Puppet Plan: complyadm::install

Defined in:
plans/install.pp

Summary

Install Security Compliance Management.

Overview

Use this plan to install Security Compliance Management. For complete instructions on how to use this plan to install Security Compliance Management, see www.puppet.com/docs/comply/3.x/comply_bolt_install.

Parameters:

  • ignore_failing_preflights (Optional[Boolean]) (defaults to: false)

    Setting to true will ignore failed preflight checks.

  • upload_images (Optional[Boolean]) (defaults to: true)

    Setting to true will curl images locally from a public GCS bucket and then upload to the install target. Setting to false will pull images directly from the registry on the install target.



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'plans/install.pp', line 8

plan complyadm::install(
  Optional[Boolean] $ignore_failing_preflights = false,
  Optional[Boolean] $upload_images = true
) {
  run_plan('complyadm::check_bolt_version')

  $message = @("MESSAGE")

===================================================================================================

  Puppet Enterprise customers are entitled to use the full Puppet Enterprise Suite:
  - Puppet Enterprise
  - Security Compliance Management
  - Continuous Delivery

  At the end of this Security Compliance Management installation process, you'll have the option
  to separately install Continuous Delivery.

  See https://www.puppet.com/docs/comply/3.x/comply.html for more information.

===================================================================================================

    | MESSAGE

  out::message($message)

  $config_path = "${complyadm::bolt_project_dir()}/data/common.yaml"
  if file::exists($config_path) {
    complyadm::display("Existing configuration found at ${config_path}")
    $use_existing = Boolean(prompt('Would you like to use this configuration?', 'default' => 'y'))

    if $use_existing {
      log::debug('Using existing config.')
    } else {
      log::debug('Overwriting config.')
      run_plan('complyadm::install::new::bootstrap')
    }
  } else {
    run_plan('complyadm::install::new::bootstrap')
  }

  # if any of the PE MTLS certs have not been created, lets ask the user here
  $tls_crt = complyadm::get_yaml_key_value('tls_crt', 'data/common.yaml')
  $tls_key = complyadm::get_yaml_key_value('tls_key', 'data/common.yaml')
  $ca_crt = complyadm::get_yaml_key_value('ca_crt', 'data/common.yaml')
  if $tls_crt == '' or $tls_key == '' or $ca_crt == '' {
    run_plan('complyadm::configure_pe_certs')
  }

  # if any of the Comply TLS certs have not been created, lets ask the user here
  $cert_chain = complyadm::get_yaml_key_value('cert_chain', 'data/common.yaml')
  $private_key = complyadm::get_yaml_key_value('private_key', 'data/common.yaml')
  $crl = complyadm::get_yaml_key_value('crl', 'data/common.yaml')
  if $cert_chain == '' or $private_key == '' or $private_key == '' {
    run_plan('complyadm::configure_comply_certs')
  }

  run_plan('complyadm::install_from_config', {
      'ignore_failing_preflights' => $ignore_failing_preflights,
      'upload_images' => $upload_images
  })
}