...
- They must be disabled by default
- They must be name-based where the Boolean true and the String 'simp' amount to the same action (e.g., the Trevorian type "Stroolean")
- They must allow for an ENC or Hiera or straight parameter, since we want maximum module uptake where possible
This will look something like the following
$manage_firewall = defined($::manage_firewall) ? $::manage_firewall : hiera('manage_firewall',false)- NOTE: the management defaults will be "
false" as a safety consideration to Forge users who might try any SIMP module ala carte. However, these parameters will be enabled by default in simp-core, so we're. - QUESTION: Should we make this defined->hiera->default logic a function in
simplib? Is that too much trouble/obfuscation?
- NOTE: the management defaults will be "
ParametersEach module willl have the following class parameters in init.pp (when applicable):
- managesimp_firewall
- true =
- includes simp-iptables (NOTE: simp-iptables should be renamed for SIMP6) and sets up rules to permit the application
- simp_logging
- true =
- managesimp_auditd
- true =
- managesimp_selinux
- true = includes simp-selinux (which effectively manages the SELinux enforcement and mode) and configures the SELinux booleans
- NOTE: Many SElinux configurations are handled as attributes of native puppet resources.
- SIMP. module and are part of Puppet resources
- Should one , however, any boolean flipping should probably be done here
- true = includes simp-selinux (which effectively manages the SELinux enforcement and mode) and configures the SELinux booleans
- managesimp_pki
- true / 'simp' = includes simp-pki and uses pki::copy to distribute PKI certificates to the correct locations
- false = PKI certificates are not distributed by SIMP; make your own arrangements to get them in place
- managesimp_tcpwrappers
- true = includes simp-tcpwrappers and uses tcpwrappers::allow to permit the application to the subnets in $::client_nets
...