ReleaseEngineering/PuppetAgain/Modules/security

From MozillaWiki
Jump to: navigation, search

Every host has a "security level", one of low, medium, high, or maximum.

Setting The Level

The default level for all hosts is given by $config::default_security_level, which defaults to medium. This can be overridden on a per-node basis with $node_security_level:

   node 'foo.bar.com" {
       $node_security_level = 'high'
       include toplevel::server::thingie
   }

Getting The Level

All PuppetAgain modules are encouraged to configure themselves differently depending on the security level. This can be done either with the string in $security::level:

   class "something" {
       include ::security
       case $::security::level {
           low: {..}
           medium: {..}
           high: {..}
           maximum: {..}
       }
   }

or with booleans for each level (which have an implicit "or higher"):

   class "something" {
       include ::security
       if $::security::high {
           .. # do this on high and maximum hosts only
       }
   }