-
Notifications
You must be signed in to change notification settings - Fork 318
Module development overview
- What are modules?
- Module structure
- Essential files
- What do each of the directories stand for?
- Inside the manifests directory
- Inside the files directory
- Inside the templates directory
Modules are directories filled with different types of files with the same overriding structure that is a modified version of the puppet structure, (more on the puppet structure and puppet in general can be found here).
Modules are used to interact with the generated virtual machine in some way to modify it, modules includes the operating system and distribution the basebox is running, the networks that the virtual machine is configured with and any software on the machine.
All of the different types of software, whether they are secure services, a utility services or vulnerabilities that are installed via SecGen, all start off as modules.
Modules are stored within the modules directory in one of the module types, the types being:
- bases
- build
- networks
- services
- vulnerabilities
/SecGen
/modules
/bases
/build
/networks
/services
/vulnerabilities
Each module has the same overall structure although some files and directories are not always required. The structure is as follows:
/{module_name}
/examples
/...
/files
/example.file
/lib
/...
/manifests
/install.pp
/config.pp
/service.pp
/spec
/...
/templates
/example.erb
/{module_name}.pp
/secgen_metadata.xml
{module_name} should be replaced by the name of the module
There are three items that always need to be in the module, these are the main {module_name} directory,{module_name.pp} and secgen_metadata.xml.
{module_name} - The main module directory.
examples - Contains examples ??? TODO ???.
files - Contains files that will not be changed before insertion into the file system.
lib - Contains extra ruby code needed for module manipulation.
manifests - Contains the bulk of the puppet manifests to carry out the modules aims.
spec - Contains ruby module tests.
templates - Contains dynamic files that can be changed via puppet, facter or ruby variables.
secgen_metadata.xml - Contains information that SecGen reads to filter out the different modules depending on the scenario file input, more on scenario files can be found on the page SecGen Scenarios.
module_name.pp - The master puppet file that points to any other puppet files in the manifest directory, usually contains the same three lines calling the classes install, config and service. However the contents will most definitely be different if using modules imported from places like puppetforge.
The ~>-> syntax should be used to ensure that any changes to the starting classes will cause the classes after it to be rerun, more information can be found here.
install.pp - Contains the resources to install the service or vulnerability, either via the use of package {} via a repository or unpacking and installing from source (a repository is recommended as it occupies less space and ensures a working version of the software with no errors during compiling of code).
config.pp - Contains the resources to configure the now installed service, for example by changing configuration files within the software.
service.pp - Contains the resources to ensure that the now installed and configured service is running or has been restarted after an earlier change.
example.file - This is a file that will not be changed by the module, therefore contained data is static.
Files in the files directory will be inserted into the file system on the generated virtual machine usually at the config.pp stage.
example.erb - This is a ruby template file that will be changed by the module, can use ruby variables to gather data from puppet, ruby or facter to ensure dynamic and responsive files to be inserted into the file system.
An example of an template file would be a configuration file for a service.
Like files in the files directory these files are usually inserted into the virtual machines file system at the config.pp stage.