Forum: Cfengine Help
Subject: Re: 3.0.2 too old?
Author: regan99
Link to topic: https://cfengine.com/forum/read.php?3,20392,21222#msg-21222
Yep, sorry I could have been more explicit. Here's exactly what I am running. I
shortened it to a single non-privileged user just for testing. My goal later
will be to have a "users" block for a handful of local accounts, as well as
root:
body common control
{
bundlesequence => { "manage_users" };
inputs => { "/var/cfengine/inputs/cfengine_stdlib.cf" };
}
bundle agent manage_users
{
vars:
"users" string => "Rob Egan";
"users" string => "600";
"users" string => "600";
"users" string => "/home/rob";
"users" string => "/bin/bash";
"users" string => "-o -m";
"users" string => "$1$GLeUVHA8$rL7VMZ4Qb.vVLLJdqeJx6.";
methods:
"users" usebundle => create_users("manage_users.users");
}
bundle agent create_users(user)
{
vars:
"index" slist => getindices("$(user)");
classes:
"add_$(index)" not => userexists("$(index)");
commands:
linux::
"/usr/sbin/useradd $($(user)[$(index)]) -u $($(user)[$(index)])
-d $($(user)[$(index)]) -s $($(user)[$(index)])
-c '$($(user)[$(index)])' $(index)"
ifvarclass => "add_$(index)";
files:
# This is not conditioned to the add_* classes to always check
# and reset the passwords if needed.
linux::
"/etc/shadow"
comment => "Setting the password...",
edit_line => set_user_field("$(index)",2,"$($(user)[$(index)])");
reports:
!linux::
"I only know how to create users under Linux.";
verbose::
"Created user $(index)"
ifvarclass => "add_$(index)";
}
And here's the output (run as `cf-agent -Kv -f ./manage_users.cf -I`):
community> Cfengine - autonomous configuration engine - commence
self-diagnostic prelude
community>
------------------------------------------------------------------------
community> Work directory is /var/cfengine
community> Making sure that locks are private...
community> Checking integrity of the state database
community> Checking integrity of the module directory
community> Checking integrity of the PKI directory
community> Looking for a source of entropy in /var/cfengine/randseed
community> -> Loaded private key /var/cfengine/ppkeys/localhost.priv
community> -> Loaded public key /var/cfengine/ppkeys/localhost.pub
community> Setting cfengine default port to 5308 = 5308
community> Reference time set to Fri Mar 18 15:03:42 2011
community> Cfengine - 3.1.4 Copyright (C) Cfengine AS 2008,2010-
community>
------------------------------------------------------------------------
community> Host name is: kvm-host.rob.com
community> Operating System Type is linux
community> Operating System Release is 2.6.18-194.32.1.el5
community> Architecture = x86_64
community> Using internal soft-class linux for host kvm-host.rob.com
community> The time is now Fri Mar 18 15:03:42 2011
community>
------------------------------------------------------------------------
community> # Extended system discovery is only available in version Nova and
above
community> Additional hard class defined as: 64_bit
community> Additional hard class defined as: linux_2_6_18_194_32_1_el5
community> Additional hard class defined as: linux_x86_64
community> Additional hard class defined as: linux_x86_64_2_6_18_194_32_1_el5
community> GNU autoconf class from compile time: compiled_on_linux_gnu
community> Address given by nameserver: 127.0.0.1
community> Interface 1: lo
community> Interface 2: eth0
community> Interface 3: virbr0
community> Trying to locate my IPv6 address
community> Found IPv6 address fe80::20c:29ff:feb3:4ab4
community> Found IPv6 address fe80::200:ff:fe00:0
community> Looking for environment from cf-monitord...
community> Loading environment...
community> Environment data loaded
community> This appears to be a redhat system.
community> Looking for redhat linux info in "CentOS release 5.5 (Final)
"
community> ***********************************************************
community> Loading persistent classes
community> ***********************************************************
community> ***********************************************************
community> Loaded persistent memory
community> ***********************************************************
community> -> No policy server (hub) watch yet registered
community> Setting policy server requires version Nova or above
community> -> Promises seem to change
community> -> New promises proposals detected...
community> -> Verifying the syntax of the inputs...
community> -> Caching the state of validation
community> > Parsing file ./manage_users.cf
community> Initiate variable convergence...
community> > Parsing file /var/cfengine/inputs/cfengine_stdlib.cf
community> Initiate variable convergence...
community> Initiate variable convergence...
community> # Knowledge map reporting feature is only available in version Nova
and above
community> -> Defined classes = { 192_168_122_1 192_168_52_140 64_bit
Afternoon Day18 Friday GMT_Hr22 Hr15 Hr15_Q1 Lcycle_1 March Min00_05 Min03
PK_MD5_044aab4cdce604d9d767b5772699c26e Q1 Yr2011 agent any centos centos_5
centos_5_5 cfengine_3 cfengine_3_1 cfengine_3_1_4 com community_edition
compiled_on_linux_gnu entropy_cfengine_in_low entropy_cfengine_out_low
entropy_dns_in_low entropy_dns_out_low entropy_ftp_in_low entropy_ftp_out_low
entropy_icmp_in_low entropy_icmp_out_low entropy_irc_in_low entropy_irc_out_low
entropy_misc_in_low entropy_misc_out_low entropy_netbiosdgm_in_low
entropy_netbiosdgm_out_low entropy_netbiosns_in_low entropy_netbiosns_out_low
entropy_netbiosssn_in_low entropy_netbiosssn_out_low entropy_nfsd_in_low
entropy_nfsd_out_low entropy_smtp_in_low entropy_smtp_out_low
entropy_ssh_out_low entropy_tcpack_in_low entropy_tcpack_out_low
entropy_tcpfin_in_low entropy_tcpfin_out_low entropy_tcpsyn_in_low
entropy_tcpsyn_out_low entropy_udp_in_low entropy_udp_o
ut_low entropy_www_in_low entropy_www_out_low entropy_wwws_in_low
entropy_wwws_out_low fe80__200_ff_fe00_0 fe80__20c_29ff_feb3_4ab4 inform_mode
ipv4_192 ipv4_192_168 ipv4_192_168_122 ipv4_192_168_122_1 ipv4_192_168_52
ipv4_192_168_52_140 kvm_host kvm_host_rob_com linux linux_2_6_18_194_32_1_el5
linux_x86_64 linux_x86_64_2_6_18_194_32_1_el5
linux_x86_64_2_6_18_194_32_1_el5__1_SMP_Wed_Jan_5_17_52_25_EST_2011 localhost
localhost_localdomain messages_low_normal net_iface_eth0 net_iface_virbr0
redhat rob_com verbose_mode x86_64 }
community> -> Negated Classes = { }
community> Initiate variable convergence...
community> -> Immunizing against parental death
community> -> Bundlesequence => {'manage_users'}
community>
community> *****************************************************************
community> BUNDLE manage_users
community> *****************************************************************
community>
community>
community> =========================================================
community> vars in bundle manage_users (1)
community> =========================================================
community>
community>
community> + Private classes augmented:
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> methods in bundle manage_users (1)
community> =========================================================
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: users
community> .........................................................
community>
community>
community> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
community> BUNDLE create_users( {'manage_users.users'} )
community> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
community>
community> Initiate variable convergence...
community> ? Augment scope create_users with user (s)
community>
community> =========================================================
community> vars in bundle create_users (1)
community> =========================================================
community>
community>
community> =========================================================
community> classes in bundle create_users (1)
community> =========================================================
community>
community> Initiate variable convergence...
community>
community> + Private classes augmented:
community> + add_rob
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> files in bundle create_users (1)
community> =========================================================
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: /etc/shadow
community>
community> Comment: Setting the password...
community> .........................................................
community>
community> -> Using literal pathtype for /etc/shadow
community> -> Handling file existence constraints on /etc/shadow
community> -> Handling file edits in edit_line bundle set_user_field
community>
community> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
community> BUNDLE set_user_field(
{'rob','2','$1$GLeUVHA8$rL7VMZ4Qb.vVLLJdqeJx6.'} )
community> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* *
community>
community> Initiate variable convergence...
community> ? Augment scope set_user_field with user (s)
community> ? Augment scope set_user_field with field (s)
community> ? Augment scope set_user_field with val (s)
community> ?? Private class context
community>
community>
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community> field_edits in bundle set_user_field
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: rob:.*
community>
community> Comment: Edit a user attribute in the password file
community> .........................................................
community>
community> ?? Private class context
community>
community>
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community> field_edits in bundle set_user_field
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: rob:.*
community>
community> Comment: Edit a user attribute in the password file
community> .........................................................
community>
community> -> This promise has already been verified
community> ?? Private class context
community>
community>
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community> field_edits in bundle set_user_field
community> = = = = = = = = = = = = = = = = = = = = = = = = = = = =
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: rob:.*
community>
community> Comment: Edit a user attribute in the password file
community> .........................................................
community>
community> -> This promise has already been verified
community> -> No edit changes to file /etc/shadow need saving
community> -> Handling file existence constraints on /etc/shadow
community>
community> =========================================================
community> commands in bundle create_users (1)
community> =========================================================
community>
community> -> Promiser string contains a valid executable (/usr/sbin/useradd)
- ok
community>
community> .........................................................
community> Promise handle:
community> Promise made by: /usr/sbin/useradd -o -m -u 600
-d /home/rob -s /bin/bash
-c 'Rob Egan' rob
community> .........................................................
community>
community> -> Executing '/usr/sbin/useradd -o -m -u 600
-d /home/rob -s /bin/bash
-c 'Rob Egan' rob' ...(timeout=-678,owner=-1,group=-1)
community> -> (Setting umask to 77)
community> -> Finished command related to promiser "/usr/sbin/useradd -o -m -u
600
-d /home/rob -s /bin/bash
-c 'Rob Egan' rob" -- succeeded
community> -> Completed execution of /usr/sbin/useradd -o -m -u 600
-d /home/rob -s /bin/bash
-c 'Rob Egan' rob
community>
community> =========================================================
community> reports in bundle create_users (1)
community> =========================================================
community>
community>
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> Skipping whole next promise (I only know how to create users under
Linux.), as context !linux is not relevant
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community>
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> Skipping whole next promise (Created user rob), as context verbose
is not relevant
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community>
community> =========================================================
community> vars in bundle create_users (2)
community> =========================================================
community>
community>
community> =========================================================
community> classes in bundle create_users (2)
community> =========================================================
community>
community> Initiate variable convergence...
community>
community> + Private classes augmented:
community> + add_rob
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> files in bundle create_users (2)
community> =========================================================
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: /etc/shadow
community>
community> Comment: Setting the password...
community> .........................................................
community>
community> -> Using literal pathtype for /etc/shadow
community> -> This promise has already been verified
community>
community> =========================================================
community> commands in bundle create_users (2)
community> =========================================================
community>
community> -> Promiser string contains a valid executable (/usr/sbin/useradd)
- ok
community> -> This promise has already been verified
community>
community> =========================================================
community> reports in bundle create_users (2)
community> =========================================================
community>
community>
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> Skipping whole next promise (I only know how to create users under
Linux.), as context !linux is not relevant
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community>
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> Skipping whole next promise (Created user rob), as context verbose
is not relevant
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community>
community> =========================================================
community> vars in bundle create_users (3)
community> =========================================================
community>
community>
community> =========================================================
community> classes in bundle create_users (3)
community> =========================================================
community>
community> Initiate variable convergence...
community>
community> + Private classes augmented:
community> + add_rob
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> files in bundle create_users (3)
community> =========================================================
community>
community>
community> .........................................................
community> Promise handle:
community> Promise made by: /etc/shadow
community>
community> Comment: Setting the password...
community> .........................................................
community>
community> -> Using literal pathtype for /etc/shadow
community> -> This promise has already been verified
community>
community> =========================================================
community> commands in bundle create_users (3)
community> =========================================================
community>
community> -> Promiser string contains a valid executable (/usr/sbin/useradd)
- ok
community> -> This promise has already been verified
community>
community> =========================================================
community> reports in bundle create_users (3)
community> =========================================================
community>
community>
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> Skipping whole next promise (I only know how to create users under
Linux.), as context !linux is not relevant
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community>
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> Skipping whole next promise (Created user rob), as context verbose
is not relevant
community> . . . . . . . . . . . . . . . . . . . . . . . . . . . .
community> -> Method invoked successfully
community>
community> =========================================================
community> vars in bundle manage_users (2)
community> =========================================================
community>
community>
community> + Private classes augmented:
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> methods in bundle manage_users (2)
community> =========================================================
community>
community>
community> =========================================================
community> vars in bundle manage_users (3)
community> =========================================================
community>
community>
community> + Private classes augmented:
community>
community> - Private classes diminished:
community>
community>
community>
community> =========================================================
community> methods in bundle manage_users (3)
community> =========================================================
community>
community> Outcome of version (not specified) (agent-0): Promises observed to
be kept 67%, Promises repaired 33%, Promises not repaired 0%
community> Estimated system complexity as touched objects = 1, for 34 promises
community> -> Writing last-seen observations
community> -> Keyring is empty
community> -> No lock purging scheduled
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
