Add vmware_esxi provider for extensions

ansible/data.yml

@@ -9,37 +9,31 @@
       set_fact:
         lab: "{{lab}}"
         cacheable: yes
-      run_once: true
 
     - name: find domain_adapter
       set_fact:
        domain_adapter="{{item.connection_name}}"
-      when: item.ipv4.address == hostvars[dict_key].ansible_host
+      when: item.ipv4.address == hostvars[inventory_hostname].ansible_host
       with_items: "{{ ansible_interfaces }}"
-      run_once: true
 
     - name: find nat_adapter
       set_fact:
        nat_adapter="{{item.connection_name}}"
-      when: item.ipv4.address != hostvars[dict_key].ansible_host
+      when: item.ipv4.address != hostvars[inventory_hostname].ansible_host
       with_items: "{{ ansible_interfaces }}"
-      run_once: true
 
     - name: find number of interfaces
       set_fact:
        number_of_interfaces="{{ansible_interfaces|length}}"
-      run_once: true
 
     - name: find if two adapters
       set_fact:
        two_adapters="{{ 'yes' if number_of_interfaces != '1' else 'no' }}"
-      run_once: true
 
     - name: confirm nat_adapter
       set_fact:
        nat_adapter="{{domain_adapter}}"
       when: not two_adapters
-      run_once: true
 
 #    - debug:
 #        msg: "domain interface : {{domain_adapter}}"

ansible/roles/common/files/vm-guest-tools.ps1

@@ -0,0 +1,96 @@
+if (!( Test-Path "C:\Windows\Temp\7z1900-x64.msi")) {
+  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')
+}
+if (!(Test-Path "C:\Windows\Temp\7z1900-x64.msi")) {
+  Start-Sleep 5; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')
+}
+cmd /c msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi
+
+if ("$env:PACKER_BUILDER_TYPE" -eq "vmware-iso") {
+
+  Write-Output "Using VMware"
+  if (Test-Path "C:\Users\vagrant\windows.iso") {
+    Move-Item -force C:\Users\vagrant\windows.iso C:\Windows\Temp
+  }
+
+  if (!(Test-Path "C:\Windows\Temp\windows.iso")) {
+    Try {
+      # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138
+      $ProgressPreference = 'SilentlyContinue'
+      $pageContentLinks = (Invoke-WebRequest('https://softwareupdate.vmware.com/cds/vmw-desktop/ws') -UseBasicParsing).Links | where-object { $_.href -Match "[0-9]" } | Select-Object href | ForEach-Object { $_.href.Trim('/') }
+      $versionObject = $pageContentLinks | ForEach-Object { new-object System.Version ($_) } | sort-object -Descending | select-object -First 1 -Property:Major, Minor, Build
+      $newestVersion = $versionObject.Major.ToString() + "." + $versionObject.Minor.ToString() + "." + $versionObject.Build.ToString() | out-string
+      $newestVersion = $newestVersion.TrimEnd("`r?`n")
+
+      $nextURISubdirectoryObject = (Invoke-WebRequest("https://softwareupdate.vmware.com/cds/vmw-desktop/ws/$newestVersion/") -UseBasicParsing).Links | where-object { $_.href -Match "[0-9]" } | Select-Object href | where-object { $_.href -Match "[0-9]" }
+      $nextUriSubdirectory = $nextURISubdirectoryObject.href | Out-String
+      $nextUriSubdirectory = $nextUriSubdirectory.TrimEnd("`r?`n")
+      $newestVMwareToolsURL = "https://softwareupdate.vmware.com/cds/vmw-desktop/ws/$newestVersion/$nextURISubdirectory/windows/packages/tools-windows.tar"
+      Write-Output "The latest version of VMware tools has been determined to be downloadable from $newestVMwareToolsURL"
+      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile("$newestVMwareToolsURL", 'C:\Windows\Temp\vmware-tools.tar')
+    }
+    Catch {
+      Write-Output "Unable to determine the latest version of VMware tools. Falling back to hardcoded URL."
+      (New-Object System.Net.WebClient).DownloadFile('https://softwareupdate.vmware.com/cds/vmw-desktop/ws/15.5.5/16285975/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar')
+    }
+    cmd /c "C:\PROGRA~1\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp
+    Move-Item c:\windows\temp\VMware-tools-windows-*.iso c:\windows\temp\windows.iso
+    Try { Remove-Item "C:\Program Files (x86)\VMWare" -Recurse -Force -ErrorAction Stop } Catch { Write-Output "Directory didn't exist to be removed." }
+  }
+
+  cmd /c "C:\PROGRA~1\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare
+  cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\"
+
+  Remove-Item -Force "C:\Windows\Temp\vmware-tools.tar"
+  Remove-Item -Force "C:\Windows\Temp\windows.iso"
+  Remove-Item -Force -Recurse "C:\Windows\Temp\VMware"
+}
+
+if ("$env:PACKER_BUILDER_TYPE" -eq "virtualbox-iso") {
+  Write-Output "Using Virtualbox"
+  if (Test-Path "C:\Users\vagrant\VBoxGuestAdditions.iso") {
+    Move-Item -Force C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp
+  }
+
+  if (!(Test-Path "C:\Windows\Temp\VBoxGuestAdditions.iso")) {
+    Try {
+      $pageContentLinks = (Invoke-WebRequest('https://download.virtualbox.org/virtualbox') -UseBasicParsing).Links | where-object { $_.href -Match "[0-9]" } | Select-Object href |  where-object { $_.href -NotMatch "BETA" } |  where-object { $_.href -NotMatch "RC" } |   where-object { $_.href -Match "[0-9]\.[0-9]" } | ForEach-Object { $_.href.Trim('/') }
+      $versionObject = $pageContentLinks | ForEach-Object { new-object System.Version ($_) } | sort-object -Descending | select-object -First 1 -Property:Major, Minor, Build
+      $newestVersion = $versionObject.Major.ToString() + "." + $versionObject.Minor.ToString() + "." + $versionObject.Build.ToString() | out-string
+      $newestVersion = $newestVersion.TrimEnd("`r?`n")
+
+      $nextURISubdirectoryObject = (Invoke-WebRequest("https://download.virtualbox.org/virtualbox/$newestVersion/") -UseBasicParsing).Links | Select-Object href | where-object { $_.href -Match "GuestAdditions" }
+      $nextUriSubdirectory = $nextURISubdirectoryObject.href | Out-String
+      $nextUriSubdirectory = $nextUriSubdirectory.TrimEnd("`r?`n")
+      $newestVboxToolsURL = "https://download.virtualbox.org/virtualbox/$newestVersion/$nextUriSubdirectory"
+      Write-Output "The latest version of VirtualBox tools has been determined to be downloadable from $newestVboxToolsURL"
+      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile("$newestVboxToolsURL", 'C:\Windows\Temp\VBoxGuestAdditions.iso')
+    }
+    Catch {
+      Write-Output "Unable to determine the latest version of VBox tools. Falling back to hardcoded URL."
+      [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/6.1.8/VBoxGuestAdditions_6.1.8.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')
+    }
+  }
+
+  cmd /c ""C:\PROGRA~1\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox"
+  Get-ChildItem "C:\Windows\Temp\virtualbox\cert\" -Filter vbox*.cer | Foreach-Object { C:\Windows\Temp\virtualbox\cert\VBoxCertUtil add-trusted-publisher $_.FullName --root $_.FullName }
+  cmd /c C:\Windows\Temp\virtualbox\VBoxWindowsAdditions.exe /S
+  cmd /c rd /S /Q "C:\Windows\Temp\virtualbox"
+}
+
+if ("$env:PACKER_BUILDER_TYPE" -eq "parallels-iso") {
+  Write-Output "Using Parallels Desktop"
+  # This is required when using Parallels Desktop
+  # Currently the installation of Parallels Tools is broken if you're installing in Windows Server & Windows Server Core
+  # You will encounter an error in printui.dll module not found message.
+  # This feature will add the required libraries for printing services.
+
+  # Parallels Tools is required for sync_folder to work.
+  # Vagrantfile config: v.update_guest_tools = true will be installed with no issues
+  if ($(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ProductName.StartsWith("Windows Server")) {
+    Write-Output "Installing Print Server service"
+    Install-WindowsFeature -Name Print-Server
+  }  
+}
+
+cmd /c msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi

ansible/roles/common/tasks/main.yml

@@ -1,3 +1,24 @@
+# even though this script is done on the packer, some hosts might not be packed from this, like when we grab a vagrant host (e.g. mayfly/windows10)
+- name: Check if VMware Tools are installed
+  ansible.windows.win_powershell:
+    script: |
+        $vmtools_installed = Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like "VMware Tools*"} | Select-Object -ExpandProperty Name
+        if ($vmtools_installed) {
+            Write-Host "VMware Tools is installed."
+            return $true
+        } else {
+            Write-Host "VMware Tools is not installed."
+            return $false
+        }
+  register: vmware_tools_installed
+
+- name: Install VM Guest Tools if using VMware or VMware ESXi
+  win_shell: |
+    powershell.exe -ExecutionPolicy Bypass -File "{{ playbook_dir }}\\roles\\common\\files\\vm-guest-tools.ps1"
+  when: 
+    - goad_provider is defined and (goad_provider == 'vmware' or goad_provider == 'vmware_esxi')
+    - vmware_tools_installed.exists == false
+
 - name: "Force a DNS on the adapter {{nat_adapter}}"
   ansible.windows.win_dns_client:
     adapter_names: "{{nat_adapter}}"

extensions/elk/ansible/install.yml

@@ -8,4 +8,4 @@
 - name: Install log agent on windows vms
   hosts: elk_log
   roles:
-    - { role: 'logs_windows', tags: 'agent' }
+    - { role: 'logs_windows', tags: 'agent', goad_provider: "{{ provider | default(omit) }}" }

extensions/elk/providers/vmware_esxi/Vagrantfile

@@ -0,0 +1,11 @@
+boxes.append(
+    { 
+        :name => "{{lab_name}}-ELK",
+        :ip => "{{ip_range}}.50",
+        :box => "bento/ubuntu-22.04",
+        :os => "linux",
+        :cpus => 2,
+        :mem => 4000,
+        :forwarded_port => [ {:guest => 22, :host => 2210, :id => "ssh"} ]
+    }
+)

extensions/exchange/ansible/install.yml

@@ -78,6 +78,7 @@
     exchange_prereqs_complete_file: "{{ ludus_exchange_iso_directory }}\\exchange_prereqs_complete.txt"
     send_connector_source_transport_servers: "{{ludus_exchange_host}}"
     ludus_install_directory: "./iso"
+    goad_provider: "{{ provider | default(omit) }}"
 
 - name: Add exchange mail reader bot
   hosts: srv01

extensions/exchange/providers/vmware_esxi/Vagrantfile

@@ -0,0 +1,10 @@
+boxes.append(
+    { 
+        :name => "{{lab_name}}-SRV01",
+        :ip => "{{ip_range}}.21",
+        :box => "StefanScherer/windows_2019",
+        :os => "windows",
+        :cpus => 4,
+        :mem => 12000
+    }
+)

extensions/guacamole/providers/vmware_esxi/Vagrantfile

@@ -0,0 +1,11 @@
+boxes.append(
+    { 
+        :name => "{{lab_name}}-GUACAMOLE",
+        :ip => "{{ip_range}}.52",
+        :box => "bento/ubuntu-22.04", 
+        :os => "linux",
+        :cpus => 2,
+        :mem => 3000,
+        :forwarded_port => [ {:guest => 22, :host => 2210, :id => "ssh"} ]
+    }
+)

extensions/lx01/providers/vmware_esxi/Vagrantfile

@@ -0,0 +1,11 @@
+boxes.append(
+    { 
+        :name => "{{lab_name}}-LX01",
+        :ip => "{{ip_range}}.32",
+        :box => "bento/ubuntu-22.04", 
+        :os => "linux",
+        :cpus => 1,
+        :mem => 1000,
+        :forwarded_port => [ {:guest => 22, :host => 2210, :id => "ssh"} ]
+    }
+)

extensions/wazuh/providers/vmware_esxi/Vagrantfile

@@ -0,0 +1,11 @@
+boxes.append(
+    {
+        :name => "{{lab_name}}-WAZUH",
+        :ip => "{{ip_range}}.51",
+        :box => "bento/ubuntu-22.04", 
+        :os => "linux",
+        :cpus => 2,
+        :mem => 8000,
+        :forwarded_port => [ {:guest => 22, :host => 2210, :id => "ssh"} ]
+    }
+)

extensions/ws01/ansible/install.yml

@@ -33,7 +33,7 @@
     - { role: 'settings/admin_password', tags: 'admin_password' }
     - { role: 'settings/hostname', tags: 'hostname' }
     # ad-members.yml : enroll ws01
-    - { role: 'commonwkstn', tags: 'workstation' }
+    - { role: 'commonwkstn', tags: 'workstation', goad_provider: "{{ provider | default(omit) }}" }
     # ad-relations.yml : domain group and users local permissions
     - { role: "settings/adjust_rights", tags: 'adjust_rights' }
     - { role: "settings/user_rights", tags: 'adjust_rights' }

extensions/ws01/providers/vmware_esxi/Vagrantfile

@@ -0,0 +1,10 @@
+boxes.append(
+    {
+        :name => "{{lab_name}}-WS01",
+        :ip => "{{ip_range}}.31",
+        :box => "mayfly/windows10",
+        :os => "windows",
+        :cpus => 2,
+        :mem => 4000
+    }
+)

goad/provisioner/ansible/ansible.py

@@ -14,12 +14,12 @@ def _get_lab_inventory(self, lab_name, provider_name):
         lab_inventory = GoadPath.get_lab_inventory_file(lab_name)
         if os.path.isfile(lab_inventory):
             inventory.append(lab_inventory)
-            Log.success(f'Lab inventory : {lab_inventory} file found')
+            Log.success(f'Lab inventory : {lab_inventory} file found for provider {provider_name}')
         # lab instance inventory
         instance_inventory = self.instance_path + os.path.sep + 'inventory'
         if os.path.isfile(instance_inventory):
             inventory.append(instance_inventory)
-            Log.success(f'Provider inventory : {instance_inventory} file found')
+            Log.success(f'Provider inventory : {instance_inventory} file found for provider {provider_name}')
         return inventory
 
     def _get_global_inventory(self):

goad/provisioner/ansible/docker.py

@@ -46,7 +46,7 @@ def run_playbook(self, playbook, inventories, tries=3, timeout=30, playbook_path
         remote_inventories = []
         for inventory in inventories:
             remote_inventories.append(Utils.transform_local_path_to_remote_path(inventory, self.remote_project_path))
-        command = f'-i {" -i ".join(remote_inventories)} {playbook}'
+        command = f'-i {" -i ".join(remote_inventories)} --extra-vars "provider={self.provider_name}" {playbook}'
         Log.info(f'Run playbook : {playbook} with inventory file(s) : {", ".join(remote_inventories)}')
         run_complete = False
         nb_try = 0

goad/provisioner/ansible/local.py

@@ -12,7 +12,7 @@ def run_playbook(self, playbook, inventories, tries=3, timeout=30, playbook_path
 
         Log.info(f'Run playbook : {playbook} with inventory file(s) : {", ".join(inventories)}')
 
-        args = f'-i {" -i ".join(inventories)} {playbook}'
+        args = f'-i {" -i ".join(inventories)} --extra-vars "provider={self.provider_name}" {playbook}'
 
         run_complete = False
         nb_try = 0

goad/provisioner/ansible/remote.py

@@ -41,7 +41,7 @@ def run_playbook(self, playbook, inventories, tries=3, timeout=30, playbook_path
         remote_inventories = []
         for inventory in inventories:
             remote_inventories.append(Utils.transform_local_path_to_remote_path(inventory, self.remote_project_path))
-        command = f'/home/goad/.local/bin/ansible-playbook -i {" -i ".join(remote_inventories)} {playbook}'
+        command = f'/home/goad/.local/bin/ansible-playbook -i {" -i ".join(remote_inventories)} --extra-vars "provider={self.provider_name}" {playbook}'
 
         Log.info(f'Run playbook : {playbook} with inventory file(s) : {", ".join(remote_inventories)}')
         Log.cmd('command')

goad/provisioner/ansible/runner.py

@@ -13,7 +13,7 @@ def run_playbook(self, playbook, inventories, tries=3, timeout=30, playbook_path
         if playbook_path is None:
             playbook_path = self.path
         Log.info(f'Run playbook : {playbook} with inventory file(s) : {", ".join(inventories)}')
-        Log.cmd(f'ansible-playbook -i {" -i ".join(inventories)} {playbook}')
+        Log.cmd(f'ansible-playbook -i {" -i ".join(inventories)} --extra-vars "provider={self.provider_name}" {playbook}')
 
         run_complete = False
         runner_result = None

goad/provisioner/ansible/vm.py

@@ -45,7 +45,7 @@ def run_playbook(self, playbook, inventories, tries=3, timeout=30, playbook_path
         remote_inventories = []
         for inventory in inventories:
             remote_inventories.append(Utils.transform_local_path_to_remote_path(inventory, self.remote_project_path))
-        command = f'/home/vagrant/.local/bin/ansible-playbook -i {" -i ".join(remote_inventories)} {playbook}'
+        command = f'/home/vagrant/.local/bin/ansible-playbook -i {" -i ".join(remote_inventories)} --extra-vars "provider={self.provider_name}" {playbook}'
 
         Log.info(f'Run playbook : {playbook} with inventory file(s) : {", ".join(remote_inventories)}')
         Log.cmd('command')

template/provider/vmware_esxi/Vagrantfile

@@ -46,8 +46,8 @@ boxes.append(
         v.esxi_username         = ENV['GOAD_VAGRANT_ESXIUSERNAME']
         v.esxi_password         = 'env:GOAD_VAGRANT_ESXIPASSWORD'
         v.esxi_virtual_network  = [ ENV['GOAD_VAGRANT_ESXINETNAT'], ENV['GOAD_VAGRANT_ESXINETDOM'] ]
-        v.guest_numvcpus        = '4'
-        v.guest_memsize         = '6000'
+        v.guest_numvcpus        = box[:cpus]
+        v.guest_memsize         = box[:mem]
         v.guest_name            = box[:name]
         v.esxi_disk_store       = ENV['GOAD_VAGRANT_ESXISTORE']
       end

vagrant/fix_ip.ps1

@@ -1,6 +1,12 @@
 # vmware bug to set the ip
 # see : https://github.com/hashicorp/vagrant/issues/5000#issuecomment-258209286
+# @Marshall-Hallenbeck: I changed this to use Get-NetAdapter physical devices since it seemed to work a bit better (doesn't return pseudo loopbacks)
+# also, we cannot just hard-code the interface name because not all hosts will have that as the second interface (like mayfly/windows10)
 
 param ([String] $ip)
 
-netsh.exe int ip set address Ethernet1 static $ip 255.255.255.0
+$name = (Get-NetAdapter -Physical | Where-Object {$_.LinkLayerAddress -ne $null} | Select-Object -First 1).Name
+if ($name) {
+	Write-Host "Setting IP address of interface $name to $ip"
+	& netsh.exe int ip set address $name static $ip 255.255.255.0
+}