puppet firewall demo - michaelmworthington/codesamples GitHub Wiki

Introduction

This page walks through the steps to set up NXRM and a Puppet Docker container to test Puppet Firewall using https://forgeapi.puppet.com/

See the community docs at  https://github.com/sonatype-nexus-community/nexus-repository-puppet

Table of Contents

Prerequisites

  • IQ Server installed and running
  • NXRM 3 installed and running and configured with the IQ Server
  • Docker for Mac installed and running

Step 1. Create a new Proxy Repository in NXRM

Use https://forgeapi.puppet.com/ as the Remote URL. Accept default values for the remainder of the settings.

Step 2. Enable Firewall for the New Proxy Repo

Step 3. Run the Docker Image in Interactive Mode

docker run -it --rm puppet/puppet-dev-tools

Step 5. Use puppet to Install a package

puppet module install --module_repository http://host.docker.internal:8081/repository/puppet-forgeapi-proxy puppetlabs-kubernetes

Observe the inbound requests to NXRM in the request.log file:

172.17.0.1 - - [12/Nov/2020:23:27:47 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-kubernetes&sort_by=version HTTP/1.1" 200 - 24782087 636 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:27:47 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-kubernetes&sort_by=version&limit=20&offset=20 HTTP/1.1" 200 - 216115 12 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:27:47 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-stdlib&sort_by=version HTTP/1.1" 200 - 3533835 80 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-stdlib&sort_by=version&limit=20&offset=20 HTTP/1.1" 200 - 1480850 30 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?offset=40&module=puppetlabs-stdlib&sort_by=version&limit=20 HTTP/1.1" 200 - 762370 51 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?offset=60&module=puppetlabs-stdlib&sort_by=version&limit=20 HTTP/1.1" 200 - 127029 16 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-apt&sort_by=version HTTP/1.1" 200 - 1720191 57 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-apt&sort_by=version&limit=20&offset=20 HTTP/1.1" 200 - 1093754 46 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?offset=40&module=puppetlabs-apt&sort_by=version&limit=20 HTTP/1.1" 200 - 210208 10 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:48 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-translate&sort_by=version HTTP/1.1" 200 - 114543 16 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:27:50 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppet-archive&sort_by=version HTTP/1.1" 200 - 862083 1817 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:52 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppet-archive&sort_by=version&limit=20&offset=20 HTTP/1.1" 200 - 114293 1603 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:53 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppetlabs-pe_gem&sort_by=version HTTP/1.1" 200 - 16216 1382 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:55 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=herculesteam-augeasproviders_sysctl&sort_by=version HTTP/1.1" 200 - 102167 1689 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:27:56 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=herculesteam-augeasproviders_core&sort_by=version HTTP/1.1" 200 - 160924 1451 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:27:58 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=camptocamp-kmod&sort_by=version HTTP/1.1" 200 - 380449 1577 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:28:00 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=camptocamp-kmod&sort_by=version&limit=20&offset=20 HTTP/1.1" 200 - 361065 1950 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:28:01 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=puppet-wget&sort_by=version HTTP/1.1" 200 - 65690 1281 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:28:03 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=maestrodev-wget&sort_by=version HTTP/1.1" 200 - 365648 1447 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:28:04 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=maestrodev-wget&sort_by=version&limit=20&offset=20 HTTP/1.1" 200 - 35283 1335 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:28:05 +0000] "GET /repository/puppet-forgeapi-proxy/v3/releases?module=stahnma-epel&sort_by=version HTTP/1.1" 200 - 129406 1289 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:28:08 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/puppetlabs-kubernetes-5.3.0.tar.gz HTTP/1.1" 200 - 285501 2471 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:28:13 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/camptocamp-kmod-2.5.0.tar.gz HTTP/1.1" 200 - 19019 1349 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:28:14 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/herculesteam-augeasproviders_core-2.6.0.tar.gz HTTP/1.1" 200 - 184091 1528 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:28:16 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/herculesteam-augeasproviders_sysctl-2.5.1.tar.gz HTTP/1.1" 200 - 13262 1699 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-184]
172.17.0.1 - - [12/Nov/2020:23:28:18 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/puppet-archive-4.6.0.tar.gz HTTP/1.1" 200 - 173703 1594 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]
172.17.0.1 - - [12/Nov/2020:23:28:20 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/puppetlabs-apt-7.6.0.tar.gz HTTP/1.1" 200 - 70073 1588 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:28:22 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/puppetlabs-stdlib-6.5.0.tar.gz HTTP/1.1" 200 - 178063 1662 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-205]
172.17.0.1 - - [12/Nov/2020:23:28:24 +0000] "GET /repository/puppet-forgeapi-proxy/v3/files/puppetlabs-translate-2.2.0.tar.gz HTTP/1.1" 200 - 17221 1386 "PMT/1.1.1 (v3; Net::HTTP) Puppet/5.3.3 Ruby/2.4.6-p354 (x86_64-linux)" [qtp2099156562-206]

Step 6. Browse the Proxy Repo

Step 7. Go to the Firewall Report

Repo List

IQ Server Report

Step 8. Test Quarantine

Not Supported

Step 9. Notes

You can view the component information panel (CIP) right in NXRM

Not Supported

Home | Copyright © 2020.

⚠️ **GitHub.com Fallback** ⚠️