Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Offensive Infrastructure: the HashiStack

This folders contains code related to Part 2 of the Offensive Infrastructure with Modern Technologies Series.

Environment Setup

# Action Command
1 Clone the repository host:~/ ❯ git clone
2 Get to the hashistack folder host:~/ ❯ cd offensive-infrastructure/hashistack/part_2_hashistack/
3 Edit Vagrantfile and change the IP addresses accordingly with your own local network
4 Spin up Vagrant machines host:~/hashistack ❯ vagrant up
5 Build the container for the Ansible worker host:~/hashistack ❯ docker build -t ansibleworker:1.0 ansible/
6 Run the container while sharing the relevant folders host:~/hashistack ❯ docker run -ti --rm -v $(pwd)/ansible:/etc/ansible -v $(pwd)/playbooks:/playbooks ansibleworker:1.0
7 Pull the ansible roles /playbooks $ ansible-galaxy install --roles-path /etc/ansible/roles -r /etc/ansible/requirements.yml

Stack Deployment

# Action Command
1 Change the IP addresses of the hosts file accordingly with what you set in the Vagrantfile /playbooks $ cat /playbooks/inventory/hosts
2 Edit the HashiStack playbook and ensure the variables match your setup /playbooks $ cat /playbooks/hashistack.yml
3 Run the playbook a first time (use any password as Vault password) to deploy Consul+Dnsmasq, Vault, Nomad+Docker, Traefik /playbooks $ ansible-playbook hashistack.yml
4 Unseal Vault: head to and follow the process (remember to store the master key and the root token)
5 Provide a Vault token to Nomad (remember to store the new password) /playbooks $ ansible-vault create /playbooks/inventory/group_vars/docker_instances
New Vault password:
Confirm New Vault password:

nomad_vault_token: <Vault Root Token>
6 Run the playbook a second time to configure Nomad with the Vault token /playbooks $ ansible-playbook hashistack.yml
7 Restart the services in order (and then unseal Vault) /playbooks $ ansible-playbook restart.yml

Main IP Addresses

Service IP Hostname
Consul http://consul.service.lab.consul:8500
Vault http://active.vault.service.lab.consul:8200
Nomad http://nomad-servers.service.lab.consul:4646

New Applications Deployment

# Action Command
1 Create a Nomad job description playbooks/apps/APPNAME.nomad
2 Add a new task in the playbooks/apps.yml playbook following the example playbooks/apps.yml
3 Run the apps playbook /playbooks $ ansible-playbook apps.yml

Environment teardown

# Action Command
1 Destroy the Vagrant machines host:~/hashistack ❯ vagrant destroy