I want to have a bundle that creates system user accounts, and adds a
list of authorised ssh keys to those accounts. So, what I have is:-
bundle agent do_config
{
vars:
"users[www-user][gecos]" string => "Web server user";
"users[www-user][home]" string => "/var/lib/www";
"users[www-user][group]" string => "www-user";
"users[www-user][sshkeys]" slist => { "fred", "bill", "mary" };
methods:
"users" usebundle => create_system_users("streamer_config.users");
}
bundle agent create_system_users(info)
{
vars:
"addgroup" string => "/usr/sbin/addgroup";
"adduser" string => "/usr/sbin/adduser";
"user" slist => getindices("$(info)");
classes:
"add_$(user)" not => userexists("$(user)");
"add_$(user)_group" not => groupexists("$($(info)[$(user)][group])");
commands:
"$(addgroup)"
args => "--system --quiet $($(info)[$(user)][group])",
comment => "Add the private group",
ifvarclass => canonify("add_$(user)_group");
"$(adduser)"
args => "--system --ingroup $($(info)[$(user)][group])
--home \"$($(info)[$(user)][home])\" --disabled-password --quiet --gecos
\"$($(info)[$(user)][gecos])\" $(user)",
comment => "Add the user account",
ifvarclass => canonify("add_$(user)");
}
I want to find a way inside the create_system_users bundle to access the
list of key owners, so I can add those keys into the authorised file.
However, I can't find a construction that works to iterate across the
list. I have tried numerous ways to achieve this, without any luck. Most
recently, I have tried declaring a new variable in the
create_system_users bundle, like this:-
"keys" slist => { "@($(info)[$(user)][sshkeys])" };
I am now just following a twisty maze of brackets in a random fashion
:-(. Can anyone offer some help?
Thanks,
Mike
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
