Skip to content

Commit

Permalink
Updates to get close to release 1 (#3)
Browse files Browse the repository at this point in the history 
* Add License file
* Fix up the README
* Fix default user_group to match default from the package
* Add a qualys-cloud-agent.properties file as it seems to be necessary for first-start
* Guard against doing anything to root user/group
* Fix how dependencies are handled across all classes
* Syntax bug fix in `user.pp`
* Add hostid settings
* Add booleans for manage_package and package_ensure
* Manage existence and permissions on hostid file, but not contents
* Fix the vagrant install script to work around the librarian-puppet problem
  • Loading branch information
@coreone
coreone committed Jun 4, 2019
1 parent 6040805 commit 05b7fe7
Show file tree
Hide file tree
Showing 12 changed files with 417 additions and 138 deletions.
27 changes: 27 additions & 0 deletions LICENSE.txt
View file
@@ -0,0 +1,27 @@
Copyright (c) 2015, Broad Institute, Inc.
All rights reserved.

Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:

* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.

* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

* Neither the name Broad Institute, Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
248 changes: 195 additions & 53 deletions README.md
View file
@@ -1,83 +1,225 @@
# qualys_agent

[![Puppet Forge](https://img.shields.io/puppetforge/dt/broadinstitute/certs.svg)](https://forge.puppetlabs.com/broadinstitute/certs)
[![Puppet Forge](https://img.shields.io/puppetforge/v/broadinstitute/certs.svg)](https://forge.puppetlabs.com/broadinstitute/certs)
[![Puppet Forge](https://img.shields.io/puppetforge/f/broadinstitute/certs.svg)](https://forge.puppetlabs.com/broadinstitute/certs)
[![License](https://img.shields.io/badge/License-BSD%203--Clause-blue.svg)](https://opensource.org/licenses/BSD-3-Clause)

## Table of Contents

1. [Description](#description)
1. [Setup - The basics of getting started with qualys_agent](#setup)
* [What qualys_agent affects](#what-qualys_agent-affects)
1. [Overview](#overview)
2. [Module Description](#module-description)
3. [Setup](#setup)
* [Setup requirements](#setup-requirements)
* [Beginning with qualys_agent](#beginning-with-qualys_agent)
1. [Usage - Configuration options and additional functionality](#usage)
1. [Reference - An under-the-hood peek at what the module is doing and how](#reference)
1. [Limitations - OS compatibility, etc.](#limitations)
1. [Development - Guide for contributing to the module](#development)
* [Installation](#installation)
4. [Usage](#usage)
* [Puppet Manifest](#puppet-manifest)
* [With Hiera](#with-hiera)
* [Running as a user other than root](#running-as-a-user-other-than-root)
5. [Reference](#reference)
6. [Limitations - OS compatibility, etc.](#limitations)
7. [Release Notes](#release-notes)
8. [Contributors](#contributors)

## Description
## Overview

Start with a one- or two-sentence summary of what the module does and/or what
problem it solves. This is your 30-second elevator pitch for your module.
Consider including OS/Puppet version it works with.
Install and configure the Qualys Cloud Agent on a system.

You can give more descriptive information in a second paragraph. This paragraph
should answer the questions: "What does this module *do*?" and "Why would I use
it?" If your module has a range of functionality (installation, configuration,
management, etc.), this is the time to mention it.
## Module Description

## Setup
This module will install the Qualys Cloud Agent from a repository and keep the required configuration files updated.

### What qualys_agent affects **OPTIONAL**
## Setup

If it's obvious what your module touches, you can skip this section. For
example, folks can probably figure out that your mysql_instance module affects
their MySQL instances.
### Setup Requirements

If there's more that they should know about, though, this is the place to mention:
Due to the nature of Qualys' distribution methods, making the actual package available in a repository is outside the scope of this module. In most cases, you can create your own custom Yum, Apt, etc. repository and serve out the `qualys-cloud-agent` package you can download from the Qualys interface.

* A list of files, packages, services, or operations that the module will alter,
impact, or execute.
* Dependencies that your module automatically installs.
* Warnings or other important notices.
### Installation

### Setup Requirements **OPTIONAL**
No trailing slashes should be provided for any paths.

If your module requires anything extra before setting up (pluginsync enabled,
etc.), mention it here.
#### Puppet Forge

If your most recent release breaks compatibility or requires particular steps
for upgrading, you might want to include an additional "Upgrading" section
here.
``` sh
puppet module install broadinstitute-qualys_agent
```

### Beginning with qualys_agent
#### Puppetfile

The very basic steps needed for a user to get the module up and running. This
can include setup steps, if necessary, or it can be an example of the most
basic use of the module.
``` sh
mod 'broadinstitute/qualys_agent'
```

## Usage

This section is where you describe how to customize, configure, and do the
fancy stuff with your module here. It's especially helpful if you include usage
examples and code samples for doing things with your module.
### Puppet Manifest

```puppet
include certs
$domain = 'www.example.com'
certs::site { $domain:
source_path => 'puppet:///site_certificates',
ca_cert => true,
ca_name => 'caname',
ca_source_path => 'puppet:///ca_certs',
}
```

### With Hiera

```yaml
classes:
- certs
certs::sites:
'www.example.com':
source_path: 'puppet:///site_certificates'
ca_cert: true
ca_name: 'caname'
ca_source_path: 'puppet:///ca_certs'
```

### Running as a user other than root

The configuration is a little tricky if you want to run as a non-root user. To do so, you need to set several options in the configuration together. An example is configured below:

```yaml
qualys_agent::activation_id: 00000000-0000-0000-0000-000000000000
qualys_agent::agent_user: 'qualys_auth'
qualys_agent::customer_id: 00000000-0000-0000-0000-000000000000
qualys_agent::sudo_user: 'qualys_auth'
qualys_agent::use_sudo: 1
```

This turns on the use of sudo, but it also sets the `User` and `SudoUser` variables in the configuration file, which are both necessary to make the service run as a non-root user.

## Reference

Here, include a complete list of your module's classes, types, providers,
facts, along with the parameters for each. Users refer to this section (thus
the name "Reference") to find specific details; most users don't read it per
se.
### Class: `qualys_agent`

## Limitations
#### `ensure`

Ensure that the Qualys agent is present on the system, or absent. **Default: true**

#### `activation_id`

The Activation ID you receive from Qualys for reporting back to their API **(required)** **Default: undef**

#### `agent_group`

The group that should run the agent. **Default: undef**

#### `agent_user`

The user that should run the agent. **Default: undef**

#### `cmd_max_timeout`

The CmdMaxTimeOut value in `qualys-cloud-agent.conf`. **Default: 1800**

#### `cmd_stdout_size`

The CmdStdOutSize value in `qualys-cloud-agent.conf`. **Default: 1024**

#### `conf_dir`

The directory where the `qualys-cloud-agent.conf` file will exist. **Default: /etc/qualys/cloud-agent**

#### `customer_id`

The Customer ID you receive from Qualys for reporting back to their API. **(required)** **Default: undef**

#### `hostid_path`

The full filesystem path to the hostid file. **Default: /etc/qualys/hostid**

#### `hostid_search_dir`

The HostIdSearchDir value in `qualys-cloud-agent.conf`. **Default: undef**

#### `log_dest_type`

The log type (file or syslog). **Default: file**

#### `log_file_dir`

The LogFileDir value in `qualys-cloud-agent.conf`.
The directory in which the log files should be written. **Default: /var/log/qualys**

#### `log_level`

The LogLevel value in `qualys-cloud-agent.conf`. **Default: 3**

#### `manage_group`

Boolean to determine whether the group is managed by Puppet or not. **Default: true**

This is where you list OS compatibility, version compatibility, etc. If there
are Known Issues, you might want to include them under their own heading here.
#### `manage_package`

Boolean to determine whether the package is managed by Puppet or not. **Default: true**

#### `manage_service`

Boolean to determine whether the service is managed by Puppet or not. **Default: true**

#### `manage_user`

Boolean to determine whether the user is managed by Puppet or not. **Default: true**

#### `package_ensure`

The "ensure" value for the Qualys agent package. This value can be "installed", "absent", or a version number if you want to specify a specific package version numer. **Default: installed**

#### `package_name`

The name of the package to install. **Default: qualys-cloud-agent**

#### `process_priority`

The ProcessPriority value in `qualys-cloud-agent.conf`. **Default: 0**

#### `request_timeout`

The RequestTimeOut value in `qualys-cloud-agent.conf`. **Default: 600**

#### `service_enable`

Boolean to determine whether the service is enabled or not. **Default: true**

#### `service_ensure`

Ensure that the Qualys agent is running on the system, or stopped. **Default: running**

#### `service_name`

The name of the Qualys agent service. **Default: qualys-cloud-agent**

#### `sudo_command`

The SudoCommand value in `qualys-cloud-agent.conf`. **Default: sudo**

#### `sudo_user`

The SudoUser value in `qualys-cloud-agent.conf`. **Default: undef**

#### `use_audit_dispatcher`

The UseAuditDispatcher value in `qualys-cloud-agent.conf`. **Default: 1**

#### `use_sudo`

The UseSudo value in `qualys-cloud-agent.conf`. **Default: 0**

#### `user_group`

The UserGroup value in `qualys-cloud-agent.conf`. **Default: undef**

## Limitations

## Development
This has currently only been tested extensively on RedHat-based systems.

Since your module is awesome, other users will want to play with it. Let them
know what the ground rules for contributing are.
## Release Notes

## Release Notes/Contributors/Etc. **Optional**
* 1.0.0

If you aren't using changelog, put your release notes here (though you should
consider using changelog). You can also add any additional sections you feel
are necessary or important to include here. Please use the `##` header.
## Contributors
7 changes: 5 additions & 2 deletions data/common.yaml
View file
Expand Up @@ -8,12 +8,16 @@ qualys_agent::cmd_max_timeout: 1800
qualys_agent::cmd_stdout_size: 1024
qualys_agent::conf_dir: /etc/qualys/cloud-agent
qualys_agent::customer_id: ~
qualys_agent::hostid_path: /etc/qualys/hostid
qualys_agent::hostid_search_dir: ~
qualys_agent::log_dest_type: file
qualys_agent::log_file_dir: /var/log/qualys
qualys_agent::log_level: 3
qualys_agent::manage_group: true
qualys_agent::manage_package: true
qualys_agent::manage_service: true
qualys_agent::manage_user: true
qualys_agent::package_ensure: installed
qualys_agent::package_name: qualys-cloud-agent
qualys_agent::process_priority: 0
qualys_agent::request_timeout: 600
Expand All @@ -24,5 +28,4 @@ qualys_agent::sudo_command: sudo
qualys_agent::sudo_user: root
qualys_agent::use_audit_dispatcher: 1
qualys_agent::use_sudo: 0
qualys_agent::user_group: root
qualys_agent::version: ~
qualys_agent::user_group: ~

0 comments on commit 05b7fe7

Please sign in to comment.