diff --git a/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md b/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md index d168396..e447fd3 100644 --- a/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md +++ b/Servers & Workflows/Linux/Automation/Puppet/Puppet Bolt.md @@ -79,7 +79,7 @@ bolt inventory show ??? example "Example Output of `bolt inventory show`" You should expect to see output similar to the following: - ``` + ``` sh [root@lab-puppet-01 bolt-lab]# bolt inventory show Targets lab-auth-01.bunny-lab.io @@ -105,7 +105,7 @@ bolt inventory show Use the '--detail' option to view target configuration and data ``` -## Initializing Kerberos +## Configuring Kerberos If you work with Windows-based devices in a domain environment, you will need to set up Puppet so it can perform Kerberos authentication while interacting with Windows devices. This involves a little bit of setup, but nothing too crazy. ### Install Krb5 @@ -163,7 +163,7 @@ klist ??? example "Example Output of `klist`" You should expect to see output similar to the following. Finding a way to ensure the Kerberos tickets live longer is still under research, as 7 days is not exactly practical for long-term deployments. - ``` + ``` sh [root@lab-puppet-01 bolt-lab]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: nicole.rappe@BUNNY-LAB.IO @@ -171,4 +171,42 @@ klist Valid starting Expires Service principal 11/14/2024 21:57:03 11/15/2024 07:57:03 krbtgt/BUNNY-LAB.IO@BUNNY-LAB.IO renew until 11/21/2024 21:57:03 + ``` + +### Prepare Windows Devices +Windows devices need to be prepared ahead-of-time in order for WinRM functionality to work as-expected. I have prepared a powershell script that you can run on each device that needs remote management functionality. You can port this script based on your needs, and deploy it via whatever methods you have available to you. (e.g. Ansible, Group Policies, existing RMM software, manually via remote desktop, etc). + +You can find the [WinRM Enablement Script](https://docs.bunny-lab.io/Docker%20%26%20Kubernetes/Servers/AWX/AWX%20Operator/Enable%20Kerberos%20WinRM/?h=winrm) in the Bunny Lab documentation. + +## Perform First Command +At this point, you should finally be ready to connect to Windows and Linux devices and run commands on them ad-hoc. Puppet Bolt Modules and Plans will be discussed further down the road. + +??? example "Example Output of `bolt command run whoami -t domain_controllers --no-ssl-verify`" + You should expect to see output similar to the following. This is what you will see when leveraging Kerberos on Windows devices. + ``` sh + [root@lab-puppet-01 bolt-lab]# bolt command run whoami -t domain_controllers --no-ssl-verify + CLI arguments ["ssl-verify"] might be overridden by Inventory: /tmp/bolt-lab/inventory.yaml [ID: cli_overrides] + Started on lab-dc-01.bunny-lab.io... + Started on lab-dc-02.bunny-lab.io... + Finished on lab-dc-02.bunny-lab.io: + bunny-lab\nicole.rappe + Finished on lab-dc-01.bunny-lab.io: + bunny-lab\nicole.rappe + Successful on 2 targets: lab-dc-01.bunny-lab.io,lab-dc-02.bunny-lab.io + Ran on 2 targets in 1.91 sec + ``` + +??? example "Example Output of `bolt command run whoami -t linux_servers`" + You should expect to see output similar to the following. This is what you will see when leveraging Kerberos on Windows devices. + ``` sh + [root@lab-puppet-01 bolt-lab]# bolt command run whoami -t linux_servers + CLI arguments ["ssl-verify"] might be overridden by Inventory: /tmp/bolt-lab/inventory.yaml [ID: cli_overrides] + Started on lab-auth-01.bunny-lab.io... + Started on lab-auth-02.bunny-lab.io... + Finished on lab-auth-02.bunny-lab.io: + nicole + Finished on lab-auth-01.bunny-lab.io: + nicole + Successful on 2 targets: lab-auth-01.bunny-lab.io,lab-auth-02.bunny-lab.io + Ran on 2 targets in 0.68 sec ``` \ No newline at end of file