README.md

Vagrant/VirtualBox-Based Development Environment for Testing Puppet Agent on Windows

Table of Contents

• Overview
  • Use of Snapshots
  • No Windows Desktop Interaction Required
• Setting Up
  • Setup Requirements
  • Clone this Repository
  • Setting up VirtualBox
    • Install VirtualBox
  • Setting Up Vagrant
    • Install Vagrant
    • Install the Vagrant Reload Provisioner Plugin
• Running the Installation and Test Scripts
  • Set Environment Variables
  • Create Puppet and Conjur Server Containers
  • Create or Power Up Windows VM
  • Install Puppet Agent on the Windows VM
  • Run Puppet Agent and Confirm Provisioning Results
  • Re-Run Puppet Agent and Confirm Provisioning Results
  • Power Down the VM
  • Delete the VM Instance
  • Delete the Vagrant Box Image
  • Delete the Puppet Server and Conjur Server

Overview

This directory contains Vagrantfiles, Bash scripts, and PowerShell scripts that can be used to create a Vagrant/VirtualBox-based development and test environment for testing the Conjur Puppet module with Puppet Agents running on Windows2016 or Windows2012.

The Vagrantfiles and scripts can be used to:

• Spin up a containerized Puppet Server and Conjur server via docker-compose.
• Create a Windows2016 or Windows2012 VM.
• Dynamically install the desired version of Puppet Agent on the VM.
• Run Puppet Agent on the VM to install a Puppet catalog.
• Confirm that Puppet has been provisioned according to the configured Puppet manifest on the Puppet master.

Use of Snapshots

The scripts in this directory can be used to dynamically install or re-install (overwrite) different versions of Puppet Agent on an existing Windows VM and then preserve all artifacts in their own snapshots. By doing this, the developer can save time in test iterations, since VM creation can take several minutes to create from scratch.

No Windows Desktop Interaction Required

Using this Vagrant-based development environment does not require any user interaction with the Windows Desktop. The scripts are designed to be completely driven from the host. (Of course, the Windows Desktop is available via VirtualBox console if you should need it for any reason).

The connection mechanisms between the host and the Windows VM that allow this host-driven testing are as follows:

• PowerShell scripts in this directory are synced to /vagrant on the VM.
• The vagrant powershell command is used from the host to execute powershell commands or scripts remotely on the VM guest. (The vagrant powershell command makes use of Windows Remote Management, or WinRM, running on the VM. SSH is not enabled on Windows VMs by default).
• The services for the Puppet server and the Conjur server are exposed to the Windows VM via random host ports.

Setting Up

Setup Requirements

• Oracle VirtualBox, Version 6.0 or later (see the Setting Up VirtualBox section below).
• Vagrant, Version 2.2.9 or later (see the Setting Up Vagrant section below).
• 60 GB of free disk space on your development server for each version of Windows VM with that you would like to test.

Clone this Repository

Make a local copy of this repository as follows:

    git clone https://github.com/cyberark/conjur-puppet
    cd examples/puppetmaster/vagrant

Setting up VirtualBox

Install VirtualBox

This development environment requires that you have VirtualBox, Version 6.0 or later. To install, follow installation instructions here.

Setting Up Vagrant

Install Vagrant

This development environment requires that you have Vagrant, Version 2.2.9 or later. To install, follow installation instructions here.

Install the Vagrant Reload Provisioner Plugin

The Vagrant Reload Provisioner plugin can be used to conveniently reload a VM after a provisioning step has been done that requires a system reboot.

To install the Vagrant Reload Provisioner plugin:

    vagrant plugin install vagrant-reload

Running the Installation and Test Scripts

Set Environment Variables

The installation and test scripts in this directory require that the following environment variables be set and exported:

• COMPOSE_PROJECT_NAME: Docker-compose project name to use for creating Puppet and Conjur server containers.
• PUPPET_AGENT_VERSION: Version of Puppet Agent to install in Windows VM. Available versions can be found here (for Puppet Versions 5 and 6 respectively):
  • https://downloads.puppetlabs.com/windows/puppet5/
  • https://downloads.puppetlabs.com/windows/puppet6/
• VAGRANT_CWD: Subdirectory that contains the Vagrantfile for the desired version of Windows. Valid choices are:
  • windows2012
  • windows2016

For example:

    # Example environment for testing Puppet Agent v5.5.8 on Windows2012
    export COMPOSE_PROJECT_NAME="puppetmaster_$(openssl rand -hex 3)"
    export PUPPET_AGENT_VERSION="5.5.8"
    export VAGRANT_CWD="windows2012"

Alternatively, you can modify the environment settings in set_env.sh, and then run:

    source set_env.sh

Create Puppet and Conjur Server Containers

To create Puppet and Conjur server containers, run:

    ./0_start_puppet_conjur_servers.sh

Create or Power Up Windows VM

To create a Windows VM or power up an existing Windows VM and take its snapshot, run:

    ./1_create_or_power_up_vm.sh

After a few minutes and a few system reboots, you should see a Windows desktop running.

NOTE: To log into the Windows VM Desktop from a Mac host, press Command-Delete, rather than Ctrl-Alt-Delete.

NOTE: The user/password for logging into the Windows VM is either Vagrant/vagrant or Admin/vagrant. (Either combination will work).

Install Puppet Agent on the Windows VM

To restore the state to a clean base install and then install Puppet Agent on the Windows VM, run:

    ./2_install_puppet_agent.sh

This action will also create a snapshot with a unique name per agent version number.

Run Puppet Agent and Confirm Provisioning Results

To restore the state of a newly-installed Puppet Agent, run it on the Windows VM, and confirm that the VM has been properly provisioned, run:

    ./3_run_puppet_agent.sh
    ./5_get_puppet_artifacts.sh

If provisioning is successful, the last command should show that the file C:\tmp\test.pem on the VM contains the string supersecretpassword.

For example, the last command should result in the following output:

    $ ./5_get_puppet_artifacts.sh
    Getting C:\tmp\test.pem from Windows VM
    1 COMMIT_EDITMSG
        default: supersecretpassword
        default:
    ==> default: Command: cat \tmp\test.pem executed successfully with output code 0.
    $

Re-Run Puppet Agent and Confirm Provisioning Results

Some test require ensuring that re-provisioning operations do not fail. Using the resulting state of running ./3_run_puppet_agent.sh script, re-run the agent to ensure that it can fetch secrets correctly again:

    ./4_run_puppet_agent_again.sh
    ./5_get_puppet_artifacts.sh

If provisioning is successful, the last command should show that the file C:\tmp\test.pem on the VM contains the string supersecretpassword.

Power Down the VM

To halt (power down) the VM, run:

    ./6_power_down_vm.sh

Delete the VM Instance

To delete the VM instance from your host, run:

    ./7_delete_vm_instance.sh

WARNING: This action will remove all snapshots and will thus cause a much longer startup time for your tests next time they run. In general this operation is rarely needed.

NOTE: vagrant destroy will delete the VM instance. However, this command will not delete the Vagrant "box" (i.e. base) image that was used to create the VM instance. Retaining the Vagrant box image will save downloading time for the next time that that version of VM needs to be created. See the following section for steps to delete the Vagrant box image.

Delete the Vagrant Box Image

To delete the Vagrant box (i.e. base) image that was used to create the VM instance, run:

    vagrant box list

to list Vagrant box images that have been saved, and then run:

    vagrant box remove <box-image>

Delete the Puppet Server and Conjur Server

To delete the Puppet server and Conjur server and their associated containers, run:

    docker-compose down -v