Ludus Installation (GOAD-LIGHT)

Current page is still under update and documentation will be published soon. This installation will not cover - how to install proxmox & how to install ludus. This will only focus on GOAD-Light .

goad-light-config.yml

ludus:
  - vm_name: "{{ range_id }}-LIGHT-DC01"
    hostname: "{{ range_id }}-dc01"
    template: win2019-server-x64-template
    vlan: 10
    ip_last_octet: 40
    ram_gb: 4
    cpus: 2
    windows:
      sysprep: true
  - vm_name: "{{ range_id }}-LIGHT-SRV2"
    hostname: "{{ range_id }}-srv02"
    template: win2019-server-x64-template
    vlan: 10
    ip_last_octet: 44
    ram_gb: 4
    cpus: 2
    windows:
      sysprep: true
  - vm_name: "{{ range_id }}-LIGHT-DC02"
    hostname: "{{ range_id }}-dc02"
    template: win2019-server-x64-template
    vlan: 10
    ip_last_octet: 41
    ram_gb: 4
    cpus: 2
    windows:
      sysprep: true

inventory

[default]
; ------------------------------------------------
; sevenkingdoms.local
; ------------------------------------------------
dc01 ansible_host=10.2.10.40 dns_domain=dc01 dict_key=dc01
;ws01 ansible_host=10.2.10.43 dns_domain=dc01 dict_key=ws01
; ------------------------------------------------
; north.sevenkingdoms.local
; ------------------------------------------------
dc02 ansible_host=10.2.10.41 dns_domain=dc01 dict_key=dc02
srv02 ansible_host=10.2.10.44 dns_domain=dc02 dict_key=srv02

[all:vars]
; domain_name : folder inside ad/
domain_name=GOAD-Light

force_dns_server=yes
dns_server=10.2.10.254


two_adapters=no
; adapter created by proxmox (change them if you get an error)
; to get the name connect to one vm and run ipconfig it will show you the adapters name
nat_adapter=Ethernet
domain_adapter=Ethernet

; winrm connection (windows)
ansible_user=localuser
ansible_password=password
ansible_connection=winrm
ansible_winrm_server_cert_validation=ignore
ansible_winrm_operation_timeout_sec=400
ansible_winrm_read_timeout_sec=500

Common Issues:

Unreachable IP:

fatal: [dc01]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='10.0.10.40', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7a2be88283d0>, 'Connection to 10.0.10.40 timed out. (connect timeout=5000)'))", "unreachable": true}

Work around:

Identify if winrm is contacting the same IP and subnet. Veryify with:
(Inside the dc01 box or any box that is throwing the error)
-     winrm enumerate winrm/config/listener
If the IPs do not match then you got your smoking gun.

Head back to the inventory file:

Replace the IP with the correct IP the machine is listening and do it on all other IPs.

DHCP is not assigning the correct IP for the packaged VMs

Work around:

If dnsmasq does not work properly (For all mighty your luck run out!) then you might need to remove it and install another dhcp server provider.
Using isc-dhcp-server (on your proxmox shell)

#Install the service:
apt-get install isc-dhcp-server

#Configure the DHCP Server:
After installing the DHCP server, you need to configure it to listen on vmbr1 and serve IP addresses in the appropriate range.
Edit the DHCP server configuration file /etc/dhcp/dhcpd.conf

vim /etc/dhcp/dhcpd.conf

#Add the following configuration to serve a specific range of IPs to the VMs connected to vmbr1000 (Assuming this is your interface):

#Note please change the IPs to your respective IP range and subnets
subnet 192.x.x.x netmask 255.255.255.0 {
    range 192.x.x.100 192.x.x.200;
    option routers 192.x.x.1;
    option domain-name-servers 8.8.8.8, 8.8.4.4;  # Example DNS servers
    option broadcast-address 192.x.x.255;
}


#Bind the DHCP Server to vmbr1000:
#You need to specify which interface the DHCP server should listen on. Edit the /etc/default/isc-dhcp-server file:

vim /etc/default/isc-dhcp-server

#Set the Interfacesv4 variable to vmbr1000 or include it
INTERFACESv4="vmbr1000"

#Restart the DHCP Service:
systemctl restart isc-dhcp-server

Reference:

PreviousTShark Challenge II:Directory NextINFORMATION GATHERING

Last updated 8 months ago

ludus: - vm_name: "{{ range_id }}-LIGHT-DC01" hostname: "{{ range_id }}-dc01" template: win2019-server-x64-template vlan: 10 ip_last_octet: 40 ram_gb: 4 cpus: 2 windows: sysprep: true - vm_name: "{{ range_id }}-LIGHT-SRV2" hostname: "{{ range_id }}-srv02" template: win2019-server-x64-template vlan: 10 ip_last_octet: 44 ram_gb: 4 cpus: 2 windows: sysprep: true - vm_name: "{{ range_id }}-LIGHT-DC02" hostname: "{{ range_id }}-dc02" template: win2019-server-x64-template vlan: 10 ip_last_octet: 41 ram_gb: 4 cpus: 2 windows: sysprep: true

[default] ; ------------------------------------------------ ; sevenkingdoms.local ; ------------------------------------------------ dc01 ansible_host=10.2.10.40 dns_domain=dc01 dict_key=dc01 ;ws01 ansible_host=10.2.10.43 dns_domain=dc01 dict_key=ws01 ; ------------------------------------------------ ; north.sevenkingdoms.local ; ------------------------------------------------ dc02 ansible_host=10.2.10.41 dns_domain=dc01 dict_key=dc02 srv02 ansible_host=10.2.10.44 dns_domain=dc02 dict_key=srv02 [all:vars] ; domain_name : folder inside ad/ domain_name=GOAD-Light force_dns_server=yes dns_server=10.2.10.254 two_adapters=no ; adapter created by proxmox (change them if you get an error) ; to get the name connect to one vm and run ipconfig it will show you the adapters name nat_adapter=Ethernet domain_adapter=Ethernet ; winrm connection (windows) ansible_user=localuser ansible_password=password ansible_connection=winrm ansible_winrm_server_cert_validation=ignore ansible_winrm_operation_timeout_sec=400 ansible_winrm_read_timeout_sec=500

fatal: [dc01]: UNREACHABLE! => {"changed": false, "msg": "ssl: HTTPSConnectionPool(host='10.0.10.40', port=5986): Max retries exceeded with url: /wsman (Caused by ConnectTimeoutError(<urllib3.connection.HTTPSConnection object at 0x7a2be88283d0>, 'Connection to 10.0.10.40 timed out. (connect timeout=5000)'))", "unreachable": true}

Identify if winrm is contacting the same IP and subnet. Veryify with: (Inside the dc01 box or any box that is throwing the error) - winrm enumerate winrm/config/listener If the IPs do not match then you got your smoking gun. Head back to the inventory file: Replace the IP with the correct IP the machine is listening and do it on all other IPs.

#Install the service: apt-get install isc-dhcp-server #Configure the DHCP Server: After installing the DHCP server, you need to configure it to listen on vmbr1 and serve IP addresses in the appropriate range. Edit the DHCP server configuration file /etc/dhcp/dhcpd.conf vim /etc/dhcp/dhcpd.conf #Add the following configuration to serve a specific range of IPs to the VMs connected to vmbr1000 (Assuming this is your interface): #Note please change the IPs to your respective IP range and subnets subnet 192.x.x.x netmask 255.255.255.0 { range 192.x.x.100 192.x.x.200; option routers 192.x.x.1; option domain-name-servers 8.8.8.8, 8.8.4.4; # Example DNS servers option broadcast-address 192.x.x.255; } #Bind the DHCP Server to vmbr1000: #You need to specify which interface the DHCP server should listen on. Edit the /etc/default/isc-dhcp-server file: vim /etc/default/isc-dhcp-server #Set the Interfacesv4 variable to vmbr1000 or include it INTERFACESv4="vmbr1000" #Restart the DHCP Service: systemctl restart isc-dhcp-server