Puppet Class: tpm

Defined in:
manifests/init.pp

Overview

Provides utilities for interacting with a TPM

Parameters:

  • ima (Boolean) (defaults to: false)

    Toggles IMA on or off. NOTE: This parameter is deprecated and throws a warning if specified. IMA may remain on if the ima module is enabled elsewhere.

  • take_ownership (Boolean) (defaults to: false)

    Enable to allow Puppet to take ownership of the TPM.

Author:



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/init.pp', line 12

class tpm (
  Boolean $ima            = false,
  Boolean $take_ownership = false
){
  simplib::assert_metadata($module_name)

  # Check if the system has a TPM (which also checks that it
  # is a physical machine, and if so install tools and setup
  # tcsd service - uses str2bool because facts return as strings :(
  if str2bool($facts['has_tpm']) {
    package { 'tpm-tools': ensure => latest }
    package { 'trousers': ensure => latest }

    service { 'tcsd':
      ensure  => 'running',
      enable  => true,
      require => Package['tpm-tools'],
    }

    if $take_ownership {
      include 'tpm::ownership'
    }
  }

  # The following should be removed at the next major release, along with the
  # dependency in the metadata.json.
  if $ima {
    warning ('tpm::ima is deprecated and will be removed in a future release.  Use the ima module instead.')
    include 'ima'
  }
}