In addition to using Puppet, to show the system state and reporting on that, we can use the powerful fact system to report information on the system. Using this information and reporting mechanisms, we can quickly build the documentation on our systems for use in our compliance audits.

Additionally, the power of creating custom facts really shines here. As we'll see in Chapter 6, Community Modules for Security, Puppet makes it very easy to grab information on your systems and store it in a common place. With PuppetDB and some reporting glue, you can turn this data into fairly comprehensive compliance documents. We'll explore some simple cases here and see how we can use this data in future chapters.