Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
# Reference
<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
## Table of Contents
### Classes
* [`server_patching`](#server_patching): A class to deploy patching-related tools
* [`server_patching::validate`](#server_patchingvalidate): Validate the server state based on predefined checks.
## Classes
### <a name="server_patching"></a>`server_patching`
At the moment only includes the class `server_patching::validate`.
#### Examples
#####
```puppet
include server_patching
```
### <a name="server_patchingvalidate"></a>`server_patching::validate`
The class generates or removes the validation script for the
state of the server. The resulting script can be automatically
invoked by AWS SSM after unattended patching.
A hiera example:
```yaml
server_patching::validate::ensure: present
server_patching::validate::services:
- name: open-vm-tools.service
active: true
- name: openipmi.service
active: false
server_patching::validate::processes:
- name: falcond
running: true
server_patching::validate::urls:
- url: https://netdb.stanford.edu/status-3654hkfjd7fhbd
status: 200
- url: https://netdb.stanford.edu
status: 302
server_patching::validate::ports:
- port: 22
proto: tcp
ip_ver: ipv4
listening: true
- port: 23
proto: tcp
ip_ver: ipv4
listening: false
server_patching::validate::mounts:
- /home
- /mnt/data
server_patching::validate::exports:
- /share/raw_data
- /share/processed_data
server_patching::validate::zfs_pools:
- pool1
- pool2
```
#### Examples
#####
```puppet
include server_patching::validate
```
#### Parameters
The following parameters are available in the `server_patching::validate` class:
* [`ensure`](#ensure)
* [`validation_script`](#validation_script)
* [`use_remctl`](#use_remctl)
* [`services`](#services)
* [`processes`](#processes)
* [`urls`](#urls)
* [`ports`](#ports)
* [`mounts`](#mounts)
* [`exports`](#exports)
* [`zfs_pools`](#zfs_pools)
##### <a name="ensure"></a>`ensure`
Data type: `Enum['absent','present']`
Deploy or remove the validation script.
Default value: `'present'`
##### <a name="validation_script"></a>`validation_script`
Data type: `Stdlib::Unixpath`
Location of the validation script on the system.
Default value: `'/usr/local/bin/validate.sh'`
##### <a name="use_remctl"></a>`use_remctl`
Whether to create a remctl for validation script or not.
##### <a name="services"></a>`services`
Data type: `Array[Struct[{
'name' => String,
'active' => Optional[Boolean]}]]`
Array of hashes, where each hash is describing a service and
its desired state.
Options:
* **:name** `String`: The name of the service to check.
* **:active** `Boolean`: Desired state of the service: `true` if the service should be running or
`false` if the service should be stopped, disabled, masked or really failed.
Defaults to `true`.
Default value: `[]`
##### <a name="processes"></a>`processes`
Data type: `Array[Struct[{
'name' => String,
'command' => Optional[String],
'running' => Optional[Boolean]}]]`
Array of hashes, where each hash describes the name of a process
and whether it is supposed to be running.
Options:
* **:name** `String`: The name of the process to check.
* **:running** `Boolean`: The desired state of the process, `true` if the process should be running
or `false` if it is not supposed to. Defaults to `true`.
* **:command** `Boolean`: Search string for a command line arguments of a process.
Default value: `[]`
##### <a name="urls"></a>`urls`
Data type: `Array[Struct[{
'url' => Stdlib::HTTPUrl,
'resolve_to' => Optional[Stdlib::IP::Address],
'status' => Optional[Integer[100,510]]}]]`
Array of hashes, where each hash describes the web URL
and the HTTP status code it is supposed to return
Options:
* **:url** `Stdlib::HTTPUrl`: The HTTP URL to check.
* **:status** `Integer`: The HTTP status code :url is expected to return. Defaults to `200`.
* **:resolve_to** `Integer`: Force the domain specified in a URL to resolve to this IP address.
Default value: `[]`
##### <a name="ports"></a>`ports`
Data type: `Array[Struct[{
'port' => Stdlib::Port,
'proto' => Optional[Enum['tcp','udp']],
'ip_ver' => Optional[Enum['ipv4','ipv6']],
'listening' => Optional[Boolean]}]]`
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
Array of hashes, where each hash contains a port number, protocol,
IP protocol version (IPv4/IPv6) and whether anything is expected
to be listening on it.
Options:
* **:port** `Stdlib::Port`: Port number to check.
* **:proto** `Enum['tcp','udp']`: Protocol TCP or UDP which is to be used for the check. Defaults to `tcp`.
* **:ip_ver** `Enum['ipv4','ipv6']`: Version of IP protocol to use for the check, IPv4 or IPv6. Defaults to `ipv4`.
* **:listenting** `Boolean`: `true`, if something is expected to listed on this port or `false` if
the port is not supposed to respond. Defaults to `true`.
Default value: `[]`
##### <a name="mounts"></a>`mounts`
Data type: `Array[Stdlib::Unixpath]`
Array of mounts to be checked for presence.
Default value: `[]`
##### <a name="exports"></a>`exports`
Data type: `Array[Stdlib::Unixpath]`
Array of NFS exports to be checked for presence. Only local exports are checked.
Default value: `[]`
##### <a name="zfs_pools"></a>`zfs_pools`
Data type: `Array[String]`
Array of ZFS pools to be checked for presence.
Default value: `[]`