Puppet Class: mollyguard

Defined in:
manifests/init.pp

Overview

mollyguard main class

Parameters:

  • package_ensure (String) (defaults to: 'present')

    what to ensure for packages, defaults to ‘present’

  • packages (Array) (defaults to: ['molly-guard'])

    Array of packages to install, defaults to [‘molly-guard’]

  • checks (Hash) (defaults to: {})

    Hash of additional checks to install, defaults to {}

    Example (hiera):

    mollyguard::checks:
  libvirt:
    options: '--state-running --state-paused --state-other'
  drbd: {}
  • check_destination (String) (defaults to: '/etc/molly-guard/run.d')

    where to put the additional checks, defaults to ‘/etc/molly-guard/run.d’

  • purge_checks (Boolean) (defaults to: true)

    if true (default), we purge checks not managed with puppet

  • ignore_sys_checks (Array) (defaults to: ['10-print-message', '30-query-hostname'])

    name of checks to ignore purging, these are the default checks installed with the package. defaults to: [‘10-print-message’, ‘30-query-hostname’]



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'manifests/init.pp', line 26

class mollyguard (
  String  $package_ensure    = 'present',
  Array   $packages          = ['molly-guard'],
  Hash    $checks            = {},
  String  $check_destination = '/etc/molly-guard/run.d',
  Boolean $purge_checks      = true,
  Array   $ignore_sys_checks = ['10-print-message', '30-query-hostname'],
) {
  package { $packages:
    ensure => $package_ensure,
    tag    => 'molly-guard-packages',
  }

  $check_defaults = {
    destination => $check_destination,
    require     => Package[$packages],
  }

  if $purge_checks {
    file { $check_destination :
      ensure  => 'directory',
      purge   => true,
      recurse => true,
      require => Package[$packages],
    }

    # do not remove checks installed from the package
    $_ignore_sys_checks = prefix($ignore_sys_checks, "${check_destination}/")

    file { $_ignore_sys_checks: }
  }

  # create generic resources (eg. to retrieve certificate)
  $checks.each | $res, $vals | {
    create_resources("::mollyguard::checks::${res}", { "${res}" => $vals }, $check_defaults )
  }
}