I am trying to create a bundle that will populate a users
.ssh/authorized_keys on machines where they have accounts. I
currently have:
bundle agent ssh {
vars:
"user[user123]" string => "ssh-dss AAAA ...== user@machine";
"username" slist => getindices("user");
"no_$(username)" int => getfields("^$(username):.*","/etc/passwd",":",
"pwent[$(username)]");
"home[$(username)]" string => "$(pwent[$(username)][6])";
files:
"$(home[$(username)])/.ssh/authorized_keys"
handle => "$(username)_ssh_pub",
comment => "Install public ssh keys for $(username)",
create => "true",
perms => mo("0600","$(username)"),
edit_line => append_if_no_line("$(user[$(username)])"),
classes => if_repaired("changed_$(username)_authorized_keys");
reports:
cfengine_3::
"Repaired ssh authorized_keys for $(username)",
ifvarclass => "changed_$(username)_authorized_keys";
}
This works as far as it goes, but my original form had an slist
instead of a string allowing for multiple keys per user, but the issue
was that no combination of append_if_no_lines("$(user[$(username)])")
would work whether I replaces $ with @ or added the ssh bundle name to
scope the variables. I think I went through all 16 combinations of
those things, but all I ever got was the given version of
$(user[$(username)]) inserted directly into authorized_keys and not
the value(s) assigned to it.
Yes I used the lines version for the slist.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
