Installation_Miscellaney¶
This sections provides a list of variables that are configurable during the install.
List of Installation Variables¶
| Description | Default Setting | Puppet Variable | Section |
|---|---|---|---|
| Enable FIPS-140-2 compliance | enabled | use_fips | FIPS |
| Do you want to set up network interface - use DHCP or Static for NIC - Hostname of server - IP Address of server - Netmask - Default gateway | static puppet.change.me none none none | none - The device is confgured none none none | SYSTEM |
| Your DNS server | IP this install | dns::servers | DNS |
| The search domain for DNS. | change.me | dns::search | DNS |
| Subnet used for clients managed by the puppet server | subnet of IP this install | client_nets | PUPPET |
| NTP servers. | none | ntpd::servers | NTP |
| IP addr of primary log server (rsyslog) | none | log_servers | RSYSLOG |
| IP address of failover log server. | none | failover_log_server | RSYSLOG |
| Yum server for simp modules. | IP this install | simp::yum::servers | YUM |
| Turn on the audit deamon? | true | use_auditd | SYSTEM |
| Turn on iptable deamon? | true | use_iptables | SYSTEM |
| The default system run level | 3 | common::runlevel | SYSTEM |
| Do you want to set SELINUX to enforcing? | true | selinux::ensure | SYSTEM |
| Set a grub password on the puppet server? | true | set_grub_password | GRUB |
| Make puppet server the master yum server? | true | is_master_yum_server | YUM |
| The FQDN of the puppet server. | puppet.change.me | puppet::server | PUPPET |
| Puppet servers IP address. | current IP | puppet::server::ip | PUPPET |
| FQDN of Puppet Certificate Authority (CA) | puppet server | puppet::ca | PUPPET |
| The port Puppet CA will listen on. | 8141 | puppet::ca_port | PUPPET |
| The DNS name of puppet database server. | puppet server | puppetdb::master::config::puppetdb_server | PUPPET |
| The port used by the puppet database server | 8139 | puppetdb::master::config::puppetdb_port | PUPPET |
| Do you want to use LDAP? | true | use_ldap | PUPPET |
| LDAP Server Base Distinquish Name (DN) | generate from puppetsrv name | ldap::basedn | LDAP |
| The LDAP Bind Distiquished name. | generate from LDAP base DN | ldap::bind_dn | LDAP |
| LDAP Bind password | yes | ldap::bind_hash | LDAP |
| LDAP Sync Distiquished name. | generate from LDAP base DN | ldap::sync_dn | LDAP |
| LDAP Sync password | yes | ldap::sync_pw | LDAP |
| The LDAP root DN. | generated from the ldap::basedn | ldap::root_dn | LDAP |
| LDAP root password This password is used for manually updating LDAP, you will want to set it your self. | no | ldap::root_hash | LDAP |
| The URI for your LDAP server. | ldap::// <puppetsrvFQDN> | ldap::master | LDAP |
| The directory that will hold files used to sync oprational directories | /var/simp/rsync/ OSTYPE/MJRREL | RSYNC | |
| The server that remote syncs | 127.0.0.1 | rsync::server | RSYNC |
| Maximum rsync timeout in seconds | 1 | rsync::timeout | RSYNC |
Configuration¶
This briefly describes what is being configured in the different sections indicated in the table above.
You may make changes to the default settings in `` puppet config print environmentpath/simp/hieradata/simp_def.yaml` `` or one of the other yaml files in the hieradata directory.
These Hiera files can be used after initial set up to change settings. The Hiera Overview section gives an introduction of using Hiera in SIMP.
FIPS¶
- Turning on and off FIPS mode sets kernel parameters and systems environment variables to ensure the system is FIPS 140-2 compliant.
- FIPS is on by default. If you ever want to have your system to beFIPS compliant, you will want to ensure that the system is built with this enabled. It may easily be disabled once the system is built.
GRUB¶
- Grub password in
/etc/grub2.cfg
SYSTEM¶
- Basic network setup.
- Startup files in /etc/init.d.
- Configuration files under /etc/sysconfig.
- Rsyslog settings.
PUPPET¶
- Autosigning in
*/etc/puppet/autosign.conf - File Serving in
*/etc/puppet/fileserver.conf - Puppet server and Certificate Authority (CA) information in
/etc/puppet/puppet.conf - Server certificates for the puppet host (Fake CA)
LDAP¶
- If you select use_ldap and set this server as your LDAP server, OpenLDAP Puppet will enable the LDAP service on this server and all clients will be set to reference it for authentication.
- If you select use_ldap and set another server as your LDAP server, then the clients (including this server) will use the specified server instead.
- If you choose not to use LDAP the system is set up to use traditional local authentication only.