3.4.3.1. Preparing For Non-RPM Install

3.4.3.1.1. Keydist, Rsync, and The Alternate Module Path

SIMP uses a secondary module path, /var/simp/environments/<environment>/, which is set in each environment`s environment.conf. Currently, it contains rsync assets and PKI data, custom to each host. Here is an example from a fresh install:

$ tree -L 1 /var/simp/environments/production
/var/simp/environments/production
├── rsync
└── site_files
  • rsync is a tree that stores data that will be copied over to modules. We have chosen rsync for these applications because of how it handles large files and large amounts of files. See Why does SIMP use rsync?
  • site_files is a place to store private files that may not belong in the control repo or another data source. An example of this would be host-based x509 certificates (which are used heavily by SIMP).

Create the site_files, simp_autofiles, and keydist directories:

$ mkdir -p /var/simp/environments/production/{site_files/modules/pki_files/files/keydist}
$ chown root.puppet /var/simp/environments/<environment>/site_files
$ chmod -R g+rX /var/simp/environments/<environment>/{site_files,simp_autofiles}

The rsync directory is special. When installed from an ISO via RPM, the rsync data and folder structure is laid out in a particular manner. Clone the rsync repository and modify it to make it equivalent to RPM install:

$ git clone https://github.com/simp/simp-rsync.git /tmp/simp-rsync
$ mv -f /tmp/simp-rsync/environments/simp/rsync /var/simp/environments/<environment>/
$ ln -s /var/simp/environments/<environment>/rsync/RedHat /var/simp/environments/<environment>/rsync/CentOS
$ chmod u+rwx,g+rX,o+rX /var/simp{,/environments,/environments/production}

Warning

Be careful when copying the first rsync environment around. There are hidden files in each folder, including rsync .shares files. There is a fact in the simp module that checks for those files. The fact is ingested by simp::server::rsync_shares and rsync shares are created on the Puppet server.

If simp_options::clamav is set to true, the following step is required, otherwise you can skip it.

Install clamav-update and download the latest database using the following config and commands, replacing <environment> with your environment.

$ cat << EOF > /tmp/freshclam.conf
DatabaseDirectory /var/simp/environments/<environment>/rsync/Global/clamav
DatabaseMirror database.clamav.net
Bytecode yes
EOF

$ yum install -y clamav-update
$ freshclam -u root --config-file=/tmp/freshclam.conf

3.4.3.1.2. Other Miscellany

You may need to bring in the SIMP dependencies repository:

$ curl -s https://packagecloud.io/install/repositories/simp-project/6_X_Dependencies/script.rpm.sh.rpm | bash