Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • module/manifests/
    • init.pp 
    • params.pp
    • install.pp
    • config.pp
    • service.pp
    • configsimp/firewall/simp.pp
    • configsimp/logging/simp.pp
    • configsimp/audit/simp.pp
    • configsimp/selinux/simp.pp (this one may just have to be mixed in at times, however, any boolean flipping should probably be done here)config/certs
    • simp/pki/simp.pp
    • configsimp/tcpwrappers/simp.pp

Each of these items in bold must adhere to the following:

  1. They must be disabled by default
  2. They must be name-based where the Boolean true and the String 'simp' amount to the same action (e.g., the Trevorian type "Stroolean")
  3. They must allow for an ENC or Hiera or straight parameter, since we want maximum module uptake where possible
    1. This will look something like the following

      $manage_firewall = defined($::manage_firewall) ? $::manage_firewall : hiera('manage_firewall',false)
      1. NOTE: the management defaults will be "false" as a safety consideration to Forge users who might try any SIMP module ala carte. However, these parameters will be enabled by default in simp-core, so we're.
      2. QUESTION: Should we make this defined->hiera->default logic a function in simplib? Is that too much trouble/obfuscation?

Parameters:

  • manage_firewall
    • true = 
  • manage_logging
    • true = 
  • manage_auditd
    • true
  • manage_selinux
    • true  = includes simp-selinux (which effectively manages the SELinux enforcement and mode) and configures the SELinux booleans
      • NOTE:  Many SElinux configurations are handled as attributes of native puppet resources.
      •   SIMP. module and are  part of Puppet resources
      • Should one , however, any boolean flipping should probably be done here
  • manage_pki
    • true / 'simp' = includes simp-pki and uses pki::copy to distribute PKI certificates to the correct locations
    • false = PKI certificates are not distributed by SIMP; make your own arrangements to get them in place
  • manage_tcpwrappers
    • true = includes simp-tcpwrappers and uses tcpwrappers::allow to permit the application to the subnets in $::client_nets

 

Advanced Module Structure

...