• CSI Documentation
• Working with CSI
  • Support Practices
  • Supported Operating Systems
• Linux Build Services
  • Overview of Linux Environment
  • Getting Started
    • Prerequisites
    • Firewall Setup
    • Get a Foreman Org
    • Setup Wolftech OU (optional)
    • Configure Org Defaults
    • Add Users to Your Org
  • Building Hosts
    • Overview
    • Hardware
    • New host creation
    • Network Interfaces
    • Node Classification
    • Other goodies
  • Using Puppet
    • Overview
    • Environments
    • Branches and Updates
    • Workstation Setup
    • Encrypted Hiera
    • Puppet Module References
• Software Repositories
  • Overview
  • Public Mirrors
  • Private Mirrors
  • Hosted Mirror Services
  • Red Hat Install Media
• Satellite deployment
  • Overview
  • Satellite Hosts
  • Registration Guide
  • Satellite Interface
  • Troubleshooting RHEL 6
  • Troubleshooting RHEL 7
• NTP time
  • Overview
• SFTP/SCP
  • SFTP/SCP Service
  • SFTP/SCP On Call Support
• Monitoring
  • Zabbix Information (Zabbix/OnCall/Iris)
  • Zabbix Monitoring FAQ (Zabbix/OnCall/Iris)
• AFS/Auristor Filestore
  • Overview
• MySQL / MariaDB
  • Overview
• Proxy
  • Overview
  • Datacenter proxies
  • PCI-DSS proxies
  • Proxy service calls
• Load Balancing
  • Overview
• ERP
  • Overview
  • IPA Auth
  • MTA Mail Relays
  • Secure File Transfer
  • End-of-Support Systems
• PCI
  • Overview
  • Web Proxy
  • PCI Linux Builds
    • Migration from PE
    • Move a host from PE
    • New PCI hosts
    • Puppet Module for PCI
• CSI Internal docs
  • Operational docs
  • Updating Documentation
  • Auditing
  • Tag summaries for CSI docs
  • SSL Certificate Management
  • Build Environment
    • CSI - Make an org
    • CSI - Make a dev environment
    • Foreman templates
    • Code Flow
    • LDAP recipes for AD
  • Firewall Information
    • Avamar
    • Satellite
    • Foreman + Puppet
  • On-Call Playbook
    • General OS checks
    • role::oit_linux::foreman
    • role::oit_linux::puppet_ca
    • role::oit_linux::puppet_master
    • role::oit_linux::tftpserver
    • Legacy Proxy Servers
    • PCI timeserver
    • Satellite servers

OIT maintains a rigorous change management process and tests to assure that core Puppet profiles and roles interoperate correctly.
The intention is to continuously provide a set of building blocks that campus can use to provide solid services using best practices.

The ncsu:: Module

All of the centrally supported Puppet code lives in this ncsu:: module.

“Supported” means that if you encounter a bug or have a problem implementing a class in the ncsu:: name-space on a supported operating system you can get assistance using the LINUX workgroup in ServiceNow. We intend this class to be reliable and trustworthy for all who use it.

This module lives on github.ncsu.edu It is subject to a change management schedule to ensure that it is properly tested, and that the production branch is functional for everyone on campus. Anyone can fork this module to meet specialized needs, but you are responsible to support any forks/branches you create.

The programming documentation for the ncsu:: module is available, along with the source code.

Roles

To simplify the management of large number of hosts, you classify hosts into “roles.” A Role can describe a single system, for example, “Library Master Database Server” or many systems, for example “ECE Graduate Student Loaner Chromebooks.” Both Roles and Profiles are implemented as Puppet Classes, and are stored in git repos.

Supported roles are all named as ncsu::role::rolename where rolename is the name of the role. You assign a role to a host, hostgroup, or organiztion in the Foreman.

Profiles

Profiles perform apply specific configurations to a box. For example we have a profile that configures authentication sources. Another installs the Auristor afs/yfs client.

A role will call any number of profiles to configure the machine to meet the role requirements.

Programming https://pages.github.ncsu.edu/oit-csi/ncsu/

The pci:: Module

Systems constrained by the PCI-DSS have specific Puppet modules to support PCI-DSS. Whenever possible, we code the ncsu:: modules to the strongest possible security standards, so they can be used in any regulartory environment. Some things like, authentication do need to be seperate for compliance, however.

About this documentation

This documentation was automatically generated from the Puppet Source code using puppet strings Alas! The current version of puppet strings does not support omitting things as @api private so we’ve only run it for direct descentands of role:: and profile:: There may be classes, functions, or types that are not documented here as a result. When in doubt, refer to the source files on github.ncsu.edu

In a similar vein, the current version of puppet strings does not support so-called Puppet “type aliases” so the very important custom types we use under types/ are not documented here. Whenever you see a parameter of type ncsu::something-something, you’ll find it’s definition in github under types/