Install the Comply module

Install the Comply module from Puppet Forge.

Before you begin
Make sure you have generated the Comply certificates in PE.
Modules are self-contained, shareable bundles of code and data. The Comply module contains a Bolt task — the tool that runs the CIS assessor on your nodes.

The Comply module lives on Puppet Forge, a repository of thousands of modules. If you're new to PE and Comply, see Managing environment content with a Puppetfile for more information on the Puppetfile and installing modules.

  1. Go to the comply module on the Forge.

    Follow the instructions in the r10k or Code Manager drop-down menu to add the module declaration to your Puppetfile. You also need to add its dependencies. For example:

    # Puppet comply module
    mod 'puppetlabs/comply', '2.5.0'
    # dependencies for comply
    mod 'puppet/archive', '6.0.2'
    mod 'puppetlabs/chocolatey', '6.1.1'
    mod 'puppetlabs/inifile', '5.2.0'
    mod 'puppetlabs/java', '7.3.0'
    mod 'puppetlabs/ruby_task_helper', '0.6.0'
    mod 'puppetlabs/stdlib', '8.1.0'
    mod 'puppetlabs/powershell', '5.0.0'
    mod 'puppetlabs/registry', '4.0.1'
    mod 'puppetlabs/pwshlib', '0.10.1'

    If you don’t specify options, Code Manager installs the latest version and does not update it automatically. To always have the latest version installed, specify :latest and it updates automatically when a new version is released. Make sure you are always running the latest version of Comply if you intend to use the :latest keyword to update the Comply module. To install a specific version of the module that does not update automatically, specify the version number as a string.

    Important: If you choose a specific version of the module, it must be the same as the Comply version. For example, version 2.3.0 of the module must be installed for Comply 2.3.0.
    Note: When configuring the Comply module for macOS or CentOS 8, you must set the manage_java parameter to false because the management of Java is not supported.
  2. SSH into your PE primary server and deploy the code:
    puppet-code deploy --all
What to do next
Classify the nodes you want to scan in Puppet Enterprise (PE).