3.6. Installation Miscellany¶
3.6.1. Installation Variables¶
This section describes the list of variables that are configurable during
the install. These variables are written to
/etc/puppet/environments/simp/hieradata/simp_def.yaml
by simp config
and are derived from user input.
Description | Variable | Category |
---|---|---|
Enable FIPS-140-2 compliance; true or false | use_fips | FIPS |
Network interface to use | network::interface | NETWORK |
Whether to set up the network interface; true or false | network::setup_nic | NETWORK |
Whether to use DHCP for the network; dhcp to enable DHCP, static otherwise | dhcp | NETWORK |
FQDN of server | hostname | NETWORK |
IP address of server | ipaddress | NETWORK |
Netmask of the system | netmask | NETWORK |
Default gateway | gateway | NETWORK |
List of DNS servers for the managed hosts | dns::servers | DNS |
Search domain for DNS | dns::search | DNS |
Subnet used for clients managed by the puppet server | client_nets | PUPPET |
NTP servers | ntpd::servers | NTP |
IP address of primary log server | log_servers | RSYSLOG |
IP address of failover log server | failover_log_server | RSYSLOG |
Yum server for simp modules | simp::yum::servers | YUM |
Whether to use the audit daemon; true or false | use_auditd | SYSTEM |
Whether to use the iptables daemon; true or false | use_iptables | SYSTEM |
Default system run level; 1-5 | simplib::runlevel | SYSTEM |
SELINUX mode to use; enforcing, permissive, or disabled | selinux::ensure | SYSTEM |
Whether to set a GRUB password on the server; true or false | set_grub_password | GRUB |
GRUB password hash | grub::password | GRUB |
Whether puppet server will be a yum server; true or false | is_master_yum_server | YUM |
FQDN of the puppet server | puppet::server | PUPPET |
Puppet servers IP address | puppet::server::ip | PUPPET |
FQDN of Puppet Certificate Authority (CA) | puppet::ca | PUPPET |
Port Puppet CA will listen on | puppet::ca_port | PUPPET |
DNS name of puppet database server | puppetdb::master::config::puppetdb_server | PUPPET |
Port used by the puppet database server | puppetdb::master::config::puppetdb_port | PUPPET |
Whether to use LDAP; true or false | use_ldap | PUPPET |
LDAP Server Base Distinguished Name | ldap::base_dn | LDAP |
LDAP Bind Distinguished Name | ldap::bind_dn | LDAP |
LDAP Bind password | ldap::bind_pw | LDAP |
LDAP Bind password hash | ldap::bind_hash | LDAP |
LDAP Sync Distinguished Name | ldap::sync_dn | LDAP |
LDAP Sync password | ldap::sync_pw | LDAP |
LDAP Sync password hash | ldap::sync_hash | LDAP |
LDAP root Distinguished Name | ldap::root_dn | LDAP |
LDAP root password hash | ldap::root_hash | LDAP |
LDAP master URI | ldap::master | LDAP |
List of OpenLDAP server URIs | ldap::uri | LDAP |
List of SSSD domains | ldap::master | SYSTEM |
Root location of files to be distributed via rsync | rsync::base | RSYNC |
Rsync server; typically 127.0.0.1 for rsync over stunnel, which is the default protocol stack for this capability | rsync::server | RSYNC |
Maximum rsync timeout in seconds | rsync::timeout | RSYNC |
3.6.2. simp config Actions¶
In addition to creating simp_defs.yaml
, simp config
also
performs a limited set of actions in order to prepare the system for
bootstrapping.
Category | Actions Performed | |
---|---|---|
FIPS | When the user selects to enable FIPS,
simp config will set the Puppet digest algorithm to
sha256 to prevent any Puppet-related actions executed by
simp config from using MD5 checksums. Note that this is
not all that must be done to enable FIPS. The complete
set of actions required to to enable FIPS is handled by
simp bootstrap . |
|
Network |
|
|
GRUB | When the user selects to set the GRUB password,
simp config will set the password in
/etc/grub2.cfg . |
|
Certificates | If no certificates for the host are found in
/etc/puppet/environments/simp/keydist , simp config
will use the FakeCA to generate certificates needed by SIMP
for the host. These certificates are independent of the
certificates managed by Puppet, itself. |
|
System Hiera | If a hosts yaml file in
/etc/puppet/environments/simp/hieradata/hosts does not
already exist, simp config will create one from a SIMP
template. |
|
YUM Update | simp config updates the appropriate YUM Updates
repository contained at
/var/www/yum/OSTYPE/MAJORRELEASE/ARCH . |
|
Puppet |
|
|
LDAP | simp config adds or removes the simp::ldap_server
setting from the hosts YAML file in
/etc/puppet/environments/simp/hieradata/hosts , based on
whether the user opts to use or not use LDAP, respectively. |