Updated to Ubuntu 20.04 and new IP addressing

Author: sukster

Proxmox/Ansible/roles/dc/tasks/main.yml

@@ -10,7 +10,7 @@
   when: res.reboot_required
 
 - name: Set HostOnly IP Address
-  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.38.102'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B1-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.38.102 –PrefixLength 24 -DefaultGateway 192.168.38.1 } Else { Write-Host 'IP Address Already Created.' }"
+  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.56.102'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B1-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.56.102 –PrefixLength 24 -DefaultGateway 192.168.56.1 } Else { Write-Host 'IP Address Already Created.' }"
 
 - name: Set DNS Address
   win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B1-C4'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 127.0.0.1,8.8.8.8"

Proxmox/Ansible/roles/exchange/tasks/main.yml

@@ -10,10 +10,10 @@
   when: res.reboot_required
 
 - name: Set HostOnly IP Address
-  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.38.106'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C5'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.38.106 –PrefixLength 24 -DefaultGateway 192.168.38.1 } Else { Write-Host 'IP Address Already Created.' }"
+  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.56.106'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C5'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.56.106 –PrefixLength 24 -DefaultGateway 192.168.56.1 } Else { Write-Host 'IP Address Already Created.' }"
 
 - name: Set HostOnly DNS Address
-  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C5'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.38.102,8.8.8.8"
+  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C5'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.56.102,8.8.8.8"
 
 - name: Install git
   win_chocolatey:

Proxmox/Ansible/roles/logger/tasks/main.yml

@@ -62,7 +62,7 @@
   become: yes
   shell: |
       echo "[$(date +%H:%M:%S)]: Running apt-fast install..."
-      apt-fast -qq install -y jq whois build-essential git mysql-server redis-server python-pip unzip htop yq
+      apt-fast -qq install -y jq whois build-essential git mysql-server redis-server python3-pip unzip htop yq libcairo2-dev libjpeg-turbo8-dev libpng-dev libtool-bin libossp-uuid-dev libavcodec-dev libavutil-dev libswscale-dev freerdp2-dev libpango1.0-dev libssh2-1-dev libvncserver-dev libtelnet-dev libssl-dev libvorbis-dev libwebp-dev tomcat9 tomcat9-admin tomcat9-user tomcat9-common
   register: apt_install_prerequisites
   failed_when: "'error' in apt_install_prerequisites.stderr"
 
@@ -88,7 +88,7 @@
     executable: /bin/bash
   become: yes
   shell: |
-    for package in jq whois build-essential git unzip yq mysql-server redis-server python-pip; do
+    for package in jq whois build-essential git unzip yq mysql-server redis-server python3-pip; do
       echo "[$(date +%H:%M:%S)]: [TEST] Validating that $package is correctly installed..."
       # Loop through each package using dpkg
       if ! dpkg -S $package >/dev/null; then
@@ -128,20 +128,20 @@
     if ! grep 'interface "eth1"' /etc/dhcp/dhclient.conf; then
     echo -e 'interface "eth1" {
       send host-name = gethostname();
-      send dhcp-requested-address 192.168.38.105;
+      send dhcp-requested-address 192.168.56.105;
     }' >>/etc/dhcp/dhclient.conf
     netplan apply
     fi
     # Fix eth1 if the IP isn't set correctly
     ETH1_IP=$(ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
-    if [ "$ETH1_IP" != "192.168.38.105" ]; then
+    if [ "$ETH1_IP" != "192.168.56.105" ]; then
       echo "Incorrect IP Address settings detected. Attempting to fix."
       ifdown eth1
       ip addr flush dev eth1
       ifup eth1
       ETH1_IP=$(ifconfig eth1 | grep 'inet addr' | cut -d ':' -f 2 | cut -d ' ' -f 1)
-      if [ "$ETH1_IP" == "192.168.38.105" ]; then
-        echo "[$(date +%H:%M:%S)]: The static IP has been fixed and set to 192.168.38.105"
+      if [ "$ETH1_IP" == "192.168.56.105" ]; then
+        echo "[$(date +%H:%M:%S)]: The static IP has been fixed and set to 192.168.56.105"
       else
         echo "[$(date +%H:%M:%S)]: Failed to fix the broken static IP for eth1. Exiting because this will cause problems with other VMs."
         exit 1
@@ -471,8 +471,8 @@
     cd /opt || exit 1
     git clone https://github.com/OISF/suricata-update.git
     cd /opt/suricata-update || exit 1
-    pip install pyyaml
-    python setup.py install
+    pip3 install pyyaml
+    python3 setup.py install
 
     cp /vagrant/resources/suricata/suricata.yaml /etc/suricata/suricata.yaml
     crudini --set --format=sh /etc/default/suricata '' iface eth1
@@ -530,15 +530,15 @@
   shell: |
     echo "[$(date +%H:%M:%S)]: Installing Zeek..."
     if ! grep 'zeek' /etc/apt/sources.list.d/security:zeek.list; then
-      sh -c "echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_18.04/ /' > /etc/apt/sources.list.d/security:zeek.list"
+      sh -c "echo 'deb http://download.opensuse.org/repositories/security:/zeek/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/security:zeek.list"
     fi
-    wget -nv https://download.opensuse.org/repositories/security:zeek/xUbuntu_18.04/Release.key -O /tmp/Release.key
+    wget -nv https://download.opensuse.org/repositories/security:zeek/xUbuntu_20.04/Release.key -O /tmp/Release.key
     apt-key add - </tmp/Release.key &>/dev/null
 
 - name: Install Zeek Packages
   become: yes
   apt:
-    name: ['zeek', 'crudini', 'python-pip']
+    name: ['zeek', 'crudini', 'python3-pip']
     update_cache: yes
 
 - name: Install Zeek Continued
@@ -549,7 +549,7 @@
     # Environment variables
     NODECFG=/opt/zeek/etc/node.cfg
     export PATH=$PATH:/opt/zeek/bin
-    pip install zkg==2.1.1
+    pip3 install zkg
     zkg refresh
     zkg autoconfig
     zkg install --force salesforce/ja3
@@ -617,28 +617,36 @@
     executable: /bin/bash
   become: yes
   shell: | 
-    echo "[$(date +%H:%M:%S)]: Installing Guacamole..."
-    cd /opt
-    apt-get -qq install -y libcairo2-dev libjpeg62-dev libpng-dev libossp-uuid-dev libfreerdp-dev libpango1.0-dev libssh2-1-dev libssh-dev tomcat8 tomcat8-admin tomcat8-user
-    wget --progress=bar:force "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.0.0/source/guacamole-server-1.0.0.tar.gz" -O guacamole-server-1.0.0.tar.gz
-    tar -xf guacamole-server-1.0.0.tar.gz && cd guacamole-server-1.0.0
-    ./configure &>/dev/null && make --quiet &>/dev/null && make --quiet install &>/dev/null || echo "[-] An error occurred while installing Guacamole."
+    echo "[$(date +%H:%M:%S)]: Setting up Guacamole..."
+    cd /opt || exit 1
+    echo "[$(date +%H:%M:%S)]: Downloading Guacamole..."
+    wget --progress=bar:force "https://apache.org/dyn/closer.lua/guacamole/1.3.0/source/guacamole-server-1.3.0.tar.gz?action=download" -O guacamole-server-1.3.0.tar.gz
+    tar -xf guacamole-server-1.3.0.tar.gz && cd guacamole-server-1.3.0 || echo "[-] Unable to find the Guacamole folder."
+    echo "[$(date +%H:%M:%S)]: Configuring Guacamole and running 'make' and 'make install'..."
+    ./configure --with-init-dir=/etc/init.d && make --quiet &>/dev/null && make --quiet install &>/dev/null || echo "[-] An error occurred while installing Guacamole."
     ldconfig
-    cd /var/lib/tomcat8/webapps
-    wget --progress=bar:force "http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.0.0/binary/guacamole-1.0.0.war" -O guacamole.war
+    cd /var/lib/tomcat9/webapps || echo "[-] Unable to find the tomcat9/webapps folder."
+    wget --progress=bar:force "https://apache.org/dyn/closer.lua/guacamole/1.3.0/binary/guacamole-1.3.0.war?action=download" -O guacamole.war
     mkdir /etc/guacamole
-    mkdir /usr/share/tomcat8/.guacamole
+    mkdir /etc/guacamole/shares
+    sudo chmod 777 /etc/guacamole/shares
+    mkdir /usr/share/tomcat9/.guacamole
     cp /vagrant/resources/guacamole/user-mapping.xml /etc/guacamole/
     cp /vagrant/resources/guacamole/guacamole.properties /etc/guacamole/
     cp /vagrant/resources/guacamole/guacd.service /lib/systemd/system
-    sudo ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat8/.guacamole/
-    sudo ln -s /etc/guacamole/user-mapping.xml /usr/share/tomcat8/.guacamole/
+    sudo ln -s /etc/guacamole/guacamole.properties /usr/share/tomcat9/.guacamole/
+    sudo ln -s /etc/guacamole/user-mapping.xml /usr/share/tomcat9/.guacamole/
+    # Thank you Kifarunix: https://kifarunix.com/install-guacamole-on-debian-11/
+    useradd -M -d /var/lib/guacd/ -r -s /sbin/nologin -c "Guacd User" guacd
+    mkdir /var/lib/guacd
+    chown -R guacd: /var/lib/guacd
+    systemctl daemon-reload
     systemctl enable guacd
-    systemctl enable tomcat8
+    systemctl enable tomcat9
     systemctl start guacd
-    systemctl start tomcat8
+    systemctl start tomcat9
+    echo "[$(date +%H:%M:%S)]: Guacamole installation complete!"
   register: install_guacamole
-  failed_when: "'error' in install_guacamole.stderr"
 
 - name: Postinstall Tasks
   args: 

Proxmox/Ansible/roles/wef/tasks/main.yml

@@ -11,11 +11,11 @@
 
 # This needs to be made idempodent
 - name: Set HostOnly IP Address
-  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.38.103'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.38.103 –PrefixLength 24 -DefaultGateway 192.168.38.1 } Else { Write-Host 'IP Address Already Created.' }"
+  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.56.103'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.56.103 –PrefixLength 24 -DefaultGateway 192.168.56.1 } Else { Write-Host 'IP Address Already Created.' }"
 
 # This needs to be made idempodent
 - name: Set HostOnly DNS Address
-  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C4'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.38.102,8.8.8.8"
+  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A1-B4-C4'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.56.102,8.8.8.8"
 
 - name: Install git
   win_chocolatey:

Proxmox/Ansible/roles/win10/tasks/main.yml

@@ -10,10 +10,10 @@
   when: res.reboot_required
 
 - name: Set HostOnly IP Address
-  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.38.104'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A2-B1-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.38.104 –PrefixLength 24 -DefaultGateway 192.168.38.1 } Else { Write-Host 'IP Address Already Created.' }"
+  win_shell: "If (-not(get-netipaddress | where {$_.IPAddress -eq '192.168.56.104'})) {$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A2-B1-C4'}).Name; New-NetIPAddress –InterfaceAlias $adapter –AddressFamily IPv4 -IPAddress 192.168.56.104 –PrefixLength 24 -DefaultGateway 192.168.56.1 } Else { Write-Host 'IP Address Already Created.' }"
 
 - name: Set HostOnly DNS Address
-  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A2-B1-C4'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.38.102,8.8.8.8"
+  win_shell: "$adapter = (get-netadapter | where {$_.MacAddress -eq '00-50-56-A2-B1-C4'}).Name; Set-DnsClientServerAddress -InterfaceAlias $adapter -ServerAddresses 192.168.56.102,8.8.8.8"
 
 - name: Install git
   win_chocolatey:

Proxmox/Packer/http/preseed.cfg

@@ -32,4 +32,4 @@ d-i pkgsel/upgrade select full-upgrade
 d-i time/zone string UTC
 d-i user-setup/allow-password-weak boolean true
 d-i user-setup/encrypt-home boolean false
-tasksel tasksel/first multiselect standard, server
+tasksel tasksel/first multiselect standard, server

Proxmox/Packer/scripts/cleanup.sh

@@ -1,81 +1,101 @@
 #!/bin/sh -eux
 
-# Delete all Linux headers
+echo "remove linux-headers"
 dpkg --list \
   | awk '{ print $2 }' \
   | grep 'linux-headers' \
   | xargs apt-get -y purge;
 
-# Remove specific Linux kernels, such as linux-image-3.11.0-15-generic but
-# keeps the current kernel and does not touch the virtual packages,
-# e.g. 'linux-image-generic', etc.
+echo "remove specific Linux kernels, such as linux-image-3.11.0-15-generic but keeps the current kernel and does not touch the virtual packages"
 dpkg --list \
     | awk '{ print $2 }' \
     | grep 'linux-image-.*-generic' \
-    | grep -v "$(uname -r)" \
+    | grep -v `uname -r` \
     | xargs apt-get -y purge;
 
-# Delete Linux source
+echo "remove old kernel modules packages"
+dpkg --list \
+    | awk '{ print $2 }' \
+    | grep 'linux-modules-.*-generic' \
+    | grep -v `uname -r` \
+    | xargs apt-get -y purge;
+
+echo "remove linux-source package"
 dpkg --list \
     | awk '{ print $2 }' \
     | grep linux-source \
     | xargs apt-get -y purge;
 
-# Delete development packages
+echo "remove all development packages"
 dpkg --list \
     | awk '{ print $2 }' \
-    | grep -- '-dev$' \
+    | grep -- '-dev\(:[a-z0-9]\+\)\?$' \
     | xargs apt-get -y purge;
 
-# delete docs packages
+echo "remove docs packages"
 dpkg --list \
     | awk '{ print $2 }' \
     | grep -- '-doc$' \
     | xargs apt-get -y purge;
 
-# Delete X11 libraries
+echo "remove X11 libraries"
 apt-get -y purge libx11-data xauth libxmuu1 libxcb1 libx11-6 libxext6;
 
-# Delete obsolete networking
+echo "remove obsolete networking packages"
 apt-get -y purge ppp pppconfig pppoeconf;
 
-# Delete oddities
-apt-get -y purge popularity-contest installation-report command-not-found friendly-recovery bash-completion fonts-ubuntu-font-family-console laptop-detect;
+echo "remove packages we don't need"
+apt-get -y purge popularity-contest command-not-found friendly-recovery bash-completion fonts-ubuntu-font-family-console laptop-detect motd-news-config usbutils grub-legacy-ec2
 
+# 21.04+ don't have this
+echo "remove the installation-report"
+apt-get -y purge popularity-contest installation-report || true;
+
+echo "remove the console font"
+apt-get -y purge fonts-ubuntu-console || true;
+
+echo "removing command-not-found-data"
 # 19.10+ don't have this package so fail gracefully
 apt-get -y purge command-not-found-data || true;
 
-# Exlude the files we don't need w/o uninstalling linux-firmware
-echo "==> Setup dpkg excludes for linux-firmware"
+# Exclude the files we don't need w/o uninstalling linux-firmware
+echo "Setup dpkg excludes for linux-firmware"
 cat <<_EOF_ | cat >> /etc/dpkg/dpkg.cfg.d/excludes
 #BENTO-BEGIN
 path-exclude=/lib/firmware/*
 path-exclude=/usr/share/doc/linux-firmware/*
 #BENTO-END
 _EOF_
 
-# Delete the massive firmware packages
+echo "delete the massive firmware files"
 rm -rf /lib/firmware/*
 rm -rf /usr/share/doc/linux-firmware/*
 
+echo "autoremoving packages and cleaning apt data"
 apt-get -y autoremove;
 apt-get -y clean;
 
-# Remove docs
+echo "remove /usr/share/doc/"
 rm -rf /usr/share/doc/*
 
-# Remove caches
+echo "remove /var/cache"
 find /var/cache -type f -exec rm -rf {} \;
 
-# truncate any logs that have built up during the install
+echo "truncate any logs that have built up during the install"
 find /var/log -type f -exec truncate --size=0 {} \;
 
-# Blank netplan machine-id (DUID) so machines get unique ID generated on boot.
+echo "blank netplan machine-id (DUID) so machines get unique ID generated on boot"
 truncate -s 0 /etc/machine-id
 
-# remove the contents of /tmp and /var/tmp
+echo "remove the contents of /tmp and /var/tmp"
 rm -rf /tmp/* /var/tmp/*
 
-# clear the history so our install isn't there
+echo "force a new random seed to be generated"
+rm -f /var/lib/systemd/random-seed
+
+echo "clear the history so our install isn't there"
+rm -f /root/.wget-hsts
 export HISTSIZE=0
-rm -f /root/.wget-hsts
+
+echo "Remove the cdrom"
+eject -v /dev/cdrom || true