Classify the nodes you want to scan

In Puppet Enterprise (PE), classify the nodes you want to scan. You can scan a maximum of 5000 nodes in a batch.

Before you begin:
Make sure you have installed the SCM module.

Classification is when you create a node group, add nodes to the group, and assign classes to the group — in this case, the comply class. Classes are the blocks of Puppet code used to configure nodes and assign resources to them. If you are new to Puppet, see Grouping and classifying nodes for more information.

For guidelines about scanning thousands of nodes in a single batch, see Guidelines for running Security Compliance Management at scale.
  1. In the Puppet Enterprise console, click Node groups.
  2. Create a new node group or select an existing node group that you want to scan.
  3. On the Classes tab — in the Add new class field — select the comply class.
  4. Click Add class.
  5. In your new comply class, select the scanner_source Parameter.
    Parameters allow a class to request external data.
  6. Change the default parameter value to one of the following assessor distribution files:
    • If using the Puppet supported cluster: https://<COMPLY-HOSTNAME>:30303/assessor
    • If using NGINX Ingress: https://<PE-TLS-FQDN>/assessor
  7. Click Add to node group, and then commit the changes.
  8. Run Puppet twice.
What to do next
Add your PE credentials to SCM.

Related information