Forum: CFEngine Help
Subject: Re: Class not being defined correctly
Author: raymondcox
Link to topic: https://cfengine.com/forum/read.php?3,23121,23130#msg-23130
Thank you both for your suggestions. I have played around with both methods and
believe that I have a fairly stable user management routine. I am including my
test file in the event it helps someone else struggling with the same issues.
body common control {
bundlesequence => { "manage_users" };
inputs => { "../cfengine_stdlib.cf", "../library_dev.cf",
"../site.cf", };
}
bundle common test
{
vars:
"users" string => "Test User 1";
"users" string => "123";
"users" string => "dba";
"users" string => "/home/tuser1";
"users" string => "/bin/bash";
"users" string => "true";
"users" string => "false";
"users" string => "Test User 2";
"users" string => "124";
"users" string => "aixadmin";
"users" string => "/home/tuser2";
"users" string => "/usr/bin/ksh93";
"users" string => "true";
"users" string => "false";
}
bundle agent manage_users
{
vars:
"index" slist => getindices("test.users");
"cindex[$(index)]" string => canonify("$(index)");
"user" string => "test.users";
classes:
"valid_user_$(cindex[$(index)])" expression =>
strcmp("true","$($(user)[$(index)])");
methods:
"users" usebundle => create_users("$(index)",
"$($(user)[$(index)])",
"$($(user)[$(index)])",
"$($(user)[$(index)])",
"$($(user)[$(index)])",
"$($(user)[$(index)])",
"$($(user)[$(index)])"),
ifvarclass => "valid_user_$(cindex[$(index)])";
"rem_users" usebundle => remove_users("$(index)"),
ifvarclass => "!valid_user_$(cindex[$(index)])";
}
bundle agent remove_users(x)
{
classes:
"user_exists" expression => userexists("$(x)");
commands:
linux&user_exists:: # Will only match when the user still exists on a linux
system. Will not run if already removed.
"/usr/sbin/userdel"
args => "$(x)",
contain => standard;
}
bundle agent create_users(index,gecos,uid,grp,home,shell,status)
{
classes:
"valid_user" expression => strcmp("true","$(status)");
"add_$(grp)" not => groupexists("$(grp)");
"mod_$(index)" not => groupexists("$(index)");
"add_$(index)" not => userexists("$(index)");
commands:
linux::
"/usr/sbin/useradd"
args => "-u $(uid) -g $(uid) -o -c '$(gecos)' $(index)",
contain => standard,
ifvarclass => "add_$(index)";
"/bin/echo"
args => "$(index):tmppwd | /usr/sbin/chpasswd",
contain => standard,
ifvarclass => "add_$(index)";
"/usr/sbin/groupadd"
args => "-g $(uid) -o $(index)",
contain => standard,
ifvarclass => "mod_$(index)";
aix::
"/usr/bin/mkuser"
args => "-a id=$(uid) pgrp=$(grp) groups=\'$(grp),staff\'
gecos=\'$(gecos)\' home=$(home) $(index)",
contain => standard,
ifvarclass => "add_$(index)";
"/usr/bin/echo"
args => "$(index):denver1 | /usr/bin/chpasswd",
contain => standard,
ifvarclass => "add_$(index)";
"/usr/bin/pwdadm"
args => "-c $(index)",
contain => standard,
ifvarclass => "add_$(index)";
"/usr/bin/mkgroup"
args => "aixadmin",
contain => standard,
ifvarclass => "add_aixadmin";
files:
"/home/$(index)"
comment => "Keep the permissions on the home directories up to date",
perms => og("$(index)","$(index)"),
depth_search => recurse("inf"),
action => if_elapsed("60"),
ifvarclass => "linux";
}
I am next going to extend this further to include management of ssh keys.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
