If you want to implement new functionality for Dynamic Labs, you'll have to make changes to the terraform and/or ansible files.
If you are looking to create a new lab template, then you are in the wrong section and you should refer to Template Development
Terraform is used to:
- configure the overall cloud environment and networks, such as VPCs
- deploy the systems defined in templates with a vanilla operating system
- deploy and configure the management server
- dynamically generate the Ansible inventory for the lab template
- trigger the execution of Ansible on the management server
Each supported cloud environment has an independent set of Terraform files located in the following project directories:
- AWS -
Terraform/AWS - Azure -
Terraform/Azure
Dynamic Labs makes use of Terraform modules to define systems and networks.
System features are self contained within the Ansible code. Implementing new system features should not require any changes to the Terraform code.
Unlike the Terraform code, the Ansible code is shared between the supported cloud platforms and is contained in the following project directories:
Ansible/
The starting playbook for Ansible is the site.yml file located at:
Ansible/site.yml
which is invoked by Terraform on the management server.
Ansible/site.yml invokes the following playbooks:
Ansible/plays/domains.yml- responsible for invoking the tasks implementing Active Directory featuresAnsible/plays/systems.yml- responsible for invoking the tasks implementing local features for Windows and LinuxAnsible/plays/attacks.yml- responsible for invoking the tasks implementing features that directly implement exploitable vulnerabilitiesAnsible/plays/cleanup.yml- responsible for disabling the ansible accounts used during deployment so that they cannot be used as part of an attack path within the lab
The following location contains the implementation of each task, which usually maps to a feature:
Ansible/plays/tasks/
To implement a new feature, a new task should be created in a suitable subdirectory of tasks and then included in one of the plays in accordance with the type of feature.
The following are useful variables that you can use during the the development of new functionality for DynamicLabs:
ansible_tags- Limit Ansible tags to execute. Useful during development to select the execution of a single feature such asAD_Useransible_limit- Limit Ansible execution to the specified hosts. Useful during development to apply changes to a specific host only, such as10.1.1.10force_ansible_redeploy- Forces redeployment of the ansible source code to the management host. This is not automatically done when the ansible code changes after first deployment.
The variables can be specified on the command line or directly inside the tfvars file.
You can specify the variables on the command line as shown below:
terraform apply -var-file=../../path/to/template.tfvars -var="ansible_tags=AD_User" -var="ansible_limit=10.1.1.10" -var="force_ansible_redeploy=true"
You can specify the variables in the tfvars file used for testing by adding the following lines:
############ / Dev Options
ansible_tags=AD_User
ansible_limit=10.1.1.10
force_ansible_redeploy=true
When modifying ansible code, it may be faster to invoke ansible directly for debugging purposes.
To do so, first connect via ssh to the management server:
ssh -i SSH-Keys/<workspace>-management_key.pem ubuntu@<management_server_IP_Address>
All Ansible code is stored in the Ubuntu user home directory at:
/home/ubuntu
In particular:
ansible-inventory.yml- the Ansible inventory that is dynamically generated by Terraform
To run the playbook, as invoked by Terraform, use the following command line:
ansible-playbook -i ansible-inventory.yml -f 10 ./Ansible/site.yml -vvvv
Specific tags and restrictions on hosts can be specified on the command line, e.g.:
ansible-playbook -i ansible-inventory.yml -f 10 ./Ansible/site.yml --tags "AD_User" --limit "10.1.1.10" -vvvv