Installing SIMP From A Repository

Enable EPEL

$ sudo yum install epel-release -y
$ sudo yum install pygpgme yum-utils

Install The SIMP-Project Repository

$ sudo touch /etc/yum.repos.d/simp-project.repo

Add the following to simp-project.repo, replacing 7 with the appropriate version of EL and 5 with the appropriate version of SIMP (EL 7,SIMP 5.X shown below)

[simp-project_5_X]
name=simp-project_5_X
baseurl=https://packagecloud.io/simp-project/5_X/el/7/$basearch
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[simp-project_5_X-source]
name=simp-project_5_X-source
baseurl=https://packagecloud.io/simp-project/5_X/el/7/SRPMS
gpgcheck=1
enabled=0
gpgkey=https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Install The SIMP-project_dependencies Repository

Note

The repository may contain items from external vendors, most notably Puppet, Inc. and EPEL but may also contain non-SIMP project files that have been compiled for distribution.

$ sudo touch /etc/yum.repos.d/simp-project_dependencies.repo

Add the following to simp-project_dependencies.repo, replacing 7 with the appropriate version of EL and 5 with the appropriate version of SIMP (EL 7, SIMP 5.X shown below)

[simp-project_5_X_dependencies]
name=simp-project_5_1_X_dependencies
baseurl=https://packagecloud.io/simp-project/5_X_Dependencies/el/7/$basearch
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP
       https://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
       https://getfedora.org/static/352C64E5.txt
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

[simp-project_5_X_dependencies-source]
name=simp-project_5_X_dependencies-source
baseurl=https://packagecloud.io/simp-project/5_X_Dependencies/el/7/SRPMS
gpgcheck=1
enabled=0
gpgkey=https://raw.githubusercontent.com/NationalSecurityAgency/SIMP/master/GPGKEYS/RPM-GPG-KEY-SIMP
       https://yum.puppetlabs.com/RPM-GPG-KEY-puppetlabs
       https://getfedora.org/static/352C64E5.txt
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
metadata_expire=300

Rebuild The Yum Cache

$ sudo yum makecache

Install SIMP!

$ sudo yum install simp

Modify Yum URLs

Set the following variables to repositories of your choosing in /etc/puppet/environments/production/hieradata/default.yaml

# Full URL to a YUM repo for Operating System packages
simp::yum::os_update_url: "http://mirror.centos.org/centos/$releasever/os/$basearch/"
# Full URL to a YUM repo for SIMP packages
simp::yum::simp_update_url: "https://packagecloud.io/simp-project/5_X/el/7/$basearch"

SIMP Config

Run simp config:

$ simp config

Note

If you intend to use FIPS, set use_fips=true during simp config and follow the Enable FIPS instructions after config is complete. Otherwise, set it false and skip Enable FIPS.

Enable FIPS

$ rm -rf /var/lib/puppet/ssl
$ yum-config-manager --enable base
$ yum install dracut-fips
$ dracut -f
$ reboot now

Bootstrap Bootstrap Bootstrap

$ simp bootstrap

Clients

Add clients as you would a normal Puppet client.

Alternatively, you can download the runpuppet script from the SIMP server

$ curl http://puppet.server.fqdn/ks/runpuppet > runpuppet
$ chmod +x runpuppet
$ ./runpuppet