Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
Splunk
/
FredsHoneyPot
2
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 7c48f871f6
Ramos Etiquetas
FredsHoneyPot
/
splunk_server.j

splunk_server.j 2.6 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 
  1. {% import 'variables.include' as var %}
    2. 

  2. 

  3. ###################
    4. 

  4. # Splunk_Server Instance
    5. 

  5. resource "aws_instance" "splunk-hp" {
    6. 

  6.   ami = "${data.aws_ami.ubuntu.id}"
    7. 

  7. #  ami = "${data.aws_ami.centos7.id}"
    8. 

  8.   instance_type = "${var.Instance-Type}"
    9. 

  9.   availability_zone = "${data.aws_availability_zones.available.names[0]}"
    10. 

  10.   subnet_id = "${aws_subnet.subnet_Splunk.id}"
    11. 

  11.   ebs_optimized = "${var.EBS-Optimized}"
    12. 

  12.   disable_api_termination = false
    13. 

  13.   associate_public_ip_address = true
    14. 

  14.   instance_initiated_shutdown_behavior = "terminate"
    15. 

  15.   key_name = "${var.AWS-Key-Pair-Name}"
    16. 

  16.   vpc_security_group_ids = ["${aws_security_group.sg_splunk_secured_access.id}"]
    17. 

  17.   depends_on    = ["aws_internet_gateway.gw_primary"]
    18. 

  18. 

  19.   tags {
    20. 

  20.     Name = "splunk-hp"
    21. 

  21.   }
    22. 

  22. 

  23.   root_block_device {
    24. 

  24.     volume_type = "${ var.Default-Volume-Type }"
    25. 

  25.     volume_size = "${ var.Splunk-Volume-Size }" # Gigabytes
    26. 

  26.     delete_on_termination = true
    27. 

  27.   }
    28. 

  28. 

  29.   ebs_block_device {
    30. 

  30.     device_name = "/dev/sdd"
    31. 

  31.     volume_size = "${var.Swap-Volume-Size}"
    32. 

  32.     volume_type = "${var.Swap-Volume-Type}"
    33. 

  33.     delete_on_termination = true
    34. 

  34.   }
    35. 

  35. 

  36.   user_data = <<EOF
    37. 

  37. #cloud-config
    38. 

  38. package_update: true
    39. 

  39. package_upgrade: true
    40. 

  40. packages:
    41. 

  41.   - git
    42. 

  42.   - vim
    43. 

  43.   - wget
    44. 

  44.   - curl
    45. 

  45.   - tcpdump
    46. 

  46.   - python
    47. 

  47. runcmd:
    48. 

  48.   - mkswap /dev/xvdd
    49. 

  49.   - swapon -a
    50. 

  50.   - git clone https://github.com/fdamstra/python_multithreaded_socket_logger.git /opt/multithreaded_socket_logger
    51. 

  51.   - bash /opt/multithreaded_socket_logger/splunkserver_init.sh
    52. 

  52. mounts:
    53. 

  53.   - [ xvdd, none, swap, sw, 0, 0 ]
    54. 

  54. growpart:
    55. 

  55.   mode: auto
    56. 

  56.   devices: ['/']
    57. 

  57.   ignore_growroot_disabled: false
    58. 

  58. power_state:
    59. 

  59.   delay: "+0"
    60. 

  60.   mode: "reboot"
    61. 

  61.   message: "Rebooting after first init."
    62. 

  62.   condition: True
    63. 

  63. EOF
    64. 

  64. # To reboot, add the following above the EOF line:
    65. 

  65. # power_state:
    66. 

  66. #   delay: "+10"
    67. 

  67. #   mode: "reboot"
    68. 

  68. #   message: "Rebooting after first init."
    69. 

  69. #   condition: True
    70. 

  70. 

  71.   # Fix issues with cached keys. Arguably less secure, but also way less annoying
    72. 

  72.   provisioner "local-exec" {
    73. 

  73.     command = "ssh-keygen -f ~/.ssh/known_hosts -R splunk-hp.lab.${var.Domain-Name}"
    74. 

  74.   }
    75. 

  75. }
    76. 

  76. 

  77. # Give me the IP Addresses
    78. 

  78. output "splunk-hp_ip" {
    79. 

  79.     value = "${aws_instance.splunk-hp.public_ip}"
    80. 

  80. }
    81. 

  81. 

  82. # Give me DNS entries
    83. 

  83. resource "aws_route53_record" "splunk-hp" {
    84. 

  84.   zone_id = "${var.Domain-Zone-ID}"
    85. 

  85.   name = "splunk-hp.lab.${var.Domain-Name}"
    86. 

  86.   type = "A"
    87. 

  87.   ttl = "300"
    88. 

  88.   records = ["${aws_instance.splunk-hp.public_ip}"]
    89. 

  89. }
    90. 

  90. resource "aws_route53_record" "splunk-hp_pvt" {
    91. 

  91.   zone_id = "${var.Domain-Zone-ID}"
    92. 

  92.   name = "splunk-hp_pvt.lab.${var.Domain-Name}"
    93. 

  93.   type = "A"
    94. 

  94.   ttl = "300"
    95. 

  95.   records = ["${aws_instance.splunk-hp.private_ip}"]
    96. 

  96. }
    97. 

  97. output "splunk-hp_dns" {
    98. 

  98.   value = "${aws_route53_record.splunk-hp.name}"
    99. 

  99. }
    100. 

  100.