Windows (WSL2) workstation bootstrap
At a glance
| Aspect | Summary |
|---|---|
| Purpose | Windows host + Linux toolchain (broad dev + infra tasks) |
| Provisioning | Enable WSL features + configure Ubuntu LTS distro |
| Estimated time | 15–25 minutes (excluding reboots) |
| Core tooling | Git, Terraform, Ansible, Azure CLI, gh (Packer optional) |
| When to choose | Need Windows apps + Linux automation side-by-side |
Prerequisites
Steps
-
Enable WSL & virtualization features (PowerShell as Administrator):
# Windows 11 (simplified) wsl --install # OR explicit feature enable (Windows 10/controlled hosts) dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart -
Reboot when prompted.
-
Install a Linux distribution (Ubuntu LTS recommended):
wsl --list --online wsl --install -d Ubuntu-22.04 -
Launch the distribution (first run prompts for UNIX username/password—non-privileged user is fine).
-
Update base packages inside WSL:
sudo apt update && sudo apt -y upgrade sudo apt install -y git curl unzip jq ca-certificates -
(Certificates) Import corporate CAs (from include docs) inside WSL:
# Root CA (example — paste cert body from include page if not centrally managed) sudo tee /usr/local/share/ca-certificates/OptumRootCA.crt < ~/OptumRootCA.crt >/dev/null sudo update-ca-certificatesSee: Root CA and Internal Policy CA.
Certificate fingerprint verification (integrity):
openssl x509 -in /usr/local/share/ca-certificates/OptumRootCA.crt -noout -sha256 -fingerprint # Compare against published fingerprint in corporate trust store -
Install tooling (choose package or manual):
-
Git (already if step 5 installed)
-
Terraform (manual recommended for version pin):
TF_VERSION=1.7.5 curl -fsSLO https://releases.hashicorp.com/terraform/${TF_VERSION}/terraform_${TF_VERSION}_linux_amd64.zip sudo unzip terraform_${TF_VERSION}_linux_amd64.zip -d /usr/local/bin/ terraform -version -
Azure CLI (Microsoft repository):
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash az version | jq -r '."azure-cli"' -
Ansible (use pipx to isolate):
sudo apt install -y python3-pip python3-venv python3 -m pip install --user pipx python3 -m pipx ensurepath pipx install ansible-core==2.14.0 ansible --version | head -1 -
GitHub CLI:
type -p curl >/dev/null || sudo apt install -y curl curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null sudo apt update && sudo apt install -y gh gh --version | head -1 -
Packer (if image building required):
PACKER_VERSION=1.9.4 curl -fsSLO https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip sudo unzip packer_${PACKER_VERSION}_linux_amd64.zip -d /usr/local/bin/ packer version
-
-
Generate SSH key (if absent):
test -f ~/.ssh/id_ed25519 || ssh-keygen -t ed25519 -C "<email>" -
Azure authentication:
az login --tenant optum.com az account show --output table -
Record versions (see verification section) and compare with minimum table.
Verification
Run the following commands and confirm each prints a version; none report "command not found":
```bash
ansible --version | head -1
az version --output json | jq -r '."azure-cli"'
terraform version | head -1
gh --version | head -1
packer version || echo "Packer not installed yet"
```
Minimum tool versions
| Tool | Minimum |
|---|---|
| Git | 2.39 |
| Terraform | 1.7 |
| Ansible | 2.14 |
| Python | 3.10 |
| GitHub CLI | 2.0 |
| Packer | 1.9 |
| Azure CLI | 2.54 |
Troubleshooting
| Symptom | Possible cause | Resolution |
|---------|----------------|----------|
| `wsl --install` fails | Disabled virtualization | Enable virtualization in BIOS/UEFI; verify with Task Manager → Performance. |
| Slow DNS inside WSL | Windows DNS proxy conflict | Add `options rotate` to `/etc/resolv.conf`; or enable WSL systemd resolved (Win11 22H2+ feature). |
| Certificate errors | CA not trusted | Re-run CA install; confirm file in `/usr/local/share/ca-certificates/` and run `sudo update-ca-certificates`. |
| `az login` device code loop | Proxy intercept | Set `HTTPS_PROXY` and retry; test with `curl https://management.azure.com`. |
Rollback and cleanup
| Action | Command | Note |
|---|---|---|
| Remove a tool (apt) | sudo apt remove <package> | Leaves configs in home directory |
| Remove Terraform manual install | sudo rm /usr/local/bin/terraform | Version pin only |
| Remove distribution | wsl --unregister <DistroName> | ⚠️ Destructive – erases all Linux data |
Security notes
Notes
- For enterprise environments add: proxy exports in shell profile, centralized log forwarder, vulnerability scanner agent.
- No proprietary locations referenced.
{{ doc_footer(page) }}