Puppet Module Reference

OIT tests and "fully supports" several Puppet profiles and roles to simplify the use of Puppet with NCSU environments and services.

OIT maintains a rigorous change management process and tests to assure that core Puppet profiles and roles interoperate correctly.
The intention is to continuously provide a set of building blocks that campus can use to provide solid services using best practices.

The ncsu:: Module

All of the centrally supported Puppet code lives in this ncsu:: module.

“Supported” means that if you encounter a bug or have a problem implementing a class in the ncsu:: name-space on a supported operating system you can get assistance using the LINUX workgroup in ServiceNow. We intend this class to be reliable and trustworthy for all who use it.

This module lives on github.ncsu.edu It is subject to a change management schedule to ensure that it is properly tested, and that the production branch is functional for everyone on campus. Anyone can fork this module to meet specialized needs, but you are responsible to support any forks/branches you create.

The programming documentation for the ncsu:: module is available, along with the source code.


To simplify the management of large number of hosts, you classify hosts into “roles.” A Role can describe a single system, for example, “Library Master Database Server” or many systems, for example “ECE Graduate Student Loaner Chromebooks.” Both Roles and Profiles are implemented as Puppet Classes, and are stored in git repos.

Supported roles are all named as ncsu::role::rolename where rolename is the name of the role. You assign a role to a host, hostgroup, or organiztion in the Foreman.


Profiles perform apply specific configurations to a box. For example we have a profile that configures authentication sources. Another installs the Auristor afs/yfs client.

A role will call any number of profiles to configure the machine to meet the role requirements.

Programming https://pages.github.ncsu.edu/oit-csi/ncsu/

The pci:: Module

Systems constrained by the PCI-DSS have specific Puppet modules to support PCI-DSS. Whenever possible, we code the ncsu:: modules to the strongest possible security standards, so they can be used in any regulartory environment. Some things like, authentication do need to be seperate for compliance, however.

About this documentation

This documentation was automatically generated from the Puppet Source code using puppet strings Alas! The current version of puppet strings does not support omitting things as @api private so we’ve only run it for direct descentands of role:: and profile:: There may be classes, functions, or types that are not documented here as a result. When in doubt, refer to the source files on github.ncsu.edu

In a similar vein, the current version of puppet strings does not support so-called Puppet “type aliases” so the very important custom types we use under types/ are not documented here. Whenever you see a parameter of type ncsu::something-something, you’ll find it’s definition in github under types/

Edit me