Install the comply module

Install the comply module from Puppet Forge.

Before you begin
Make sure you have generated the Comply certificates in PE.
Modules are self-contained, shareable bundles of code and data. The comply module contains a Bolt task — the tool that runs the CIS assessor on your nodes.

The comply module lives on Puppet Forge, a repository of thousands of modules. If you're new to PE and Comply, see Managing environment content with a Puppetfile for more information on the Puppetfile and installing modules.

  1. Go to the comply module on the Forge.

    Follow the instructions in the r10k or Code Manager drop down to add the module declaration to your Puppetfile. You also need to add its dependencies. For example:

    # Puppet comply module
    mod 'puppetlabs-comply',           '2.0.0'
    
    # dependencies for comply
    mod 'puppet/archive',              '5.0.0'
    mod 'puppetlabs/chocolatey',       '6.0.1'
    mod 'puppetlabs/inifile',          '5.1.0'
    mod 'puppetlabs/java',             '7.1.0'
    mod 'puppetlabs/ruby_task_helper', '0.6.0'
    mod 'puppetlabs/stdlib',           '7.1.0'

    If you don’t specify options, Code Manager installs the latest version and does not update it automatically. To always have the latest version installed, specify :latest and it updates automatically when a new version is released. To install a specific version of the module that does not update automatically, specify the version number as a string.

  2. SSH into your PE primary server and deploy the code:
    puppet-code deploy --all
What to do next
Classify the nodes you want to scan in Puppet Enterprise (PE).