heat_template_version: 2018-03-02
description: Student Op Stations - This is the Unified Student Ops Station YAML. Module configurations are made with each modules setup script and not in this YAML.
parameters:
domain:
type: string
label: Domain
description: Set as '10.50.255.254' for VTA or '172.20.255.254' for VTA-DEV
default: 10.50.255.254
hidden: false
package_proxy:
type: string
label: the URL for the package cache
default: "http://pkg-cache.bbh.cyberschool.army.mil:3142"
username:
type: string
label: User Name
description: Sets the login username for the instances
default: student
hidden: false
password:
type: string
label: Password
description: Sets the Login Password for the instances
default: password
hidden: true
vncpass:
type: string
label: VNC-Password
description: Sets the regular VNC connection password
default: password
hidden: true
view_only_password:
type: string
label: View-Only-Password
description: Sets the VNC View Only Password for the instances
default: view_only_password
hidden: true
resources:
rand_string:
type: OS::Heat::RandomString
properties:
length: 4
# ----- Ops Network Configuration Start ----- #
ops_network:
type: OS::Neutron::Net
properties:
name:
str_replace:
template: ops_network_RAND
params:
RAND: { get_resource: rand_string }
admin_state_up: true
shared: false
ops_subnet:
type: OS::Neutron::Subnet
depends_on: ops_network
properties:
cidr: 192.168.65.0/27
gateway_ip: 192.168.65.30
dns_nameservers: [{ get_param: domain }]
enable_dhcp: true
host_routes: [ ]
ip_version: 4
name:
str_replace:
template: ops_subnet_RAND
params:
RAND: { get_resource: rand_string }
network_id:
get_resource: ops_network
# ----- Ops Network Configuration End ----- #
# ----- Ops Router Configuration Start ----- #
ops_neutron_router:
type: OS::Neutron::Router
properties:
name:
str_replace:
template: ops_neutron_router_RAND
params:
RAND: { get_resource: rand_string }
external_gateway_info:
network: public
ops_neutron_router_interface:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: ops_neutron_router }
subnet_id: { get_resource: ops_subnet }
# ----- Ops Router Configuration Start ----- #
# ----- Windows Analyst Workstation Configuration Start ----- #
# Update notes 10/28/2022: The code below in the template section is left in for refrence as the win_ops_v2 includes this code and #is redundant.
# Additionally; changes made are minor; added VSCode with powershell extension. Updated Powershell help.
windows_opstation:
type: OS::Nova::Server
properties:
diskConfig: AUTO
flavor: cy.win_64
image: win_ops
name:
str_replace:
template: windows_opstation_RAND
params:
RAND: { get_resource: rand_string }
networks:
- port: { get_resource: windows_opstation_port }
user_data_format: RAW
user_data:
str_replace:
template: |
#ps1_sysnative
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force
# ---- Allows for creating alternate users other than student
if ("$user" -ne "student"){
New-LocalUser -Name "$user" -Password (ConvertTo-SecureString -AsPlaintext -String "$pass" -Force)
Add-LocalGroupMember -Group "Administrators" -Member "$user"
Remove-LocalUser -Name "student"
}
#----Rename computer
Rename-computer -newname "win-ops"
exit 1001
params:
$user: { get_param: username }
$pass: { get_param: password }
$vncpass: { get_param: vncpass }
$vncviewpass: { get_param: view_only_password }
$domain: { get_param: domain}
# ----- Windows Analyst Workstation Configuration End ----- #
# ----- Windows Analyst Workstation Port Configuration Start ----- #
windows_opstation_port:
type: OS::Neutron::Port
description: Windows OpStation IP
properties:
name:
str_replace:
template: windows_opstation_port_RAND
params:
RAND: { get_resource: rand_string }
network_id: { get_resource: ops_network }
fixed_ips:
#- subnet_id: {get_resource: ops_subnet }
- ip_address: 192.168.65.10
port_security_enabled: false
windows_opstation_float_ip:
type: OS::Neutron::FloatingIP
description: Windows OpStation Floating IP
depends_on: ops_neutron_router
properties: { floating_network: public }
windows_opstation_float_ip_assoc:
type: OS::Neutron::FloatingIPAssociation
depends_on: ops_neutron_router_interface
properties:
floatingip_id: { get_resource: windows_opstation_float_ip }
port_id: { get_resource: windows_opstation_port }
# ----- Windows Analyst Workstation Port Configuration End ----- #
# ----- Linux Analyst Workstation Configuration Start ----- #
linux_opstation:
type: OS::Nova::Server
properties:
name:
str_replace:
template: linux_opstation_RAND
params:
RAND: { get_resource: rand_string }
image: nix_ops
flavor: cy.xlarge2
networks:
- port: { get_resource: linux_opstation_port }
diskConfig: AUTO
config_drive: true
user_data_format: RAW
user_data:
str_replace:
template: |
#!/bin/bash
#------ Purge at next image cycle
# SPICE driver fix
echo "X-GNOME-Autostart-enabled=false" | tee /etc/xdg/autostart/spice-vdagent.desktop /usr/share/gdm/autostart/LoginWindow/spice-vdagent.desktop > /dev/null
systemctl stop spice-vdagent
systemctl disable spice-vdagent
#
if [[ "$user" != "student" ]]
then
useradd -m -U -s /bin/bash $user
usermod -aG sudo $user
echo "$user:$pass" | chpasswd
#userdel -r student
fi
hostnamectl set-hostname lin-ops
#------ Purge at next image cycle
echo 'Acquire::http { Proxy "$packageproxy"; }' >> /etc/apt/apt.conf.d/00aptproxy
sed -i 's/nova.clouds.archive.ubuntu.com/atl.mirrors.clouvider.net/g' /etc/apt/sources.list
apt-get update -y
apt-get install gcc-multilib mingw-w64 mingw-w64-common mingw-w64-i686-dev mingw-w64-tools mingw-w64-tools mingw-w64-x86-64-dev john eom -y
runuser -l student -c 'pip install lxml requests'
apt install python-openstackclient -y
apt install python-heatclient -y
#
params:
$user: { get_param: username }
$pass: { get_param: password }
$vncpass: { get_param: vncpass }
$vncviewpass: { get_param: view_only_password }
$domain: { get_param: domain}
$packageproxy: { get_param: package_proxy }
# ----- Linux Analyst Workstation Configuration End ----- #
# ----- Linux Analyst Workstation Port Configuration Start ----- #
linux_opstation_port:
type: OS::Neutron::Port
description: Linux OpStation IP
properties:
name:
str_replace:
template: linux_opstation_port_RAND
params:
RAND: { get_resource: rand_string }
network_id: { get_resource: ops_network }
fixed_ips:
#- subnet_id: {get_resource: ops_subnet }
- ip_address: 192.168.65.20
port_security_enabled: false
linux_opstation_float_ip:
type: OS::Neutron::FloatingIP
description: Linux OpStation Floating IP
depends_on: ops_neutron_router
properties: { floating_network: public }
linux_opstation_float_ip_assoc:
type: OS::Neutron::FloatingIPAssociation
depends_on: ops_neutron_router_interface
properties:
floatingip_id: { get_resource: linux_opstation_float_ip }
port_id: { get_resource: linux_opstation_port }
# ----- Linux Analyst Workstation Configuration End ----- #