Proxmox Lab: Game of Active Directory - Terraform the Lab

In this module, we'll be taking steps to provision the entire Proxmox Game of Active Directory lab environment using Terraform
Proxmox Lab: Game of Active Directory - Terraform the Lab
In: Proxmox, Home Lab, Active Directory, Game of Active Directory, Windows, Attack
ℹ️
This module is part of a larger project on setting up Game of Active Directory (GOAD) on Proxmox alongside our existing lab infrastructure. Click here to be taken back to the project landing page.

Previous Step

Proxmox Lab: Game of Active Directory - Creating VM Templates
In this module, we’ll be taking steps to create some Windows Server 2016 and Windows Server 2019 templates using Packer for use in the Proxmox Game of Active Directory lab





Objectives for this Step

  • Configure the Terraform variables, recipe, and plan
  • Create the lab environment with Terraform



Terraform the Lab

Variables

cd /root/GOAD/ad/GOAD/providers/proxmox/terraform
cp variables.tf.template variables.tf
nano variables.tf

variables.tf (click to expand)

variable "pm_api_url" {
  default = "https://172.16.1.14:8006/api2/json"
}

variable "pm_user" {
  default = "root@pam"
}

variable "pm_password" {
  default = "ENTER_YOUR_ROOT_USER_PASSWORD"
}

variable "pm_node" {
  default = "proxmox-um690"
}

variable "pm_pool" {
  default = "GOAD"
}

variable "pm_full_clone" {
  default = false
}

# change this value with the id of your templates (win10 can be ignored if not used)
variable "vm_template_id" {
  type = map(number)

  # set the ids according to your templates
  default = {
      "WinServer2019_x64"  = 0
      "WinServer2016_x64"  = 0
#      "Windows10_22h2_x64" = 0
  }
}

variable "storage" {
  # change this with the name of the storage you use
  default = "local-lvm"
}

variable "network_bridge" {
  default = "vmbr1"
}

variable "network_model" {
  default = "e1000"
}

variable "network_vlan" {
  default = 10
}

## the following variable is only for telmate provider (not used)
## change this value with the name of your templates (win10 can be ignored if not used)
# variable "vm_template_name" {$
#   type = map(string)
#
#   default = {
#       "WinServer2019_x64"  = "WinServer2019x64-cloudinit-qcow2"
#       "WinServer2016_x64"  = "WinServer2016x64-cloudinit-qcow2"
#       "Windows10_22h2_x64" = "Windows10x64-22h2-cloudinit-qcow2"
#   }
# }

Changes Made to the Document

variable "pm_api_url" {
  default = "https://172.16.1.14:8006/api2/json"
}

Sets the correct IP address of the GOAD PVE node

variable "pm_user" {
  default = "root@pam"
}

variable "pm_password" {
  default = "ENTER_YOUR_ROOT_USER_PASSWORD"
}

Sets the correct username and password

variable "pm_node" {
  default = "proxmox-um690"
}

Sets the correct PVE node name

  default = {
      "WinServer2019_x64"  = 100
      "WinServer2016_x64"  = 102
#      "Windows10_22h2_x64" = 0
  }

Sets the IDs of the templates in PVE and comments out Windows 10, since it is not used in our lab

variable "storage" {
  # change this with the name of the storage you use
  default = "local-lvm"
}

Changes to default = "local-lvm". My node uses local-zfs, but I've used the default here that will be standard in most people's PVE nodes.

variable "network_bridge" {
  default = "vmbr1"
}

Changes the default switch to vmbr1 in accordance with the existing Proxmox lab environment. See the network diagram for more info.



Create and Run the Plan

cd /root/GOAD/ad/GOAD/providers/proxmox/terraform
terraform init
terraform plan -out goad.plan
terraform apply "goad.plan"
ℹ️
As noted by the author, if you get any errors during the terraform apply operation, just run terraform apply "goad.plan" again.

The whole idea with Infrastructure as Code is "idempotency". So, if you run a plan once or ten times, the result should always be the same, and only apply what needs applying.



Current State of the Lab

Terraform has provisioned the lab hosts off the templates created with Packer





Next Step

Proxmox Lab: Game of Active Directory - Configure with Ansible
In this module, we’ll be taking steps to configure the Windows hosts in the Proxmox Game of Active Directory lab using Ansible
More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.