├── CNAME ├── docs ├── images │ ├── hs-arch.png │ ├── README.md │ ├── 02-testbench.svg │ └── 01-overview.svg ├── diagrams │ ├── README.md │ └── hackerstrike-diagrams.drawio ├── drptestbench │ ├── drpUserNotes.md │ └── README.md ├── overview │ └── README.md ├── tutorials │ └── README.md ├── kubeflow │ └── README.md ├── hsgrid │ ├── README.md │ ├── hsgrid-overview-CPU-SDN.svg │ ├── hsgrid-overview.drawio │ └── hsgrid-overview.svg ├── OrchestratorProblem.md ├── DocGrayREADME.md ├── README.md ├── pfSense │ └── README.md ├── windows │ └── README.md └── XenServer │ └── README.md ├── README.md └── .gitignore /CNAME: -------------------------------------------------------------------------------- 1 | hs.2cld.net 2 | -------------------------------------------------------------------------------- /docs/images/hs-arch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/2Cld/hs-platform/master/docs/images/hs-arch.png -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | note - removed hs.2cld.net DNS entry and unpublished site on 2024.07.02 - cat 2 | 3 | # hs-platform 4 | hs development and testing platform 5 | -------------------------------------------------------------------------------- /docs/diagrams/README.md: -------------------------------------------------------------------------------- 1 | # diagrams for hs-platform documents 2 | The diagrams are xml format created using [draw.io](https://app.diagrams.net/) 3 | 4 | ## Index of diagrams 5 | - [tbd]() 6 | -------------------------------------------------------------------------------- /docs/images/README.md: -------------------------------------------------------------------------------- 1 | # Images for hs-platform documents 2 | 3 | ## Index 4 | - Overview ![overview](01-overview.svg) 5 | - Testing Bench ![testbench](02-testbench.svg) 6 | - tbd ![tbd](tbd) 7 | -------------------------------------------------------------------------------- /docs/drptestbench/drpUserNotes.md: -------------------------------------------------------------------------------- 1 | # drp use notes 2 | 3 | - [RackN Multi Site Manager Catalog Builder](https://www.youtube.com/watch?v=22syQ46iX2g) 4 | - [DRP Kubenetes KRIB Installation](https://www.youtube.com/watch?v=_V0-0_QBKH4) 5 | - [FOG pxe deploy](https://wiki.fogproject.org/wiki/index.php?title=Client_Setup#Absolute_Basics) 6 | -------------------------------------------------------------------------------- /docs/overview/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | 3 | hs-platform is intended as network isolated test bed infrastructure for the hs-client. 4 | 5 | - HS-Client an application running on a client device 6 | - HS-Target the OS that hosts the hs-client 7 | - HS-AutomationApp a web application used to assist in distributed hs-client testing on hs-target devices 8 | - HS-Telemetry a logging and storage service for hs-client telemetry 9 | - HS-AI an AI system uses hs-telemetry to produce response mitagation matrix to run hon hs-client 10 | - HS-Infrastructure Maintenance (hardware, backup, recovery general service operations) 11 | -------------------------------------------------------------------------------- /docs/tutorials/README.md: -------------------------------------------------------------------------------- 1 | # Hacker Strike User Tutorials 2 | I intend to combine the efforts of technical publications, quality assurance, client monitoring and regression testing into the automated CI/CD release process. 3 | 4 | ## Client Domain User accounts 5 | 6 | 1. horseoff.com 7 | - hsadmin 8 | - hsuser 9 | - hstest 10 | 2. 2cld.net 11 | - cldadmin 12 | - clduser 13 | - cldtest 14 | 15 | ## Testing 16 | On a Microsoft Surface an hsadmin user was created. The intent is to model a non-domain hsadmin user on a restricted client. The hsadmin user will use the google web browser and a google user account to sign up for a test account at [https://hackerstrike.com/](https://hackerstrike.com/) 17 | 18 | 1. Login to device using local hsadmin user account. 19 | 2. Turn on OBS and start recording 20 | 3. Login to hsadmin@horseoff.com in the google browser. 21 | 4. Go to [http://hs.2cld.net/tutorials/](http://hs.2cld.net/tutorials/) to see this document. 22 | 5. Go to [https://hackerstrike.com/](https://hackerstrike.com/) and walk through a signup. 23 | 6. keep documenting steps 24 | -------------------------------------------------------------------------------- /docs/kubeflow/README.md: -------------------------------------------------------------------------------- 1 | # Kubeflow testbench 2 | The hs-platform will require an itterative method to recreate immutable isolated networks setups with IaC methods to deploy test sceniarios and logging. 3 | 4 | ## Kubeflow testbench setup 5 | - Create cluster 6 | - Deploy kubeflow local test 7 | - Update notebook 8 | - Deploy kubeflow A-B ai test 9 | 10 | ## Kubeflow setup notes 11 | - [kubeflow overview](https://www.kubeflow.org/docs/started/kubeflow-overview/) 12 | - [install](https://www.kubeflow.org/docs/started/k8s/) 13 | - [dashboard](https://www.kubeflow.org/docs/components/central-dash/overview/) 14 | - [tutorial](https://www.kubeflow.org/docs/gke/gcp-e2e/) 15 | - [Anthos - hybrid cloud](https://www.kubeflow.org/docs/gke/anthos/) 16 | - [Istio - Deployment Service Mesh](https://istio.io/docs/concepts/what-is-istio/) 17 | - [Argo - CI CD Workflows](https://blog.argoproj.io/about) 18 | - [Prometheus logging monitoring](https://prometheus.io/docs/prometheus/latest/configuration/configuration/) 19 | - [Spartakus - Information collection](https://kubedex.com/resource/spartakus/) 20 | -------------------------------------------------------------------------------- /docs/hsgrid/README.md: -------------------------------------------------------------------------------- 1 | [Back to docs Index](../) 2 | 3 | # hs grid overview 4 | Overview of components and innterconnect for an IaS grid deployment. 5 | 6 | ## Components 7 | ![hsgrid-overview](hsgrid-overview.svg) 8 | 9 | Note: hsgrid-overview [Edit via draw.io]() 10 | 11 | 1. POE Node - WAN Point of Entry 12 | - Router [pfsense](https://www.pfsense.org/) 13 | - Firewall [pfsense](https://www.pfsense.org/) 14 | - Switch [pfsense](https://www.pfsense.org/) or [cumulus](https://cumulusnetworks.com/products/cumulus-linux/) 15 | 2. LAN SDN - Local Area Network (LAN) Software Defined Network (SDN) 16 | - DHCP [drp](http://rebar.digital/) 17 | - iPXE [drp](http://rebar.digital/) 18 | - DNS [drp](http://rebar.digital/) 19 | - Subnets 20 | - VLAN 21 | 3. CPU SDC - Central Processing Unit (CPU) Software Defined Compute (SDN) 22 | - Bare Metal Boot iPXE [drp](http://rebar.digital/) 23 | - Virtual Machines [XenServer](https://www.citrix.com/downloads/citrix-hypervisor/) 24 | - K8s [k8s](https://kubernetes.io/) 25 | 4. Storage SDS - Software Defined Storage (SDS) 26 | - local [drp](http://rebar.digital/) 27 | - iSCSI [drp](http://rebar.digital/) [freeNAS](https://www.freenas.org/) 28 | - NFS [freeNAS](https://www.freenas.org/) 29 | 30 | ![hsgrid-overview-CPU-SDN](hsgrid-overview-CPU-SDN.svg) 31 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | lerna-debug.log* 8 | 9 | # Diagnostic reports (https://nodejs.org/api/report.html) 10 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 11 | 12 | # Runtime data 13 | pids 14 | *.pid 15 | *.seed 16 | *.pid.lock 17 | 18 | # Directory for instrumented libs generated by jscoverage/JSCover 19 | lib-cov 20 | 21 | # Coverage directory used by tools like istanbul 22 | coverage 23 | *.lcov 24 | 25 | # nyc test coverage 26 | .nyc_output 27 | 28 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 29 | .grunt 30 | 31 | # Bower dependency directory (https://bower.io/) 32 | bower_components 33 | 34 | # node-waf configuration 35 | .lock-wscript 36 | 37 | # Compiled binary addons (https://nodejs.org/api/addons.html) 38 | build/Release 39 | 40 | # Dependency directories 41 | node_modules/ 42 | jspm_packages/ 43 | 44 | # TypeScript v1 declaration files 45 | typings/ 46 | 47 | # TypeScript cache 48 | *.tsbuildinfo 49 | 50 | # Optional npm cache directory 51 | .npm 52 | 53 | # Optional eslint cache 54 | .eslintcache 55 | 56 | # Microbundle cache 57 | .rpt2_cache/ 58 | .rts2_cache_cjs/ 59 | .rts2_cache_es/ 60 | .rts2_cache_umd/ 61 | 62 | # Optional REPL history 63 | .node_repl_history 64 | 65 | # Output of 'npm pack' 66 | *.tgz 67 | 68 | # Yarn Integrity file 69 | .yarn-integrity 70 | 71 | # dotenv environment variables file 72 | .env 73 | .env.test 74 | 75 | # parcel-bundler cache (https://parceljs.org/) 76 | .cache 77 | 78 | # Next.js build output 79 | .next 80 | 81 | # Nuxt.js build / generate output 82 | .nuxt 83 | dist 84 | 85 | # Gatsby files 86 | .cache/ 87 | # Comment in the public line in if your project uses Gatsby and *not* Next.js 88 | # https://nextjs.org/blog/next-9-1#public-directory-support 89 | # public 90 | 91 | # vuepress build output 92 | .vuepress/dist 93 | 94 | # Serverless directories 95 | .serverless/ 96 | 97 | # FuseBox cache 98 | .fusebox/ 99 | 100 | # DynamoDB Local files 101 | .dynamodb/ 102 | 103 | # TernJS port file 104 | .tern-port 105 | -------------------------------------------------------------------------------- /docs/OrchestratorProblem.md: -------------------------------------------------------------------------------- 1 | # Orchestrator Definition 2 | Ralph sent an email with [Orchestrator Definition](https://docs.google.com/document/d/1QZtYFcDpkfOKJbFhkw-XPuD1eix0ovXSOe3cyEQivQQ/edit) attached. The link is the google doc attached in the email. 3 | 4 | The question being asked was: 5 | 6 | How does RansomShield define “network” to select which devices should be self-healed? 7 | 8 | 1. One feature of Ransom Shield is the “Self-Healing’ feature. This feature will train the local agent(app) on known malware to other devices on the network 9 | 2. Define what end-points will “react” or change status or blocking activities if one end-point is infected by ransomware. This is for the self-healing feature. 10 | 3. How will the solution decide which end points should be classified as “connected” to the infected end-point. 11 | 12 | My summary of the question: 13 | 14 | What is the User interface mechanisim Hacker Strike should implement to regulate RansonShield App Process Blocker within an associated user group. 15 | 16 | So, as I look at this, I think the answer is: 17 | 18 | Use the Baseline Behavior Injector, where the user's 'acceptable' behavior is captured. In my head this is where all expectations should be exercised, resources and interconnects mapped. 19 | 20 | Your solutions lead me to think I don't know what the question is. 21 | 22 | 1. "Network" should be defined via the "Baseline Behavior". 23 | 2. "Shield" is blocking access to a resource. 24 | 3. "Self-Healing" ? Wouldn't that be Baseline Behaviour Modification ? 25 | 26 | .... well I think I'm lost 27 | 28 | Notes: 29 | The new diagram with numbered lables. 30 | 31 | ![hs-arch](./images/hs-arch.png) 32 | 33 | 1. Dashboards and Management 34 | 2. RansomShield App 35 | 3. HackerStrike App 36 | 4. Process Blocker or all three parts of #2 RansomShield App 37 | 1. Process Monitor 38 | 2. Micro Neural Network 39 | 3. Process Blocker 40 | 5. Cloud Console 41 | 42 | I do not know the intention of the numbering. As for myself, I sorted my mental map of the dataflow a few months ago [See docs/README.md](./README.md) : 43 | 44 | 1. hs-client - used to collect telemetry and execute behavior mitagation 45 | 2. hs-telemetry - api based web service target used by client for telemetry collection 46 | 3. hs-mllab - lab for machine learning pipline used for the creation of client mitagation neural patterns 47 | 4. hs-malwarelab - lab used to create malware use telemetry for hs-mllab 48 | 5. hs-dsllab - lab used to model Domain Specific Language useage patterns to obtain deeper business specific use patterns 49 | 6. hs-customer-webportal - gui portal for ralph-types to show client value 50 | 7. hs-automation-webportal - gui portal for ralph-types... IMHO this should just be a deployment CI/CD pipeline 51 | 52 | 53 | -------------------------------------------------------------------------------- /docs/DocGrayREADME.md: -------------------------------------------------------------------------------- 1 | # Note from Dr. Paul Gray 2 | 3 | Hey Chris, 4 | 5 | ### tl;dr 6 | I'd recommend doing PXE installs of base debian systems and 7 | doing a proxmox overlay afterward. It's a lot easier to configure than 8 | depending on the proxmox installer, which was meant to be an idiot-proof 9 | install tool. 10 | 11 | ## Detail 12 | As you correctly assessed, I had indeed done similar deployments. My 13 | preference was to push a base Debian installation over PXE, which allows 14 | the customization of LVM volumes across mdraid-supported RAID arrays 15 | (something the base Proxmox installer didn't support). This afforded 16 | quite a bit of customization for "non DRAC" raid setups, which meant 17 | that I didn't need to use a high-$$ raid controller nor depend on Dell's 18 | raid add-ons. 19 | 20 | It also afforded the opportunity to push all of this on top of a 21 | cryptographic root filesystem -- no usable data on any physical disk at 22 | any time. 23 | 24 | ## In summary - the base was PXE-based installation using: 25 | - mdraid for arbitrary (useful) raid topologies 26 | - cryptsetup with full disk encryption 27 | - lvm volumes 28 | * proxmox likes lvm for snapshots, although I also used zfs 29 | - then using debootstrap, push a minimal Debian system 30 | * [debootstrap manpage](https://www.debian.org/releases/stretch/amd64/apds03.html.en) 31 | - then using `dpkg --set-selections < package.lst` push up the full 32 | enterprise system 33 | 34 | 35 | ^^^^^ All of the above is performed from a basic PXE-booted Debian OS. 36 | 37 | The latter components allow for fine-tuning Proxmox. For example, I use 38 | qmail instead of postgres, and add a lot of packages for kvm/vz management. 39 | 40 | ## Key is adding support to grub and initrd 41 | The key to getting all of this working together is adding 42 | mdraid+lvm+cryptfs support to both Grub and to your initrd, which is 43 | easy to do with the `mkinitrd` helper scripts. 44 | - [mkinitrd man page](http://man7.org/linux/man-pages/man8/mkinitrd.8.html) 45 | - [dracut man page](https://dracut.wiki.kernel.org/index.php/Main_Page) 46 | 47 | ### Remote Datacenter protection 48 | If your deployment is in a remote datacenter, you can set up cryptofs 49 | with one-time passwords for booting the system up when hands-on recover 50 | is required by the local staff. 51 | 52 | ### Post installation vm instances 53 | That addresses the proxmox installation (but not the automated addition 54 | to the cluster -- noted) ... You also mentioned subsequent vm instances: 55 | 56 | Once the proxmox cluster is established, you can use a similar PXE boot 57 | paradigm, but now with NFS root, to deploy your student PXE boxes. I 58 | had done that in spades as well. I had a previous infrastructure where 59 | a client would PXE-boot, get its NFS-root mount from the server, get a 60 | unique slice to hold its root filesystem and then could subsequently be 61 | booted up anywhere on the network to its previous state. That was all 62 | accomplished using PXE magic. 63 | -------------------------------------------------------------------------------- /docs/README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | My translation of the hs goal is to provide a 'best practices' active monitoring and mitagation serivce to client endpoints. The 'best practices' paterns are specifically created for each client through machine learning specific use patterns. The client use pattern and hs service malware pattern knowlege are used by the hs-client for continuous client side abnormal behavior mitagation. 3 | 4 | ## Major Components 5 | My translation of the service components required (at ralph-ish level) 6 | 7 | 1. hs-client - used to collect telemetry and execute behavior mitagation 8 | 2. hs-telemetry - api based web service target used by client for telemetry collection 9 | 3. hs-mllab - lab for machine learning pipline used for the creation of client mitagation neural patterns 10 | 4. hs-malwarelab - lab used to create malware use telemetry for hs-mllab 11 | 5. hs-dsllab - lab used to model Domain Specific Language useage patterns to obtain deeper business specific use patterns 12 | 6. hs-customer-webportal - gui portal for ralph-types to show client value 13 | 7. hs-automation-webportal - gui portal for ralph-types... IMHO this should just be a deployment CI/CD pipeline 14 | 15 | 16 | # Documents for hs-platform 17 | Automated platform deployment to simulate an isolated small business local network for testing and user training lab. 18 | 19 | 1. tbd 20 | 2. tbd 21 | 22 | 23 | ## Components 24 | 1. Testbench 25 | - OS Version 26 | - Cores, Memory, Storage 27 | - Network 28 | - Control Interface 29 | - Logging Interface 30 | 2. Logging 31 | - Resoruces 32 | - Interface 33 | 3. Orchestration 34 | 35 | ## Old Notes 36 | 1. [DRP testbench](./drptestbench/) 37 | 2. [Debian install build](./debianinstallbuild/) 38 | 3. [ProxMox install build](./proxmoxinstallbuild/) 39 | 40 | ### Index 41 | - [diagrams](diagrams) 42 | - [images](images) 43 | 44 | #### Notes 45 | - [HackerStrike.com](https://www.hackerstrike.com/) 46 | - [Slide Deck](https://drive.google.com/drive/folders/1No9s4_jFfRhRI16uf9B52u1u4ZQO_MCY) 47 | - [AutomationApp LineItems](https://docs.google.com/document/d/1ccteb0d2Gu_bjHPgg5s_BVJIHX02gnod/edit) 48 | 49 | - [Subnet Calculator](http://www.subnet-calculator.com/subnet.php) 50 | - [Private Network Range](https://en.wikipedia.org/wiki/Private_network) 51 | 52 | - [Centralizing Windows Logs](https://www.loggly.com/ultimate-guide/centralizing-windows-logs/) 53 | - [Cryptolocker Infection Methods](https://usa.kaspersky.com/resource-center/definitions/cryptolocker) 54 | 55 | - [DRP Krib Test catnotes](https://github.com/ctrees/drp-krib-test) 56 | - [DRP VBox setup](https://github.com/ctrees/drp-vbox) 57 | - [DRP feature testing](https://github.com/ctrees/drpfeature) 58 | - [Debian live iso build](https://www.bustawin.com/create-a-custom-live-debian-9-the-pro-way/) - [Example Project](https://github.com/ereuse/workbench-live) [Debian Install Guide](https://www.debian.org/releases/stretch/amd64/index.html.en) 59 | - [Debian Raspberry Pi](https://wiki.debian.org/RaspberryPi) 60 | 61 | - [dracut](https://dracut.wiki.kernel.org/index.php/Main_Page) 62 | - [mkinitrd](http://man7.org/linux/man-pages/man8/mkinitrd.8.html) 63 | 64 | - [ProxMox API viewer](https://pve.proxmox.com/pve-docs/api-viewer/) 65 | - [Logging System](https://github.com/wilreichert/docker-elk-pfSense) 66 | 67 | -------------------------------------------------------------------------------- /docs/pfSense/README.md: -------------------------------------------------------------------------------- 1 | [Back to docs Index](../) 2 | 3 | # pfSense 4 | tbd 5 | 6 | ## pfSense basics 7 | 1. Default install via "pfsense" USB install key 8 | - Using Dell (Intel SR1560SF) 9 | - Defalut install user: admin pw: pfsense 10 | - IF VM XCP-ng: Network Interfaces - Check - Disable hardware checksum offload 11 | - Note interface assignments and lable ports and cables 12 | - Walk through wizard 13 | - Turn off Block RFC1918 Private Addresses and bogon networks (so we can use LAN address ranges) 14 | - Decide what the LAN subnet should be (default is 192.168.1.1/24) 15 | - Set admin password 16 | - Should have 2 interfaces WAN and LAN 17 | - Add Traffic Graphs to Dashboard 18 | 2. DHCP Setup -> Services DHCP Server / LAN 19 | - Enbable DHCP Server 20 | - Range: 192.168.1.200 - 250 (Move new servers to MAC assignment) 21 | - View DHCP Static Mappings (at bottom) 22 | - Status -> DCHP Leaases (view leases and move 200-250 to the static according to IP mappings 23 | 3. Add VLAN's 24 | - Interfaces -> Assignments -> VLANs 25 | - VLANs add 26 | - Parent Interface: lan VLAN Tag: 9 Description: ADM 27 | - Save 28 | - Interfaces -> Interfaces Assignments 29 | - Add (Select above VLAN) Save 30 | - Click on new interface 31 | - Check Enable Interface 32 | - Add Description: ADM 33 | - IPv4 Config Type: Static IPv4 34 | - Go down to Static IPv4 Config and the IP (192.168.9.1/24) 35 | - Uncheck reserve net blocking 36 | - Click SAVE 37 | - Click APPLY CHANGES 38 | - Services -> DHCP Server 39 | - Select ADM network 40 | - Enable DHCP Server 41 | - Range: 192.168.9.200-250 42 | - Save 43 | 4. Add Firewall Rules 44 | - Firewall -> Rules -> ADM 45 | - Add: 46 | - Action - Pass 47 | - Interface - ADM 48 | - Addresss Family - IPv4 49 | - Protocal - any 50 | - Source - any 51 | - Destination - any 52 | - Description: Administration Network 53 | - Save 54 | - Add-TOP: 55 | - Action - Block 56 | - Interface - ADM 57 | - Addresss Family - IPv4 58 | - Protocal - any 59 | - Source - any 60 | - Destination - LAN 61 | - Description: BLOCK to LAN 62 | - Save 63 | - Add-TOP... block all other networks you want blocked 64 | 5. Add VLAN tags to Switches / vlans 65 | 66 | ### Equipment Docs 67 | - [HPE C7000 Ciscos WS-CBS-3020GSG2](https://drive.google.com/drive/folders/0B1myz1MGUaPqSjB3MDJyRktYaDA) 68 | - [Dell Intel SR1560SF](https://drive.google.com/drive/folders/0B1myz1MGUaPqSjB3MDJyRktYaDA) 69 | 70 | ### Notes 71 | - [Tutorial - pfsense install: Lawrence](https://youtu.be/9kSZ1oM-4ZM) 72 | - [interface assignments](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=588) 73 | - [re-assign interface](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=651) 74 | - [Uncheck Block Networks](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=881) 75 | - [run perf test](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=1349) 76 | - [open 443 to remote admin](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=1639) 77 | - [create firewall rules for a crapnetwork subnet](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=1706) 78 | - [create UPnP for crapnetwork subnet](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=1943) 79 | - [traffic shape crapnetwork subnet](https://youtu.be/9kSZ1oM-4ZM?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=2069) 80 | - [Tutorial - pfsense on XCP-ng: Lawrence tutorial](https://youtu.be/hy6RwgDm1p0?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h) 81 | - Check network performace [tutorial](https://youtu.be/hy6RwgDm1p0?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=172) 82 | ```bash 83 | iperf3 -c 192.168.9.1 84 | iperf3 -c 192.168.9.1 -P 100 -t 20 85 | ``` 86 | - Add XCP-ng tools [tutorial](https://youtu.be/hy6RwgDm1p0?list=PLjGQNuuUzvms3MhpsQ4zbe_Rlbo_0x01h&t=220) 87 | - [Tutorial - Virtualization Lab Network Setup / Demo using XCP-NG, UniFi, pfsense and Xen Orchestra](https://www.youtube.com/watch?v=o1nwUfHsDHs) 88 | - [Tutorial - pfSense VLAN and Guest Network Setup](https://www.youtube.com/watch?v=hhPGN4UJHAM) 89 | - [Tutorial - tbd]() 90 | - [Tutorial - tbd]() 91 | - [Tutorial - tbd]() 92 | 93 | 94 | -------------------------------------------------------------------------------- /docs/windows/README.md: -------------------------------------------------------------------------------- 1 | # Windows Sandbox options 2 | 3 | ## Build hswin10pro 4 | 1. hswin10pro-vm303-pm01 5 | - VM config on pm01 6 | 1. Name: hswin10pro VMID: 303 Server: pm01 7 | 2. Windows 10/2016 8 | 3. CD/DVD: Storage: hsfreenas ISO: Win10_1909_English_x64.iso 9 | 4. Hard Disk: Bus: VirtIO 0 Storage: local-lvm Disk size: 32GB Cache: Write back 10 | 5. 6 cores, 8192 (8GB), Enable Numa 11 | 6. Network: Bridge: vmbro Model: VirtIO Firewall: UNCHECKED 12 | 7. Add second CD/DVD: Storage: hsfreenas ISO: virt-win-0.1.171.iso 13 | - Boot VM 14 | 1. Proceed with windows installation as normal. Custom: Install Windows only (advanced) 15 | 2. Where to Install setup will not find any drives. 16 | - Select "Load driver" 17 | - Browse to CD: viostor > w10 > amd64 18 | - Click OK should load the Red Hat VirtIO SCSI controller 19 | - Click NEXT to partion and continue the installation 20 | 3. Finish Windows Install and Reboot 21 | 4. Open Device Manager find Ethernet Controller and PCI device that need driver updates 22 | - Right click on network NetKVM > win10 > amd64 for "Red Hat VirtIO Ethernet Adaptor" 23 | - Right clicn on PCI Ballon > win10 > amd64 for "VirtIO Ballon Driver 24 | 5. Shutdown VM 25 | 6. Remove CD/DVD 26 | - Start VM hswin10pro 27 | 1. Login on Console with User 28 | 2. Enable "Microsoft Remote Connection" 29 | 3. Turn off Windows Firewall 30 | - Reboot VM 31 | - Setup Resources 32 | 1. [ProxMox Windows 10 VM best practices](https://pve.proxmox.com/wiki/Windows_10_guest_best_practices) 33 | 2. [ProxMox Windows 10 VM idiots guide](https://jonspraggins.com/the-idiot-installs-windows-10-on-proxmox/) 34 | 3. [Windows 10 iso - Download link](https://www.microsoft.com/en-us/software-download/windows10ISO) 35 | 4. [ProxMox Windows 10 virtio link](https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/index.html) 36 | 5. [ProxMox Windows 10 virtio-win iso](https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso) 37 | 6. [ProxMox Windows 10 - NFS mount](https://graspingtech.com/mount-nfs-share-windows-10/) 38 | 2. Run Windows Updates 39 | - Keep updating and rebooting until is stops complaining 40 | 3. Basic Installs 41 | - Download and install Chrome Downloads/ChromeSetup 42 | - Download and install FireFox Downloads/Firefox Installer 43 | - Download and install Edge Downloads/MicrosoftEdgeSetup 44 | 4. Connect [NFS Storage](https://graspingtech.com/mount-nfs-share-windows-10/) 45 | - On VM: CD/DVD: Storage: hsfreenas ISO: Win10_1909_English_x64.iso 46 | - Install NFS Client 47 | 1. Open "Control Panel" 48 | 2. Turn ON windows features 49 | - Services for NFS -> Client for NFS 50 | - Windows Subsystem for Linux 51 | 3. Enable Write Permissions for the Anonymous User 52 | - On cmd run "mount" should see UID=-2 and GID=-2 53 | - Open "regedit" 54 | - Browse: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default 55 | - Add New DWORD (32-bit): AnonymousUid Value: 0x000000 (0) 56 | - Add New DWORD (32-bit): AnonymousGid Value: 0x000000 (0) 57 | 4. Reboot (or restart NFS client) 58 | - Connect to hspool 59 | ``` 60 | C:\Users\hsadmin>mount -o anon \\192.168.1.2\mnt\hspool H: 61 | ``` 62 | - Verify mount 63 | ``` 64 | C:\Users\hsadmin>mount 65 | 66 | Local Remote Properties 67 | ------------------------------------------------------------------------------- 68 | H: \\192.168.1.2\mnt\hspool UID=0, GID=0 69 | rsize=131072, wsize=131072 70 | mount=soft, timeout=6.4 71 | retry=1, locking=yes 72 | fileaccess=755, lang=ANSI 73 | casesensitive=no 74 | sec=sys 75 | 76 | C:\Users\hsadmin> 77 | ``` 78 | 5. Install Ubuntu 20.04 LTS app via Play store 79 | - Start session with hsadmin - normalpw 80 | - Where is [file system root in windows](https://askubuntu.com/questions/759880/where-is-the-ubuntu-file-system-root-directory-in-windows-subsystem-for-linux-an) 81 | - Did not get working but... [nfs mount from windows subsystem](https://superuser.com/questions/1128634/how-to-access-mounted-network-drive-on-windows-linux-subsystem/1261563) 82 | - Install nsf-common 83 | 1. sudo apt install nfs-common 84 | - NFS Mount the 192.168.1.2:/mnt/hspool to /mnt/hspool 85 | 1. sudo mkdir -p /mnt/hspool 86 | 2. sudo mount 192.168.1.2:/mnt/hspool /mnt/hspool -vvv 87 | 3. Verify: df -h 88 | 4. sudo touch /mnt/hspool/thistest.txt 89 | 5. ls -l /mnt/hspool/thistest.txt 90 | 6. Install [Visual Studio Code](https://code.visualstudio.com/) 91 | 7. Shutdown VM backup: vzdump-qemu-303-2020_06_14-14_39_42.vma.gz (backup before Key Activation) 92 | 8. Activate Windows Pro Key 93 | 9. Shutdown VM backup: vzdump-qemu-303-2020_xxx.vma.gz (backup after Key Activation) 94 | 95 | ## Notes 96 | 1. [Windows Sandbox](https://www.theverge.com/2018/12/19/18147991/microsoft-windows-sandbox-security-safety-isolation-standalone-apps) 97 | 2. [Windows Sandbox - mstech](https://techcommunity.microsoft.com/t5/windows-kernel-internals/windows-sandbox/ba-p/301849#) 98 | 3. [Windows Containers - msdocs](https://docs.microsoft.com/en-us/virtualization/windowscontainers/about/) 99 | 4. [Windows k8s - msdocs](https://docs.microsoft.com/en-us/virtualization/windowscontainers/kubernetes/getting-started-kubernetes-windows) 100 | 5. [NFS mount on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-18-04) 101 | -------------------------------------------------------------------------------- /docs/XenServer/README.md: -------------------------------------------------------------------------------- 1 | # XenServer Config 2 | [Back to docs Index](../) 3 | 4 | # Quick Start notes 5 | 1. Use Install XCP-ng 8.1 USB key to boot and install 6 | - Server Name: hsgXX 7 | - Special: xxXCP#xxxx 8 | - IP: DHCP (MAC tied to IP 192.168.1.120+Blade#) 9 | 2. GUI Admin 10 | - [XOA Appliance install](https://youtu.be/mp-pCgYszqU?t=305) 11 | ```bash 12 | bash -c "$(curl -s http://xoa.io/deploy)" 13 | ``` 14 | - [Windows xenadmin Client XOA github](https://github.com/xcp-ng/xenadmin/releases/) 15 | 3. Local Storage 16 | - Install a hard drive on a XenServer. 17 | - Run the following command from the command line interface to display the installed disks: 18 | ```bash 19 | fdisk -l 20 | lsblk 21 | ``` 22 | - Inspect the disks partitions 23 | ```bash 24 | cfdisk /dev/sdc 25 | ``` 26 | - List the xen server ID 27 | ```bash 28 | xe host-list 29 | ``` 30 | - Run the following command from the command line interface: 31 | ```bash 32 | xe sr-create host-uuid name-label= shared=false device-config:device= type=lvm content-type=user 33 | ``` 34 | - hostID: is shown by xe host-list (just tab if your on the server) 35 | - nameLabel: is the display name used in XCP-ng 36 | - devicePath: shown in fdisk -l or lsblk /dev/sdc 37 | - Example I ran on hsg04 38 | ```bash 39 | xe sr-create host-uuid=7749xxxx-xxxx-xxxx-xxxx-xxxxxxxxxxb0 name-label-"hsg04d2" shared=false device-config=/dev/sdb type=lvm content-type=user 40 | ``` 41 | 4. Pass-through Storage 42 | - Run the following command from the command line interface to display the installed disks: 43 | ```bash 44 | lsblk 45 | ``` 46 | - Inspect the disks partitions delete partitions you want to re-use 47 | ```bash 48 | cfdisk /dev/sdc 49 | ``` 50 | - List the xen server ID 51 | ```bash 52 | xe host-list 53 | ``` 54 | - Make directory with symlinks to devices you want to pass-through 55 | ```bash 56 | cd /srv/ 57 | mkdir pass_drives 58 | cd pass_drives 59 | ln -s /dev/sdc 60 | ``` 61 | - Run the following command from the command line interface: 62 | ```bash 63 | xe sr-create name-label=Pass_Drives type=udev content-type=disk device-config:location=/srv/pass_drives 64 | ``` 65 | - hostID: is shown by xe host-list 66 | - nameLabel: is the display name used in XCP-ng 67 | - devicePath: shown in fdisk -l or lsblk - /dev/sdc 68 | - fire up vm and connect 69 | 70 | ## Notes 71 | - [xcp-ng Homepage](https://xcp-ng.org/) 72 | - [xcp-ng Github](https://github.com/xcp-ng/xcp) 73 | - [xcp-ng Guest Tools](https://github.com/xcp-ng/xcp/wiki/Guest-Tools) 74 | - [xcp-ng Graphical Client](https://github.com/xcp-ng/xenadmin/releases/) 75 | - [xcp-ng iso 8.1 Download](http://mirrors.xcp-ng.org/isos/8.1/xcp-ng-8.1.0-2.iso) 76 | - [xcp-ng Best Practices](https://github.com/xcp-ng/xcp/wiki/Best-Practices-Guide) 77 | - [citrix Remove Storate Repository](https://support.citrix.com/article/CTX131328) 78 | 79 | ### Tutorials 80 | - [Tutorial - XCP-ng quick install - Lawrence System](https://www.youtube.com/watch?v=mp-pCgYszqU) 81 | - [XOA Appliance install](https://youtu.be/mp-pCgYszqU?t=305) 82 | ```bash 83 | bash -c "$(curl -s http://xoa.io/deploy)" 84 | ``` 85 | - [https://192.168.1.126/ Default user is admin@admin.net with admin as a password ](http://192.168.1.126/) 86 | - [Xen Orchestra Community build from source](https://xen-orchestra.com/docs/from_the_sources.html) 87 | - [Xen Orchestra Installer github](https://github.com/ronivay/XenOrchestraInstallerUpdater) 88 | - [Lawrence hack of Installer - Lawrence System](https://github.com/flipsidecreations/XenOrchestraInstallerUpdater) 89 | - [Tutorial - XCP-ng Install 7.4](https://www.youtube.com/watch?v=bG5enpij0e8&feature=youtu.be) 90 | - [Tutorial - Configuring Citrix XenServer With FreeNAS & ISCSI For Storage](https://www.youtube.com/watch?v=-KmgwQORAX8&list=PLjGQNuuUzvmv1n8W-lDplGiDwlxvSSIcv&index=38) 91 | - [Tutorial - Virtual Lab Setup - Lawrence System](https://www.youtube.com/watch?v=mXwSMh9uk0w) 92 | - [Tutorial - XCP-NG 8.0 HA High Availability Cluster Setup](https://www.youtube.com/watch?v=jvhUY81pBw0) 93 | - [Tutorial - Explaining Resource Pools With Xenserver XCP-NG & Xen Orchestra](https://www.youtube.com/watch?v=imOsGG9AmOk) 94 | - [Tutorial - VM Backups, Disaster Recovery and Continuous Replication with Xen Orchestra Backup](https://www.youtube.com/watch?v=1tJZAc-A4kU) 95 | - [Tutorial - XCP-NG & Xenmotion: Migrating Live VM's Between Servers](https://www.youtube.com/watch?v=5XoXQAIjFH8) 96 | - [Tutorial - How To Load XCP-NG Xenserver PV Drivers via Windows Update & Xen Orchestra](https://www.youtube.com/watch?v=nGfx5upOk8c) 97 | - [Tutorial - Running pfsense on XCP-NG Xenserver & Installing Xenserver tools](https://www.youtube.com/watch?v=hy6RwgDm1p0) 98 | - [Tutorial - XCP-NG Stack - How to load XEN Tools in windows VM's](https://www.youtube.com/watch?v=SsuoPzKXnBA) 99 | - [Tutorial - How to add additional hard disk in xenserver](https://www.youtube.com/watch?v=HgjfQKr6u1w) 100 | - [Tutorial - Xenserver Hard Drive Whole Disk Passthrough with XCP-NG](https://www.youtube.com/watch?v=vSDDMIG6Huk) 101 | - [Tutorial - Citrix Xenserver Adding A Hard Drive](https://www.youtube.com/watch?v=gNLBNUHI1uE) 102 | - [Tutorial - ]() 103 | 104 | 105 | ### Setup disk on hsg03 106 | ``` 107 | root@192.168.1.123's password: 108 | Last login: Mon May 25 20:20:31 2020 from 192.168.1.120 109 | [17:01 hsg03 ~]# ls 110 | CentOS-7-x86_64-DVD-2003.iso 111 | [17:01 hsg03 ~]# lsblk 112 | NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT 113 | sdb 8:16 0 136.7G 0 disk 114 | ├─sdb2 8:18 0 512M 0 part 115 | ├─sdb3 8:19 0 136.2G 0 part 116 | └─sdb1 8:17 0 1007K 0 part 117 | sda 8:0 0 136.7G 0 disk 118 | ├─sda4 8:4 0 512M 0 part 119 | ├─sda2 8:2 0 18G 0 part 120 | ├─sda5 8:5 0 4G 0 part /var/log 121 | ├─sda3 8:3 0 95.2G 0 part 122 | │ └─VG_XenStorage--b4394697--21e5--f609--94dc--97817d48b2c3-MGT 253:0 0 4M 0 lvm 123 | ├─sda1 8:1 0 18G 0 part / 124 | └─sda6 8:6 0 1G 0 part [SWAP] 125 | [17:04 hsg03 ~]# xe host-list 126 | uuid ( RO) : 9d41f57b-2da4-492d-8a7e-79309ec72ac7 127 | name-label ( RW): hsg03 128 | name-description ( RW): Default install 129 | 130 | 131 | uuid ( RO) : de0ae348-63d3-402f-aeba-04091be1bca9 132 | name-label ( RW): hsg02 133 | name-description ( RW): Default install 134 | 135 | 136 | uuid ( RO) : 7749899f-1c7b-465f-9123-4e0dc59077b0 137 | name-label ( RW): hsg08 138 | name-description ( RW): Default install 139 | 140 | 141 | uuid ( RO) : 5f64dbdf-781e-4b86-be03-6be544870402 142 | name-label ( RW): hsg04 143 | name-description ( RW): Default install 144 | 145 | 146 | [17:05 hsg03 ~]# xe sr-create host-uuid=9d41f57b-2da4-492d-8a7e-79309ec72ac7 name-label=hsg03d2 shared=false device-config:device=/dev/sdb type=lvm content-type=user 147 | 729d3457-7a10-17d8-0e8f-68bd0042b712 148 | [17:06 hsg03 ~]# 149 | ``` 150 | 151 | -------------------------------------------------------------------------------- /docs/diagrams/hackerstrike-diagrams.drawio: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | -------------------------------------------------------------------------------- /docs/drptestbench/README.md: -------------------------------------------------------------------------------- 1 | # drptestbench 2 | 3 | ## Quick Start 4 | - Using VirtualBox "DRPTest" launch endpoint at [https://192.168.56.2:8092/](https://192.168.56.2:8092/) 5 | ```bash 6 | macci:~ cat$ ssh root@192.168.56.2 7 | root@192.168.56.2's password: 8 | Last login: Wed Apr 8 09:47:04 2020 from 192.168.56.1 9 | [root@localhost ~]# systemctl stop firewalld.service 10 | [root@localhost ~]# cd drp 11 | [root@localhost drp]# ./dr-provision --base-root=/root/drp/drp-data > drp.log 2>&1 & 12 | [1] 3937 13 | [root@localhost drp]# 14 | ``` 15 | - Access the Digital Rebar UI at [https://192.168.56.2:8092/](https://192.168.56.2:8092/) 16 | - Default user: rocketskates pw: r0cketsk8s 17 | - System Info $ Preferences 18 | - Verify "System Bootstrap Wizard" all green but Change Default Password 19 | - System Preferences 20 | - Default Workflow: discover-base 21 | - Default Stage: discover 22 | - Default BootEnv: sledgehammer 23 | - Unknown BootEnv: discovery 24 | - Subnets 25 | - enp0s8 - 192.168.56.2/24 26 | - Range - 192.168.56.10-254 27 | - Machines and Leases 28 | - 192.168.56.10 - bm1 - d08-00-27-7b-08-51.localdomain 29 | - 192.168.56.11 - bm2 - d08-00-27-e4-7e-99.localdomain 30 | - 192.168.56.12 - bm3 - d08-00-27-0e-21-ec.localdomain 31 | - Catalog 32 | - Turn on BM1, BM2, BM3 PXE boot VM 33 | 34 | ## VM Configurations 35 | 1. Create DRPTest VM 36 | - OS: Fedora-64bit 37 | - Mem: 2048 38 | - HD: 8GB 39 | - 080027BE58C9 enp0s3: bridged (DHCP) 40 | - 0800279A97F5 enp0s8: vboxnet0 (192.168.56.2 static) 41 | - root What#Time 42 | - cat What#Time 43 | 2. Create BM1-3 VM 44 | - OS: Fedora-64bit 45 | - Mem: 2048 46 | - HD: 8GB 47 | - 080027BE58C9 enp0s3: vboxnet0 (DHCP) 48 | - Controller: SCSI - VHD 4GB (FIXED) 49 | - System: Motherboard: BootOrder "Network" 50 | 51 | ## DRP Endpoint Basics [https://192.168.56.2:8092/](https://192.168.56.2:8092/) 52 | - basic [profiles - global](https://portal.rackn.io/#/e/192.168.56.2:8092/profiles/global) 53 | - package-repositories 54 | ``` 55 | [ 56 | { 57 | "arch": "x86_64", 58 | "installSource": true, 59 | "os": [ 60 | "centos-7", 61 | "centos-7-install" 62 | ], 63 | "tag": "centos-7", 64 | "url": "https://192.168.52.2:8091/centos-7/install" 65 | } 66 | ] 67 | ``` 68 | - access-keys 69 | ``` 70 | { 71 | "user": "ssh-rsa AAAyour-id_rsa.pub user@something.comm" 72 | } 73 | ``` 74 | - access-ssh-root-mode - without-password 75 | 76 | ## Steps - Create custom workflow 77 | - tbd 78 | - tbd 79 | 80 | ### Custom workflow notes 81 | - [DRP Add SSH Key to Auth Keys](https://provision.readthedocs.io/en/latest/doc/faq-troubleshooting.html#add-ssh-keys-to-authorized-keys) 82 | - [DRP Default passwords](https://provision.readthedocs.io/en/latest/doc/faq-troubleshooting.html#what-are-the-default-passwords) 83 | - [Air Gap Install Instructions](https://provision.readthedocs.io/en/latest/doc/operations/airgap.html) 84 | - [System Management BIOS API and Specs](https://www.dmtf.org/standards/smbios) 85 | - [tbd]() 86 | - [tbd]() 87 | - [tbd]() 88 | - [Linux check BIOS settings from the command line](https://www.cyberciti.biz/faq/linux-check-bios-settings-from-the-command-line/) 89 | - 90 | ## Steps - Setup drptestbench 91 | 1. Create DRPTest VM 92 | - OS: Fedora-64bit 93 | - Mem: 2048 94 | - HD: 8GB 95 | - 080027BE58C9 enp0s3: bridged (DHCP) 96 | - 0800279A97F5 enp0s8: vboxnet0 (192.168.56.2 static) 97 | - root What#Time 98 | - cat What#Time 99 | 2. Install [DRP](https://provision.readthedocs.io/en/latest/doc/quickstart.html) 100 | ```bash 101 | [root@localhost ~]# nmtui (add the above network config) 102 | [root@localhost ~]# sudo firewall-cmd --zone=public --permanent --add-port=8092/tcp 103 | [root@localhost ~]# mkdir drp ; cd drp 104 | [root@localhost drp]# curl -fsSL get.rebar.digital/stable | bash -s -- --isolated install 105 | 'dr-provision' service is not running, beginning install process ... 106 | Ensuring required tools are installed 107 | Installing Version stable of Digital Rebar Provision 108 | >>> Downloading file: rackn-catalog.json 109 | >>> Downloading file: v4.2.6.zip 110 | ./bin/darwin/amd64/drpjoin: OK 111 | ./bin/darwin/amd64/drpcli: OK 112 | ./bin/darwin/amd64/drbundler: OK 113 | ./bin/darwin/amd64/dr-provision: OK 114 | ./bin/linux/armv7/drpjoin: OK 115 | ./bin/linux/armv7/drpcli: OK 116 | ./bin/linux/armv7/drbundler: OK 117 | ./bin/linux/armv7/dr-provision: OK 118 | ./bin/linux/arm64/drpjoin: OK 119 | ./bin/linux/arm64/drpcli: OK 120 | ./bin/linux/arm64/drbundler: OK 121 | ./bin/linux/arm64/dr-provision: OK 122 | ./bin/linux/amd64/drpjoin: OK 123 | ./bin/linux/amd64/drpcli: OK 124 | ./bin/linux/amd64/drbundler: OK 125 | ./bin/linux/amd64/dr-provision: OK 126 | ./bin/windows/amd64/drpcli.exe: OK 127 | ./assets/startup/dr-provision.service: OK 128 | ./assets/startup/dr-provision.sysv: OK 129 | ./assets/startup/dr-provision.unit: OK 130 | ./tools/install.sh: OK 131 | Installing Version stable of Digital Rebar Provision Community Content 132 | >>> Downloading file: v4.2.10.json 133 | 134 | ******************************************************************************** 135 | 136 | # Run the following commands to start up dr-provision in a local isolated way. 137 | # The server will store information and serve files from the drp-data directory. 138 | 139 | ./dr-provision --base-root=/root/drp/drp-data > drp.log 2>&1 & 140 | 141 | # Once dr-provision is started, setup a base discovery configuration 142 | ./drpcli bootenvs uploadiso sledgehammer 143 | ./drpcli prefs set defaultWorkflow discover-base unknownBootEnv discovery defaultBootEnv sledgehammer defaultStage discover 144 | 145 | # Optionally, locally cache the isos for common community operating systems 146 | ./drpcli bootenvs uploadiso ubuntu-18.04-install 147 | ./drpcli bootenvs uploadiso centos-7-install 148 | 149 | [root@localhost drp]# 150 | ``` 151 | Notes just after install 152 | ``` 153 | [root@localhost ~]# ls 154 | anaconda-ks.cfg drp 155 | [root@localhost ~]# du -s drp 156 | 641768 drp 157 | [root@localhost ~]# du 158 | 12 ./drp/assets/startup 159 | 12 ./drp/assets 160 | 93072 ./drp/bin/darwin/amd64 161 | 93072 ./drp/bin/darwin 162 | 86088 ./drp/bin/linux/armv7 163 | 89224 ./drp/bin/linux/arm64 164 | 91248 ./drp/bin/linux/amd64 165 | 266560 ./drp/bin/linux 166 | 16736 ./drp/bin/windows/amd64 167 | 16736 ./drp/bin/windows 168 | 376368 ./drp/bin 169 | 44 ./drp/tools 170 | 200 ./drp/drp-data/saas-content 171 | 200 ./drp/drp-data 172 | 641768 ./drp 173 | 0 ./.pki/nssdb 174 | 0 ./.pki 175 | 641796 . 176 | [root@localhost ~]# df 177 | Filesystem 1K-blocks Used Available Use% Mounted on 178 | /dev/mapper/centos-root 13461504 1668280 11793224 13% / 179 | devtmpfs 929064 0 929064 0% /dev 180 | tmpfs 941148 0 941148 0% /dev/shm 181 | tmpfs 941148 8748 932400 1% /run 182 | tmpfs 941148 0 941148 0% /sys/fs/cgroup 183 | /dev/sda1 1038336 148412 889924 15% /boot 184 | tmpfs 188232 0 188232 0% /run/user/0 185 | [root@localhost ~]# 186 | ``` 187 | 3. Start DRP and load isos 188 | ``` 189 | [root@localhost drp]# ./dr-provision --base-root=/root/drp/drp-data > drp.log 2>&1 & 190 | [1] 3951 191 | [root@localhost drp]# ./drpcli bootenvs uploadiso sledgehammer 192 | { 193 | "Path": "sledgehammer-c7305a9ba2c6b12351530c4a9021fd5e07ef1ce1.amd64.tar", 194 | "Size": 198062080 195 | } 196 | 2020/03/26 15:55:28 197 | { 198 | "Path": "sledgehammer-9b5276ac5826520829aa73c149fe672fe2363656.arm64.tar", 199 | "Size": 172267520 200 | } 201 | 2020/03/26 15:56:15 202 | [root@localhost drp]# ./drpcli prefs set defaultWorkflow discover-base unknownBootEnv discovery defaultBootEnv sledgehammer defaultStage discover 203 | { 204 | "baseTokenSecret": "JILQDZpE3lqXhy_JNPEgANsT0XOQVzxg", 205 | "completeJobsPurgedAfter": "never", 206 | "debugBootEnv": "warn", 207 | "debugDhcp": "warn", 208 | "debugFrontend": "warn", 209 | "debugPlugins": "warn", 210 | "debugRenderer": "warn", 211 | "defaultBootEnv": "sledgehammer", 212 | "defaultStage": "discover", 213 | "defaultWorkflow": "discover-base", 214 | "failedJobsPurgedAfter": "never", 215 | "jobsToKeep": "50", 216 | "knownTokenTimeout": "3600", 217 | "logLevel": "warn", 218 | "systemGrantorSecret": "xcTXDw2fGyeOMZsOAv3STiYh7YQ0MlDh", 219 | "unknownBootEnv": "discovery", 220 | "unknownTokenTimeout": "600" 221 | } 222 | [root@localhost drp]# ./drpcli bootenvs uploadiso centos-7-install 223 | { 224 | "Path": "CentOS-7-x86_64-Minimal-1908.iso", 225 | "Size": 987758592 226 | } 227 | 2020/03/26 16:05:51 228 | 229 | { 230 | "Path": "CentOS-7-aarch64-Minimal-1908.iso", 231 | "Size": 917698560 232 | } 233 | 2020/03/26 16:09:55 234 | [root@localhost drp]# 235 | ``` 236 | 4. IP Address Setup 237 | ``` 238 | [root@localhost drp]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3 239 | TYPE=Ethernet 240 | PROXY_METHOD=none 241 | BROWSER_ONLY=no 242 | BOOTPROTO=dhcp 243 | DEFROUTE=yes 244 | IPV4_FAILURE_FATAL=no 245 | IPV6INIT=no 246 | IPV6_AUTOCONF=no 247 | IPV6_DEFROUTE=yes 248 | IPV6_FAILURE_FATAL=no 249 | IPV6_ADDR_GEN_MODE=stable-privacy 250 | NAME=enp0s3 251 | UUID=f29e9c00-c418-491d-89ec-028d1c674e0d 252 | DEVICE=enp0s3 253 | ONBOOT=yes 254 | [root@localhost drp]# cat /etc/sysconfig/network-scripts/ifcfg-enp0s8 255 | TYPE=Ethernet 256 | PROXY_METHOD=none 257 | BROWSER_ONLY=no 258 | BOOTPROTO=none 259 | IPADDR=192.168.56.2 260 | PREFIX=24 261 | GATEWAY=192.168.56.1 262 | DEFROUTE=yes 263 | IPV4_FAILURE_FATAL=no 264 | IPV6INIT=no 265 | NAME=enp0s8 266 | UUID=b4d0f817-d294-36d0-a317-0409c2829b14 267 | DEVICE=enp0s8 268 | ONBOOT=yes 269 | AUTOCONNECT_PRIORITY=-999 270 | [root@localhost drp]# 271 | ``` 272 | 5. Manual startup 273 | ``` 274 | [root@localhost drp]# systemctl status firewalld.service 275 | [root@localhost drp]# systemctl stop firewalld.service (only if you forgot to add 8092) 276 | [root@localhost drp]# ./dr-provision --base-root=/root/drp/drp-data > drp.log 2>&1 & 277 | [root@localhost drp]# sudo shutdown --poweroff 278 | ``` 279 | 280 | -------------------------------------------------------------------------------- /docs/images/02-testbench.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 |
kubectl
kubectl
Shared Storage
Samba Server
Test Target
Shared Storage...
Target
Telemetry
Stream
Target...
Minimal
Execution
Enviroment
Minimal...
Source
Telemetry
Stream
Source...
Network
Telemetry
Stream
Network...
Telemetry DataStore
Telemetry DataStore
Storage Pod
Storage Pod
Bench Pod
Bench PodViewer does not support full SVG 1.1 -------------------------------------------------------------------------------- /docs/hsgrid/hsgrid-overview-CPU-SDN.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 |
hsg01
ADM-VLAN 9
192.168.9.121/24
NAS-VLAN 249
192.168.249.121/24
HSG-VLAN 13
192.168.13.121/24
192.168.1.121
hsg01...
10GB Cisco
10GB Cisco
hsg08
192.168.1.128

Win10hsadmin
192.168.1.119

CentOS7

------------------------
? proposed ?
hsv1
FreeNAS
iSCSI
NFS
VLAN 249
192.168.249.251/24

hsg08...
1GB
1GB
pfsense

WAN 192.168.254.209/24
iPXE 192.168.3.1/24
ADM 192.168.9.1/24
NAS 192.168.249.1/24
HSG 192.168.13.1/24
GW 192.168.1.1/24
pfsense...
1GB
1GB
WAN
WAN
hsg02
ADM-VLAN 9
192.168.9.122/24
NAS-VLAN 249
192.168.249.122/24
HSG-VLAN 13
192.168.13.122/24
192.168.1.122
hsg02...
hsg03
ADM-VLAN 9
192.168.9.123/24
NAS-VLAN 249
192.168.249.123/24
HSG-VLAN 13
192.168.13.123/24
192.168.1.123
hsg03...
hsg04
ADM-VLAN 9
192.168.9.124/24
NAS-VLAN 249
192.168.249.124/24
HSG-VLAN 13
192.168.13.124/24
192.168.1.124
hsg04...Viewer does not support full SVG 1.1 -------------------------------------------------------------------------------- /docs/images/01-overview.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 |
Cloud Apps
Cloud Apps
Mobile
User
Mobil...
Private Interface
Application Firewall
Private Interface...
storage
storage
storage
storage
application
application
VPN
VPN
application
application
application
application
storage
storage
shared
storage
shared...
Local
User
Local...
Corp
Firewall
Corp...Viewer does not support full SVG 1.1 -------------------------------------------------------------------------------- /docs/hsgrid/hsgrid-overview.drawio: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | -------------------------------------------------------------------------------- /docs/hsgrid/hsgrid-overview.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 |
WAN
WAN
LAN SDN
drp - scripts
LAN SDN...
CPU SDC
drp -  XCP-NG - k8s
CPU SDC...
 Storage SDS
drp - freeNAS XenServer - ceph
Storage SDS...
POE
pfsense
POE...
vm ubuntu
vm ubuntu
local
local
vm ubuntu
vm ubuntu
XCP-NG
XCP-NG
bare metal
bare metal
vm centos
vm centos
windows 10
windows 10
DCHP
iPXE
vlan 1
subnet
192.
168.
0.
0
/22
DCHP...
prod 
vlan 12^
subnet
192.
168.
12^.
0
/24
prod...
admin 
vlan 9
subnet
192.
168.
9.
0
/24

admin...
FreeNAS
NFS
Storage 
vlan 208
subnet
192.
168.
208.
0
/20
FreeNA...
local
local
local
local
iSCSI
iSCSI
nfs
nfs
nfs
nfsViewer does not support full SVG 1.1 --------------------------------------------------------------------------------