book

Learning Puppet for Windows Server

Name: Learning Puppet for Windows Server
Author: Fuat Ulugay
ISBN: 9781785281877

by Fuat Ulugay

August 2015

Beginner

234 pages

4h 39m

English

Packt Publishing

Read now

Unlock full access

Learning Puppet for Windows Server
Table of Contents
Learning Puppet for Windows Server
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holdersInstant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for

Conventions
Reader feedback
Customer support
Downloading the example codeDownloading the color images of this bookErrataPiracyQuestions
1. Installing Puppet Server and Foreman
The differences between using Puppet with Windows and with Linux
Installing Puppet Server
Connecting your server with SSHInstalling PuppetSetting the hostnameSetting FQDNSetting static IP, gateway, and DNSAdding the Puppet repositoriesInstalling Puppet
Installing Foreman
The Foreman interface
Keeping your server secure
BackupsKeeping your server up to dateDo not enable root accountThe user password policyDo not use old passwords that have been used beforeUsing at least a 10 char complex passwordExpiring password in 90 daysLocking accountUsing SSH with key file to connectCreating the public and private keyGetting the key to your computer and converting it into the PuTTY formatConnecting from LinuxDisabling the SSH logins with a passwordThe firewall rulesChecking which ports to keep openDefining firewall rulesAllowing ingress traffic for the SSH port 22Allowing ingress traffic for HTTP port 80Allowing ingress traffic for HTTPS port 443Allowing ingress traffic for Foreman proxy port 8443Allowing ingress traffic for Puppetmaster port 8140Allowing all that is established from usDenying all the incoming trafficMaking the iptables rules persistent
Summary
2. Installing Puppet Agents
Downloading and installing the Puppet agentSigning the certificate
Installing the Puppet agent on multiple clients
Modifying the MSI fileUsing software to push the agentsUsing a domain controller to push the agents
Managing the node certificates
Displaying the certificatesSigning the certificatesDeleting the certificates
The host groups
Managing the host groupsAssigning the hosts to hosts groups
Summary
3. Your First Modules
The module structure
The module layout
Modules for creating the files and folders
The Hello World moduleCreating the directory structureCreating the manifest file
Importing the module class in Foreman
Assigning the class to a hostAssigning the class to a host group
Uploading files
Creating folders
Managing services
Running commands
Running the command on certain conditions
Managing users
Summary
4. Puppet Forge Modules for Windows
Installing modules from Puppet Forge
Managing the registry
Writing the manifestsLimitations with the registry module
The access control list
Changing the permissions of a folderPurging permissionsPurging permissions and locking a file from user changes
Firewall
The firewall rule example
The reboot module
Summary
5. Puppet Facts, Functions, and Templates
Puppet factsUsing the facts in manifests
Adding the custom facts
Adding Windows users as custom factsMaking sure our code works only for WindowsIncluding the necessary librariesDefining your variables with empty valuesFinding the registry values
The Puppet templates
An example template to edit the registry keys
The Puppet functions
The stdlib functionsSome string functions – downcase, upcase, and capitalizeThe pw_hash functionYour first function
Summary
6. Using Puppet for Windows Security
Locking the Startup folder
Locking the hosts file
Stopping unnecessary services
Making sure that the security-related services are running
Denying all incoming traffic and allowing only the necessary ports
Making the local administrator passwords unique
The password functionThe moduleThe Ruby code to generate the passwordThe test
Summary
7. Reporting and Monitoring
Checking the infrastructure statistics
Checking the statuses of hosts from Foreman
AuditsFactsReportsYAML
Checking the report details of hosts from Foreman
Checking the statuses of hosts from the terminal
node.rbThe host YAML filesFactsThe Puppet SSL certificatesChecking the logs from the terminal
Summary
8. Installing Software and Updates
Installing a software with package resource
What is Chocolatey?
Installing ChocolateyInstalling a software with ChocolateyUninstalling a software with Chocolatey
Using Chocolatey to install a software
Installing Firefox as an exampleInstalling Chocolatey using Puppet
Using Chocolatey to update a software
Using Puppet and Chocolatey to update mostly used software
Updating the Puppet agents
Updating the serverUpdating the agents with Chocolatey
Uninstalling a software
Uninstalling an older version of a software that cannot be differentiated by its name
Summary
Index

Content preview from Learning Puppet for Windows Server

Keeping your server secure

Puppet Master must be protected well. It is a high-risk asset. With Puppet, you can install software on all your servers and clients. Puppet agents on Linux and Windows run with root and admin rights respectively. Think about a scenario where a hacker gets control of it. He can easily run any command, install backdoors, and fully compromise your IT infrastructure.

I suggest using the Ubuntu Server version that does not have a graphical user interface. This will ensure that there will not be much unnecessary software on your Puppet Master. Having only the necessary software on it helps you to have a more secure server, and also to keep the performance higher.

Note

Security rule:

Do not install any software that is not necessary. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781785281877

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Learning Puppet for Windows Server

by Fuat Ulugay

Keeping your server secure

Note

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.