mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
dsfin-ansible/README.md
Michael Pellegrino 0bc52ca16f - add a default password for vnc - plain text to be changed later. see 
roles/vnc/tasks/main
- minor doc updates
2023-06-23 15:04:12 -04:00

192 lines
7.6 KiB
Markdown
Raw Permalink Blame History

Table of Contents
=================
* [Ansible for DS Financial demo network](#ansible-for-ds-financial-demo-network)
* [Current State](#current-state)
* [Getting Started](#getting-started)
* [Prerequisites](#prerequisites)
* [Installing](#installing)
* [Running the tests](#running-the-tests)
* [Break down into end to end tests](#break-down-into-end-to-end-tests)
* [And coding style tests](#and-coding-style-tests)
* [Deployment](#deployment)
* [Built With](#built-with)
* [Contributing](#contributing)
* [Versioning](#versioning)
* [Authors](#authors)
* [Acknowledgments](#acknowledgments)
# Ansible for DS Financial demo network
Create and configure hosts (typically a Raspberry PI) for sites on demo network. Create and install tools to generate network traffic.
**Note:** The traffic generated is only for portal statistics, testing steering, etc. It is **NOT** for performance testing.
The following assumptions are made:
* All raspberry pi devices are attached to their associated uCPE's
* All raspberry pi devices have the proper IP address configured for their uCPE (link below or instructions)
* All raspberry pi devices have Internet access, either centralized or DIA
* The SD-WAN VPN provides either full mesh connectivity OR the __ansible-host__ defined below is a HUB site with connectivity to all other sites
[DS Financial Demo Network](https://wiki.sys.comcast.net/pages/viewpage.action?spaceKey=ETHERNET&title=Demo+Network+Configuration) - Wiki
# Current State
Currently, this is just a loose collection of some repeatable tasks.
The Goal is to evenually be able to be a turnkey solution to spin up a "real" network, generating real traffic:
* Configure host name based on inventory (less manual "pi" setup)
* Configure DNS resolution by updating hosts files on each PI from inventory. This is much simpler than bothering to set up DNS services
* SMB
* Currently working. Ansible to copy scripts and set up cron job
* Samba Server
* install samba
* configure share
* enable samba server
* generate server files in share
* FTP
* Currently working. Manual configuration
* TBD set up server
* TBD set up scripts and cron job on clients
* Web
* Currently working. Manual configuration
* TBD setup server
* EBD set up scripts and cron job on clients
* SIP/Voice
* Currently working for both client and server (currently only one direction audio)
* Download sipp source
* Configure sipp source
* Copy scripts and set up cron jobs
* Add test to generate some traffic with various DSCP markings using ping to the sipp server
* Web application traffic. Note: Must currently be run on separate machines (ie. cannot have Facebook and Youtube on the same box)
* Youtube
* Currently working. Ansible install of scripts and cron configuration
* Facebook
* Currently working. Ansible install of scripts and cron configuration
* SalesForce
* Currently working. Ansible install of scripts and cron jobs
* Active Directory Domain (separate from the SMB traffic generation)
* Provision a Samba Active Directory Domain Controller
* Provision a Samba Active Directory Domain Controller (secondary) - not tested
* Provision Samba memeber servers
* Fail2Ban
* Add Fail2Ban to block ssh attempts
## Getting Started
* Download the Raspbery Pi Disk Imager from https://www.raspberrypi.com/software
* Place the SD card in your PC, launch Raspberry Pi Imager
* Choose OS - select the default (Raspberry Pi OS(32-bit))
* Choose storage - select your SD card
* Click the gear in the lower right corner to configure
* Set hostname - 'raspberry' will work as the ansible script will configure this later
* Enable SSH - this is important, select "Uer password authentication"
* Select "Set username and password'
* enter the username and password you would like to use
* optionally set locale
* Place the card into a Pi and boot up with monitor and keyboard connected
* On each Pi
* log in with the username and password you used in the Imager utility
* Configure network
* The Raspberry Pi is configured for DHCP by default If your uCPE does not provide DHCP addresses, you will need to configure a staitc IP address by following the instructions at this site https://www.raspberrypi.com/documentation/computers/configuration.html#static-ip-addresses
* Designate one of the Pi's to be the "main" device and do the following
* log in via SSH or via local keyboard and mouse
* if local, open a command prompt
* execute _**sudo apt install -y ansible sshpass git**_
* get a copy of repo (requies github account, comcast VPN access, and configured git credentials)
* execute _**cd dsfin-ansible**_
* execute _**cp hosts ..**_ copy hosts file outide of git to prevent it from being overwritten on update
* execute _**ansible-galaxy collection install -r requirements.yml**_
* execute _**nano ../hosts**_ and follow the instructions in that file to add all of your Pi devices
* execute _**ssh-keygen -t rsa**_ you will need to press enter three times to accept the defaults
* execute _**ansible-playbook -i ../hosts main.yaml -k -K**_ it will ask for the password which is still 'raspberry then you can enter a different username/password if needed'
* after it completes without errors
* execute _**ansible-playbook -i ../hosts reboot.yaml**_ and wait for it to complete
* execute _**sudo reboot**_
At this point, the configuration of all of the Raspberry Pi devices will be completed and they will start generating traffic as configured while editing the hosts file.
### Additional tools
* dhcptest - tool for testing dhcp responses. useful for testing custom options and dhcp in general
* samba4 domain Controller
* samba4 domain memeber
* filebrowser - web-based file transfer/sharing tool
* zabbix - configure zabbix clients - install client, push default configuration
* tcgui - web gui for configuring the built in kernel tc module. use to generate packet loss, jitter, latency, shaping, etc.
* qos - script to generate traffic with varying dscp markings. useful for validating qos configurations
```
Give examples
```
### Installing
A step by step series of examples that tell you how to get a development env running
Say what the step will be
```
Give the example
```
And repeat
```
until finished
```
End with an example of getting some data out of the system or using it for a little demo
## Running the tests
Explain how to run the automated tests for this system
### Break down into end to end tests
Explain what these tests test and why
```
Give an example
```
### And coding style tests
Explain what these tests test and why
```
Give an example
```
## Deployment
Add additional notes about how to deploy this on a live system
## Built With
* [Dropwizard](http://www.dropwizard.io/1.0.2/docs/) - The web framework used
* [Maven](https://maven.apache.org/) - Dependency Management
* [ROME](https://rometools.github.io/rome/) - Used to generate RSS Feeds
## Contributing
Please read [CONTRIBUTING.md](https://gist.github.com/PurpleBooth/b24679402957c63ec426) for details on our code of conduct, and the process for submitting pull requests to us.
## Versioning
We use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/your/project/tags).
## Authors
* **Billie Thompson** - *Initial work* - [PurpleBooth](https://github.com/PurpleBooth)
See also the list of [contributors](https://github.com/your/project/contributors) who participated in this project.
## Acknowledgments
* Hat tip to anyone whose code was used
* Inspiration
* etc
Reference in New Issue View Git Blame Copy Permalink