As I mentioned before now we have a molly-guard package for CentOS. My amount of CentOS servers at work is huge. Luckily I’m successfully using puppet software to configure my servers. As all of them are in puppet I can install a package on all of them with a little effort.

First of all, I decided to setup a repository for molly-guard. I did yum install lighttpd on one of my servers and put in its www-root a directory called molly. Then I moved my package there. The package itself has noarch architecture so I decided that I don’t need a proper directory structure for my repo. A handy tool which helped me to build a repo is createrepo (yum install createrepo). I did createrepo /var/www/lighttpd/molly and the repository was ready.

To use that repository we need a .repo-file which we will put in /etc/yum.repos.d directory. Mine is something like this:

[molly]
name=molly-guard noarch
baseurl=http://domain.tld/molly/
enabled=1
gpgcheck=0

Now we have a valid repository from which we can install molly-guard via yum. It’s time for puppet to do its job. I decided to make two separate modules for puppet: one to add a repository and another to install a package. It is completely your call to keep it separated or united, I just felt to do like this.

My fist module called yumrepo looks like this:

class yumrepo {
    file { "/etc/yum.repos.d/molly.repo":
        owner => "root",
        group => "root",
        mode => "644",
        source => [ "puppet:///yumrepo/default/molly.repo" ],
    }
}

And my second module called molly_guard looks like this:

class molly_guard {
    package {
        "molly-guard": ensure => present;
    }
}

So now we can include those two modules in node definitions and all the magic will be done. And do not forget to edit your fileserver.conf to correctly serve molly.repo file.