Posted in : Hyper-V, Linux, Microsoft, Other, Powershell, Ubuntu, Windows Av Stina Perbo Utas Översätt med Google ⟶
4 years ago
Like most of the users in the world, I’m running a Managed Window 10 client, we enforce many polices such as applocker and more to enforce policies. This can sometimes be an problem when working with developer tools. Due to this problem businesses often look the other way when it comes to developers and their clients. From personal experience I see that They are often excluded from the overall security measures or just not joined into the domain at all.
According to Stack Overflow about 45% of people identifying as ”Professional Developers” run Windows as their main desktop operating system. If most of these are exluded from the standard security we have a major issue.
The main issue is not that developers need to execute/install unsigned or generally untrusted tools and compile and execute code. The problem is that developers get exceptions to run this in their standard domain-joined Windows clients. The same Windows client that has access to all company resources. It only requires a simple user error to install some virus or otherwise malicious program and the computer is comprimised. Or we could just block everything and stop the productivity of our developers.
Neither of the above is clearly a good option, so what’s the solution?
Windows Subsystem for Linux (WSL) 2
WSL has existed for some time, but with windows Version 2004 (build 19041) WSL 2 introducing important changes such as a real Linux kernel through a subset of Hyper-V features. This allows us to do some cool stuff like starting VS Code from inside the Linux operating system, giving us a terminal with our windows folders mounted.
There are several blogposts out there on how to install a linux distro using wsl2, but I’d like to combine some of them and show what has worked for me.
Prerequisites
WSL2 has some pre-requisites. First you need to upgrade your windows client to atleast build 19041 (released may 2020).
When that’s done simply run the powershell script (elevated) on your machine and then reboot.
Start-process "https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-wsl" dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:Microsoft-Hyper-V-All /all /norestart dism.exe /online /enable-feature /featurename:Containers /all /norestart dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart Invoke-RestMethod 'https://wslstorestorage.blob.core.windows.net/wslblob/wsl_update_x64.msi' -OutFile "$env:temp\wsl_update_x64.msi" Start-Process -FilePath msiexec -Wait -ArgumentList "/a `"$env:temp\wsl_update_x64.msi`" /qn"
Now you need to install your linux distro of choice. I went with Ubuntu 18.04 (since this is the latest ubuntu that supports Powershell core). Linux can be installed using windows store, so just go to the store and download + launch the desired distro. After that you need to configure the distro to run wsl version 2.
The below powershell script launches the Ubuntu 18.04 store site and waits for you to initalize the os. then configures wsl. If you choose another distro, then type wsl –version –verbose to find out the name,
Start-Process "https://www.microsoft.com/store/apps/9N9TNGVNDL3Q" Read-Host 'Press enter when you have installed and configured ubuntu to continue' wsl --set-default-version 2 wsl --set-version Ubuntu-18.04 2
Now that you’re done you should be able to see ubuntu from the Windows Terminal, or if you’re just using cmd or powershell simply type ”wsl” and you should be able to enter the linux environment.
And even though you can access your local files, only the c:\ becomes mounted, and as such the vm cannot read company documents and files in case of some security breach within the linux vm.
Now you just install all the tools you need, the lines of code below installs my most used. Powershell Core 7, Kubectl, Terraform, Az CLI.
#Kubectl curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl" chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl kubectl version --client ## Set alias k = kubectl alias k='kubectl' #kubectx sudo git clone https://github.com/ahmetb/kubectx /opt/kubectx sudo ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx sudo ln -s /opt/kubectx/kubens /usr/local/bin/kubens #powershell core 7 sudo apt-get update wget https://github-production-release-asset-2e65be.s3.amazonaws.com/49609581/f632ee00-c752-11ea-8888-af8ac573ee78?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20200813%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200813T110639Z&X-Amz-Expires=300&X-Amz-Signature=39c181b7b60c59bbb83894f3b054524c4ef92d826c5dfe2a5a964cfe2d9e2b9d&X-Amz-SignedHeaders=host&actor_id=6906567&repo_id=49609581&response-content-disposition=attachment%3B%20filename%3Dpowershell-lts_7.0.3-1.ubuntu.18.04_amd64.deb&response-content-type=application%2Foctet-stream sudo apt-get install liblttng-ust0 apt --fix-broken install sudo dpkg -i powershell-lts_7.0.3-1.ubuntu.18.04_amd64.deb sudo apt-get install -f pwsh -command {write-host 'test'} #Az cli sudo apt-get update sudo apt-get install -y ca-certificates curl apt-transport-https lsb-release gnupg curl -sL https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null AZ_REPO=$(lsb_release -cs) echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | sudo tee /etc/apt/sources.list.d/azure-cli.list sudo apt-get update sudo apt-get install azure-cli az --version # unzip sudo apt install unzip # Terraform. Check latest version at https://www.terraform.io/downloads.html curl https://releases.hashicorp.com/terraform/0.13.0/terraform_0.13.0_linux_amd64.zip > /tmp/terraform.zip mkdir -p ${HOME}/bin (cd ${HOME}/bin && unzip /tmp/terraform.zip) if [[ -z $(grep 'export PATH=${HOME}/bin:${PATH}' ~/.bashrc) ]]; then echo 'export PATH=${HOME}/bin:${PATH}' >> ~/.bashrc source ~/.bashrc fi terraform version
Now that that’s done you’re probably wondering how to run Visual Studio Code with integration to your Windows Client.
To do this, simply type ”wsl code .” from an elevated promt, cmd or powershell. If you’re actively working from within your linux machine simply type ”code .” and VS code will start.
All that’s left now is to start developing!
I hope this was helpful!
Tags : build, Container, deploy, Developer, How to, kubectl, Kubernetes, Linux, Microsoft, Security, terraform, ubuntu, Visual Studio Code, VSCode, Windows, Windows 10, Windows Server 2019, WSL, WSL2
Personlig rådgivning
Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.
Add comment