While this will neatly dodge your question, I stongly suggest
consolidating all of your sudoers files into a single master file,
and pushing that to all of your hosts. The format of /etc/sudoers was
specifically designed for this sort of multi-host operation, and it
simplifies managment greatly.
On Thu, Mar 10, 2011 at 07:46:20PM -0500, Jones, Stephen (MAS) wrote:
>All,
>
>I?m trying to integrate cfengine3 into an environment that is already heavily
>configured. I?m currently working on a solution for the sudoers file which
>appears to be slightly different on about every host I?ve looked at!
>
>The solution I?ve come up with is to create a location in the existing file
>and then append my changes to this region. Could I have any suggestions on the
>code to make it possibly simpler or more efficient? I want to retain the
>ability to remove entries should I need to hence the delete section. I am
>having issues with the regex on the delete so I?ve put in an slist for entries
>I want removed. It would also be nice to insert a blank line between each
>section but I?ve been unable to work out how to do that as insert lines will
>always match a blank line???
>
>Many thanks
>Stephen
>
># cat managed_sudoers.cf
>body common control {
> bundlesequence => {
> manage_sudoers_file,
> };
>
> inputs => {
> "cfengine_stdlib.cf",
> };
> version => "0.01";
>}
>
>bundle agent manage_sudoers_file {
>
>vars:
>
> "cfengine_managed_header" string => "#----------------------------------#
>#-----CFENGINE_MANAGED_ENTRIES-----#
>
>#-----------------------------------#";
>
>files:
>
> any::
>
> "/etc/sudoers"
>
> edit_line =>
> append_if_no_lines("$(manage_sudoers_file.cfengine_managed_header)");
>
>methods:
>
> "any" usebundle => manage_sudoers_content,
>
>}
>
>bundle agent manage_sudoers_content {
>
>
>files:
>
> any::
>
> "/etc/sudoers"
>
> comment => "Add lines to the sudoers configuration",
> create => "true",
> edit_line => sudoers,
> edit_defaults => std_defs;
>
>}
>
>##########################################################################
>
>bundle edit_line sudoers {
>
>vars:
>
> "sudo_entries[user_alias_test_sysadmin]" string => "User_Alias
> TEST_SYSADMIN=testuser1,testuser2,testuser3";
> "sudo_entries[user_privs_test_sysadmin]" string => "TEST_SYSADMIN ALL=
> NOPASSWD: ALL";
>
> "sudo_entry_name" slist => getindices("sudo_entries");
> "sudo_removable_entries" slist => { "User_Alias", "TEST" };
>
> insert_lines:
>
> "$(sudo_entries[$(sudo_entry_name)])",
>
> select_region => cfengine_sudoers_region;
>
> delete_lines:
>
> "$(sudo_removable_entries).*",
>
> select_region => cfengine_sudoers_region;
>
>}
>
>##########################################################################
>
>body select_region cfengine_sudoers_region {
>
> select_start => "^#-----CFENGINE_MANAGED_ENTRIES-----#$";
> select_end => "^#-----------------------------------#$";
>}
>
>##########################################################################
>
>Sudoers file after:-
>
>#----------------------------------#
>#-----CFENGINE_MANAGED_ENTRIES-----#
>User_Alias TEST_SYSADMIN= testuser1,testuser2,testuser3
>TEST_SYSADMIN ALL= NOPASSWD: ALL
>#-----------------------------------#
>
>_______________________________________________
>Help-cfengine mailing list
>Help-cfengine@cfengine.org
>https://cfengine.org/mailman/listinfo/help-cfengine
--
Jesse Becker
NHGRI Linux support (Digicon Contractor)
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
