From 2f59d14ef7c065a6a18468eb0789197cbd021247 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Hjelm=C3=A5s?= Date: Mon, 29 Dec 2025 09:42:53 +0100 Subject: [PATCH] Add new infrastructure and script files for user management and VM access - Create GitHub Actions workflow for validating PowerShell scripts using PSScriptAnalyzer. - Add Heat templates for deploying Windows and Linux instances with networking configurations. - Implement PowerShell script to generate a CSV of Active Directory users with random credentials. - Create Bash scripts for accessing VMs via RDP on Linux and macOS. - Introduce a new YAML template for deploying a single Ubuntu instance. - Update existing YAML templates for Windows Server and Windows 10 instances with floating IPs. --- .github/workflows/validate.yml | 30 +++++ cl_dc_srv_basic.yaml | 211 ++++++++++++++++++++++++++++++++ scripts/CreateUserCSV.ps1 | 148 ++++++++++++++++++++++ scripts/PlottingADStructure.txt | 32 +++++ scripts/myvms.bash | 82 +++++++++++++ scripts/myvms.ps1 | 86 +++++++++++++ scripts/myvms_mac.sh | 93 ++++++++++++++ single_linux.yaml | 89 ++++++++++++++ single_linux_16.04.yaml | 89 ++++++++++++++ single_windows_client.yaml | 93 ++++++++++++++ single_windows_server.yaml | 93 ++++++++++++++ 11 files changed, 1046 insertions(+) create mode 100644 .github/workflows/validate.yml create mode 100644 cl_dc_srv_basic.yaml create mode 100644 scripts/CreateUserCSV.ps1 create mode 100644 scripts/PlottingADStructure.txt create mode 100755 scripts/myvms.bash create mode 100644 scripts/myvms.ps1 create mode 100644 scripts/myvms_mac.sh create mode 100644 single_linux.yaml create mode 100644 single_linux_16.04.yaml create mode 100644 single_windows_client.yaml create mode 100644 single_windows_server.yaml diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml new file mode 100644 index 0000000..6c59b7e --- /dev/null +++ b/.github/workflows/validate.yml @@ -0,0 +1,30 @@ +# .github/workflows/validate.yml +name: Validate PowerShell Scripts + +on: + push: + paths: + - "scripts/**/*.ps1" + - ".github/workflows/validate.yml" + pull_request: + paths: + - "scripts/**/*.ps1" + - ".github/workflows/validate.yml" + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install PSScriptAnalyzer + shell: pwsh + run: | + Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted + Install-Module PSScriptAnalyzer -Scope CurrentUser -Force -SkipPublisherCheck + + - name: Run ScriptAnalyzer + shell: pwsh + run: | + Invoke-ScriptAnalyzer -EnableExit scripts/*.ps1 diff --git a/cl_dc_srv_basic.yaml b/cl_dc_srv_basic.yaml new file mode 100644 index 0000000..4c25bb8 --- /dev/null +++ b/cl_dc_srv_basic.yaml @@ -0,0 +1,211 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to create a new neutron network plus a router to the public + network, and for deploying one Windows 10 (hostname cl1) and two Windows + Servers (hostnames dc1 and srv1) without any configuration (only cl1 has + a boot script to set correct hostname). + +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + +resources: + private_net: + type: OS::Neutron::Net + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: 192.168.111.0/24 + gateway_ip: 192.168.111.1 + allocation_pools: + - start: 192.168.111.101 + end: 192.168.111.200 + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: ntnu-internal + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + sec_core: + type: OS::Neutron::SecurityGroup + properties: + description: Security group rules for all + name: sec_core + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 443 + port_range_max: 443 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 3389 + port_range_max: 3389 + + mgr: + type: OS::Nova::Server + properties: + name: mgr + image: 'Windows 11 22H2 Enterprise [Evaluation]' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: mgr_port } + user_data_format: RAW + user_data: | + #ps1_sysnative + # + # Windows 10 doesn't set hostname correctly + # + $name = (New-Object System.Net.WebClient).DownloadString("http://169.254.169.254/latest/meta-data/hostname") + $shortname = $name.split('.',2)[0] + if ( $env:computername -ne $shortname ) { + Rename-Computer $shortname + exit 1003 # 1003 - reboot and run the plugin again on next boot + # https://cloudbase-init.readthedocs.io/en/latest/tutorial.html#file-execution + } + mgr_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - default + - { get_resource: sec_core } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + mgr_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: mgr_port } + + cl1: + type: OS::Nova::Server + properties: + name: cl1 + image: 'Windows 11 22H2 Enterprise [Evaluation]' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: cl1_port } + user_data_format: RAW + user_data: | + #ps1_sysnative + # + # Windows 10 doesn't set hostname correctly + # + $name = (New-Object System.Net.WebClient).DownloadString("http://169.254.169.254/latest/meta-data/hostname") + $shortname = $name.split('.',2)[0] + if ( $env:computername -ne $shortname ) { + Rename-Computer $shortname + exit 1003 # 1003 - reboot and run the plugin again on next boot + # https://cloudbase-init.readthedocs.io/en/latest/tutorial.html#file-execution + } + cl1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - default + - { get_resource: sec_core } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + cl1_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: cl1_port } + + dc1: + type: OS::Nova::Server + properties: + name: dc1 + image: 'Windows Server 2025 Standard [Evaluation]' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: dc1_port } + dc1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - default + - { get_resource: sec_core } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + dc1_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: dc1_port } + + srv1: + type: OS::Nova::Server + properties: + name: srv1 + image: 'Windows Server 2025 Standard [Evaluation]' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: srv1_port } + srv1_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - default + - { get_resource: sec_core } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + srv1_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: srv1_port } + +outputs: + srv1_private_ip: + description: IP address of srv1 in private network + value: { get_attr: [ srv1, first_address ] } + srv1_public_ip: + description: Floating IP address of srv1 in public network + value: { get_attr: [ srv1_floating_ip, floating_ip_address ] } + dc1_private_ip: + description: IP address of dc1 in private network + value: { get_attr: [ dc1, first_address ] } + dc1_public_ip: + description: Floating IP address of dc1 in public network + value: { get_attr: [ dc1_floating_ip, floating_ip_address ] } + cl1_private_ip: + description: IP address of cl1 in private network + value: { get_attr: [ cl1, first_address ] } + cl1_public_ip: + description: Floating IP address of cl1 in public network + value: { get_attr: [ cl1_floating_ip, floating_ip_address ] } + mgr_private_ip: + description: IP address of mgr in private network + value: { get_attr: [ mgr, first_address ] } + mgr_public_ip: + description: Floating IP address of mgr in public network + value: { get_attr: [ mgr_floating_ip, floating_ip_address ] } diff --git a/scripts/CreateUserCSV.ps1 b/scripts/CreateUserCSV.ps1 new file mode 100644 index 0000000..76a60a0 --- /dev/null +++ b/scripts/CreateUserCSV.ps1 @@ -0,0 +1,148 @@ +# Usage: +# .\CreateUserCSV.ps1 +# will create the csv-file which can be used like this (if sec.core domain prepared): +# $ADUsers = Import-Csv seccoreusers.csv -Delimiter ';' +# # Headers: Username;GivenName;SurName;UserPrincipalName;DisplayName;Password;Department;Path +# foreach ($User in $ADUsers) { +# if (!(Get-ADUser -LDAPFilter ` +# "(sAMAccountName=$($User.Username))")) { +# New-ADUser ` +# -SamAccountName $User.Username ` +# -UserPrincipalName $User.UserPrincipalName ` +# -Name $User.DisplayName ` +# -GivenName $User.GivenName ` +# -Surname $User.SurName ` +# -Enabled $True ` +# -ChangePasswordAtLogon $False ` +# -DisplayName $user.Displayname ` +# -Department $user.Department ` +# -Path $user.path ` +# -AccountPassword (ConvertTo-SecureString $user.Password -AsPlainText +# -Force) +# } +# } + +# Run this script to create your own list of 100 users for the SEC.CORE +# infrastructure as a CSV-file +# Each time the script is run, it will create a new random combination +# of firstname (which is also the username), lastname and department +# New unique random passwords are generated for every user + +# Test so we don't overwrite a file by accident +# +if ((Get-ChildItem -ErrorAction SilentlyContinue seccoreusers.csv).Exists) + {"You alread have the file seccoreusers.csv!"; return;} +if ($PSVersionTable.PSVersion.Major -eq 5) + {Write-Output "This script cannot be executed in Windows PowerShell, please use PowerShell core"; return;} + +# 100 unique firstnames without norwegian characters ('øæå') +# +$FirstName = @("Nora","Emma","Ella","Maja","Olivia","Emilie","Sofie","Leah", + "Sofia","Ingrid","Frida","Sara","Tiril","Selma","Ada","Hedda", + "Amalie","Anna","Alma","Eva","Mia","Thea","Live","Ida","Astrid", + "Ellinor","Vilde","Linnea","Iben","Aurora","Mathilde","Jenny", + "Tuva","Julie","Oda","Sigrid","Amanda","Lilly","Hedvig", + "Victoria","Amelia","Josefine","Agnes","Solveig","Saga","Marie", + "Eline","Oline","Maria","Hege","Jakob","Emil","Noah","Oliver", + "Filip","William","Lucas","Liam","Henrik","Oskar","Aksel", + "Theodor","Elias","Kasper","Magnus","Johannes","Isak","Mathias", + "Tobias","Olav","Sander","Haakon","Jonas","Ludvig","Benjamin", + "Matheo","Alfred","Alexander","Victor","Markus","Theo", + "Mohammad","Herman","Adam","Ulrik","Iver","Sebastian","Johan", + "Odin","Leon","Nikolai","Even","Leo","Kristian","Mikkel", + "Gustav","Felix","Sverre","Adrian","Lars" + ) + +# 100 unique lastnames +# +$LastName = @("Hansen","Johansen","Olsen","Larsen","Andersen","Pedersen", + "Nilsen","Kristiansen","Jensen","Karlsen","Johnsen","Pettersen", + "Eriksen","Berg","Haugen","Hagen","Johannessen","Andreassen", + "Jacobsen","Dahl","Jørgensen","Henriksen","Lund","Halvorsen", + "Sørensen","Jakobsen","Moen","Gundersen","Iversen","Strand", + "Solberg","Svendsen","Eide","Knutsen","Martinsen","Paulsen", + "Bakken","Kristoffersen","Mathisen","Lie","Amundsen","Nguyen", + "Rasmussen","Ali","Lunde","Solheim","Berge","Moe","Nygård", + "Bakke","Kristensen","Fredriksen","Holm","Lien","Hauge", + "Christensen","Andresen","Nielsen","Knudsen","Evensen","Sæther", + "Aas","Myhre","Hanssen","Ahmed","Haugland","Thomassen", + "Sivertsen","Simonsen","Danielsen","Berntsen","Sandvik", + "Rønning","Arnesen","Antonsen","Næss","Vik","Haug","Ellingsen", + "Thorsen","Edvardsen","Birkeland","Isaksen","Gulbrandsen","Ruud", + "Aasen","Strøm","Myklebust","Tangen","Ødegård","Eliassen", + "Helland","Bøe","Jenssen","Aune","Mikkelsen","Tveit","Brekke", + "Abrahamsen","Madsen" + ) + +# 2 in IT, 8 in Adm and 30 consultants in each of in each of Blue, Red and DFIR +# +$OrgUnits = @("ou=IT,ou=AllUsers","ou=IT,ou=AllUsers", + "ou=Adm,ou=AllUsers","ou=Adm,ou=AllUsers","ou=Adm,ou=AllUsers", + "ou=Adm,ou=AllUsers","ou=Adm,ou=AllUsers","ou=Adm,ou=AllUsers", + "ou=Adm,ou=AllUsers","ou=Adm,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Blue,ou=Cons,ou=AllUsers","ou=Blue,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=Red,ou=Cons,ou=AllUsers","ou=Red,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers", + "ou=DFIR,ou=Cons,ou=AllUsers","ou=DFIR,ou=Cons,ou=AllUsers" + ) + +# Three shuffled indices to randomly mix firstname, lastname, and department +# +$fnidx = 0..99 | Get-Random -Shuffle +$lnidx = 0..99 | Get-Random -Shuffle +$ouidx = 0..99 | Get-Random -Shuffle + +Write-Output "UserName;GivenName;SurName;UserPrincipalName;DisplayName;Password;Department;Path" > seccoreusers.csv + +foreach ($i in 0..99) { + $UserName = $FirstName[$fnidx[$i]].ToLower() + $GivenName = $FirstName[$fnidx[$i]] + $SurName = $LastName[$lnidx[$i]] + $UserPrincipalName = $UserName + '@' + 'sec.core' + $DisplayName = $GivenName + ' ' + $SurName + $Password = -join ('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456789!#$%&()*+,-./:<=>?@[\]_{|}'.ToCharArray() | Get-Random -Count 16) + '1.aA' + $Department = ($OrgUnits[$ouidx[$i]] -split '[=,]')[1] + $Path = $OrgUnits[$ouidx[$i]] + ',' + "dc=SEC,dc=CORE" + Write-Output "$UserName;$GivenName;$SurName;$UserPrincipalName;$DisplayName;$Password;$Department;$Path" >> seccoreusers.csv +} diff --git a/scripts/PlottingADStructure.txt b/scripts/PlottingADStructure.txt new file mode 100644 index 0000000..d5ea734 --- /dev/null +++ b/scripts/PlottingADStructure.txt @@ -0,0 +1,32 @@ +choco install graphviz +Install-Module PSGraph + +# PLOT EVERYTHING IN AD: +# $distinguishednames = Get-ADObject -Filter * | Select-Object DistinguishedName + +# OR BETTER LIMIT A BIT: +# $distinguishednames = Get-ADObject -Filter * -SearchBase ` +# 'cn=users,dc=reskit,dc=org' | Select-Object DistinguishedName + +# OR EVEN BETTER: +$distinguishednames = Get-ADObject -LDAPFilter ` + "(|(Objectclass=organizationalunit)(ObjectClass=user))" | + Select-Object DistinguishedName + +$graph = foreach ($element in $distinguishednames) { + $entry = $element.DistinguishedName.Split(",") + if ($entry.Length -gt 1) { + $idx = 0 + do { + "`"$($entry[$idx])`"->`"$($entry[$idx+1])`"" + $idx++ + } while ($idx -lt ($entry.Length-1)) + } else { + if ($entry) {$entry} + } +} + +$stringgraph = $graph -join "`n" + +Write-Output "strict digraph g { `n $stringgraph `n }" | + Export-PSGraph -Destination $env:temp\mysil.pdf -ShowGraph diff --git a/scripts/myvms.bash b/scripts/myvms.bash new file mode 100755 index 0000000..01770b2 --- /dev/null +++ b/scripts/myvms.bash @@ -0,0 +1,82 @@ +#!/bin/bash + +# This script assumes you have netcat and xfreerdp installed +# usage: myvms.bash [mgr|cl1|dc1|srv1|mgra|cl1a|dc1a|srv1a] + +# floating ip's and the Admin-user-password for each host (retrieve from SkyHiGh): +mgr_ip= +mgr_pw= +cl1_ip= +cl1_pw= +dc1_ip= +dc1_pw= +srv1_ip= +srv1_pw= +# domain administrator password (you set this yourself when creating the domain): +dc1a_pw= + +logintype="$1" + +logmein () { + if nc -z -w2 "$ip" 3389 # test if host reachable + then + echo "Login $logintype" + xfreerdp /u:"$user" /audio-mode:1 +fonts +clipboard /dynamic-resolution /w:2048 /h:1152 /v:"$ip" /p:"$pw" + else + echo "Not able to reach port 3389 on host $ip" + fi +} + +case "$logintype" in + "mgr") + ip=$mgr_ip + pw="$mgr_pw" + user=Admin + logmein + exit 0;; + "cl1") + ip=$cl1_ip + pw="$cl1_pw" + user=Admin + logmein + exit 0;; + "dc1") + ip=$dc1_ip + pw="$dc1_pw" + user=Admin + logmein + exit 0;; + "srv1") + ip=$srv1_ip + pw="$srv1_pw" + user=Admin + logmein + exit 0;; + "mgra") + ip=$mgr_ip + pw="$dc1a_pw" + user='SEC\Administrator' + logmein + exit 0;; + "cl1a") + ip=$cl1_ip + pw="$dc1a_pw" + user='SEC\Administrator' + logmein + exit 0;; + "dc1a") + ip=$dc1_ip + pw="$dc1a_pw" + user='SEC\Administrator' + logmein + exit 0;; + "srv1a") + ip=$srv1_ip + pw="$dc1a_pw" + user='SEC\Administrator' + logmein + exit 0;; + *) + echo "Please tell me which login you would like." + exit 1;; +esac diff --git a/scripts/myvms.ps1 b/scripts/myvms.ps1 new file mode 100644 index 0000000..91d2ac8 --- /dev/null +++ b/scripts/myvms.ps1 @@ -0,0 +1,86 @@ +param($logintype = $(throw "Parameter logintype is required")) + +# Usage: myvms.ps1 [mgr|cl1|dc1|srv1|mgra|cl1a|dc1a|srv1a] + +# floating ip's and the Admin-user-password for each host (retrieve from SkyHiGh): +$mgr_ip ='' +$mgr_pw ='' +$cl1_ip ='' +$cl1_pw ='' +$dc1_ip ='' +$dc1_pw ='' +$srv1_ip='' +$srv1_pw='' +# domain administrator password (you set this yourself when creating the domain): +$dc1a_pw='' + +#$logintype=$args[0] + +function Connect-MyHost { + param ( + $User,$IP,$Pw + ) + if (Test-NetConnection -ComputerName "$ip" -Port 3389 -InformationLevel Quiet -WarningAction SilentlyContinue) { + Write-Output "Logging in $user on $ip" + cmdkey `/generic:"$ip" `/user:"$user" `/pass:"$pw" + mstsc `/v:"$ip" + Start-Sleep 10 + cmdkey `/delete:"$ip" + } else { + Write-Output "Not able to reach port 3389 on host $ip" + } +} + +switch ($logintype) { +"mgr" { + $ip="$mgr_ip" + $pw="$mgr_pw" + $user="Admin" + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"cl1" { + $ip="$cl1_ip" + $pw="$cl1_pw" + $user="Admin" + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"dc1" { + $ip="$dc1_ip" + $pw="$dc1_pw" + $user="Admin" + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"srv1" { + $ip="$srv1_ip" + $pw="$srv1_pw" + $user="Admin" + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"mgra" { + $ip=$mgr_ip + $pw="$dc1a_pw" + $user='SEC\Administrator' + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"cl1a" { + $ip=$cl1_ip + $pw="$dc1a_pw" + $user='SEC\Administrator' + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"dc1a" { + $ip=$dc1_ip + $pw="$dc1a_pw" + $user='SEC\Administrator' + Connect-MyHost -User $user -IP $ip -Pw $pw + } +"srv1a" { + $ip=$srv1_ip + $pw="$dc1a_pw" + $user='SEC\Administrator' + Connect-MyHost -User $user -IP $ip -Pw $pw + } +default { + Write-Output "Please tell me which login you would like." + } +} diff --git a/scripts/myvms_mac.sh b/scripts/myvms_mac.sh new file mode 100644 index 0000000..6484b9a --- /dev/null +++ b/scripts/myvms_mac.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +# This is a port to MacOS by Espen Wobbes, espewo@stud.ntnu.no + +# Updated to support macOS Sonoma by Markus Kristiansen, markkris@stud.ntnu.no + +# This script assumes you have microsoft remote desktop installed +# Netcat is a standard in MacOS, so you won't have to install it by yourself +# usage: sh myvms_mac.sh [mgr|cl1|dc1|srv1|mgra|cl1a|dc1a|srv1a] + +# The microsoft remote desktop does not allow the password to be pasted inn automatically +# The script copy's the correct password to your clipboard instead. +# To login to your vm, use keyboard shortcut cmd + v and hit enter +# You should get logged in now. + +# floating ip's and the Admin-user-password for each host (retrieve from SkyHiGh): +mgr_ip='' +mgr_pw='' +cl1_ip='' +cl1_pw='' +dc1_ip='' +dc1_pw='' +srv1_ip='' +srv1_pw='' +# domain administrator password (you set this yourself when creating the domain): +dc1a_pw='' + +logintype="$1" + +logmein () { + echo "Trying to login to $logintype with IP $ip" + if nc -z -w2 "$ip" 3389; then + echo "Login $logintype" + open -u "rdp://full%20address=s%3A$ip&username=s%3A$user" + echo $pw | tr -d '\n' | pbcopy + else + echo "Not able to reach port 3389 on host $ip" + fi +} + +case "$logintype" in + "mgr") + ip=$mgr_ip + pw="$mgr_pw" + user=Admin + logmein + exit 0;; + "cl1") + ip=$cl1_ip + pw="$cl1_pw" + user=Admin + logmein + exit 0;; + "dc1") + ip=$dc1_ip + pw="$dc1_pw" + user=Admin + logmein + exit 0;; + "srv1") + ip=$srv1_ip + pw="$srv1_pw" + user=Admin + logmein + exit 0;; + "mgra") + ip=$mgr_ip + pw="$dc1a_pw" + user="SEC%5CAdministrator" + logmein + exit 0;; + "cl1a") + ip=$cl1_ip + pw="$dc1a_pw" + user="SEC%5CAdministrator" + logmein + exit 0;; + "dc1a") + ip=$dc1_ip + pw="$dc1a_pw" + user="SEC%5CAdministrator" + logmein + exit 0;; + "srv1a") + ip=$srv1_ip + pw="$dc1a_pw" + user="SEC%5CAdministrator" + logmein + exit 0;; + *) + echo "Please tell me which login you would like." + exit 1;; +esac diff --git a/single_linux.yaml b/single_linux.yaml new file mode 100644 index 0000000..0a58bfb --- /dev/null +++ b/single_linux.yaml @@ -0,0 +1,89 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to create a new neutron network plus a router to the public + network, and for deploying a single instance (most recent Ubuntu) with a + floating ip. + +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + +resources: + private_net: + type: OS::Neutron::Net + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: 192.168.111.0/24 + gateway_ip: 192.168.111.1 + allocation_pools: + - start: 192.168.111.101 + end: 192.168.111.200 + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: ntnu-internal + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server: + type: OS::Nova::Server + properties: + image: 'Ubuntu Server 24.04 LTS (Noble Numbat) amd64' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: server_port } + + server_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - { get_resource: server_security_group } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + + server_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: server_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 443 + port_range_max: 443 + +outputs: + server_private_ip: + description: IP address of server in private network + value: { get_attr: [ server, first_address ] } + server_public_ip: + description: Floating IP address of server in public network + value: { get_attr: [ server_floating_ip, floating_ip_address ] } diff --git a/single_linux_16.04.yaml b/single_linux_16.04.yaml new file mode 100644 index 0000000..bf04daf --- /dev/null +++ b/single_linux_16.04.yaml @@ -0,0 +1,89 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to create a new neutron network plus a router to the public + network, and for deploying a single instance (most recent Ubuntu) with a + floating ip. + +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + +resources: + private_net: + type: OS::Neutron::Net + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: 192.168.111.0/24 + gateway_ip: 192.168.111.1 + allocation_pools: + - start: 192.168.111.101 + end: 192.168.111.200 + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: ntnu-internal + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server: + type: OS::Nova::Server + properties: + image: 'ee865b57-a444-4599-bf9a-0efdb9bdc65e' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: server_port } + + server_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - { get_resource: server_security_group } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + + server_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: server_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 443 + port_range_max: 443 + +outputs: + server_private_ip: + description: IP address of server in private network + value: { get_attr: [ server, first_address ] } + server_public_ip: + description: Floating IP address of server in public network + value: { get_attr: [ server_floating_ip, floating_ip_address ] } diff --git a/single_windows_client.yaml b/single_windows_client.yaml new file mode 100644 index 0000000..547fe46 --- /dev/null +++ b/single_windows_client.yaml @@ -0,0 +1,93 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to create a new neutron network plus a router to the public + network, and for deploying a single instance (most recent Windows 10) + with a floating ip. + +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + +resources: + private_net: + type: OS::Neutron::Net + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: 192.168.111.0/24 + gateway_ip: 192.168.111.1 + allocation_pools: + - start: 192.168.111.101 + end: 192.168.111.200 + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: ntnu-internal + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server: + type: OS::Nova::Server + properties: + image: 'Windows 11 24H2 Enterprise [Evaluation]' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: server_port } + + server_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - { get_resource: server_security_group } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + + server_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: server_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 443 + port_range_max: 443 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 3389 + port_range_max: 3389 + +outputs: + server_private_ip: + description: IP address of server in private network + value: { get_attr: [ server, first_address ] } + server_public_ip: + description: Floating IP address of server in public network + value: { get_attr: [ server_floating_ip, floating_ip_address ] } diff --git a/single_windows_server.yaml b/single_windows_server.yaml new file mode 100644 index 0000000..799e4c4 --- /dev/null +++ b/single_windows_server.yaml @@ -0,0 +1,93 @@ +heat_template_version: 2013-05-23 + +description: > + HOT template to create a new neutron network plus a router to the public + network, and for deploying a single instance (most recent Windows Server) + with a floating ip. + +parameters: + key_name: + type: string + description: Name of keypair to assign to servers + +resources: + private_net: + type: OS::Neutron::Net + + private_subnet: + type: OS::Neutron::Subnet + properties: + network_id: { get_resource: private_net } + cidr: 192.168.111.0/24 + gateway_ip: 192.168.111.1 + allocation_pools: + - start: 192.168.111.101 + end: 192.168.111.200 + + router: + type: OS::Neutron::Router + properties: + external_gateway_info: + network: ntnu-internal + + router_interface: + type: OS::Neutron::RouterInterface + properties: + router_id: { get_resource: router } + subnet_id: { get_resource: private_subnet } + + server: + type: OS::Nova::Server + properties: + image: 'Windows Server 2025 Standard [Evaluation]' + flavor: gx1.2c4r + key_name: { get_param: key_name } + networks: + - port: { get_resource: server_port } + + server_port: + type: OS::Neutron::Port + properties: + network_id: { get_resource: private_net } + security_groups: + - { get_resource: server_security_group } + fixed_ips: + - subnet_id: { get_resource: private_subnet } + + server_floating_ip: + type: OS::Neutron::FloatingIP + properties: + floating_network: ntnu-internal + port_id: { get_resource: server_port } + + server_security_group: + type: OS::Neutron::SecurityGroup + properties: + description: Add security group rules for server + rules: + - remote_ip_prefix: 0.0.0.0/0 + protocol: icmp + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 22 + port_range_max: 22 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 80 + port_range_max: 80 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 443 + port_range_max: 443 + - remote_ip_prefix: 0.0.0.0/0 + protocol: tcp + port_range_min: 3389 + port_range_max: 3389 + +outputs: + server_private_ip: + description: IP address of server in private network + value: { get_attr: [ server, first_address ] } + server_public_ip: + description: Floating IP address of server in public network + value: { get_attr: [ server_floating_ip, floating_ip_address ] }