hsnodgrass

CD4PE Pipeline Patterns and Strategies

Recently, a few of us PSEs got together to have a deep dive into CD4PE and see if we could take some of the workflows we've seen from customers and convert them to CD4PE. We've identified a few different patterns and stragtegies and would like input on their validity, supportability, and how well they adhere to CD4PE's intended usage.

Master pipeline, feature pipeline

• This is the most basic pattern we have, and the one we are expecting to deliver as part of a standard jumpstart.
• Consists of two pipelines, Master and Regex.
  • Master:
    • Source is master branch in control repo
    • Triggered via commit pull requests and commits.
• Default code validation and impact analysis stages.

hsnodgrass

# An example of using https://github.com/ayohrling/local_security_policy
# to enforce a CIS benchmark against a windows host.
# The `tags` parameter is a good spot to put things like CIS profile,
# benchamark number, controls,  or any other metadata about the policy
# you or an auditor would like to see. More info about tags:
# https://puppet.com/docs/puppet/latest/lang_tags.html
# 1.1.1
local_security_policy { 'Enforce password history':
  ensure       => present,
  policy_value => 24,

hsnodgrass

#!/bin/bash
wget --content-disposition 'https://pm.puppet.com/cgi-bin/download.cgi?dist=el&rel=7&arch=x86_64&ver=latest'
PACKAGE=$(ls ./ | grep puppet-enterprise-*.tar.gz)
tar -xf $PACKAGE
cd $(echo $PACKAGE | sed -e 's/.tar.gz//g')
if [ -z "$1" ]; then
    source puppet-enterprise-installer
else
    source puppet-enterprise-installer -c $1
    puppet agent -t