Install the Comply module

Install the Comply module from Puppet Forge.

Before you begin
Make sure you have generated the Comply certificates in PE.
Modules are self-contained, shareable bundles of code and data. The Comply module contains a Bolt task — the tool that runs the CIS assessor on your nodes.

The Comply module lives on Puppet Forge, a repository of thousands of modules. If you're new to PE and Comply, see Managing environment content with a Puppetfile for more information on the Puppetfile and installing modules.

  1. Go to the comply module on the Forge.

    Follow the instructions in the r10k or Code Manager drop down to add the module declaration to your Puppetfile. You also need to add its dependencies. For example:

    # Puppet comply module
    mod 'puppetlabs/comply', '2.2.2'
     
    # dependencies for comply
    mod 'puppet/archive', '6.0.2'
    mod 'puppetlabs/chocolatey', '6.0.1'
    mod 'puppetlabs/inifile', '5.2.0'
    mod 'puppetlabs/java', '7.3.0'
    mod 'puppetlabs/ruby_task_helper', '0.6.0'
    mod 'puppetlabs/stdlib', '7.1.0'
    mod 'puppetlabs/powershell', '5.0.0'
    mod 'puppetlabs/registry', '4.0.1'
    mod 'puppetlabs/pwshlib', '0.10.1'

    If you don’t specify options, Code Manager installs the latest version and does not update it automatically. To always have the latest version installed, specify :latest and it updates automatically when a new version is released. Make sure you are always running the latest version of Comply if you intend to use the :latest keyword to update the Comply module. To install a specific version of the module that does not update automatically, specify the version number as a string.

    Important: If you choose a specific version of the module, it MUST be the same as the Comply version. For example, version 2.2.2 of the module must be installed for Comply 2.2.2.
    Note: When configuring the Comply module for macOS, the manage_java parameter must be set to false as the management of Java is not supported on Mac OS X.
  2. SSH into your PE primary server and deploy the code:
    puppet-code deploy --all
What to do next
Classify the nodes you want to scan in Puppet Enterprise (PE).