Set up Comply
To start using Puppet Comply, you must complete the setup process, using both Puppet Application Manager (PAM) and Puppet Enterprise (PE).
Important: Before you set up Comply, make
sure you have installed Puppet Application Manager (PAM), Puppet Enterprise (PE) and reviewed the system requirements.
Setting up Comply involves the following steps:
- Configure Comply in Puppet Application Manager (PAM) in an online or offline environment. You can use the default ingress or, if you prefer, a custom NGINX ingress.
- Configure Comply TLS certificates in Puppet Enterprise (PE). You can configure these for the default ingress or, if you prefer, a custom NGINX ingress.
- Install the
comply
module. - Classify the nodes you want to scan in PE.
- Deploy Comply.
- Add your PE credentials to Comply.
-
Configure Comply in an online environment
The Comply configuration process creates a Kubernetes cluster and installs the application on that cluster. -
Configure Comply in an offline environment
Configure Puppet Comply in an air-gapped or offline environment where the Comply host server does not have direct access to the internet. -
Configure Comply TLS certificates
You need to generate certificates for Comply in Puppet Enterprise (PE) to enable automatic upgrades of the CIS-CAT assessor and for tasks to upload reports. -
Configure Comply for a custom NGINX ingress (online environment)
The Comply configuration process requires some extra configuration parameters if you use a custom NGINX ingress. -
Configure Comply for a custom NGINX ingress (offline environment)
Configure Puppet Comply in an air-gapped or offline environment where the Comply host server does not have direct access to the internet. -
Configure Comply TLS certificates for a custom NGINX ingress
You need to generate certificates for Comply in Puppet Enterprise (PE) to enable automatic upgrades of the CIS-CAT assessor and for tasks to upload reports. -
Install the Comply module
Install the Comply module from Puppet Forge. -
Classify the nodes you want to scan
In Puppet Enterprise (PE), classify the nodes you want to scan. -
Deploy Comply
Now that you have completed the setup process, you can deploy Comply. -
Add your PE credentials to Comply
To allow Comply to communicate with PE, you must add your PE credentials to Comply.