Skip to content
This repository has been archived by the owner on Aug 19, 2021. It is now read-only.

Configurator

Jump to bottom
Markus Winkler edited this page Mar 19, 2021 · 5 revisions

The configurator

The next step is to configure MOADSD-NG. We do that by the use of the build-in configurator.

The configuration.yml

First, we create our configuration.yml file.

cp configuration.yml.sample configuration.yml
vi configuration.yml

Within the sample configuration, a standard Kubernetes cluster is defined to which Smart Check, Jenkins, Prometheus and Grafana are getting deployed. Minimal settings to be defined by you are marked with MANDATORY. All other settings available for the configurator can be reviewed within the default-file:

cat roles/configurator/defaults/main.yml

Please, do not change that roles/configurator/defaults/main-yml file!!

Have a look on that file so that you know what you're getting.

MOADSD-NG-USER

To enable running more than one instance of MOADSD-NG within one AWS region you can now do so by choosing a unique moadsd_ng_user. If, for example, you want to run two instances, then the easiest is to have two Cloud9 instances with completely independent configurations. Just ensure, that within the configuration.yml of instance one you set e.g.

moadsd_ng_user: chucknorris

and in the the other instance e.g.

moadsd_ng_user: macgyver

Please beware the fact, that ownership is only in regards names and tags. There is absolutely no protection, authentication or whatever.

AWS

Amongst others, the default region eu-central-1 for AWS is defined. If you later choose AWS as the targeted cloud and want to use a different region you need to override this with the appropriate settings for the desired region. An example would be:

aws_zone: eu-west-1a
aws_region: eu-west-1
# Ubuntu Server 18.04 LTS (HVM), SSD Volume Type
ami_ubuntu: ami-035966e8adab4aaad
# Red Hat Enterprise Linux 8 (HVM), SSD Volume Type
ami_redhat: ami-04facb3ed127a2eb6
# Microsoft Windows Server 2012 R2 Base
ami_windows: ami-0d7624414846e2cf6

Deep Security

MOADSD-NG defaults to Deep Security as a Service / Cloud One Workload Security, whereby it is not activated by default. To get it, the following should be placed into your configuration.yml:

# #####################################################################
# Site Deploy Components
# #####################################################################
site_deploy_deepsecurity: yes
site_deploy_endpoints: yes

# #####################################################################
# Site Secrets
# #####################################################################
# Deep Security as a Service
deepsecurity_tenant_id: <YOUR TENANT ID>
deepsecurity_token: <YOUR TOKEN>

# #####################################################################
# Linux Endpoint Settings
# #####################################################################
linuxep_instance_count: 2

# #####################################################################
# Windows Endpoint Settings
# #####################################################################
windowsep_instance_count: 1

Passwords

Additionally, it makes sense to NOT use the default passwords trendmicro in your environment, since you will create publicly available services...

Encryption

Finaly, you should encrypt your configuration.yml by doing

ansible-vault encrypt --vault-password-file \
  ../.vault-pass.txt configuration.yml

From then on, you can edit the configuration by

ansible-vault edit --vault-password-file \
  ../.vault-pass.txt configuration.yml

or by the use of the menu.

Run the Configurator

To run the configurator call the menu of MOADSD-NG, select the cloud and choose configurator.

./menu.sh
Please choose the target environment:
1) gcp            3) esx            5) switch_to_gcp  7) switch_to_esx
2) aws            4) site_secrets   6) switch_to_aws

Choose 1-3

Please choose the playbook:
1) site                          8) pause_scheduled_cancel
2) deploy                        9) resume
3) deploy_endpoints             10) terminate
4) jenkins_create_credentials   11) terminate_site
5) deploy_gitlab_runners        12) configuration
6) pause                        13) manual
7) pause_scheduled

Choose 12.

The Configurator does quite a few checks on your configuration and will complain when a misconfiguration got detected.

If everything is fine you're now ready to create the MOADSD-NG environment and deploy the software stack.

Note: You need to rerun the configurator whenever you changed anything within the configuration.yml.

Next Step

Wiki

About MOADSD-NG

Getting Started

MOADSD-NG Containerized

MOADSD-NG Manual Setup

Adapt MOADSD-NG to Your Needs

The MOADSD-NG Life-Cycle

Software Components

Tipps

Final Words

Deprecated Chapters

Clone this wiki locally