puppet-inspec

Table of Contents

1. Module Description - What the module does and why it is useful
2. Setup - The basics of getting started with puppet-inspec
   • What puppet-inspec affects
   • Beginning with puppet-inspec
3. Usage - Configuration options and additional functionality
4. Reference - An under-the-hood peek at what the module is doing and how
5. Limitations - OS compatibility, etc.
6. Development - Guide for contributing to the module

Module description

This module will download and install inspec by Chef, a compliance as code tool.

Setup

What puppet-inspec affects

puppet-inspec will simply download the package from the package url (or optionally from your own repo) and install it. That's it!

Beginning with puppet-inspec

Simply include the inspec module like so:

  include ::inspec

You may want to use a class include if you wish to override parameters:

  class { '::inspec' :
		install_method => 'package'
  }

Usage

I just want to install inspec, what's the minimum I need

  include ::inspec

Reference

Classes

Public Classes

• inspec: Installs inspec in your environment.
• inspec::profile: Downloads and installs inspec profile zip packages

Private Classes

• [inspec::install]: Installs the required inspec package using the method you specify

inspec

Parameters

package_name [String]

Specifies the package to install for inspec

package_version [String]

Specifies the version of the inspec package to install (default: installed)

install_method [String]

Specifies the install method you wish to use. Possible values are: 'url' (default) : 'package' : 'gem' If package is specified, it's assumed the package is in an available repo

os_arch [String]

Specifies the Operating System Architecture of the package you wish to download (default: platform dependant)

os_family [String]

Specifies the operating system family of the package you wish to download (default: platform dependant)

os_ver [String]

Specifies the major relase of the package you wish to download

config_dir [String]

Specifies the config directory for inspec profiles (default: /etc/inspec)

profiles_dir [String]

Specifies the directory within the config dir to place profiles (default: profiles.d)

downloads_dir [String]

Specifies the directory to download profiles to if using the defined type (default: ${config_dir}/downloads)

purge [Bool]

Specifies whether Puppet should purge the config directories of files not managed by Puppet (default: false)

manage_repo [Bool]

Specifies whether the inspec/chef repo should be added to install packages (default: true)

repo_channel [String]

Specifies the repo channel from chef that should be used, can be either stable or current (default: stable)

package_url_base [String]

Specifies the URL of the chef/inspec package repository (default: https://packages.chef.io/repos/)

package_url_type [String]

Specifies the package type for the repo url. (default: OS dependent)

inspec::profile

Parameters

source [String]

Specifies the full URL to download inspec profiles from

ensure [String]

Specifies whether the profile should be present or not (default: present)

type [String]

Specifies the archive type for the downloaded profile. Can be either tar.gz or zip (default: tar.gz)

version [String]

Specifies a profile version for the downloaded profile. This allows profile versioning via symlinking (default: undef)

Limitations

The module only currently works on RedHat Enterprise Linux variants