Sure:
The kickstart file is a reasonable place to reconfigure some security
parameters on the system. The comment_lines and set_config_value function
make this easy. Suppose we want to change the minimum password age to a
month.
If we want to keep record of the old value:
$comment_lines('/etc/login.defs', 'PASS_MAX_DAYS')
Then to change the actual value:
$set_config_value('/etc/login.defs' ,'PASS_MAX_DAYS', '30')
These will generate the proper perl/sed commands to change or add the
configuration value.
Sometimes the kickstart file may need to modify scripts (typically bashrc or
gdm Inits). The delete_command function can remove all instances of a bash
command:
$delete_command('/etc/gdm/Default/Init', 'exit[ \t]+0').
This was useful for appending content to the script and making sure it gets
executed.
copy_over_file and copy_append_file read file content from the server and
inline it into the kickstart. The kickstart will then write this content to
a destination file on the client, effectively copying a file from the server
to the client. The append version appends to the client file instead of
replacing it. The copy_files method is a short-hand way of invoking the two
file methods repeatedly:
$copy_files([
('w', 'etc/samba/smb.conf'),
('w', 'etc/audit.rules'),
])
This allows a user to keep a file tree (usually inside of the snippets
directory under a 'files' directory) that will be copied onto the clients.
Additionally, the content of these files can be templated. For example:
---------etc/issue---------
SNIPPET::banner.txt
-------------------------------
This particular example allows a consistent banner to be applied wherever
one is needed. Also, the banner can be changed on a per-profile and
per-system basis.
Sometimes there are decisions that the kickstart file cannot make for the
deployer. In these cases, we need to make a list of things left for a human
to do. The TODO function is a convenience function that adds readability and
consistency to kickstart templates:
At the top:
#set global $todofile = '/root/kstodo'
As needed:
$TODO()
Be sure to correct you audit log settings.
EOF
Using just:
echo "Be sure to correct..." >> /root/kstodo
can cause problems. What if > is used accidentally in place of >>? Also,
it's easy to forget the filename. was it "ks-todo" or "kstodo"?
set_permissions works similarly in syntax to copy_files. It takes a list of
tuples. This method was included to encourage users to keep all their
permission settings in one area o the kickstart template:
$set_permissions([
('p', 'root', 'root', '700', '/root'),
('f', 'root', 'root', '600', '/root', '*'),
('r', 'root', 'root', '/etc/cron.*'),
])
The 'p' means, just the one file or directory. 'f' means recurse over files
only (it will descend into directories without changing the directories
themselves. 'r' means recurse over files and directories. The second, third,
and fourth elements are owner, group, and mode, respectively. Pass an empty
string '' to any of those to make no change. The fifth element is the file
or directory to change. In the case an 'f' is used as the first element, a
sixth element is used to further restrict affected filenames.
The includeall method is a cheeseball function (I don't know if should be in
there), but it includes all files in a given directory into the template.
This allows one directory to contain several miscellaneous templates that
can all be slurped into the kickstart.
$includeall('misc')
I hope that clears things up a bit. Remember, the copy_files method and the
TODO method still seem broken on my end (for some reason, Cheetah is not
substituting them at all).
Anyway, enjoy!
~
Dan
On Mon, Aug 4, 2008 at 9:44 AM, Michael DeHaan <[EMAIL PROTECTED]> wrote:
> Dan Guernsey wrote:
> > Fixed some errors in the builtin methods.
> >
> > There are still some issues with $copy_files and $TODO. I will resolve
> > them later this week.
> >
> > ~
> > Dan
>
> Dan,
>
> Thanks for the patches, I'll check it out and do some testing. Can you
> provide some examples of how someone might use each of these functions
> and what they might do?
>
> --Michael
>
>
>
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > cobbler mailing list
> > [email protected]
> > https://fedorahosted.org/mailman/listinfo/cobbler
>
> _______________________________________________
> cobbler mailing list
> [email protected]
> https://fedorahosted.org/mailman/listinfo/cobbler
>
_______________________________________________
cobbler mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/cobbler
