac6c2cb7ad5ab9dbcd44a80b4f61e68aacb54eae017d", + "zh:54de4e3c979c32af1dc71ec2846912f669a28bdb0990e8a3c1fb8fea4ede7b61", + "zh:6270a757bcf4e1f9efe47726cf0caefba30a25e59d151103cf03d1656325783c", + "zh:68b8586d5b29c0a1cb7c608a309b38db911449c072d60eee9e40e01881f1c23a", + "zh:724ba2290fea704714378e9363541420c36091e790c7f39150cde8987d4e0754", + "zh:7b6860c92376cdad98273aab4bea62546622e08f50733e4b2e58a7a859d3b49d", + "zh:986a0a4f8d9511c64bcac8010337deb43110b4c2f91969b2491fd9edc290b60e", + "zh:aff0f6f24d69cd97a44cd6059edaf355769fbb8a7643a6db4d52c9a94f98e194", + "zh:c46ca3f8384d06c13a7ed3d4b83c65b4f8dccbf9d5f624843b68d176add5c5c2", + "zh:ef310534e7d38153aca4ce31655b52a6e6c4d76f32e49732c96b62e9de1ee843", + "zh:f1566b094f4267ef2674889d874962dd41e0cba55251645e16d003c77ca8a19c", + "zh:f2e019df7b537069828c5537c481e5b7f41d2404eef6fe5c86702c20900b303d", + ] +} + +provider "registry.terraform.io/hashicorp/local" { + version = "2.4.0" + hashes = [ + "h1:R97FTYETo88sT2VHfMgkPU3lzCsZLunPftjSI5vfKe8=", + "zh:53604cd29cb92538668fe09565c739358dc53ca56f9f11312b9d7de81e48fab9", + "zh:66a46e9c508716a1c98efbf793092f03d50049fa4a83cd6b2251e9a06aca2acf", + "zh:70a6f6a852dd83768d0778ce9817d81d4b3f073fab8fa570bff92dcb0824f732", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:82a803f2f484c8b766e2e9c32343e9c89b91997b9f8d2697f9f3837f62926b35", + "zh:9708a4e40d6cc4b8afd1352e5186e6e1502f6ae599867c120967aebe9d90ed04", + "zh:973f65ce0d67c585f4ec250c1e634c9b22d9c4288b484ee2a871d7fa1e317406", + "zh:c8fa0f98f9316e4cfef082aa9b785ba16e36ff754d6aba8b456dab9500e671c6", + "zh:cfa5342a5f5188b20db246c73ac823918c189468e1382cb3c48a9c0c08fc5bf7", + "zh:e0e2b477c7e899c63b06b38cd8684a893d834d6d0b5e9b033cedc06dd7ffe9e2", + "zh:f62d7d05ea1ee566f732505200ab38d94315a4add27947a60afa29860822d3fc", + "zh:fa7ce69dde358e172bd719014ad637634bbdabc49363104f4fca759b4b73f2ce", + ] +} + +provider "registry.terraform.io/hashicorp/template" { + version = "2.2.0" + hashes = [ + "h1:94qn780bi1qjrbC3uQtjJh3Wkfwd5+tTtJHOb7KTg9w=", + "zh:01702196f0a0492ec07917db7aaa595843d8f171dc195f4c988d2ffca2a06386", + "zh:09aae3da826ba3d7df69efeb25d146a1de0d03e951d35019a0f80e4f58c89b53", + "zh:09ba83c0625b6fe0a954da6fbd0c355ac0b7f07f86c91a2a97849140fea49603", + "zh:0e3a6c8e16f17f19010accd0844187d524580d9fdb0731f675ffcf4afba03d16", + "zh:45f2c594b6f2f34ea663704cc72048b212fe7d16fb4cfd959365fa997228a776", + "zh:77ea3e5a0446784d77114b5e851c970a3dde1e08fa6de38210b8385d7605d451", + "zh:8a154388f3708e3df5a69122a23bdfaf760a523788a5081976b3d5616f7d30ae", + "zh:992843002f2db5a11e626b3fc23dc0c87ad3729b3b3cff08e32ffb3df97edbde", + "zh:ad906f4cebd3ec5e43d5cd6dc8f4c5c9cc3b33d2243c89c5fc18f97f7277b51d", + "zh:c979425ddb256511137ecd093e23283234da0154b7fa8b21c2687182d9aea8b2", + ] +} diff --git a/terraform/dos/cloud_init.cfg b/terraform/dos/cloud_init.cfg new file mode 100644 index 0000000..1a4f40b --- /dev/null +++ b/terraform/dos/cloud_init.cfg @@ -0,0 +1,23 @@ +#cloud-config +# vim: syntax=yaml + +users: +- name: root + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com +- name: atm + gecos: Aravinth Manivannan + groups: users, admin + sudo: ALL=(ALL) NOPASSWD:ALL + shell: /bin/bash + lock_passwd: true + plain_text_passwd: fooabr12 + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/wXdHpwpY/4ubhYTmuNdGepQpj1kchvTUTApxMZyfyVW4uzrPRTYsle1y9QbTBV35qLkNajRC/wmC5/xPchdXpsJpuD9st1HMhLeR8qwaPyptiYJYT+z/WisWw2k6oWhG3QKvPoRtBdW9nhZnkG+O6zkuGXiRHpS7j2VVboDPpWEe1UdELQFVCwfraRal2g3ENFZ/9V1UrW/4ahRnQnSxERplZUm/fgSxQtmXubTkW68ut7yasBsrKFffMm8JztW0tWgTlTKONd3LCjv4juM0t5+cJDotNDnUR86Tq2PG8io7no/h8BWtazmjdpfGgn02ibX26BkdU0LDEYbJt5q9/Fh9TGk2ZwcMQeyepO1AWQgkmHXZWZELqu6MLQpqdtsOjHp9k0MeSpuIbdwzgf10Ydy7vK1z8irS24tVNNnJaMBwOlVOPwfyztHRADPkFcv2lKSjS1uyKR0FIkV8Kvs4txaIjmwv2LfMg6lF5W6j3ZPLyeE4cplJP0DDjzorSanu31xVnqVb3A8V9awsJ/4H7d59bI99c7QHL4K3fBVP3O0gqd31xAVRsdGs5Tj2P+RpiI6o5JJiOa1+DuBdWzrVIXYchQ30ZjaJp1wTNsYLmAsjeYuQZE2tf1xvywdzD4MB4avugDEWikzRWN9V5PHDZr1bamTCCjOrb2PRCd7eSQ== aravinth7820@gmail.com + +ssh_pwauth: true +chpasswd: + list: | + root:foobar12 + atm:foobar12 + expire: False diff --git a/terraform/dos/demo-server.tf b/terraform/dos/demo-server.tf new file mode 100644 index 0000000..6a2615e --- /dev/null +++ b/terraform/dos/demo-server.tf @@ -0,0 +1,51 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +resource "libvirt_volume" "mcaptcha_demo_server_volume" { + name = "mcaptcha_demo_server_volume-${count.index}" + base_volume_id = libvirt_volume.debian-mcaptcha-qcow2.id + count = var.mcaptcha_demo_server_vm_count + pool = libvirt_pool.mcaptcha_basic.name + size = var.mcaptcha_demo_server_vm_disk_size +} + +resource "libvirt_domain" "mcaptcha_demo_server" { + count = var.mcaptcha_demo_server_vm_count + + name = "mcaptcha_mcaptcha_demo_server_${count.index}" + memory = var.mcaptcha_demo_server_vm_memory + vcpu = var.mcaptcha_demo_server_vm_vcpu + + cloudinit = libvirt_cloudinit_disk.commoninit.id + + console { + type = "pty" + target_port = "0" + target_type = "serial" + } + + console { + type = "pty" + target_type = "virtio" + target_port = "1" + } + + network_interface { + network_name = "default" + wait_for_lease = true + } + + disk { + volume_id = element(libvirt_volume.mcaptcha_demo_server_volume.*.id, count.index) + } +} + +locals { + mcaptcha_demo_server_vm_ips = [for i in libvirt_domain.mcaptcha_demo_server : i.network_interface.0.addresses[0]] + mcaptcha_demo_server_vm_names = [for i in libvirt_domain.mcaptcha_demo_server : i.name] + mcaptcha_demo_server_vm_map = [for i in libvirt_domain.mcaptcha_demo_server : { + ip = i.network_interface.0.addresses[0], + name = i.name + }] +} diff --git a/terraform/dos/dos.tf b/terraform/dos/dos.tf new file mode 100644 index 0000000..f0196a6 --- /dev/null +++ b/terraform/dos/dos.tf @@ -0,0 +1,51 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +resource "libvirt_volume" "mcaptcha_dos_volume" { + name = "mcaptcha_dos_volume-${count.index}" + base_volume_id = libvirt_volume.debian-mcaptcha-qcow2.id + count = var.mcaptcha_dos_vm_count + pool = libvirt_pool.mcaptcha_basic.name + size = var.mcaptcha_dos_vm_disk_size +} + +resource "libvirt_domain" "mcaptcha_dos" { + count = var.mcaptcha_dos_vm_count + + name = "mcaptcha_mcaptcha_dos_${count.index}" + memory = var.mcaptcha_dos_vm_memory + vcpu = var.mcaptcha_dos_vm_vcpu + + cloudinit = libvirt_cloudinit_disk.commoninit.id + + console { + type = "pty" + target_port = "0" + target_type = "serial" + } + + console { + type = "pty" + target_type = "virtio" + target_port = "1" + } + + network_interface { + network_name = "default" + wait_for_lease = true + } + + disk { + volume_id = element(libvirt_volume.mcaptcha_dos_volume.*.id, count.index) + } +} + +locals { + mcaptcha_dos_vm_ips = [for i in libvirt_domain.mcaptcha_dos : i.network_interface.0.addresses[0]] + mcaptcha_dos_vm_names = [for i in libvirt_domain.mcaptcha_dos : i.name] + mcaptcha_dos_vm_map = [for i in libvirt_domain.mcaptcha_dos : { + ip = i.network_interface.0.addresses[0], + name = i.name + }] +} diff --git a/terraform/dos/main.tf b/terraform/dos/main.tf new file mode 100644 index 0000000..8c7aa9d --- /dev/null +++ b/terraform/dos/main.tf @@ -0,0 +1,46 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +terraform { + required_version = ">= 0.13" + required_providers { + libvirt = { + source = "dmacvicar/libvirt" + version = "~> 0.7.0" + } + } +} + +provider "libvirt" { + uri = var.libvirt_uri +} + +resource "libvirt_pool" "mcaptcha_basic" { + name = "mcaptcha_basic" + type = "dir" + path = var.libvirt_pool_path + +} + +resource "libvirt_volume" "debian-mcaptcha-qcow2" { + name = "debian-mcaptcha-qcow2" + pool = libvirt_pool.mcaptcha_basic.name + source = var.libvirt_debian_src + format = "qcow2" +} + +data "template_file" "user_data" { + template = file("${path.module}/cloud_init.cfg") +} + +data "template_file" "network_config" { + template = file("${path.module}/network_config.cfg") +} + +resource "libvirt_cloudinit_disk" "commoninit" { + name = "commoninit.iso" + user_data = data.template_file.user_data.rendered + network_config = data.template_file.network_config.rendered + pool = libvirt_pool.mcaptcha_basic.name +} diff --git a/terraform/dos/mcaptcha.tf b/terraform/dos/mcaptcha.tf new file mode 100644 index 0000000..e7769c7 --- /dev/null +++ b/terraform/dos/mcaptcha.tf @@ -0,0 +1,52 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +resource "libvirt_volume" "mcaptcha_mcaptcha_volume" { + name = "mcaptcha_mcaptcha_volume-${count.index}" + base_volume_id = libvirt_volume.debian-mcaptcha-qcow2.id + count = var.mcaptcha_mcaptcha_vm_count + pool = libvirt_pool.mcaptcha_basic.name + size = var.mcaptcha_mcaptcha_vm_disk_size +} + +resource "libvirt_domain" "mcaptcha_mcaptcha" { + count = var.mcaptcha_mcaptcha_vm_count + + name = "mcaptcha_mcaptcha_mcaptcha_${count.index}" + memory = var.mcaptcha_mcaptcha_vm_memory + vcpu = var.mcaptcha_mcaptcha_vm_vcpu + + cloudinit = libvirt_cloudinit_disk.commoninit.id + + console { + type = "pty" + target_port = "0" + target_type = "serial" + } + + console { + type = "pty" + target_type = "virtio" + target_port = "1" + } + + network_interface { + network_name = "default" + wait_for_lease = true + } + + disk { + volume_id = element(libvirt_volume.mcaptcha_mcaptcha_volume.*.id, count.index) + } +} + +locals { + mcaptcha_mcaptcha_vm_ips = [for i in libvirt_domain.mcaptcha_mcaptcha : i.network_interface.0.addresses[0]] + mcaptcha_mcaptcha_vm_names = [for i in libvirt_domain.mcaptcha_mcaptcha : i.name] + mcaptcha_mcaptcha_vm_map = [for i in libvirt_domain.mcaptcha_mcaptcha : { + ip = i.network_interface.0.addresses[0], + name = i.name + }] +} + diff --git a/terraform/dos/network_config.cfg b/terraform/dos/network_config.cfg new file mode 100644 index 0000000..5b2cbca --- /dev/null +++ b/terraform/dos/network_config.cfg @@ -0,0 +1,4 @@ +version: 2 +ethernets: + ens3: + dhcp4: true diff --git a/terraform/dos/output.tf b/terraform/dos/output.tf new file mode 100644 index 0000000..8a2fb15 --- /dev/null +++ b/terraform/dos/output.tf @@ -0,0 +1,36 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later + +output "mcaptcha_mcaptcha_demo_server_ip" { + value = local.mcaptcha_demo_server_vm_map +} + +output "mcaptcha_mcaptcha_dos_ip" { + value = local.mcaptcha_dos_vm_map +} + +output "mcaptcha_mcaptcha_mcaptcha_ip" { + value = local.mcaptcha_mcaptcha_vm_map +} + +resource "local_file" "hosts_yml" { + content = templatefile("./templates/hosts.yml.tftpl", + { + mcaptcha_demo_server_vm_ips = local.mcaptcha_demo_server_vm_ips, + mcaptcha_demo_server_vm_names = local.mcaptcha_demo_server_vm_names, + mcaptcha_demo_server_vms = local.mcaptcha_demo_server_vm_map, + + + mcaptcha_dos_vm_ips = local.mcaptcha_dos_vm_ips, + mcaptcha_dos_vm_names = local.mcaptcha_dos_vm_names, + mcaptcha_dos_vms = local.mcaptcha_dos_vm_map, + + mcaptcha_mcaptcha_vm_ips = local.mcaptcha_mcaptcha_vm_ips, + mcaptcha_mcaptcha_vm_names = local.mcaptcha_mcaptcha_vm_names, + mcaptcha_mcaptcha_vms = local.mcaptcha_mcaptcha_vm_map + + }) + + filename = "hosts.ini" +} diff --git a/terraform/dos/requirements.txt b/terraform/dos/requirements.txt new file mode 100644 index 0000000..6e46125 --- /dev/null +++ b/terraform/dos/requirements.txt @@ -0,0 +1,31 @@ +ansible==8.1.0 +ansible-core==2.15.1 +certifi==2023.5.7 +cffi==1.15.1 +charset-normalizer==3.2.0 +contextvars==2.4 +cryptography==41.0.2 +distro==1.8.0 +execnet==2.0.2 +idna==3.4 +immutables==0.19 +iniconfig==2.0.0 +Jinja2==3.1.2 +jmespath==1.0.1 +looseversion==1.3.0 +MarkupSafe==2.1.3 +msgpack==1.0.5 +packaging==23.1 +pluggy==1.2.0 +psutil==5.9.5 +pycparser==2.21 +pycryptodomex==3.18.0 +pytest==7.4.0 +pytest-testinfra==8.1.0 +pytest-xdist==3.3.1 +PyYAML==6.0 +pyzmq==25.0.2 +requests==2.31.0 +resolvelib==1.0.1 +salt==3006.1 +urllib3==2.0.3 diff --git a/terraform/dos/scripts/on.sh b/terraform/dos/scripts/on.sh new file mode 100755 index 0000000..cc953cb --- /dev/null +++ b/terraform/dos/scripts/on.sh @@ -0,0 +1,7 @@ +#!/bin/bash + + +for vm in $(virsh list --all --name --state-shutoff); do \ + echo "[*] Starting vm: $vm"; \ + virsh start $vm; \ +done diff --git a/terraform/dos/templates/hosts.yml.tftpl b/terraform/dos/templates/hosts.yml.tftpl new file mode 100644 index 0000000..73b5fa6 --- /dev/null +++ b/terraform/dos/templates/hosts.yml.tftpl @@ -0,0 +1,14 @@ +[mcaptcha_dos] +%{ for vm in mcaptcha_dos_vms ~} +${vm.name} ansible_host=${vm.ip} ansible_user=atm +%{ endfor ~} + +[mcaptcha_mcaptcha] +%{ for vm in mcaptcha_mcaptcha_vms ~} +${vm.name} ansible_host=${vm.ip} ansible_user=atm +%{ endfor ~} + +[mcaptcha_demo_server] +%{ for vm in mcaptcha_demo_server_vms ~} +${vm.name} ansible_host=${vm.ip} ansible_user=atm +%{ endfor ~} diff --git a/terraform/dos/variables.tf b/terraform/dos/variables.tf new file mode 100644 index 0000000..273dd6d --- /dev/null +++ b/terraform/dos/variables.tf @@ -0,0 +1,98 @@ +# SPDX-FileCopyrightText: 2023 Aravinth Manivannan +# +# SPDX-License-Identifier: AGPL-3.0-or-later +/* main.tf */ +variable "libvirt_uri" { + description = "URI of libvert socket" + type = string + default = "qemu:///system" +} + +variable "libvirt_pool_path" { + description = "Path of libvirt storage pool" + type = string + default = "/home/atm/code/libvirt/pool/mcaptcha_basic" +} + +variable "libvirt_debian_src" { + description = "Location of Debian 11 qcow2 image" + type = string + default = "/home/atm/disk-images/debian/11/cloud/debian-11-genericcloud-amd64.qcow2" +} + +/* demo server */ +variable "mcaptcha_demo_server_vm_count" { + description = "Number of VMs to be deployed to run demo server" + type = number + default = 1 +} + +variable "mcaptcha_demo_server_vm_disk_size" { + description = "Size of disk of VM running demo server in bytes" + type = number + default = 8000000000 # 8GB +} + +variable "mcaptcha_demo_server_vm_memory" { + description = "Memory of VM running demo server in MB" + type = number + default = 2000 # 2GB +} + +variable "mcaptcha_demo_server_vm_vcpu" { + description = "Number of CPUs of VM demo server locust" + type = number + default = 4 +} + + +/* locust server server */ +variable "mcaptcha_dos_vm_count" { + description = "Number of VMs to be deployed to run locust" + type = number + default = 2 +} + +variable "mcaptcha_dos_vm_disk_size" { + description = "Size of disk of VMs running locust in bytes" + type = number + default = 8000000000 # 8GB +} + +variable "mcaptcha_dos_vm_memory" { + description = "Memory of VMs running locust in MB" + type = number + default = 2000 # 2GB +} + +variable "mcaptcha_dos_vm_vcpu" { + description = "Number of CPUs of VMs running locust" + type = number + default = 4 +} + + +/* mcaptcha/mcaptcha server server */ +variable "mcaptcha_mcaptcha_vm_count" { + description = "Number of VMs to be deployed to run mcaptcha/mcaptcha" + type = number + default = 1 +} + +variable "mcaptcha_mcaptcha_vm_disk_size" { + description = "Size of disk of VMs running mcaptcha/mcaptcha in bytes" + type = number + default = 8000000000 # 8GB +} + +variable "mcaptcha_mcaptcha_vm_memory" { + description = "Memory of VMs running mcaptcha/mcaptcha in MB" + type = number + default = 2000 # 2GB +} + +variable "mcaptcha_mcaptcha_vm_vcpu" { + description = "Number of CPUs of VMs running mcaptcha/mcaptcha" + type = number + default = 4 +}