Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Easy Cross-Platform PowerShell Automation with Puppet Bolt

615 views

Published on

Simplify your infrastructure automation with Puppet Bolt.
Maintaining scripts across an assortment of Powershell hosts can be difficult to manage and scale across teams. Puppet bolt makes getting started with automation on Windows easy!

Puppet Bolt is an agentless, multi-platform automation tool that allows you to get started with infrastructure automation with no agent software or Puppet knowledge. Puppet Bolt is driven through a command line interface (CLI) and connects to remote systems via SSH and WinRM.

Register now to learn more about Puppet Bolt and how it can help simplify your infrastructure automation. Attend the webinar and you’ll have a chance to see how Puppet Bolt enables you to:

Run PowerShell code on platforms other than Windows
Drive the organization of code into tasks, which can then be orchestrated together as plans
We will also leave plenty of time to answer your questions.

Speakers: Ethan Brown, Principal Software Engineer, and James Pogran, Sr. Software Engineer

18 December 2018

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Easy Cross-Platform PowerShell Automation with Puppet Bolt

  1. 1. Puppet Bolt Easy Cross-Platform PowerShell Automation
  2. 2. Speakers James Pogran Senior Engineer 2 Ethan Brown Principal Engineer
  3. 3. What is Puppet Bolt? PowerShell 6 Remote PowerShell with Bolt Q & A Agenda
  4. 4. What is Puppet Bolt? Commands, Scripts, Tasks, Plans and PE integration 4
  5. 5. Sometimes you just need to run commands on servers
  6. 6. Simple. Agentless. Extensible. With Puppet Bolt you can now start automating in few simple steps. Puppet Bolt is a open source, agentless multi-platform automation tool that allows you to get started with infrastructure automation with no prerequisites or Puppet knowledge.
  7. 7. Introspection Gather Information on Hosts • Query performance counters – Active connections to SQL – Users connected to IIS app pool – Resource consumption • Hosts with outdated patches / packages • Check service status • Process checks • Disk utilization
  8. 8. Maintenance One-off operations that don’t fit classic state modeling • Reboot server during change window • Close client connections before server upgrades • Deploy a version of an application • Orchestrate changes across multiple hosts / operating systems • Takeown + icacls /reset • Clean temp directories
  9. 9. Installing Bolt Chocolatey Packages! Homebrew on OSX
  10. 10. Bolt Capabilities https://puppet.com/docs/bolt/latest/bolt_new_features.html
  11. 11. Commands ● Executes in PowerShell ● Connects to 5985 / 5986 by default, but configurable ● Retrieves stdout / stderr ● Exit codes are important ● Runs as specific user, not SYSTEM ● Without SSL on, uses SPNEGO (beware pass the hash)
  12. 12. Scripts ● Extension of Command ● Leverage ad-hoc code you already have! ● Parameter Passing Tricky
  13. 13. Tasks ● Built-ins ○ Facts ○ Packages ○ Agent Install ○ Service ● Understand complex arguments ● Ideally return JSON (not strictly enforced)
  14. 14. Convert scripts to tasks
  15. 15. Counter Task ● Complex arg passing requires JSON --params ● Stop parsing symbol --% ● Still have to JSON escape
  16. 16. Plans https://puppet.com/docs/bolt/latest/writing_plans.html
  17. 17. Plans Abstracting tasks • Run more than one task in a single call – Drain load balancer – Update app – Start service – Check health • Make decisions based on output of prior tasks - use exit status / JSON • Inputs can be programmatic • Can invoke commands, scripts, tasks, other plans and upload files • Written in Puppet
  18. 18. Bolt + PE Better Together ● RBAC ● Auditing and logging ● Visual workflows BoltOrchestrator RUN TASK REQUEST TASK OUTPUT RESPONSE Agents
  19. 19. Run tasks without an agent ● Uses WinRM or SSH ● Credentials at runtime
  20. 20. Install agents in the console ● Uses WinRM or SSH ● GUI for install ● Bulk install on list of hosts
  21. 21. View plans in the console
  22. 22. Schedule runs and tasks ● Runs at a specific time ● View scheduled runs and tasks with other jobs
  23. 23. PowerShell Core Not just Windows anymore! 23
  24. 24. PowerShell Releases • 1 - Windows Vista / 2008 - 11/2006 • 2 - Windows 7 / 2008R2 - 11/2009 • 3 - Windows 8 / 2012 - 9/2012 • 4 - Windows 8.1 / 2012R2 - 8/2013 • 5 / WMF5 - 2/2016 • 5.1 - Windows 10 / 2016 - 8/2016 • 6 - 1/2018 – Linux and MacOS support – Side-by-side install • 6.1 - 9/2018 • 6.2 - 2018 ?
  25. 25. PowerShell Core A Very Different PowerShell • Moves from Standard .NET to .NET Core • Enables OSX, various Linux distros • Lots of breaking changes • PowerShell binary renamed to pwsh
  26. 26. Cross-Platform It still does Windows right? • Not all existing PowerShell Modules are supported • Only PowerShell Modules that: – Explicitly indicate Core for the CompatiblePSEditions property in the manifest • Will Not Support: – PowerShell Modules that do not have CompatiblePSEditions property or only have Desktop as a value • Any module installed using PowerShell Core skips the PSEdition check and will show as available • Problems? There is a solution...
  27. 27. WindowsCompatibility It’s all abstractions • Supports PowerShell Modules that are not natively available to PowerShell Core • How? – Uses Implicit Remoting – Creates a wrapper over existing PowerShell Modules • What’s the Catch? – Depends on WinRM, no OSX or *nix – No Windows Forms, WPF, or other GUI framework support – Requires PowerShell Core 6.1 • https://github.com/PowerShell/WindowsCompatibility
  28. 28. Beware Paths Paths are your friend, not your enemy • Do: – Use Join-Path and other path cmdlets! – Use [IO.Path]::PathSeparator • Don’t – “$($Directory1)$($Directory2)wakka.exe” • General notes – Most cmdlets accept forward or back slashes – Paths won’t always make sense to the system you think you are on, but are valid anway. – Rely on the system to validate – PowerShell is case insensitive but the platform may not be!
  29. 29. Platform Variables Know your platform, know yourself • Built in variables present on every platform – IsLinux – IsMacOS – IsWindows • Easy platform detection without having to know how to query • Does not give version information
  30. 30. File Access Relax it’s just text • Cmdlets know the details of how to access files on each platform, let them do the work for most cases • Beware differences in Get-Childitem on *nix platforms • File Encoding can be your friend if used correctly • File Encoding can burn you if not handled correctly
  31. 31. Downloading Files Invoke-RestMethod and Invoke- WebRequest Changes • Over 12 new parameters • Updated default User-Agent with platform specific information • Authentication Improvements – Support for no authentication requests – Better support for Basic, OAuth and other formats • Support for Self-Signed or Untrusted Certificates • Automated Pagination • For more information in depth: – https://get- powershellblog.blogspot.com/2017/11/powershell-core- web-cmdlets-in-depth.html
  32. 32. WMI or CIM WMI is dead, long live CIM • All WMI cmdlets removed – Get-WmiObject – Invoke-WmiMethod – Register-WmiMethod – Set-WmiInstance • Use the CIM Cmdlets – Get-CimInstance – Invoke-CimMethod – New-CimSession – Etc… • Why get rid of WMI? – DCOM only works on Windows platforms • Why use CIM? – Standardized protocol – Uses WSMAN
  33. 33. Bolt + PowerShell 6
  34. 34. Cross platform tasks Different languages for different shells { "implementations": [ {"name": "sql_linux.sh", "requirements": ["shell"]}, {"name": "sql_windows.ps1", "requirements": ["powershell"]} ] }
  35. 35. But PowerShell is cross- platform?
  36. 36. The Experiment PowerShell Everywhere • OSX Bolt client • Linux Server Requirements – PowerShell 6 Binaries – https://docs.microsoft.com/en- us/powershell/scripting/install/installing-powershell- core-on-linux – OMI Server – https://github.com/Microsoft/omi – PSRP Provider for OMI – https://github.com/PowerShell/psl-omi-provider • Bolt only uses Negotiate (SPNEGO), not Basic over SSL – Patches released in WinRM gem – Patches unreleased to OMI yet • Let’s use tasks to automate! – https://github.com/Iristyle/puppetlabs-powershell
  37. 37. Bootstrap PWSH ● Install Puppetfile
  38. 38. Bootstrap PWSH ● Install Puppetfile ● Use install_pwsh task ● Modifies sshd_config
  39. 39. Bootstrap PWSH ● Test Connection via cmdlet
  40. 40. Bootstrap PWSH ● Test Connection via cmdlet ● Verify Host PowerShell Enter-PSSession + SSH
  41. 41. Install OMI + PSRP ● Use enable_winrm task
  42. 42. Install OMI + PSRP ● Use enable_winrm task ● Builds OMI from source (including OpenSSL) ● Configures HTTPS auth self- signed cert + NTLM file
  43. 43. Install OMI + PSRP ● add_ntlm_authorized_user
  44. 44. Install OMI + PSRP ● add_ntlm_authorized_user ● Verify connection ● Bolt can do this from OSX ● Enter-PSSession cannot
  45. 45. What’s Next? Nearly There... • Command works • Upload_file works, with caveats • Validating script / task against Linux • PowerShell over SSH transport
  46. 46. Q & A

×