vagrant:Vagrant123 due to the windows SKU/AMI password complexity requirements!
(5 Minutes) - Configure the
Failing to complete this step will cause the lab to be unreachable.
(5 Minutes) - Authenticate to Azure using
az login. This should bring up a browser that asks you to sign into your Azure account.
(3-20 Minutes) - Bring up the VM’s using Terraform
Azure/Terraform and run
terraform init to initialize the working directory
terraform.tfvars file present with your public IP address whitelisted
terraform apply to check the Terraform plan or
terraform apply --auto-approve to bypass the check
azurerm_virtual_machine.dc: Creation complete after 1m55s
azurerm_virtual_machine.wef: Creation complete after 1m54s
azurerm_virtual_machine.win10: Creation complete after 1m55s
At this point in time, we’re at this state:
At this point in time, you should be able to open a new terminal window, navigate to
DetectionLab/Azure/Terraform and run
terraform output. You should see something like the following:
dc_public_ip = 52.183.119.x
fleet_url = https://52.191.170.x:8412
guacamole_url = https://52.191.136.x:8080/guacamole
logger_public_ip = 52.191.170.x
region = West US 2
splunk_url = https://52.191.170.x:8000
wef_public_ip = 52.191.136.x
win10_public_ip = 52.229.34.x
We’re going to use this output in the next step.
We’re going to use Ansible to fininsh provisioning the rest of the Windows hosts.
Azure/Ansible and open
inventory.yml for editing.
public_ip values from
terraform output and replace the
x.x.x.x values with the public IP of each host
NOTE: I’ve added a script at
DetectionLab/Azure/build_ansible_inventory.sh to help automate this for MacOS and Linux users.
Now that Ansible is configured for provisioning, there are two ways to go about this:
For the provisioning to be successful, the DC has to spin up Active Directory before provisioning of the WEF and WIN10 hosts can begin, otherwise they will fail to join the domain and provisioning will fail.
If you’d like to take the slower but easier route, ensure you’re in the
DetectionLab/Azure/Ansible directory and run
ansible-playbook -v detectionlab.yml. This will provision the hosts one at a time (DC, WEF, then WIN10). However, if you’d like to go the faster route, follow the directions below.
If you’d like to take the faster route, I recommend opening 3 terminal windows to
DetectionLab/Azure/Ansible and following these steps:
ansible-playbook -v detectionlab.yml --tags "dc"
Reboot Afer Domain Creation Ansible step, you can begin provisioning WEF and WIN10
ansible-playbook -v detectionlab.yml --tags "wef"
ansible-playbook -v detectionlab.yml --tags "win10"
If you run into any issues along the way, please open an issue on Github and I’ll do my best to find a solution.
ansible-playbook -vvv detectionlab.yml --tags="hostname-goes-here" --start-at-task="taskname"
terraform output into the
inventory.yml for Ansible.
As usual, this work is based off the heavy lifting that others have done. My primary sources for this work were:
Thank you to all of the sponsors who made this possible!