Software Installation and Verification Commands to run from Bashπ
Note
The purpose of running these commands is to confirm that the CLI tool has been properly installed. The versions in the output of these commands donβt actually matter.
Note sometimes this lab guide tells users to update their ~/.bashrc or ~/.zshrc fileπ
# bash is the default shell, but Users who have tinkered with their system
# long ago and forgot about it might be using zsh
echo $SHELL
# will tell you if you use bash or zsh
Recommendation/Note for Mac users of Bashπ
# Mac defaults to an ancient version of bash, try the following to update
brew install bash
# In some versions of Mac the ~/.bashrc file doesn't exists or acts funny by default
# as in some case ~/.bash_profile is used, other cases ~/.bashrc is used
# the following makes it so ~/.bashrc is the main file, which improves consistency
touch ~/.bashrc # create if doesn't exist
echo 'source ~/.bashrc' >> ~/.bash_profile # makes ~/.bashrc the primary config file
source ~/.bashrc # makes the current session consistent with newly opened sessions
curlπ
Check if / Verify that curl is installedπ
# [admin@Laptop:~]
curl --version
Install curl (if needed)π
- Ubuntu 21.04 doesnβt ship with curl installed by default
# [admin@Laptop:~] sudo apt update -y && sudo apt install curl -y
sshuttleπ
Install sshuttle (Linux):π
# [admin@Linux:~]
# Verify pip is installed (pip = "pip installs packages", pip3 = pip associated with python3)
pip3 --version
# If you see "pip: command not found", then run one of the following
# Ubuntu Users:
sudo apt update -y && sudo apt install python3-pip -y
# Centos 8 Users:
sudo dnf update -y && sudo dnf install python3-pip -y
# Use pip to install sshuttle
pip3 install sshuttle
Install sshuttle (Mac):π
# [admin@Mac:~]
brew install sshuttle
Verify sshuttle is installedπ
sshuttle --version
# 1.0.3 (or higher)
sshuttle troubleshootingπ
- On some versions of Linux, you may receive an
invalid syntaxerror upon tryingsshuttle --version. If this happens, you need to ensure that sshuttle is using python3 instead of python2. Replace it to fix this error.
sudo vi /usr/bin/sshuttle
:%s/python2.7/python3
:wq!
sshuttle --version
# 1.0.3 (or higher)
kubectlπ
Check if / Verify that kubectl is installedπ
Note
Note: Docker Desktop & Rancher Desktop will often auto install kubectl, so mac users may find that itβs preinstalled
kubectl version --client
# Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.2", GitCommit:"9d142434e3af351a628bffee3939e64c681afa4d", GitTreeState:"clean", BuildDate:"2022-01-19T17:35:46Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"darwin/amd64"}
Install kubectl (Linux):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://kubernetes.io/releases/
wget -q -P /tmp https://storage.googleapis.com/kubernetes-release/release/v1.23.2/bin/linux/amd64/kubectl
sudo chmod +x /tmp/kubectl
sudo mv /tmp/kubectl /usr/local/bin/kubectl
sudo ln -s /usr/local/bin/kubectl /usr/local/bin/k #equivalent to alias k=kubectl
Install kubectl (Mac):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://kubernetes.io/releases/
brew install kubectl # likely pre-installed if you've already installed docker.
Kustomizeπ
Check if / Verify that kustomize is installed:π
kustomize version
# {Version:kustomize/v4.5.2 GitCommit:7439f1809e5ccd4677ed52be7f98f2ad75122a93 BuildDate:2020-12-30T00:43:15+00:00 GoOs:darwin GoArch:amd64}
Install kustomize (Linux):π
Warning
DO NOT INSTALL kustomize via Ubuntuβs snap install (snapβs kustomization has been broken for many months, use the below method)
# [admin@Laptop:~]
curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash
chmod +x kustomize
sudo mv kustomize /usr/bin/kustomize
Install kustomize (Mac):π
# [admin@Laptop:~]
brew install kustomize
brew upgrade kustomize # If you think you have an old version
Gitπ
Check if / Verify that git is installed:π
git version
# git version 2.30.1 (Apple Git-122.3)
Install git (Centos 8):π
sudo dnf install git -y
Install git (Ubuntu):π
sudo apt install git -y
Install git (Mac):π
brew install git
Terraformπ
Verify Terraform is installed:π
terraform version
# Terraform v1.0.3 or higher
Install Terraform (Ubuntu):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://releases.hashicorp.com/terraform
wget https://releases.hashicorp.com/terraform/1.1.6/terraform_1.1.6_linux_amd64.zip
sudo apt update -y && sudo apt install unzip -y && unzip terraform_1.1.6_linux_amd64.zip && sudo mv terraform /usr/local/bin/ && rm terraform_1.1.6_linux_amd64.zip
Install Terraform (Centos 8):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://releases.hashicorp.com/terraform
wget https://releases.hashicorp.com/terraform/1.1.6/terraform_1.1.6_linux_amd64.zip
sudo yum update -y && sudo yum install unzip -y && unzip terraform_1.1.6_linux_amd64.zip && sudo mv terraform /usr/local/bin/ && rm terraform_1.1.6_linux_amd64.zip
Install Terraform (Mac):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://releases.hashicorp.com/terraform
brew tap hashicorp/tap
brew install hashicorp/tap/terraform
brew update
brew upgrade hashicorp/tap/terraform
Dockerπ
Install Docker Part 1 of 2 (Linux):π
# [admin@Laptop:~]
curl -fsSL https://get.docker.com | bash
# After install complete part 2 of docker install
Install Docker Part 1 of 2 (Mac):π
Mac Users: Docker Desktop for Mac install link can be found here
Note: Docker-Desktop now requires a license in some cases, Rancher Desktop defaults to containerd/nerdctl, but also has a docker mode that leverages a QEMU VM and a FOSS tool called Moby, itβs a close enough free alternative to Docker-Desktop that can do 90% of what Docker-Desktop can do.
For those who are curious, Rancher Desktop 1.0.1βs limitations:
Doesnβt offer an easy way to disable the kubernetes cluster it ships with like docker desktop does.
Doesnβt have the ability to edit docker config (/etc/docker/daemon.json) file in the GUI. (This is an advanced use case that people rarely need to use.)
After installing docker complete part 2 of docker install
Install Docker Part 2 of 2:π
-
Notice that by default docker will only work when run as root
# Note installing docker isn't enough, by default docker only works for the root user # You need to configure docker to work for non-root user as well. # Note: Centos 8 users will need to add the following 2 lines sudo systemctl enable docker #enable = autostart the service on reboot sudo systemctl start docker #start = start the service now # The below commands are generic to Mac/Linux docker run hello-world # docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.See 'docker run --help'. # If you see something like this, you haven't finished installing docker # / missed some required configuration # If you installed docker using snap, try uninstalling it and then using the recommended way to install docker. # If it works you're good to move on. sudo docker run hello-world # If docker only works when you use sudo, further configuration is needed. # Basically you need to add your non-root user to the docker group. -
Add User to docker group (Linux Instructions)
sudo groupadd docker sudo usermod --append --groups docker $USER -
Log out and Log back in (There are other methods but this is the one that works 100% of the time)
- Do not skip this step of logging out and logging back in.
Note
There are other methods like βnewgrp dockerβ command, but those only work for 1 terminal. In some cases, you can get away with closing all opened terminal then opening a new terminal instead of logging out and back in, but there are edge cases were the only thing that works is a full log out and re login.
If it doesnβt itβs because unix security makes it so a process canβt gain any more rights (like a group assignment to docker), than what it started with. the newgrp docker command, is supposed to start a new process within the terminal which causes your user being added to the docker group to be recognized and non-root docker commands to start to work.
Verify Docker is correctly installed:π
docker run hello-world
# docker should now work as a non-root user now / not throw an error message
#
# If docker doesn't work. Log out and Log back in.
# When you log back in your non-root user will be properly recognized as being
# In the docker group and the command should work.
AWS CLIπ
Install AWS CLI (Linux):π
# [admin@Linux:~]
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
rm -rf aws
rm awscliv2.zip
Install AWS CLI (Mac):π
# [admin@Mac:~]
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
rm AWSCLIV2.pkg
Verify AWS CLI is installed:π
aws --version
# aws-cli/2.4.20 Python/3.8.8 Darwin/20.6.0 exe/x86_64 prompt/off
# NOTE: for aws cli version 1.x or 2.x either is fine
Flux CLIπ
Install Flux CLI (Linux):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://github.com/fluxcd/flux2/releases
# curl -s -L https://toolkit.fluxcd.io/install.sh | sudo bash
wget -q -O - https://github.com/fluxcd/flux2/releases/download/v0.27.2/flux_0.27.2_linux_amd64.tar.gz > flux.tar.gz
tar -xvf flux.tar.gz
sudo mv ./flux /usr/local/bin/flux
rm flux.tar.gz
Install Flux CLI (Mac):π
Note: Instead of the version in the wget command below, install the latest stable version. You can find it at https://github.com/fluxcd/flux2/releases
wget -q -O - https://github.com/fluxcd/flux2/releases/download/v0.27.2/flux_0.27.2_darwin_amd64.tar.gz > flux.tar.gz
tar -xvf flux.tar.gz
sudo mv ./flux /usr/local/bin/flux
rm flux.tar.gz
Verify Flux is installedπ
flux --version
# flux version 0.27.2
SOPSπ
Install sops CLI (Linux):π
Note: Instead of the version in the curl command below, install the latest stable version. You can find it at https://github.com/getsops/sops/releases. If problems arise when installing the latest stable version, revert to using version
v3.7.2
curl -L https://github.com/mozilla/sops/releases/download/v3.7.2/sops-v3.7.2.linux > sops
chmod +x sops
sudo mv sops /usr/bin/sops
Install sops CLI (Mac):π
Note: Instead of the version in the curl command below, install the latest stable version. You can find it at https://github.com/getsops/sops/releases. If problems arise when installing the latest stable version, revert to using version
v3.7.2
curl -L https://github.com/mozilla/sops/releases/download/v3.7.2/sops-v3.7.2.darwin > sops
chmod +x sops
mv sops /usr/local/bin/sops
Verify sops is installedπ
# [admin@Laptop:~]
sops -v
# sops 3.7.2 (latest)
GPG: (GNU Privacy Guard)π
Note:
-
sops can leverage CSP(Cloud Service Provider) KMSs(Key Management Services).
-
CSP KMS backed with AES 256 bit symmetric encryption is the gold standard / most secure option.
-
In scenarios where CSP KMS isnβt an option, sops can also leverage GPG & AGE (these are cloud agnostic options that work for air gap deployments)
-
For DoD activities, itβs recommended to use GPG over AGE, because GPGβs RSA keypairs and SHA256 are NIST approved. (Both options are secure; however, AGEβs Curve25519 key pairs, and Chacha20 symmetric encryption with Poly1305 arenβt NIST approved.)
Install GPG (Mac):π
# [admin@Mac:~]
brew install gnupg
gpg --version
# gpg (GnuPG) 2.3.4
# (Note: by default gpg 2.3.x generated keys aren't compatible with gpg 2.0.x - 2.2.x
# ;however, the lab guide includes workaround flags to make the generated keys compatible)
Install GPG (Linux):π
# [admin@Linux:~]
# (all Linux Distros ship with GPG pre-installed, verify with the following)
gpg --version
GRAPHICAL TEXT EDITORS:π
-
Itβs recommended that you install an editor.
-
Example: VS Code
Text Editor Note for Linux Users:π
Immediately upon installing an editor like VS Code, the following command will work to open the VS Code editor from the cli:
code <filename> <filename>
# or for all files in dir
code .
(The idea is that whenever you see vi ~/file_to_edit, youβll be able to replace vi with your preferred editor)
Text Editor Note for Mac Users:π
Upon installing an editor like VS Code, you wonβt be able to launch the editors from the CLI until the following additional commands are added.
echo 'export PATH="$PATH:/Applications/Visual Studio Code.app/Contents/Resources/app/bin"' >> ~/.bashrc
tail ~/.bashrc
source ~/.bashrc
Local Utilitiesπ
jqπ
jq is like sed for JSON data - you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text.