Lab 8 - Configuration Management

The Setting

You’re suddenly awoken by an alarm. Still drowsy from sleep, you check the time on your phone. 7:00am?? you think to yourself. No way. I don’t even have any 8ams. In fact, I haven’t woken up this early since… Looking back at your phone again, which you realize is now 2 times thicker and suddenly has a 3.5mm audio port, you check the year. You may have thought Berkeley was hell, but now you’ve traveled back in time for some true suffering: high school.

After getting dressed and lamenting your disastrous teenage fashion sense, you get a text message on your dumb phone. Sighing, you open it even though it’s going to cost you 10 cents.

FROM: 5cr1p7k1dd1337
MSG: w31c0m3 b4ck t0 h1ghsk00l. i h4v3 a t45k f0r j00: j00 mu5t 1n5ta11 th3
f0ll0w1ng 5cr1p7 0n 3v3ry c0mput3r 1n j00r sk00l by the 3nd 0f t0d4y, 0r j00l
b3 5tuCk 5ever.

j00r sk00l u535 puppet, s0 j00 c4n ju57 wr1t3 a m0dul3 f0r th15. F1l3s R @
https://github.com/0xcf/decal-labs 1n a8/

Rubbing your eyes, you try to understand 5cr1p7k1dd1337’s arcane runes once again:

Welcome back to high school. I have a task for you: you must install the
following script on every computer in your school by the end of today, or
you'll be stuck forever.

Your school uses puppet, so you can just write a module for this. Files are in
the decal-labs repo (https://github.com/0xcf/decal-labs) in the a8/ directory.

Great, you think to yourself, good thing I’m currently taking the best DeCal at UC Berkeley, the Linux SysAdmin DeCal! This is gonna be a piece of cake.

Aside: Installing Puppet on your student VM

In order to save yourself from your circumstances, you’ll need to set up Puppet on your student VM so you can test your changes. Luckily, we’ve provided a snippet of code to install the Puppet agent. Run the following block of code on your VM:

wget https://apt.puppetlabs.com/puppet6-release-bionic.deb && \
sudo dpkg -i puppet6-release-bionic.deb && \
sudo apt-get update && \
sudo apt-get -y install puppet-agent

Puppet will automatically add itself to PATH, but you may have to relog into your VM for this to take effect. Afterwards, ensure you can run puppet, and you should be good to go!

Your task, in plain English

You need to write a puppet module that places a script hack_everything into /usr/local/bin/ and sets up a cronjob to run the script repeatedly and append its output to a file. Your module will need to install the dependencies for the script and ensure that all of the pieces are installed correctly.

There are three main parts you’ll need to work on:

  1. Installing the packages the script depends on
  2. Placing the script in the right directory, and placing a file the script depends on in the right directory
  3. Setting up cronjob to run the script every 30 minutes and append its output to a file

We’ve provided skeleton code for you in the decal-labs repository, so make sure to git pull the latest version! The script hack_everything is located in a8/modules/hacked/files/hack_everything.

The only file you need to change is in a8/modules/hacked/manifests/hacked.pp. We’ve included some hints and points to relevant documentation that will help you complete this manifest.

Although we are only applying your manifest on one machine (your DeCal VM), you could, in theory, apply this module on thousands of machines that are connected to a puppet-master! How neat is that!

While you’re writing the manifest, there’s an easy way to check your syntax: you can use the command puppet parser validate hacking.pp.

Once you have completed your manifest, you can apply the changes to your system with this command (assuming you cloned decal-labs into $HOME):

sudo env "PATH=$PATH" puppet apply --modulepath=$HOME/decal-labs/a8/modules $HOME/decal-labs/a8/manifests/default.pp

Basically, we’re running puppet locally on the module we just created. default.pp is just a file that includes the hacked module you’re editing, and we need to be sure to include the path to the modules so puppet can find them.

The weird little env part is due to a Debian security feature known as secure_path, which resets your PATH when you run sudo. Since puppet is not in this list of default paths, running it with regular sudo won’t work.

Once this is done, you should be able to run the command hack_everything (as the script is now in your path). Try it out!

Hints (if you need them):

Extra fun (completely optional)

Using your knowledge of config management, you might like to try any of the following:

Submission

Congratulations on finishing the lab!

To submit, upload hacking.pp into the Gradescope submission.