Skip to content

RHEL - Locmap

Locmap is a tool for locally applying a curated subset of puppet modules on a Linux machine without the need for a puppet master.

Follow these instructions to install Locmap.

If you are using RHEL8 or RHEL9: 

$ sudo dnf -y install locmap-release

Common steps: 

$ sudo dnf -y install locmap
$ sudo locmap --enable all
$ sudo locmap --configure all

Usage

You can access the documentation by typing (as root):

# man locmap

You can list enabled modules:

# locmap --list
[Available Modules]
afs            [disabled]
cernbox        [disabled]
cernphone      [disabled]
chrony         [disabled]
cvmfs          [disabled]
eosclient      [disabled]
kerberos       [disabled]
lpadmin        [disabled]
postfix        [disabled]
resolved       [disabled]
ssh            [disabled]
sudo           [disabled]
zoom           [disabled]

You can configure all enabled module with the following command:

# locmap --configure all

You can configure a new module:

# locmap --enable modulename
# locmap --configure modulename

You can disable a module:

# locmap --disable modulename

You can remove root access to the Main Users of LanDB using the --disallow_root. It means that only Responsibles defined in LanDB will have root access. 

# locmap --disallow_root --configure modulename
# locmap --disallow_root --configure all

Locmap and Openstack

It easy to run locmap during an openstack installation:

  1. Create a script with the above commands, say install.sh.
  2. Pass this as user data to openstack create. 
    openstack server create --image '<RHEL_IMAGE>' --key-name <mykey> --user-data ~/tmp/install.sh  --flavor m2.small mynode

Alternatively, the script can be uploaded via the configuration tab of the "Launch Instance" panel of OpenStack.

This web replaces the old version of the Linux website. Please check linux-old.web.cern.ch for an archived version