Forum: Cfengine Help
Subject: 3.0.2 too old?
Author: pettai
Link to topic: https://cfengine.com/forum/read.php?3,20392,20392#msg-20392
I posted this on the mailing list, but it seems that the forum is more active,
anyway, here it goes...
I'm trying to do a script for provisioning/de-provisioning unix user accounts.
It works sometimes, and sometimes not. It feels like an intermittent error, but
I've changed the script a bit to make the logic better, but now it's probably
broken.
I don't understand why some things happen and why some things won't happen
(even if they are suppose to, at least according to my understanding of
cfengine's logic)
(half-working?) example code:
site.cf:
bundle agent main
{
vars:
"uids" slist => { "user2", "user3", "user5" };
"disabled_uids" slist => { "user1", "user4" };
methods:
"any" usebundle => add_uids;
"any" usebundle => disable_uids;
}
user.cf:
bundle agent add_uids
{
vars:
"users" slist => { @(g.uids) };
classes:
"have_user" expression => userexists("$(users)");
commands:
!have_user::
"/usr/sbin/useradd -d /home/$(users) -m -c \"CF_PROVISIONED\" -g users
$(users)";
}
bundle agent disable_uids
{
vars:
"users" slist => { @(g.disabled_uids) };
netbsd::
"lockopts" string => "-C yes -s /sbin/nologin";
linux::
"lockopts" string => "-L -s /usr/sbin/nologin";
classes:
"have_user" expression => userexists("$(users)");
commands:
have_user::
"/usr/sbin/usermod $(lockopts) -c \"CF_DISABLED\" $(users)";
}
Is there something wrong with this logic?
Any hints are mostly welcome!
I also guess userexists("$(users)"); doesn't work as expected on NetBSD,
because no users where added on that machine after I added this class.
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
