Using RBAC with Puppet Enterprise

Hands-On Lab

 

Photo of Elle Krout

Elle Krout

Content Team Lead in Content

Length

00:30:00

Difficulty

Beginner

Puppet Enterprise comes with many features, one of which is the role-based access control (RBAC) system that allows us to fine-tune who has access over what within out Puppet Enterprise setup. In this hands-on lab, we'll use RBAC to set up a tiered system of access for our admins by following the "principle of least privilege" to ensure our Puppet setup is not a security vulnerability in and of itself. We'll also create accounts for some of our users and ensure those accounts are assigned the appropriate roles.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using RBAC with Puppet Enterprise

Introduction

Puppet Enterprise comes with many features, one of which is the role-based access control (RBAC) system that allows us to fine-tune who has access over what within out Puppet Enterprise setup. In this hands-on lab, we'll use RBAC to set up a tiered system of access for our admins by following the "principle of least privilege" to ensure our Puppet setup is not a security vulnerability in and of itself. We'll also create accounts for some of our users and ensure those accounts are assigned the appropriate roles.

Solution

  1. Begin by opening a new tab in your browser and navigate to the public IP address of the lab server provided on the hands-on lab page:

  2. When prompted, log in using the username admin and the password pinehead.

Add user roles for tier 1, 2, and 3 admins

  1. Expand the Access control menu and click User roles.

  2. Create a role with the name T1 Admins and the description Permissions for newly-minted admins. Click Add role.

  3. Click on T1 Admins to edit the newly-created role, then move to the Permissions tab.

  4. Select Console from the dropdown menu. Then click Add.

  5. Next, set the dropdown to Node groups, then select View. Set the instance to Development environment (development). Add.

  6. Repeat the above process for the production environment.

  7. Then, set the dropdown to Tasks, then set the instance to package. Change the permitted nodes to Node group, then set the new dropdown to Development environment (development). Add.

  8. Repeat the above process for the service tasks.

  9. Commit 5 changes when done.

  10. Return to the User roles page and repeat this process for the other two admin tiers.

Create users

  1. From the main navigation, click on Users.

  2. Set the full name of the first user to Ollie and the login to olliep. Click Add local user.

  3. Repeat this process until all users are added.

Add users to the appropriate role

  1. From the main navigation, return to User roles.

  2. Select T1 Admins.

  3. Select Andy from the dropdown and click Add user. Do the same for Ollie.

  4. Commit 2 changes.

  5. Repeat this process with the other two admin tiers.

Conclusion

Congratulations — you've completed this hands-on lab!