All,
I'm trying to integrate cfengine3 into an environment that is already heavily
configured. I'm currently working on a solution for the sudoers file which
appears to be slightly different on about every host I've looked at!
The solution I've come up with is to create a location in the existing file and
then append my changes to this region. Could I have any suggestions on the code
to make it possibly simpler or more efficient? I want to retain the ability to
remove entries should I need to hence the delete section. I am having issues
with the regex on the delete so I've put in an slist for entries I want
removed. It would also be nice to insert a blank line between each section but
I've been unable to work out how to do that as insert lines will always match a
blank line???
Many thanks
Stephen
# cat managed_sudoers.cf
body common control {
bundlesequence => {
manage_sudoers_file,
};
inputs => {
"cfengine_stdlib.cf",
};
version => "0.01";
}
bundle agent manage_sudoers_file {
vars:
"cfengine_managed_header" string => "#----------------------------------#
#-----CFENGINE_MANAGED_ENTRIES-----#
#-----------------------------------#";
files:
any::
"/etc/sudoers"
edit_line =>
append_if_no_lines("$(manage_sudoers_file.cfengine_managed_header)");
methods:
"any" usebundle => manage_sudoers_content,
}
bundle agent manage_sudoers_content {
files:
any::
"/etc/sudoers"
comment => "Add lines to the sudoers configuration",
create => "true",
edit_line => sudoers,
edit_defaults => std_defs;
}
##########################################################################
bundle edit_line sudoers {
vars:
"sudo_entries[user_alias_test_sysadmin]" string => "User_Alias
TEST_SYSADMIN=testuser1,testuser2,testuser3";
"sudo_entries[user_privs_test_sysadmin]" string => "TEST_SYSADMIN ALL=
NOPASSWD: ALL";
"sudo_entry_name" slist => getindices("sudo_entries");
"sudo_removable_entries" slist => { "User_Alias", "TEST" };
insert_lines:
"$(sudo_entries[$(sudo_entry_name)])",
select_region => cfengine_sudoers_region;
delete_lines:
"$(sudo_removable_entries).*",
select_region => cfengine_sudoers_region;
}
##########################################################################
body select_region cfengine_sudoers_region {
select_start => "^#-----CFENGINE_MANAGED_ENTRIES-----#$";
select_end => "^#-----------------------------------#$";
}
##########################################################################
Sudoers file after:-
#----------------------------------#
#-----CFENGINE_MANAGED_ENTRIES-----#
User_Alias TEST_SYSADMIN= testuser1,testuser2,testuser3
TEST_SYSADMIN ALL= NOPASSWD: ALL
#-----------------------------------#
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
