Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
- Puppet >= 4.10.0 < 9.0.0
- , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'broadinstitute-qualys_agent', '0.10.0'Learn more about managing modules with a PuppetfileDocumentation
qualys_agent
Table of Contents
- Overview
- Module Description
- Setup
- Usage
- Reference
- Limitations - OS compatibility, etc.
- Release Notes
- Contributors
Overview
Install and configure the Qualys Cloud Agent on a system.
Module Description
This module will install the Qualys Cloud Agent from a repository and keep the required configuration files updated.
Setup
Setup Requirements
Due to the nature of Qualys' distribution methods, making the actual package available in a repository is outside the scope of this module. In most cases, you can create your own custom Yum, Apt, etc. repository and serve out the qualys-cloud-agent package you can download from the Qualys interface.
Installation
No trailing slashes should be provided for any paths.
Puppet Forge
puppet module install broadinstitute-qualys_agent
Puppetfile
mod 'broadinstitute/qualys_agent'
Usage
Puppet Manifest
class { 'qualys_agent':
activation_id => 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX',
customer_id => 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX',
}
With Hiera
---
classes:
- qualys_agent
qualys_agent::activation_id: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
qualys_agent::customer_id: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
Running as a user other than root
The configuration is a little tricky if you want to run as a non-root user. To do so, you need to set several options in the configuration together. An example is configured below:
qualys_agent::activation_id: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
qualys_agent::agent_user: 'qualys_auth'
qualys_agent::customer_id: 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
qualys_agent::sudo_user: 'qualys_auth'
qualys_agent::use_sudo: 1
This turns on the use of sudo, but it also sets the User and SudoUser variables in the configuration file, which are both necessary to make the service run as a non-root user.
Reference
REFERENCE.md (generated with Puppet Strings)
Limitations
This has currently only been tested extensively on RedHat-based systems.
Contributors
Reference
Table of Contents
Classes
qualys_agent: Manage an installation of the Qualys Cloud Agentqualys_agent::config: Configure the Qualys agentqualys_agent::config::qagent_log: Manage the main qagent-log.conf configuration filequalys_agent::config::qagent_udc_log: Manage the main qagent-udc-log.conf configuration filequalys_agent::package: Manage the Qualys agent's package installationqualys_agent::service: Configure the Qualys agent servicequalys_agent::user: Configure the user and group to run the Qualys agent service
Classes
qualys_agent
Manage an installation of the Qualys Cloud Agent
Examples
class { 'qualys_agent':
activation_id => 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX',
customer_id => 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX',
}
Parameters
The following parameters are available in the qualys_agent class:
ensureactivation_idagent_groupagent_useragent_user_homedircmd_max_timeoutcmd_stdout_sizeconf_dircustomer_idenv_dirhostid_pathhostid_search_dirhttps_proxylog_dest_typelog_file_dirlog_grouplog_levellog_modelog_ownermanage_groupmanage_packagemanage_servicemanage_userpackage_ensurepackage_nameprocess_priorityqualys_https_proxyrequest_timeoutservice_enableservice_ensureservice_namesudo_commandsudo_useruse_audit_dispatcheruse_sudowebservice_uri
ensure
Data type: Enum['absent', 'present']
Ensure that the Qualys agent is present on the system, or absent.
activation_id
Data type: Variant[String[1], Sensitive[String[1]]]
The Activation ID you receive from Qualys for reporting back to their API (required)
agent_group
Data type: Optional[String]
The group that should run the agent. This also will be the UserGroup setting in the configuration file. (Default: undef)
agent_user
Data type: Optional[String]
The user that should run the agent (Default: undef)
agent_user_homedir
Data type: Stdlib::Absolutepath
The fully qualified path to the agent user's home directory (Default: /usr/local/qualys)
cmd_max_timeout
Data type: Integer
The CmdMaxTimeOut value in qualys-cloud-agent.conf (Default: 1800)
cmd_stdout_size
Data type: Integer
The CmdStdOutSize value in qualys-cloud-agent.conf (Default: 1024)
conf_dir
Data type: Stdlib::Absolutepath
The directory where the qualys-cloud-agent.conf file will exist (Default: /etc/qualys/cloud-agent)
customer_id
Data type: Variant[String[1], Sensitive[String[1]]]
The Customer ID you receive from Qualys for reporting back to their API (required)
env_dir
Data type: Stdlib::Absolutepath
The directory in which to place the environment variable file qualys-cloud-agent. (Default: /etc/sysconfig)
hostid_path
Data type: Stdlib::Absolutepath
The full filesystem path to the hostid file (Default: /etc/qualys/hostid)
hostid_search_dir
Data type: Optional[Stdlib::Absolutepath]
The HostIdSearchDir value in qualys-cloud-agent.conf (Default: undef)
https_proxy
Data type: Optional[String]
The https proxy to be used for all commands performed by the Cloud Agent. (Default: undef)
log_dest_type
Data type: Enum['file', 'syslog']
The log type (file or syslog) (Default: file)
log_file_dir
Data type: Stdlib::Absolutepath
The LogFileDir value in qualys-cloud-agent.conf
The directory in which the log files should be written (Default: /var/log/qualys)
log_group
Data type: Optional[String]
The group that should own files in the log directory (Default: $agent_group)
log_level
Data type: Integer
The LogLevel value in qualys-cloud-agent.conf (Default: 3)
log_mode
Data type: String
The file mode for log files in $log_file_dir (Default: 0600)
log_owner
Data type: Optional[String]
The user that should own files in the log directory (Default: $agent_user)
manage_group
Data type: Boolean
Boolean to determine whether the group is managed by Puppet or not (Default: true)
manage_package
Data type: Boolean
Boolean to determine whether the package is managed by Puppet or not (Default: true)
manage_service
Data type: Boolean
Boolean to determine whether the service is managed by Puppet or not (Default: true)
manage_user
Data type: Boolean
Boolean to determine whether the user is managed by Puppet or not (Default: true)
package_ensure
Data type: String
The "ensure" value for the Qualys agent package. This value can be "installed", "absent",
or a version number if you want to specify a specific package version numer. (Default: installed)
package_name
Data type: String
The name of the package to install (Default: qualys-cloud-agent)
process_priority
Data type: Integer
The ProcessPriority value in qualys-cloud-agent.conf (Default: 0)
qualys_https_proxy
Data type: Optional[String]
The https proxy to be used by the Cloud Agent to communicate with qualys cloud platform. (Default: undef)
request_timeout
Data type: Integer
The RequestTimeOut value in qualys-cloud-agent.conf (Default: 600)
service_enable
Data type: Boolean
Boolean to determine whether the service is enabled or not (Default: true)
service_ensure
Data type: Enum['running', 'stopped']
Ensure that the Qualys agent is running on the system, or stopped (Default: running)
service_name
Data type: String
The name of the Qualys agent service (Default: qualys-cloud-agent)
sudo_command
Data type: String
The SudoCommand value in qualys-cloud-agent.conf (Default: sudo)
sudo_user
Data type: String
The SudoUser value in qualys-cloud-agent.conf (Default: undef)
use_audit_dispatcher
Data type: Integer
The UseAuditDispatcher value in qualys-cloud-agent.conf (Default: 1)
use_sudo
Data type: Integer
The UseSudo value in qualys-cloud-agent.conf (Default: 0)
webservice_uri
Data type: Optional[String]
The ServerUri value in qualys-cloud-agent.conf (Default: undef)
qualys_agent::config
Manage the main qualys-cloud-agent.conf configuration file. This class also includes the qagent_log and
qagent_udc_log subclasses to configure both log configuration files.
qualys_agent::config::qagent_log
Manage the main qagent-log.conf configuration file
qualys_agent::config::qagent_udc_log
Manage the main qagent-udc-log.conf configuration file
qualys_agent::package
Install or uninstall the Qualys agent package
qualys_agent::service
Manage the system service that runs the Qualys agent
qualys_agent::user
Manage the system user and group that run the Qualys agent
Changelog
0.10.0 (2024-11-05)
Implemented enhancements:
- fix: Log config template format and ordering #115 (coreone)
- Allow Sensitive value type, disallow empty ID's #90 (genebean)
- Deprecate OSes, config update #25 (coreone)
- Adds webservice_uri to configuration #23 (ralfbosz)
Closed issues:
Merged pull requests:
0.9.3 (2020-11-03)
Implemented enhancements:
0.9.2 (2020-04-22)
Implemented enhancements:
- Allow permissions to be set differently on Qualys logs #12 (coreone)
- Change metadata.json to allow stdlib version 6 #11 (mbarnesBHR)
Merged pull requests:
0.9.1 (2019-06-19)
Merged pull requests:
- Fix service so that it will restart on any config file changes #6 (coreone)
- Minor cleanup from the first release #5 (coreone)
0.9.0 (2019-06-17)
Implemented enhancements:
- Unit tests in CircleCI #4 (coreone)
- Updates to get close to release 1 #3 (coreone)
- Vagrant, dependencies, config updates #1 (coreone)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- puppetlabs-stdlib (>= 1.0.0 < 10.0.0)