Hi,
I'm trying to do a script for provisioning/de-provisioning unix user accounts.
It works sometimes, and sometimes not. It feels like an intermittent error, but
I've changed the script a bit to make the logic better, and for debugging, but
now it's probably broken. (Now I see "Scalar variable user contains itself
(non-convergent): $(user)" again.)
I don't understand why some things happen and why some things won't happen
(even if they are suppose to, at least according to my understanding of
cfengine's logic, but of course, I might misunderstand the logic completely)
Anyway, on my different linux hosts, all users except user5 is provisioned, and
user1 + user4 are locked.
On my netbsd host, only user5 was provisioned and user1 was locked. users[2-4]
was never added.
(user1 was provisioned on all hosts already (a system-account), and user5 was
added at a later stage. strangely, users2-4 was never added on the netbsd host,
and user5 was only added on the netbsd machine)
Any hits are mostly welcome!
(Non-working) example code:
site.cf:
bundle agent main
{
vars:
"uids" slist => { "user2", "user3", "user5" };
"disabled_uids" slist => { "user1", "user4" };
methods:
"any" usebundle => add_uids;
"any" usebundle => disable_uids;
}
user.cf:
bundle agent add_uids
{
vars:
"users" slist => { @(g.uids) };
classes:
"have_user" expression => userexists("$(users)");
commands:
!have_user::
"/usr/sbin/useradd -d /home/$(users) -m -c \"CF_PROVISIONED\" -g users
$(users)";
}
bundle agent disable_uids
{
vars:
"users" slist => { @(g.disabled_uids) };
netbsd::
"lockopts" string => "-C yes -s /sbin/nologin";
linux::
"lockopts" string => "-L -s /usr/sbin/nologin";
classes:
"have_user" expression => userexists("$(users)");
commands:
have_user::
"/usr/sbin/usermod $(lockopts) -c \"CF_DISABLED\" $(users)";
}
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
