Skip to content

Instantly share code, notes, and snippets.

@josephoaks

josephoaks/GSWP Lab Commands.md

Last active October 2, 2019 18:51
Show Gist options
  • Save josephoaks/75c68c95ed42de6c23fbbdc49719f019 to your computer and use it in GitHub Desktop.
Save josephoaks/75c68c95ed42de6c23fbbdc49719f019 to your computer and use it in GitHub Desktop.
Download ZIP
The Exercise Guide PDF does not copy and paste commands that are multi line very well...
Raw
GSWP Lab Commands.md

URL Shortcode https://goo.gl/mtEMXK

Lab 2.2: Running commands

Task 1: Run local system commands

Step 1
  Steps for Windows:
    PS C:\> bolt command run 'net stop w32time' --nodes winrm://localhost --user Administrator --no-ssl --password
  
  Steps for Linux:
    $ bolt command run 'sudo systemctl stop ntpd' --nodes ssh://localhost --user centos --no-host-key-check

Task 2: Run remote system commands

Step 1
  Steps for Windows:
    PS C:\> bolt command run 'sudo systemctl start ntpd' --nodes ssh://<your-linuxmachine>.classroom.puppet.com --private-key C:\keys\private_key.pem --user centos --no-host-key-check

  Steps for Linux:
    $ bolt command run 'net start w32time' --nodes winrm://<your-windows-machine>.classroom.puppet.com --user Administrator --no-ssl --password

Step 2
  Steps for Windows:
    PS C:\> bolt command run 'sudo systemctl status ntpd' --nodes ssh://<your-linuxmachine>.classroom.puppet.com --private-key C:\keys\private_key.pem --user centos --no-host-key-check

  Steps for Linux:
    $ bolt command run 'Get-Service w32time' --nodes winrm://<your-windows-machine>.classroom.puppet.com --user Administrator --no-ssl --password

Task 3: Run scripts

Step 1
  Steps for Windows:
    PS C:\> bolt script run C:\tools\linux.sh --nodes ssh://<your-linux-machine>.classroom.puppet.com --private-key C:\keys\private_key.pem --user centos --no-host-key-check --run-as root

  Steps for Linux
    $ bolt script run /tools/windows.ps1 --nodes winrm://<your-windows-machine>.classroom.puppet.com --user Administrator --no-ssl --password

Lab 7.1: Puppet forge

Task 1: Learn the Puppet Forge web site interface

Code: *** See attached file for the init.pp
Step 4
  Steps for Windows:
    PS C:\Users\Administrator> puppet config print modulepath 'C:/ProgramData/PuppetLabs/code/environments/production/modules;C:/ProgramData/PuppetLabs/code/modules;C:/opt/puppetlabs/puppet/modules'           

  Steps for Linux:
    $ sudo puppet config print modulepath /etc/puppetlabs/code/environments/production/modules:/root/puppetcode/modules:/etc/puppetlabs/code/modules

Lab 8.1: Create a wrapper module

Task 2: Add classes to your wrapper class

Code: *** See attached file for the init.pp

Lab 10.1 Create roles and profiles

Task 3: Create Bastion Host Role

Step 3
  Steps for Windows
    cd c:\Users\Administrator\control-repo\site\role
    # This is the smoke test. --noop is a dry-run.
    puppet apply examples\bastion.pp --modulepath='C:/ProgramData/PuppetLabs/code/environments/production/modules;C:/Users/Administrator/control-repo/site;C:/Users/Administrator' --noop
    
    # Apply for real
    puppet apply examples\bastion.pp --modulepath='C:/ProgramData/PuppetLabs/code/environments/production/modules;C:/Users/Administrator/control-repo/site;C:/Users/Administrator'

  Steps for Linux
    cd control-repo/site/role
    # This is the smoke test. --noop is a dry-run.
    puppet apply examples/bastion.pp --modulepath=/etc/puppetlabs/code/environments/production/modules:/home/centos/control-repo/site:/home/centos --noop

    # Apply it for real
    puppet apply examples/bastion.pp --modulepath=/etc/puppetlabs/code/environments/production/modules:/home/centos/control-repo/site:/home/centos

Lab 12.1: Expand initial roles and profiles

Task 1

Step 2 *** See attached file for the firewall.pp
Step 3 *** See attached file for the ssh_config.pp
Step 4 *** See attached file for the security_baseline.pp

Step 6 (Optional)
  Steps for Windows
    cd C:\Users\Administrator\control-repo\site
    puppet apply profile\examples\security_baseline.pp --modulepath='C:/ProgramData/PuppetLabs/code/environments/production/modules;C:/ProgramData/PuppetLabs/code/modules;.' --noop
    
  Steps for Linux
    cd control-repo/site
    # This is the smoke test.
    puppet apply profile/examples/security_baseline.pp --modulepath=/etc/puppetlabs/code/environments/production/modules:/home/centos/control-repo/site:/home/centos --noop
Raw
Lab 12.1 firewall.pp
class profile::baseline::windows::firewall {
class { '::windows_firewall':
ensure => 'running',
}
windows_firewall::exception { 'Permit ICMPv4':
ensure => present,
direction => 'in',
action => 'allow',
enabled => true,
protocol => 'ICMPv4',
display_name => 'Permit ICMPv4',
description => 'Permit ICMPv4',
}
windows_firewall::exception { 'WINRM':
ensure => present,
direction => 'in',
action => 'allow',
enabled => true,
protocol => 'TCP',
local_port => 5985,
remote_port => 'any',
display_name => 'Windows Remote Management HTTP-In',
description => 'Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]',
}
windows_firewall::exception { 'RDP':
ensure => present,
direction => 'in',
action => 'allow',
enabled => true,
protocol => 'TCP',
local_port => 3389,
remote_port => 'any',
display_name => 'Windows RDP',
description => 'Inbound rule for Windows RDP. [TCP 3389]',
}
}
Raw
Lab 12.1 security_baseline.pp
class profile::security_baseline {
# OS-specific
case $::kernel {
'windows': {
include profile::baseline::windows::firewall
}
'Linux': {
include profile::baseline::linux::ssh_config
}
default: {
fail('Unsupported operating system!')
}
}
}
Raw
Lab 12.1 ssh_config.pp
class profile::baseline::linux::ssh_config {
class{ '::ssh':
permit_root_login => 'yes',
sshd_client_alive_interval => '7200',
sshd_client_alive_count_max => '0',
}
}
Raw
Lab 8.1 init.pp
class time {
$servers = ['time.google.com']
case $facts['kernel'] {
'windows': {
class { 'winntp':
servers => $servers,
}
}
default: {
class { 'ntp':
servers => $servers,
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment