A friend of my created a php website / application, and ask me to check the website / application. so if started som simple test to if i could find some nice vulnerablity's. But what i found shocked me.
To annonimize this the fqdn is changed to domain.tld
| #cloud-config | |
| # vim: syntax=yaml | |
| # | |
| # The current version of cloud-init in the Hypriot rpi-64 is 0.7.9 | |
| # When dealing with cloud-init, it is SUPER important to know the version | |
| # I have wasted many hours creating servers to find out the module I was trying to use wasn't in the cloud-init version I had | |
| # Documentation: http://cloudinit.readthedocs.io/en/0.7.9/index.html | |
| # Set your hostname here, the manage_etc_hosts will update the hosts file entries as well |
The goal is to create a very cheap docker cluster for the home environment, but still is capable of running multiple docker services. The idea is to use raspberry pi 3 B+ units. These small computers have a 1,4 GHz quadcore ARM cortex A53 soc and 1GB of memory. This should be sufficient to run pi-hole, home-assistant and wordpress websites.
| #!/usr/bin/env python | |
| """ | |
| dynamic-inv-local-network.py - dynamic ansible inventory file for use a local network | |
| usage: ansible --ask-vault-password -i dynamic-inv-local-network.py all -m ping | |
| """ | |
| from __future__ import (print_function, absolute_import, division, unicode_literals) |
| [tardfri] | |
| hubip = x.x.x.x | |
| securityid = AABBCCDDEEFFGGHH |
| #!/usr/bin/env python | |
| # file : nagiosTelegram.py | |
| # purpose : send nagion notifications via Telegram bot | |
| # | |
| # author : harald van der laan | |
| # date : 2017/04/01 | |
| # version : v1.0.1 | |
| # | |
| # changelog: |
New in Ansible 1.5, “Vault” is a feature of ansible that allows keeping sensitive data such as passwords or keys in encrypted files, rather than as plaintext in your playbooks or roles. These vault files can then be distributed or placed in source control. To enable this feature, a command line tool, ansible-vault is used to edit files, and a command line flag –ask-vault-pass or –vault-password-file is used. Alternately, you may specify the location of a password file or command Ansible to always prompt for the password in your ansible.cfg file. These options require no command line flag usage.
After a while of messing around with the free / demo version of Ansible Tower I thought that this could also be done with free tools. With some help from the internet and as an IT consultant I found the way forward.
As we all known Ansible is for free and is a package in the Ubuntu repository. Ansible Tower is a frontend for Ansible that will provide scheduler and a fancy webfrontend.
Rundeck is a job scheduler and runbook administration that is for free and also has a fancy webfrontend.
So for the poor man's solution we are going to use the best of both worlds.
user@host ~ $ lxc launch ubutnu wp-server
user@host ~ $ lxc exec wp-server -- bash
root@wp-server ~ # apt-get update
root@wp-server ~ # apt-get --yes dist-upgrade
root@wp-server ~ # apt-get --yes install wget apache2 libapache2-mod-php7.0 mysql-server php7.0-mysqlroot@wp-server ~ # msyql -u root -p
| #!/bin/bash | |
| # file : create-lxc-alpine-ansible-node.sh | |
| # purpose: deploy a new alpine container that is the ansible server | |
| # | |
| # author : harald van der laan | |
| # date : 2016/04/19 | |
| # version: v1.0 | |
| lxcName="ansible01" |