[Puppet Users] onlyif return code

Wed, 02 Oct 2013 04:16:47 -0700 

Hello,

I try to ensure our password policies using /etc/login.defs and PAM 
cracklib. 

class pci_policy::password(
    $cracklib = $pci_policy::params::cracklib,
    $pam_password = $pci_policy::params::pam_password,
) inherits pci_policy::params {

  package{$cracklib:
    ensure => installed,
  }

  file{'/etc/login.defs':
    ensure  => present,
    owner   => root,
    group   => root,
    mode    => 0644,
    source  => "puppet:///modules/pci_policy/login.defs.$::operatingsystem",
    require => Package[$cracklib],
  }

  exec{'ensure password policy for pci':
    cwd     => '/bin/',
    command => "/bin/sed -i 's/^password.*cracklib.so.*/password        
requisite                       pam_cracklib.so retry=3 minlen=8 difok=5 
dcredit=-1 lcredit=-1 ucredit=-1 ocredit=-1/g' $pam_password",
    path    => "/usr/bin:/usr/sbin:/bin",
    onlyif  => "grep '^password.*cracklib.so.*' $pam_password",
    require => Package[$cracklib],
  }

  exec{'ensure password policy for pci when nothing is present':
    cwd     => '/bin/',
    command => "echo 'password        requisite                       
pam_cracklib.so retry=3 minlen=8 difok=5 dcredit=-1 lcredit=-1 ucredit=-1 
ocredit=-1' >> $pam_password",
    path    => "/usr/bin:/usr/sbin:/bin",
    onlyif  => "grep -vq '^password.*cracklib.so.*' $pam_password",
    require => Package[$cracklib],
  }
}

My problem are the exec commands. 

With the first exec I try to change an existing line with sed. 

With the second exec I try to add the rule if no line with 
"password.*cracklib" is existing. 
Unfortunately, this exec run when the return code of onlyif is 0. I don't 
know a command which return 0 when the line isn't available and return 1 
when the line is available. 

May be I'm thinking to complicated? Do you have another solution? 

Thanks a lot! 

Björn

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to