Using the module

After roughly sixty hours of learning, experimenting, building and tweaking we now have a Puppet module which can be used to manage BoKS client hosts and a number of their configuration aspects. Let’s go over how you would put it to use in your own environment.

First up you’ll need to download and install the BoKS Puppet module. It is listed on Puppet Forge, and it’s also available through Github (here). It’s best to install it using “puppet module install tsluyter-boks”.

To install BoKS, you will need a custom RPM package. I’m sorry, but you’ll need to create that one in-house, as Fox Technologies do not yet offer an RPM installer. Later on we will ensure that this module will also work on other Unixen, with their own package formats. Right now the module assumes RPM, offered over HTTP.

If you want to disable vanilla SSH and enable BoKS SSH through Puppet, you’ll need to specifically tell Puppet to do so (perhaps through a profile). In order to disable the vanilla SSH daemon, you’ll need a module to manage SSH. I used the one by Steffen Zieger. By default BoKS’ SSH is off!

For your own sanity it’s also best if you use roles and profiles, of which an example is included with the Puppet module. By using profiles, you can set up a BoKS client with one simple addition to your site.pp or other configuration source.

Finally, you will need to have Hiera installed, which needs to be populated with configuration details such as bcastaddr lines and the per-host node key and root password. For security’s sake, please use hiera-eyaml to encrypt at least the node key lines (see previous chapter).