I would follow to the first approach, getting to the forth column of the match
lines then appending users from lists, like the following.
body common control
{
bundlesequence => { "def","test" };
}
bundle common def
{
vars:
aix::
"groups" slist => { "unix","dba","support" };
"grp_unix" slist => { "a", "b", "c", "d" };
"grp_dba" slist => { "e", "f","g" };
"grp_support" slist => { "h", "i", "j" };
}
bundle agent test
{
vars:
aix::
"local_groups" slist => { @(def.groups) };
files:
aix::
"/etc/group"
edit_line => AppendUserParam("$(local_groups)","4");
}
bundle edit_line AppendUserParam(user,field)
{
vars:
"tmp_unix" slist => { @(def.grp_unix) };
"tmp_dba" slist => { @(def.grp_dba) };
"tmp_support" slist => { @(def.grp_support) };
field_edits:
"$(user):.*"
edit_field => col(":","$(field)","$(tmp_$(user))","append");
}
body edit_field col(split,col,newval,method)
{
field_separator => "$(split)";
select_field => "$(col)";
value_separator => ",";
field_value => "$(newval)";
field_operation => "$(method)";
extend_fields => "true";
}
It should work and get the same result, I guess. :-)
Cheers,
--Nakarin
On May 27, 2010, at 12:45 PM, Seva Gluschenko wrote:
> Johan,
>
> it seems like you should add policy => overridable to the relevant
> variable in the append_user_field bundle.
>
> On the other hand, it seems like it worth of trying a different approach:
>
> vars:
>
> "grp[unix]" string => "unix:!:1000:";
> "grp[dba]" string => "dba:!:1001:";
> "grp[support]" string => "support:!:1002:";
>
> "lst[unix]" slist => { "a", "b", "c", "d" };
> "lst[dba]" slist => { "e", "f", "g" };
> "lst[support]" slist => { "h", "i", "j" };
>
> "groups" slist => getindices("grp");
>
> files:
>
> aix::
>
> "/etc/group"
>
> perms => mog("644", "root", "security"),
> create => "true",
> edit_line => append_groups("$(grp[$(groups)])", "$(lst[$(groups)])");
>
> with the relevant edit_line bundle like the following example:
>
> bundle edit_line append_groups(grp, list)
> {
> vars:
> "line" string => join(",", @(list));
>
> classes:
> "add_line" not => regline("$(grp).*", "$(edit.filename)");
>
> insert_lines:
> add_line::
> "$(grp)$(line)";
> }
>
> Of course, this is subject to check since I'm writing strictly theoretically )
>
> 2010/5/27 Johan Marcusson <[email protected]>:
>> Hello list,
>>
>> I'm new to CFengine, and I'm trying to set up synchronization of user
>> accounts between some AIX-boxes.
>> The user account part is working, but I'm having some issues with group
>> memberships. I want to add some users to group "unix", some users to group
>> "dba" and some users to group "support". However, it seems like the users
>> for the unix group gets added to all the groups.
>>
>> Here is the configuration, this is CFengine 3 btw:
>>
>> vars:
>>
>> "grp[unix]" string => "unix:!:1000:";
>> "grp[dba]" string => "dba:!:1001:";
>> "grp[support]" string => "support:!:1002:";
>>
>> "grp_unix" slist => { "a", "b", "c", "d" };
>> "grp_dba" slist => { "e", "f", "g" };
>> "grp_support" slist => { "h", "i", "j" };
>>
>> files:
>>
>> aix::
>>
>> "/etc/group"
>>
>> perms => mog("644", "root", "security"),
>> create => "true",
>> edit_line => append_groups_starting("passwd.grp");
>>
>> "/etc/group"
>>
>> edit_line => append_user_field("unix", "4", "@(passwd.grp_unix)");
>>
>> "/etc/group"
>>
>> edit_line => append_user_field("dba", "4", "@(passwd.grp_dba)");
>>
>> "/etc/group"
>>
>> edit_line => append_user_field("support", "4", "@(passwd.grp_support)");
>>
>>
>>
>> Resulting group file:
>>
>> unix:!:1000:a,b,c,d
>> support:!:1002:a,b,c,d
>> dba:!:1001:a,b,c,d
>>
>> Same users in all groups!
>>
>> What am I doing wrong? Can't I have multiple edit_lines?
>> I've read that you should use lists instead of doing like this, but I would
>> need to make a list of lists for the users for each group and I'm not sure
>> how to do that.
>>
>> I'm sure this is a very basic issue, but I'm having a hard time finding any
>> answers with google. Maybe I misunderstood some fundamentals of CFengine :)
>>
>> Please advise
>>
>> Regards,
>> Johan Marcusson
>> _______________________________________________
>> Help-cfengine mailing list
>> [email protected]
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
>
>
>
> --
> SY, Seva Gluschenko.
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
