Learning Puppet for Windows Server

By Fuat Ulugay

Organize your Windows environment using Puppet tools to unload administrative burdens in a short time!

About This Book

• Learn to install and implement a Puppet server for Windows administration
• Script Puppet manifests, functions, templates and facts for Windows
• A step-by-step guide that helps you to make your Windows environment more secure with Puppet

Who This Book Is For

This book is for Windows administrators who are looking for ways to automate management tasks of Windows servers and clients. Prior experience in Windows administration and a basic knowledge of Linux and Puppet will help you create wonders using this book.

What You Will Learn

• Install Puppet on a Windows server and Foreman interface to have a user-friendly Puppet working environment
• Discover how to install Puppet agents to single or multiple computers and get your hosts connected to Puppetmaster in one shot
• Understand all about creating modules, writing manifests, managing files, services and, users in Puppet
• Learn how to install Puppet Forge modules to complete tasks such as registry management, ACL, and firewall.
• Explore the usage of Puppet facts, functions and modules to have a deeper understanding of how Puppet functions
• Manage installation and updates of third party software using Puppet with Chocolatey to completely forgo the manual update chores in your daily plan
• Use Puppet for Windows security to have a more secure environment

In Detail

Puppet is a configuration management tool. It allows you to automate all your IT configurations by giving you control of what you do to each “node” (Puppet agent), focusing also on when and how you do it. In context, Puppet is a cross-platform tool that is widely used for Unix-like and Microsoft Windows systems declaratively. However, it has been used more popularly for Unix-like systems. This book provides insights into using Puppet for Windows administration tasks such as server setup, application updates, and service management.

This book kicks off with the fundamentals of Puppet by helping you with the installation of Puppet on a Windows server and progresses with the introduction of the Foreman interface for managing Puppet nodes. Next, you deal with the installation of Puppet agents on multiple clients and how to connect them to your Puppet server by grouping your nodes for easy management. You then become familiarized with the scripting of Puppet manifests along with an understanding of the module structure in Puppet. You further move on to the installation of Puppet Forge Modules and their usage in Windows along with advanced topics such as facts, functions and templates.

Moreover, you also venture into the security aspects for Windows by gaining insights into various security settings that will make your server and clients more secure from hackers using different attack vectors. You will also use Puppet and Chocolatey to install and update software.

You finally round off by learning how to check the details of reporting and status monitoring along with the automation of installing and updating software for multiple Windows clients arming you with ample artillery to tame Puppet for your future projects.

Style and approach

This book uses a step-by-step and easy-to-learn approach that helps make your Windows environment manageable with Puppet. Each chapter is explained in detail and with many screenshots. Almost all the scenarios and examples are taken from real-world scenarios.

• Language: English
• Publisher: Packt Publishing
• Release date: Aug 24, 2015
• ISBN: 9781785289941

Fuat Ulugay

Fuat Ulugay is currently the IT and ERP director for SOCAR Turkey. He lives in Istanbul, Turkey. Also, he has worked as an SAP ABAP and SAP CRM consultant for more than 10 years. He is a great fan of open source projects. He implements and teaches them whenever possible. He is good at penetration testing, network security monitoring, industrial control systems security, system administration, and virtualization. Also, he is leading and teaching the security team at his company. He has a blog at http:/hacktr.org, where he writes on open source and security-related topics.

Book preview

Table of Contents

Learning Puppet for Windows Server

Credits

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers, and more

Why subscribe?

Free access for Packt account holders

Instant updates on new Packt books

Preface

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Downloading the example code

Downloading the color images of this book

Errata

Piracy

Questions

1. Installing Puppet Server and Foreman

The differences between using Puppet with Windows and with Linux

Installing Puppet Server

Connecting your server with SSH

Installing Puppet

Setting the hostname

Setting FQDN

Setting static IP, gateway, and DNS

Adding the Puppet repositories

Installing Puppet

Installing Foreman

The Foreman interface

Keeping your server secure

Backups

Keeping your server up to date

Do not enable root account

The user password policy

Do not use old passwords that have been used before

Using at least a 10 char complex password

Expiring password in 90 days

Locking account

Using SSH with key file to connect

Creating the public and private key

Getting the key to your computer and converting it into the PuTTY format

Connecting from Linux

Disabling the SSH logins with a password

The firewall rules

Checking which ports to keep open

Defining firewall rules

Allowing ingress traffic for the SSH port 22

Allowing ingress traffic for HTTP port 80

Allowing ingress traffic for HTTPS port 443

Allowing ingress traffic for Foreman proxy port 8443

Allowing ingress traffic for Puppetmaster port 8140

Allowing all that is established from us

Denying all the incoming traffic

Making the iptables rules persistent

Summary

2. Installing Puppet Agents

Downloading and installing the Puppet agent

Signing the certificate

Installing the Puppet agent on multiple clients

Modifying the MSI file

Using software to push the agents

Using a domain controller to push the agents

Managing the node certificates

Displaying the certificates

Signing the certificates

Deleting the certificates

The host groups

Managing the host groups

Assigning the hosts to hosts groups

Summary

3. Your First Modules

The module structure

The module layout

Modules for creating the files and folders

The Hello World module

Creating the directory structure

Creating the manifest file

Importing the module class in Foreman

Assigning the class to a host

Assigning the class to a host group

Uploading files

Creating folders

Managing services

Running commands

Running the command on certain conditions

Managing users

Summary

4. Puppet Forge Modules for Windows

Installing modules from Puppet Forge

Managing the registry

Writing the manifests

Limitations with the registry module

The access control list

Changing the permissions of a folder

Purging permissions

Purging permissions and locking a file from user changes

Firewall

The firewall rule example

The reboot module

Summary

5. Puppet Facts, Functions, and Templates

Puppet facts

Using the facts in manifests

Adding the custom facts

Adding Windows users as custom facts

Making sure our code works only for Windows

Including the necessary libraries

Defining your variables with empty values

Finding the registry values

The Puppet templates

An example template to edit the registry keys

The Puppet functions

The stdlib functions

Some string functions – downcase, upcase, and capitalize

The pw_hash function

Your first function

Summary

6. Using Puppet for Windows Security

Locking the Startup folder

Locking the hosts file

Stopping unnecessary services

Making sure that the security-related services are running

Denying all incoming traffic and allowing only the necessary ports

Making the local administrator passwords unique

The password function

The module

The Ruby code to generate the password

The test

Summary

7. Reporting and Monitoring

Checking the infrastructure statistics

Checking the statuses of hosts from Foreman

Audits

Facts

Reports

YAML

Checking the report details of hosts from Foreman

Checking the statuses of hosts from the terminal

node.rb

The host YAML files

Facts

The Puppet SSL certificates

Checking the logs from the terminal

Summary

8. Installing Software and Updates

Installing a software with package resource

What is Chocolatey?

Installing Chocolatey

Installing a software with Chocolatey

Uninstalling a software with Chocolatey

Using Chocolatey to install a software

Installing Firefox as an example

Installing Chocolatey using Puppet

Using Chocolatey to update a software

Using Puppet and Chocolatey to update mostly used software

Updating the Puppet agents

Updating the server

Updating the agents with Chocolatey

Uninstalling a software

Uninstalling an older version of a software that cannot be differentiated by its name

Summary

Index

Learning Puppet for Windows Server

---

Learning Puppet for Windows Server

Copyright © 2015 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

First published: August 2015

Production reference: 1170815

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham B3 2PB, UK.

ISBN 978-1-78528-187-7

www.packtpub.com

Credits

Author

Fuat Ulugay

Reviewers

Rudi Broekhuizen

Jordan Olshevski

Commissioning Editor

Nadeem N. Bagban

Acquisition Editor

Harsha Bharwani

Content Development Editor

Dharmesh Parmar

Technical Editor

Tanmayee Patil

Copy Editor

Kausambhi Majumdar

Project Coordinator

Vijay Kushlani

Proofreader

Safis Editing

Indexer

Rekha Nair

Production Coordinator

Melwyn D'sa

Cover Work

Melwyn D'sa

About the Author

Fuat Ulugay is currently the IT and ERP director for SOCAR Turkey. He lives in Istanbul, Turkey. Also, he has worked as an SAP ABAP and SAP CRM consultant for more than 10 years.

He is a great fan of open source projects. He implements and teaches them whenever possible. He is good at penetration testing, network security monitoring, industrial control systems security, system administration, and virtualization. Also, he is leading and teaching the security team at his company. He has a blog at http:/hacktr.org, where he writes on open source and security-related topics.

I would like to thank my wife, Cigdem, for her continuous support while writing this book. Also, I would like to thank my little son, Omer Faruk, for his patience and playtime sacrifice when I was working on this book.

About the Reviewers

Rudi Broekhuizen is a system administrator at Naturalis Biodiversity Center in the Netherlands. From 2005 to 2013, his main focus was on Microsoft products, VMware virtualization, and networking.

Since 2013, he has been involved in transforming the IT organization to take a more DevOps-oriented approach. His main focus shifted to Linux, automated configuration management using Puppet, monitoring and analytics, OpenStack, and replacing closed source software with open source software.

To see what Rudi is currently working on, take a look at some of his code at https://github.com/rudibroekhuizen and https://github.com/naturalis.

Also, do not hesitate to leave a comment on his blog at https://rudibroekhuizen.wordpress.com/.

Jordan Olshevski is a professional services engineer at Puppet Labs. He has a background in software engineering and systems administration. He frequently consults enterprise organizations and has a passion for improving the lives of engineers through DevOps tooling and Agile methodologies. In his spare time, he enjoys listening to jazz music and contributing to the open source community.

www.PacktPub.com

Support files, eBooks, discount offers, and more

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www2.packtpub.com/books/subscription/packtlib

Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.

Why subscribe?

Fully searchable across every book published by Packt

Copy and paste, print, and bookmark content

On demand and accessible via a web browser

Free access for Packt account holders

If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.

Instant updates on new Packt books

Get notified! Find out when new books are published by following @PacktEnterprise on Twitter or the Packt Enterprise Facebook page.

Preface

Puppet is a configuration management tool. It allows you to automate all your IT configurations by giving you the control of what you do to each node (Puppet agent), and also, focusing on when and how you do the configurations. In this context, Puppet is a cross-platform tool that is widely used for Unix-like and Microsoft Windows systems. However, it has been popularly used for Unix-like systems. This book provides insights into using Puppet for Windows administration tasks, such as server setup, application updates, and service management.

This book kicks off with the fundamentals of Puppet by helping you with the installation of Puppet on a Windows Server, and progresses with the introduction of the Foreman interface to manage Puppet nodes. Next, you will deal with the installation of Puppet agents on multiple clients and how to connect them to your Puppet server by grouping your nodes for easy management. Then, you will become familiar with the scripting of Puppet manifests along with an understanding of the module structure in Puppet. You will further move on to the installation of the Puppet Forge modules and their usage in Windows along with advanced topics such as facts, functions, and templates.

Moreover, you will venture into the security aspects for Windows by gaining insights into the various security settings that will make your server and clients more secure from hackers that use different attack vectors. You will also use Puppet and Chocolatey to install and update software.

Finally, you will round off by learning how to check the details of reporting and status monitoring along with the automation of installing and updating software for multiple Windows clients, arming you with ample artillery to tame Puppet for your future projects.

What this book covers

Chapter 1, Installing Puppet Server and Foreman, starts with an introduction to Puppet. It continues with the installation of the operating system of the server. Next, it deals with the installation of Puppet Server and Foreman. Finally, this chapter ends with the security settings of the server.

In this chapter, we start by learning what Puppet is. Then, we continue with the differences of Puppet implementation. We get hands-on experience by installing Puppet Server and Foreman. The last