I’ve got this define.
define sudoentry ($user, $host = "ALL", $command = "ALL", $tag = false,
$runas = "ALL") {
$sudo_changes = $tag ? {
false => [
"set spec[user = '$user']/user $user",
"set spec[user = '$user']/host_group/host $host",
"set spec[user = '$user']/host_group/command '$command'",
"remove spec[user = '$user']/host_group/command/tag",
"set spec[user = '$user']/host_group/command/runas_user $runas",
],
# this isn't a real tag, but a sneaky hack to remove entries
DELETE => "remove spec[user = '$user']",
default => [
"set spec[user = '$user']/user $user",
"set spec[user = '$user']/host_group/host $host",
"set spec[user = '$user']/host_group/command '$command'",
"set spec[user = '$user']/host_group/command/tag $tag",
"set spec[user = '$user']/host_group/command/runas_user $runas",
],
}
augeas { "sudo-$user":
context => "/files/etc/sudoers",
changes => $sudo_changes,
}
}
And I see the following.
If the entry isn’t in `sudoers` at all, this will add it:
sudoentry { "rob":
user => "rmcbroom”,
}
If the entry is already there, this will add the “tag” to it:
sudoentry { "rob":
user => "rmcbroom",
tag => "NOPASSWD",
}
But if the user doesn’t exist and you try to add the entry with “tag” set to
something, it fails:
err: //Sudoentry[rob]/Augeas[sudo-rmcbroom]/returns: change from
need_to_run to 0 failed: Save failed with return code false
Any guesses? Am I missing something?
(I realize with the define as written, there are potential uniqueness problems
for users with multiple entries, etc. It’s a work in progress.)
--
Rob McBroom
<http://www.skurfer.com/>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
