...
- module/manifests/
- init.pp
- params.pp
- install.pp
- config.pp
- service.pp
- configsimp/firewall/simp.pp
- configsimp/logging/simp.pp
- configsimp/audit/simp.pp
- configsimp/selinux/simp.pp (this one may just have to be mixed in at times, however, any boolean flipping should probably be done here)config/certs
- simp/pki/simp.pp
- configsimp/tcpwrappers/simp.pp
Each of these items in bold must adhere to the following:
- They must be disabled by default
- They must be name-based where the Boolean true and the String 'simp' amount to the same action (e.g., the Trevorian type "Stroolean")
- They must allow for an ENC or Hiera or straight parameter, since we want maximum module uptake where possible
This will look something like the following
$manage_firewall = defined($::manage_firewall) ? $::manage_firewall : hiera('manage_firewall',false)
- NOTE: the management defaults will be "
false
" as a safety consideration to Forge users who might try any SIMP module ala carte. However, these parameters will be enabled by default in simp-core, so we're. - QUESTION: Should we make this defined->hiera->default logic a function in
simplib
? Is that too much trouble/obfuscation?
- NOTE: the management defaults will be "
Parameters:
- manage_firewall
- true =
- manage_logging
- true =
- manage_auditd
- true =
- manage_selinux
- true = includes simp-selinux (which effectively manages the SELinux enforcement and mode) and configures the SELinux booleans
- NOTE: Many SElinux configurations are handled as attributes of native puppet resources.
- SIMP. module and are part of Puppet resources
- Should one , however, any boolean flipping should probably be done here
- true = includes simp-selinux (which effectively manages the SELinux enforcement and mode) and configures the SELinux booleans
- manage_pki
- true / 'simp' = includes simp-pki and uses pki::copy to distribute PKI certificates to the correct locations
- false = PKI certificates are not distributed by SIMP; make your own arrangements to get them in place
- manage_tcpwrappers
- true = includes simp-tcpwrappers and uses tcpwrappers::allow to permit the application to the subnets in $::client_nets
Advanced Module Structure
...