Setting Up Test Targets
Difficulty: Basic(基本)
Time: Approximately 5 minutes
In this exercise you will create targets that you can use to experiment with Bolt. You can also use existing targets in your system if you prefer.
この演習では、Boltの実験に使えるtargetを作成します。何ならシステム内の既存のtargetを試用することもできます。
Prerequisites(前提条件)
To use an attached configuration file to set up test targets, you must have one of the following installed on your machine:
添付の設定を使用してテストターゲットを設定するには、以下のいずれかをインストールしている必要があります。
Existing Targets(既存のターゲット)
If you already have, or can easily launch, a few Linux or Windows targets then you’re all set. These targets must be accessible via SSH or WinRM; if you can access them via an SSH or WinRM client then Bolt can, too.
すでにLinuxやWindowsのターゲットを持っていたりすぐに実行できる状態にあるなら、すべての設定は完了しています。これらのターゲットは、SSH或いはWinRM経由で接続する必要があります。SSH或いはWinRMによる接続設定ができているならBoltもまた接続可能です。
Using Vagrant
Note: These instructions assume that you are familiar with Vagrant and have a suitable hypervisor configured.
The attached Vagrantfile configures three CentOS 7 targets and a Windows (Nano Server) target.
Save the following code as Vagrantfile
. To configure a different number of targets, change the TARGETS
environment variable.
# -*- mode: ruby -*-
# vi: set ft=ruby :
$targets_count = 3
if ENV['TARGETS'].to_i > 0 && ENV['TARGETS']
$targets_count = ENV['TARGETS'].to_i
end
Vagrant.configure('2') do |config|
config.vm.box = 'centos/7'
config.ssh.forward_agent = true
config.vm.network "private_network", type: "dhcp"
(1..$targets_count).each do |i|
config.vm.define "target#{i}"
end
config.vm.define :windows do |windows|
windows.vm.box = "mwrock/WindowsNano"
windows.vm.guest = :windows
windows.vm.communicator = "winrm"
end
end
From the command line, ensure you’re in the directory where you stored the Vagrantfile file and enter vagrant up
.
Generate the SSH configuration so Bolt knows how to authenticate with the SSH daemon. The following command will output the required details.
vagrant ssh-config
You can save that so it will be automatically picked up by most SSH clients, including Bolt. This uses the ability to specify hosts along with their connection details in a configuration file.
mkdir ~/.ssh
vagrant ssh-config >> ~/.ssh/config
By saving this SSH configuration file, you can use the target name, rather than the IP address. When passing targets to Bolt in the following exercises with Linux you will use --targets target1,target2
.
Make sure you can SSH into all of your targets. If you’ve used the vagrant targets before you may have to remove entries from ~/.ssh/known_hosts
.
ssh target1
ssh target2
ssh target3
Using Docker
Using Docker we can quickly launch a number of ephemeral SSH servers. To make that even easier we’ll use Docker Compose.
Save the following code as docker-compose.yml
.
version: '3'
services:
ssh:
build: .
ports:
- 22
Save the following code as Dockerfile
.
FROM rastasheep/ubuntu-sshd:16.04
RUN ln -s /usr/bin/python3 /usr/bin/python
Launch a single SSH server in the background: docker-compose up -d
. To launch more SSH servers, run: docker-compose up --scale ssh=3 -d
.
View a list of running containers: docker-compose ps
. The result should be similar to:
Name Command State Ports
-------------------------------------------------------------------------
2acquiringtargets_ssh_1 /usr/sbin/sshd -D Up 0.0.0.0:32768->22/tcp
2acquiringtargets_ssh_2 /usr/sbin/sshd -D Up 0.0.0.0:32769->22/tcp
Note the Ports
column. We are forwarding a local port to the SSH server running in the container. Using the example above, you can SSH to 127.0.0.1:32768
.
If you have a local SSH client, test the connection. Change the port to one you get from running the docker-compose ps
command. The image sets the username and password to root
.
ssh root@127.0.0.1 -p 32768
Make sure you can log into all the targets before moving on. You may have to remove some entries from ~/.ssh/known_hosts
When passing targets to Bolt in the next section you will use --targets 127.0.0.1:32768,127.0.0.1:32769
, replacing the ports with those you see when you run the docker-compose ps
command.
Creating an Inventory File
In Bolt, you can use an inventory file to store information about your targets. For example, you can organize your targets into groups or set up connection information for targets or target groups. In this lab, you’ll make use of the groups defined in the following inventory file.
The inventory file is a yaml file stored by default at inventory.yaml
inside the Bolt project directory. Save the following at Boltdir/inventory.yaml
:
---
# Inventory file for Bolt Hands-on Lab
version: 2
groups:
- name: linux
targets:
- target1
- target2
- target3
- name: windows
targets:
- winrm://localhost:55985
config:
ssh:
host-key-check: false
winrm:
user: vagrant
password: vagrant
ssl: false
While an inventory file is not necessary for running Bolt, it does make referencing the test targets and setting some configuration options a little easier. Instead of targetting each individual target by using --targets target1,target2,target3
you can target them at all once by using their group name like so --targets linux
.
You can read more about the inventory file in the official documentation.
Next Steps
Now that you have set up test targets to use with Bolt you can move on to: