Posted in : Hyper-V, Linux, Microsoft, Other, Powershell, Ubuntu, Windows Av Stina Perbo Utas Översätt med Google ⟶

4 years ago

Like most of the users in the world, I’m running a Managed Window 10 client, we enforce many polices such as applocker and more to enforce policies. This can sometimes be an problem when working with developer tools. Due to this problem businesses often look the other way when it comes to developers and their clients. From personal experience I see that They are often excluded from the overall security measures or just not joined into the domain at all.
According to Stack Overflow about 45% of people identifying as ”Professional Developers” run Windows as their main desktop operating system. If most of these are exluded from the standard security we have a major issue.
The main issue is not that developers need to execute/install unsigned or generally untrusted tools and compile and execute code. The problem is that developers get exceptions to run this in their standard domain-joined Windows clients. The same Windows client that has access to all company resources. It only requires a simple user error to install some virus or otherwise malicious program and the computer is comprimised. Or we could just block everything and stop the productivity of our developers.
Neither of the above is clearly a good option, so what’s the solution?

Windows Subsystem for Linux (WSL) 2

WSL has existed for some time, but with windows Version 2004 (build 19041) WSL 2  introducing important changes such as a real Linux kernel through a subset of Hyper-V features. This allows us to do some cool stuff like starting VS Code from inside the Linux operating system, giving us a terminal with our windows folders mounted.
There are several blogposts out there on how to install a linux distro using wsl2, but I’d like to combine some of them and show what has worked for me.

Prerequisites

WSL2 has some pre-requisites. First you need to upgrade your windows client to atleast build 19041 (released may 2020).
When that’s done simply run the powershell script (elevated) on your machine and then reboot.

Start-process "https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-wsl"
dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart
dism.exe /online /enable-feature /featurename:Microsoft-Hyper-V-All /all /norestart
dism.exe /online /enable-feature /featurename:Containers /all /norestart
dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
Invoke-RestMethod 'https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi' -OutFile "$env:temp\wsl_update_x64.msi"
Start-Process -FilePath msiexec -Wait -ArgumentList "/a `"$env:temp\wsl_update_x64.msi`" /qn"

Now you need to install your linux distro of choice. I went with Ubuntu 18.04 (since this is the latest ubuntu that supports Powershell core). Linux can be installed using windows store, so just go to the store and download + launch the desired distro. After that you need to configure the distro to run wsl version 2.
The below powershell script launches the Ubuntu 18.04 store site and waits for you to initalize the os. then configures wsl. If you choose another distro, then type wsl –version –verbose to find out the name,

Start-Process "https://www.microsoft.com/store/apps/9N9TNGVNDL3Q"
Read-Host 'Press enter when you have installed and configured ubuntu to continue'
wsl --set-default-version 2
wsl --set-version Ubuntu-18.04 2

Now that you’re done you should be able to see ubuntu from the Windows Terminal, or if you’re just using cmd or powershell simply type ”wsl” and you should be able to enter the linux environment.
Windows Terminal Linux
And even though you can access your local files, only the c:\ becomes mounted, and as such the vm cannot read company documents and files in case of some security breach within the linux vm.

Now you just install all the tools you need, the lines of code below installs my most used. Powershell Core 7, Kubectl, Terraform, Az CLI.

#Kubectl
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
kubectl version --client
## Set alias k = kubectl
alias k='kubectl'
#kubectx
sudo git clone https://github.com/ahmetb/kubectx /opt/kubectx
sudo ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx
sudo ln -s /opt/kubectx/kubens /usr/local/bin/kubens
#powershell core 7
sudo apt-get update
wget https://github-production-release-asset-2e65be.s3.amazonaws.com/49609581/f632ee00-c752-11ea-8888-af8ac573ee78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200813%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200813T110639Z&X-Amz-Expires=300&X-Amz-Signature=39c181b7b60c59bbb83894f3b054524c4ef92d826c5dfe2a5a964cfe2d9e2b9d&X-Amz-SignedHeaders=host&actor_id=6906567&repo_id=49609581&response-content-disposition=attachment%3B%20filename%3Dpowershell-lts_7.0.3-1.ubuntu.18.04_amd64.deb&response-content-type=application%2Foctet-stream
sudo apt-get install liblttng-ust0
apt --fix-broken install
sudo dpkg -i powershell-lts_7.0.3-1.ubuntu.18.04_amd64.deb
sudo apt-get install -f
pwsh -command {write-host 'test'}
#Az cli
sudo apt-get update
sudo apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
    gpg --dearmor |
    sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
AZ_REPO=$(lsb_release -cs)
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
    sudo tee /etc/apt/sources.list.d/azure-cli.list
sudo apt-get update
sudo apt-get install azure-cli
az --version
# unzip
sudo apt install unzip
# Terraform. Check latest version at https://www.terraform.io/downloads.html
curl https://releases.hashicorp.com/terraform/0.13.0/terraform_0.13.0_linux_amd64.zip > /tmp/terraform.zip
mkdir -p ${HOME}/bin
(cd ${HOME}/bin && unzip /tmp/terraform.zip)
if [[ -z $(grep 'export PATH=${HOME}/bin:${PATH}' ~/.bashrc) ]]; then
  echo 'export PATH=${HOME}/bin:${PATH}' >> ~/.bashrc
  source ~/.bashrc
fi
terraform version

Now that that’s done you’re probably wondering how to run Visual Studio Code with integration to your Windows Client.
To do this, simply type ”wsl code .” from an elevated promt, cmd or powershell. If you’re actively working from within your linux machine simply type ”code .” and VS code will start.Visual Studio Code
All that’s left now is to start developing!
I hope this was helpful!

Tags : build, Container, deploy, Developer, How to, kubectl, Kubernetes, Linux, Microsoft, Security, terraform, ubuntu, Visual Studio Code, VSCode, Windows, Windows 10, Windows Server 2019, WSL, WSL2

Personlig rådgivning

Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.

Add comment

Your comment will be revised by the site if needed.