Project

General

Profile

« Previous | Next » 

Revision 5f5cd238

Added by Jonathan CLARKE about 7 years ago

Fixes #7622: Technique files contains UTF-8 chars (especially spaces)

View differences:

.gitignore
scripts/technique-files
initial-promises/node-server/common/1.0/process_matching.cf
restart_cf.!windows::
"${sys.workdir}/bin/cf-execd" signals => { "${stop_signal}" };
# Note: cron will get restarted automatically by init (respawn directive in inittab)
# Note: cron will get restarted automatically by init (respawn directive in inittab)
aix.rudder_aix_crontab_insertion::
"^/usr/sbin/cron" signals => { "${stop_signal}" };
initial-promises/node-server/common/1.0/rudder_lib.cf
portnumber => "5309";
}
# This is an evolved version of copy_from scp that uses local copies if we are
# This is an evolved version of copy_from scp that uses local copies if we are
# running on a policy server instead of copying from a localhost remote blindly.
body copy_from rudder_copy_from(from, server,compare,trustkey,preserve,purge) {
initial-promises/node-server/common/1.0/site.cf
classes:
# Utilities
# Utilities
"gzip_installed" expression => isexecutable("${rudder_gzip}");
"curl_installed" expression => isexecutable("${rudder_curl}");
initial-promises/node-server/common/utilities/minicurl
my $program_version = "1.0";
my $program_description = "Perl HTTP, HTTP/S, FTP download and upload tool";
## Argument handling (Getopt)
## Argument handling (Getopt)
my ($get, $put, $httpstatus, $help, $debug, $version, $no_verify);
$get = $put = $httpstatus = $help = $debug = $version = $no_verify = 0;
......
exit(1);
}
# Build the file basename
# Build the file basename
my $file_basename = basename($file);
# Create a HTTP Basic authentication string if applicable
......
# Make sure we use SSLv3 at least while connecting to HTTP/S
$ENV{HTTPS_VERSION} = 3;
# Create a new LWP object
# Create a new LWP object
my $ua = LWP::UserAgent->new;
if($no_verify) {
......
}
if ($put == 1) {
# PUT
# PUT
# Create a variable from the target file
# Create a variable from the target file
my $message;
open(my $fh, '<', $file) or die "ERROR: Unable to open file $file.\n";
{
......
}
close($fh);
# Send the file using the PUT method
# Send the file using the PUT method
if ($authentication eq "") {
$response = $ua->request(PUT $url . $file_basename, Content => $message);
} else {
......
} else {
# GET
# GET
# Get the file using the GET method
# Get the file using the GET method
if ($authentication eq "") {
$response = $ua->request(GET $url);
} else {
initial-promises/node-server/server-roles/1.0/component-check.cf
"index" slist => getindices("service");
# Reporting
# Reporting
"root_integrity_check" slist => { "Check configuration-repository folder", "Check configuration-repository GIT lock" };
"root_password_check_ldap" slist => { "Check LDAP in rudder-webapp.properties", "Check LDAP credentials" };
"root_password_check_psql" slist => { "Check SQL in rudder-webapp.properties", "Check SQL credentials" };
......
# This is to be done only if the package rudder-server-root is present
role_rudder_server_root::
# Password management is expected to be done manually in case of a splitted/relayed installation for now.
# Password management is expected to be done manually in case of a splitted/relayed installation for now.
"any" usebundle => root_password_check_ldap;
"any" usebundle => root_password_check_psql;
"any" usebundle => root_password_check_file;
......
"Check rudder-passwords.conf and pgpass files", "None", "Checking the password files is unnecessary on this machine, skipping..."
);
# Do this if this is the root_server a relay server
# Do this if this is the root_server a relay server
root_server|policy_server::
"any" usebundle => root_networks_check;
initial-promises/node-server/server-roles/1.0/service-check.cf
"forced_trigger_${canoname}" expression => strcmp("${force_restart}", "true");
# Raise this class if we are handling a process that should be checked even on
# relay servers.
# Raise this class if we are handling a process that should be checked even on
# relay servers.
"process_exception_on_relay" expression => strcmp("${check_on_relay_server}", "true");
processes:
initial-promises/rootServerInitialPromises/cfengine-nova/common/core-lib.cf
portnumber => "5309";
}
# This is an evolved version of copy_from scp that uses local copies if we are
# This is an evolved version of copy_from scp that uses local copies if we are
# running on a policy server instead of copying from a localhost remote blindly.
body copy_from rudder_copy_from(from, server,compare,trustkey,preserve,purge) {
initial-promises/rootServerInitialPromises/cfengine-nova/common/site.cf
classes:
# Utilities
# Utilities
"gzip_installed" expression => isexecutable("${rudder_gzip}");
# Roles
initial-promises/rootServerInitialPromises/cfengine-nova/distributePolicy/apacheCheck.cf
vars:
# I WANT to use this but there is no crypt support... yet
# "dav_password" string => hash("rudder","crypt");
# "dav_password" string => hash("rudder","crypt");
"dav_user[1]" string => "rudder";
"dav_password[1]" string => "PoBZbSkW/8bcE";
initial-promises/rootServerInitialPromises/cfengine-nova/distributePolicy/ldapCheck.cf
linux::
# slapd configuration
# slapd configuration
"@@DistributePolicy@@Success@@root-DP#@root-distributePolicy##${g.uuid}@#The Rudder OpenLDAP daemon password is OK"
ifvarclass => "rudder_ldap_slapd_password_ok.!rudder_ldap_slapd_password_changed.!rudder_ldap_slapd_password_failed";
......
"@@DistributePolicy@@Error@@root-DP#@root-distributePolicy##${g.uuid}@#The Rudder OpenLDAP daemon password failed to update"
ifvarclass => "rudder_ldap_slapd_password_failed";
# properties configuration
# properties configuration
"@@DistributePolicy@@Success@@root-DP#@root-distributePolicy##${g.uuid}@#The Rudder LDAP properties files passwords are OK"
ifvarclass => "rudder_ldap_prop_password_ok.!rudder_ldap_prop_password_changed.!rudder_ldap_prop_password_failed";
scripts/check-techniques.sh
fi
done || EXIT=1
# Check that there is an empry line after each endif
# Check that there is an empty line after each endif
${REPOSITORY_PATH}/scripts/technique-files -l -f '*.cf' -f '*.st' "${REPOSITORY_PATH}" | while read filename
do
if grep -n -A1 "^[[:space:]]*&endif&[[:space:]]*$" "${filename}" | grep -E -B1 -- "^[[:digit:]]+-.+"; then
......
fi
done || EXIT=1
# Check that there are non non-breaking spaces in files
# See http://www.rudder-project.org/redmine/issues/7622 - these cause regex failures.
${REPOSITORY_PATH}/scripts/technique-files -p "${REPOSITORY_PATH}" | while read filename
do
if grep -n -P '\xA0' "${filename}" > /dev/null; then
echo "Non-breakable space in ${filename}:"
echo "---------------------------------------------------------------------"
grep -Hn -P '\xA0' "${filename}"
grep -P '\xA0' "${filename}" | od -t x2c | grep -A1 --color -i a0
echo "---------------------------------------------------------------------"
exit 1
fi
done || EXIT=1
if [ ${EXIT} -eq 0 ]; then
echo "This repository seems clean"
else
techniques/applications/apacheReverseProxy/1.0/configuration.st
classes => rudder_common_classes("rudder_reverse_proxy_apache_configuration"),
comment => "Edit the Apache reverse proxy file";
# Class visibility forces us to use these bundles here.
# Class visibility forces us to use these bundles here.
methods:
# Modules edition
......
usebundle => rudder_common_report("${internal_name}", "result_success", "${${params}[tracking_key]}", "SELinux parameters", "None", "No ${service_name} SELinux modification needed"),
ifvarclass => "!rudder_reverse_proxy_apache_selinux_adjust|rudder_reverse_proxy_apache_selinux_proxy_policy";
# Apache restart/reload
# Apache restart/reload
"any"
usebundle => rudder_common_report("${internal_name}", "log_info", "${${params}[tracking_key]}", "Daemon status", "None", "${service_name} has been restarted or reloaded"),
ifvarclass => "rudder_reverse_proxy_apache_restart_repaired|rudder_reverse_proxy_apache_reload_repaired";
techniques/applications/apacheReverseProxy/1.0/installation.st
methods:
"any" usebundle => rudder_common_reports_generic("${internal_name}", "rudder_reverse_proxy_apache_package", "${${params}[tracking_key]}", "Installation parameters", "None", "The ${service_name} package installation");
# Special case if no installation is needed
# Special case if no installation is needed
"any"
usebundle => rudder_common_report("${internal_name}", "result_success", "${${params}[tracking_key]}", "Installation parameters", "None", "${service_name} installation is not required. Skipping..."),
ifvarclass => "!rudder_reverse_proxy_apache_install_package";
techniques/applications/apacheReverseProxy/1.0/main.st
{
vars:
# Common declarations
# Common declarations
"rudder_reverse_proxy_apache_service_name"
string => "Apache (as a reverse proxy)";
"rudder_reverse_proxy_apache_internal_name"
string => "apacheReverseProxy";
# Parameters
# Parameters
"rudder_reverse_proxy_params[package_install]"
string => "&APACHE_REVERSE_PROXY_INSTALL&";
techniques/applications/apacheReverseProxy/2.0/configuration.st
classes => rudder_common_classes("rudder_reverse_proxy_apache_configuration"),
comment => "Edit the Apache reverse proxy file";
# Class visibility forces us to use these bundles here.
# Class visibility forces us to use these bundles here.
methods:
# Modules edition
......
"apache_reload" usebundle => service_restart("httpd");
# Apache restart/reload reporting
# Apache restart/reload reporting
service_reload_apache2_ok|service_reload_httpd_ok|service_restart_apache2_ok|service_restart_httpd_ok::
"any" usebundle => rudder_common_report("${internal_name}", "log_info", "${${params}[tracking_key]}", "Daemon status", "None", "Apache has been restarted or reloaded");
techniques/applications/apacheReverseProxy/2.0/installation.st
methods:
"any" usebundle => rudder_common_reports_generic("${internal_name}", "rudder_reverse_proxy_apache_package", "${${params}[tracking_key]}", "Installation parameters", "None", "The ${service_name} package installation");
# Special case if no installation is needed
# Special case if no installation is needed
"any"
usebundle => rudder_common_report("${internal_name}", "result_success", "${${params}[tracking_key]}", "Installation parameters", "None", "${service_name} installation is not required. Skipping..."),
ifvarclass => "!rudder_reverse_proxy_apache_install_package";
techniques/applications/apacheReverseProxy/2.0/main.st
{
vars:
# Common declarations
# Common declarations
"rudder_reverse_proxy_apache_service_name"
string => "Apache (as a reverse proxy)";
"rudder_reverse_proxy_apache_internal_name"
string => "apacheReverseProxy";
# Parameters
# Parameters
"rudder_reverse_proxy_params[package_install]"
string => "&APACHE_REVERSE_PROXY_INSTALL&";
techniques/applications/apacheServer/1.0/apacheServerConfiguration.st
# Adjust SELinux ?
"apache_selinux_adjust" expression => strcmp("&APACHE_SELINUX&","true");
# Is the SELinux binary "chcon" present ?
# Is the SELinux binary "chcon" present ?
"selinux_bin_present" expression => fileexists("/usr/bin/chcon");
# Define if the list of module to verify has been specified by the user
techniques/applications/apacheServer/2.0/apacheServerConfiguration.st
# Adjust SELinux ?
"apache_selinux_adjust" expression => strcmp("&APACHE_SELINUX&","true");
# Is the SELinux binary "chcon" present ?
# Is the SELinux binary "chcon" present ?
"selinux_bin_present" expression => fileexists("/usr/bin/chcon");
# Define if the list of module to verify has been specified by the user
techniques/applications/apacheServer/3.0/apacheServerConfiguration.st
# Adjust SELinux ?
"apache_selinux_adjust" expression => strcmp("&APACHE_SELINUX&","true");
# Is the SELinux binary "chcon" present ?
# Is the SELinux binary "chcon" present ?
"selinux_bin_present" expression => fileexists("/usr/bin/chcon");
# Define if the list of module to verify has been specified by the user
techniques/applications/aptPackageInstallation/1.0/aptPackageInstallation.st
&TRACKINGKEY:{directiveId |"apt_directive_id[&i&]" string => "&directiveId&";
}&
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
"index_aptpkg" slist => getindices("apt_package");
techniques/applications/aptPackageInstallation/1.0/metadata.xml
<LABEL>Update only (don't install)</LABEL>
<VALUE>update</VALUE>
</ITEM>
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<LABEL>Install and update automatically</LABEL>
<VALUE>addupdate</VALUE>
</ITEM>-->
techniques/applications/aptPackageInstallation/1.1/aptPackageInstallation.st
&TRACKINGKEY:{piuuid |"apt_policy_instance_uuid[&i&]" string => "&piuuid&";
}&
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
"index_aptpkg" slist => getindices("apt_package");
techniques/applications/aptPackageInstallation/1.1/metadata.xml
<LABEL>Update only (don't install)</LABEL>
<VALUE>update</VALUE>
</ITEM>
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<LABEL>Install and update automatically</LABEL>
<VALUE>addupdate</VALUE>
</ITEM>-->
techniques/applications/aptPackageInstallation/1.2/aptPackageInstallation.st
&TRACKINGKEY:{piuuid |"apt_policy_instance_uuid[&i&]" string => "&piuuid&";
}&
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
"index_aptpkg" slist => getindices("apt_package");
techniques/applications/aptPackageInstallation/1.2/metadata.xml
<LABEL>Update only (don't install)</LABEL>
<VALUE>update</VALUE>
</ITEM>
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<LABEL>Install and update automatically</LABEL>
<VALUE>addupdate</VALUE>
</ITEM>-->
techniques/applications/aptPackageInstallation/2.0/aptPackageInstallation.st
&TRACKINGKEY:{piuuid |"apt_policy_instance_uuid[&i&]" string => "&piuuid&";
}&
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
"index_aptpkg" slist => getindices("apt_package");
techniques/applications/aptPackageInstallation/2.0/metadata.xml
<LABEL>Update only (don't install)</LABEL>
<VALUE>update</VALUE>
</ITEM>
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<LABEL>Install and update automatically</LABEL>
<VALUE>addupdate</VALUE>
</ITEM>-->
techniques/applications/aptPackageInstallation/3.0/aptPackageInstallation.st
&TRACKINGKEY:{piuuid |"apt_policy_instance_uuid[&i&]" string => "&piuuid&";
}&
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
"index_aptpkg" slist => getindices("apt_package");
techniques/applications/aptPackageInstallation/3.0/metadata.xml
<LABEL>Update only (don't install)</LABEL>
<VALUE>update</VALUE>
</ITEM>
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<LABEL>Install and update automatically</LABEL>
<VALUE>addupdate</VALUE>
</ITEM>-->
techniques/applications/aptPackageInstallation/4.0/aptPackageInstallation.st
&TRACKINGKEY:{piuuid |"apt_policy_instance_uuid[&i&]" string => "&piuuid&";
}&
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
# "debian_packagelist" slist => {&APT_PACKAGE_DEBLIST: { "&it&" };separator=", "&};
"index_aptpkg" slist => getindices("apt_package");
techniques/applications/aptPackageInstallation/4.0/metadata.xml
<LABEL>Update only (don't install)</LABEL>
<VALUE>update</VALUE>
</ITEM>
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<!--<ITEM> # CURRENTLY BROKEN IN CFENGINE #
<LABEL>Install and update automatically</LABEL>
<VALUE>addupdate</VALUE>
</ITEM>-->
techniques/applications/zypperPackageManagerRepositories/1.0/zypper-repositories-management.st
classes:
# Disable repositories if the value of the variable start by true
# Since variable is unique, it can contain only one value, however, it is repeated
# as many time as there are instance of the directive, rendering the strcmp unusable in this case
# Since variable is unique, it can contain only one value, however, it is repeated
# as many time as there are instance of the directive, rendering the strcmp unusable in this case
"zypper_disable_other_repositories" expression => regcmp("true.*", "&ZYPPER_REPO_DISABLE_OTHER_REPOSITORIES&");
files:
techniques/fileDistribution/copyGitFile/1.6/copyFileFromSharedFolder.st
# Error conditons
## The destination is not an existing directory
## The destination is not an existing directory
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The copy of the file failed: the destination (${copyfile[${index}][destination]}) is not stored in a valid directory"
ifvarclass => "copy_file_${index}_dest_notdir";
## File access denied
## File access denied
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The copy of the file failed: access to ${copyfile[${index}][name]} denied by the server"
ifvarclass => "copy_file_${index}_denied";
## User does not exist
## User does not exist
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The permissions could not be applied on the file: user \"${copyfile[${index}][owner]}\" not found"
ifvarclass => "copy_file_${index}_user_absent";
## Group does not exist
## Group does not exist
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The permissions could not be applied on the file: group \"${copyfile[${index}][group]}\" not found"
ifvarclass => "copy_file_${index}_group_absent";
## Generic failure
## Generic failure
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The content or permissions of the file(s) could not have been repaired (file not found?)"
ifvarclass => "copy_file_${index}_error.!copy_file_${index}_dest_notdir.!copy_file_${index}_denied.!copy_file_${index}_user_absent.!copy_file_${index}_group_absent";
techniques/fileDistribution/copyGitFile/1.7/copyFileFromSharedFolder.st
# Error conditons
## The destination is not an existing directory
## The destination is not an existing directory
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The copy of the file failed: the destination (${copyfile[${index}][destination]}) is not stored in a valid directory"
ifvarclass => "copy_file_${index}_dest_notdir";
## File access denied
## File access denied
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The copy of the file failed: access to ${copyfile[${index}][name]} denied by the server"
ifvarclass => "copy_file_${index}_denied";
## User does not exist
## User does not exist
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The permissions could not be applied on the file: user \"${copyfile[${index}][owner]}\" not found"
ifvarclass => "copy_file_${index}_user_absent";
## Group does not exist
## Group does not exist
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The permissions could not be applied on the file: group \"${copyfile[${index}][group]}\" not found"
ifvarclass => "copy_file_${index}_group_absent";
## Generic failure
## Generic failure
"@@copyFile@@result_error@@${copyfile[${index}][uuid]}@@Copy file@@${copyfile[${index}][name]}@@${g.execRun}##${g.uuid}@#The content or permissions of the file(s) could not have been repaired (file not found?)"
ifvarclass => "copy_file_${index}_error.!copy_file_${index}_dest_notdir.!copy_file_${index}_denied.!copy_file_${index}_user_absent.!copy_file_${index}_group_absent";
techniques/fileDistribution/copyGitFile/2.0/copyFileFromSharedFolder.st
# Error conditons
## The destination is not an existing directory or symbolic link
## The destination is not an existing directory or symbolic link
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The copy of the file failed: the destination (${copyfile[${index}][destination]}) is not stored in a valid directory"),
ifvarclass => "copy_file_${index}_dest_notdir.file_check_symlink_${canon_dirname_${index}}_failed";
## File access denied
## File access denied
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The copy of the file failed: access to ${copyfile[${index}][name]} denied by the server"),
ifvarclass => "copy_file_${index}_denied";
## User does not exist
## User does not exist
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The permissions could not be applied on the file: user \"${copyfile[${index}][owner]}\" not found"),
ifvarclass => "copy_file_${index}_user_absent";
## Group does not exist
## Group does not exist
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The permissions could not be applied on the file: group \"${copyfile[${index}][group]}\" not found"),
ifvarclass => "copy_file_${index}_group_absent";
## Generic failure
## Generic failure
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The content or permissions of the file(s) could not have been repaired (file not found?)"),
ifvarclass => "copy_file_${index}_error.!copy_file_${index}_dest_notdir.!copy_file_${index}_denied.!copy_file_${index}_user_absent.!copy_file_${index}_group_absent";
techniques/fileDistribution/copyGitFile/2.1/copyFileFromSharedFolder.st
# Error conditons
## The destination is not an existing directory or symbolic link
## The destination is not an existing directory or symbolic link
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The copy of the file failed: the destination (${copyfile[${index}][destination]}) is not stored in a valid directory"),
ifvarclass => "copy_file_${index}_dest_notdir.file_check_symlink_${canon_dirname_${index}}_failed";
## File access denied
## File access denied
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The copy of the file failed: access to ${copyfile[${index}][name]} denied by the server"),
ifvarclass => "copy_file_${index}_denied";
## User does not exist
## User does not exist
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The permissions could not be applied on the file: user \"${copyfile[${index}][owner]}\" not found"),
ifvarclass => "copy_file_${index}_user_absent";
## Group does not exist
## Group does not exist
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The permissions could not be applied on the file: group \"${copyfile[${index}][group]}\" not found"),
ifvarclass => "copy_file_${index}_group_absent";
## Generic failure
## Generic failure
"any" usebundle => rudder_common_report("copyFile", "result_error", "${copyfile[${index}][uuid]}", "Copy file", "${copyfile[${index}][name]}", "The content or permissions of the file(s) could not have been repaired (file not found?)"),
ifvarclass => "copy_file_${index}_error.!copy_file_${index}_dest_notdir.!copy_file_${index}_denied.!copy_file_${index}_user_absent.!copy_file_${index}_group_absent";
techniques/fileDistribution/downloadFile/3.0/downloadFile.st
vars:
# If curl is here, use it
# If curl is here, use it
!windows.curl_installed::
"download_command" string => "${g.rudder_curl} -L -f --proxy '' -o \"&DOWNLOADFILE_DESTINATION&\" &DOWNLOADFILE_SOURCE&";
......
!windows.!curl_installed::
"download_command" string => "${g.minicurl} --get --file \"&DOWNLOADFILE_DESTINATION&\" --url &DOWNLOADFILE_SOURCE&";
# Windows always use curl
# Windows always use curl
windows::
"download_command" string => "\"${g.rudder_curl}\" -L -f --proxy '' -o \"&DOWNLOADFILE_DESTINATION&\" &DOWNLOADFILE_SOURCE&";
techniques/system/common/1.0/minicurl.st
my $program_version = "1.0";
my $program_description = "Perl HTTP, HTTP/S, FTP download and upload tool";
## Argument handling (Getopt)
## Argument handling (Getopt)
my ($get, $put, $httpstatus, $help, $debug, $version, $no_verify);
$get = $put = $httpstatus = $help = $debug = $version = $no_verify = 0;
......
exit(1);
}
# Build the file basename
# Build the file basename
my $file_basename = basename($file);
# Create a HTTP Basic authentication string if applicable
......
# Make sure we use SSLv3 at least while connecting to HTTP/S
$ENV{HTTPS_VERSION} = 3;
# Create a new LWP object
# Create a new LWP object
my $ua = LWP::UserAgent->new;
if($no_verify) {
......
}
if ($put == 1) {
# PUT
# PUT
# Create a variable from the target file
# Create a variable from the target file
my $message;
open(my $fh, '<', $file) or die "ERROR: Unable to open file $file.\n";
{
......
}
close($fh);
# Send the file using the PUT method
# Send the file using the PUT method
if ($authentication eq "") {
$response = $ua->request(PUT $url . $file_basename, Content => $message);
} else {
......
} else {
# GET
# GET
# Get the file using the GET method
# Get the file using the GET method
if ($authentication eq "") {
$response = $ua->request(GET $url);
} else {
techniques/system/common/1.0/promises.st
pass3::
"any" usebundle => rudder_common_report("Common", "result_success", "&TRACKINGKEY&", "Process checking", "None", "There is an acceptable number of CFEngine processes running on the machine"),
# Here, I can not use the binaries variable as CFEngine will iterate and output two reports, breaking the reporting.
# Here, I can not use the binaries variable as CFEngine will iterate and output two reports, breaking the reporting.
ifvarclass => "!agent_has_gone_wild.!agent_has_gone_really_wild.!execd_has_gone_wild.!execd_has_gone_really_wild";
"any" usebundle => rudder_common_report("Common", "result_repaired", "&TRACKINGKEY&", "Process checking", "None", "Warning, more than ${process_term[${binaries}]} cf-${binaries} processes were detected. They have been sent a graceful termination signal."),
techniques/system/common/1.0/rudder_agent_nova_cron.st
# Don't forget to remove that file when you're done!
#
# If you want to report a specific message if the Rudder agent fails to restart, please create the
# /opt/rudder/etc/rudder-restart-message.txt file with your custom message inside. It will be sent by mail
# instead of the default one.
# /opt/rudder/etc/rudder-restart-message.txt file with your custom message inside. It will be sent by mail
# instead of the default one.
# Add a decent PATH to the environment before triggering anything
# Add a decent PATH to the environment before triggering anything
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0,5,10,15,20,25,30,35,40,45,50,55 * * * * root . /etc/profile; if [ ! -e ${g.rudder_base}/etc/disable-agent -a `ps -efww | grep -E "(cf-execd|cf-agent)" | grep -E "${sys.workdir}/bin/(cf-execd|cf-agent)" | grep -v grep | wc -l` -eq 0 ]; then ${sys.workdir}/bin/cf-agent -f failsafe.cf >/dev/null 2>\&1 \&\& ${sys.workdir}/bin/cf-agent >/dev/null 2>\&1; if [ $? != 0 ]; then if [ -f /opt/rudder/etc/rudder-restart-message.txt ]; then cat /opt/rudder/etc/rudder-restart-message.txt; else echo "Rudder agent was unable to restart on ${hostname}."; fi; fi; fi
techniques/system/common/1.0/rudder_lib.st
portnumber => "&COMMUNITYPORT&";
}
# This is an evolved version of copy_from scp that uses local copies if we are
# This is an evolved version of copy_from scp that uses local copies if we are
# running on a policy server instead of copying from a localhost remote blindly.
body copy_from rudder_copy_from(from, server,compare,trustkey,preserve,purge) {
techniques/system/common/1.0/site.st
classes:
# Utilities
# Utilities
"gzip_installed" expression => isexecutable("${gzip}");
"curl_installed" expression => isexecutable("${rudder_curl}");
techniques/system/inventory/1.0/fusionAgent.st
comment => "Sending the inventory to the server";
&if(NOVA)&
# On windows, the this.promiser variable is not evaluated the same way. We are forced to duplicate this block
# On windows, the this.promiser variable is not evaluated the same way. We are forced to duplicate this block
windows::
"${g.rudder_inventories}"
transformer => "${download_command_prefix} \"${this.promiser}\" ${download_command_suffix}",
techniques/system/server-roles/1.0/component-check.st
"index" slist => getindices("service");
# Reporting
# Reporting
"root_integrity_check" slist => { "Check configuration-repository folder", "Check configuration-repository GIT lock" };
"root_password_check_ldap" slist => { "Check LDAP in rudder-webapp.properties", "Check LDAP credentials" };
"root_password_check_psql" slist => { "Check SQL in rudder-webapp.properties", "Check SQL credentials" };
......
# This is to be done only if the package rudder-server-root is present
role_rudder_server_root::
# Password management is expected to be done manually in case of a splitted/relayed installation for now.
# Password management is expected to be done manually in case of a splitted/relayed installation for now.
"any" usebundle => root_password_check_ldap;
"any" usebundle => root_password_check_file;
"any" usebundle => root_password_check_psql;
......
"Check rudder-passwords.conf and pgpass files", "None", "Checking the password files is unnecessary on this machine, skipping..."
);
# Do this if this is the root_server or a relay server
# Do this if this is the root_server or a relay server
root_server|policy_server::
"any" usebundle => root_networks_check;
"any" usebundle => root_password_check_dav;
techniques/systemSettings/misc/clockConfiguration/1.0/clockConfiguration.st
commands:
# Restart commands
# Restart commands
!windows.!redhat.(repaired_ntpconf|repaired_localtime|repaired_debiantz|repaired_susetz|ntpd_down)::
"/etc/init.d/ntp"
args => "restart",
......
classes => cf2_if_else("ntp_win32time_started", "ntp_win32time_error"),
comment => "Restart the windows NTP service";
# HW clock sync command
# HW clock sync command
!windows::
"/sbin/hwclock"
args => "--systohc",
......
files:
# Adjust ntp.conf (Add the servers)
# Adjust ntp.conf (Add the servers)
!windows.(ntp_config_file_exists|ntp_installed)::
"/etc/ntp.conf"
edit_line => setNtpServer("@{this.ntpServers}"),
......
comment => "Updating the /etc/localtime file",
classes => kept_if_else("localtime_kept", "repaired_localtime", "not_repaired_localtime");
# Edit the distro dependant files to set the TZ on boot
# Edit the distro dependant files to set the TZ on boot
(redhat.!clock_timezone_noedit).clock_vardef::
"/etc/sysconfig/clock"
edit_line => EditCentOSTimezone("${linux_timezone}"),
techniques/systemSettings/misc/clockConfiguration/2.0/clockConfiguration.st
files:
# Adjust ntp.conf (Add the servers)
# Adjust ntp.conf (Add the servers)
!windows.(ntp_config_file_exists|ntp_installed)::
"/etc/ntp.conf"
edit_line => setNtpServer("@{this.ntpServers}"),
......
comment => "Updating the /etc/localtime file",
classes => kept_if_else("localtime_kept", "repaired_localtime", "not_repaired_localtime");
# Edit the distro dependant files to set the TZ on boot
# Edit the distro dependant files to set the TZ on boot
(redhat.!clock_timezone_noedit).clock_vardef::
"/etc/sysconfig/clock"
edit_line => EditCentOSTimezone("${linux_timezone}"),
......
commands:
# Restart commands
# Restart commands
!windows.!redhat.(repaired_ntpconf|repaired_localtime|repaired_debiantz|repaired_susetz|ntpd_down)::
"/etc/init.d/ntp"
args => "restart",
......
classes => cf2_if_else("ntp_win32time_started", "ntp_win32time_error"),
comment => "Restart the windows NTP service";
# HW clock sync command
# HW clock sync command
!windows::
"/sbin/hwclock"
args => "--systohc",
techniques/systemSettings/misc/clockConfiguration/3.0/clockConfiguration.st
files:
# Adjust ntp.conf (Add the servers)
# Adjust ntp.conf (Add the servers)
!windows.(ntp_config_file_exists|ntp_installed)::
"/etc/ntp.conf"
edit_line => setNtpServer("@{this.ntpServers}"),
......
comment => "Updating the /etc/localtime file",
classes => kept_if_else("localtime_kept", "repaired_localtime", "not_repaired_localtime");
# Edit the distro dependant files to set the TZ on boot
# Edit the distro dependant files to set the TZ on boot
(redhat.!clock_timezone_noedit).clock_vardef::
"/etc/sysconfig/clock"
edit_line => EditCentOSTimezone("${linux_timezone}"),
......
pass2::
# Restart commands
# Restart commands
!windows.!redhat.(repaired_ntpconf|repaired_localtime|repaired_debiantz|repaired_susetz|ntpd_down)::
"restart_ntp" usebundle => service_restart("ntp");
......
classes => cf2_if_else("ntp_win32time_started", "ntp_win32time_error"),
comment => "Restart the windows NTP service";
# HW clock sync command
# HW clock sync command
!windows.clock_hwclock_sync::
"/sbin/hwclock"
args => "--systohc",
techniques/systemSettings/misc/clockConfiguration/3.1/clockConfiguration.st
files:
# Adjust ntp.conf (Add the servers)
# Adjust ntp.conf (Add the servers)
!windows.(ntp_config_file_exists|ntp_installed)::
"/etc/ntp.conf"
edit_line => setNtpServer("@{this.ntpServers}"),
......
comment => "Updating the /etc/localtime file",
classes => kept_if_else("localtime_kept", "repaired_localtime", "not_repaired_localtime");
# Edit the distro dependant files to set the TZ on boot
# Edit the distro dependant files to set the TZ on boot
redhat.!clock_timezone_noedit::
"/etc/sysconfig/clock"
edit_line => EditCentOSTimezone("${linux_timezone}"),
......
commands:
# Restart commands
# Restart commands
!windows.!redhat.(repaired_ntpconf|repaired_localtime|repaired_debiantz|repaired_susetz|ntpd_down)::
"/etc/init.d/ntp"
args => "restart",
......
classes => cf2_if_else("ntp_win32time_started", "ntp_win32time_error"),
comment => "Restart the windows NTP service";
# HW clock sync command
# HW clock sync command
!windows.clock_hwclock_sync::
"/sbin/hwclock"
args => "--systohc",
techniques/systemSettings/networking/hostsConfiguration/1.0/hostsConfiguration.st
#
# NOTE : I permitted the creation of the hosts file if absent, but on a purely
# functionnal side, its absence means a severe breakage of your IP stack. Be
# aware of this if a file creation is reported !
# aware of this if a file creation is reported !
#
bundle agent check_hosts_configuration
......
"${sys.winsysdir}\drivers\etc\hosts"
create => "true",
# perms => m("644"),
# perms => m("644"),
&if (HOSTS_ENFORCE)&
edit_defaults => empty_backup,
&else&
techniques/systemSettings/networking/hostsConfiguration/1.1/hostsConfiguration.st
#
# NOTE : I permitted the creation of the hosts file if absent, but on a purely
# functionnal side, its absence means a severe breakage of your IP stack. Be
# aware of this if a file creation is reported !
# aware of this if a file creation is reported !
#
bundle agent check_hosts_configuration
......
"${sys.winsysdir}\drivers\etc\hosts"
create => "true",
# perms => m("644"),
# perms => m("644"),
&if (HOSTS_ENFORCE)&
edit_defaults => empty_backup,
&else&
techniques/systemSettings/networking/hostsConfiguration/2.0/hostsConfiguration.st
#
# NOTE : I permitted the creation of the hosts file if absent, but on a purely
# functionnal side, its absence means a severe breakage of your IP stack. Be
# aware of this if a file creation is reported !
# aware of this if a file creation is reported !
#
bundle agent check_hosts_configuration
......
"${sys.winsysdir}\drivers\etc\hosts"
create => "true",
# perms => m("644"),
# perms => m("644"),
&if (HOSTS_ENFORCE)&
edit_defaults => empty_backup,
&else&
techniques/systemSettings/remoteAccess/sshConfiguration/1.0/sshConfiguration.st
# If ssh is not installed, install it (linux)
# Change the server configuration, and restart the daemon
# if the configuration changed
# WARNING : You may inadvertently create conflict with processManagement !
# WARNING : You may inadvertently create conflict with processManagement !
# This promise restarts sshd if not there, which could be done by processManagement too.
# dontchange is a generic value to prohibit the edition of the value
techniques/systemSettings/remoteAccess/sshConfiguration/2.0/configuration.st
# If ssh is not installed, install it (linux)
# Change the server configuration, and restart the daemon
# if the configuration changed
# WARNING : You may inadvertently create conflict with processManagement !
# WARNING : You may inadvertently create conflict with processManagement !
# This promise restarts sshd if not there, which could be done by processManagement too.
# dontchange is a generic value to prohibit the edition of the value
#####################################################################################
......
"rudder_openssh_server_startup_init_activation_command"
string => "/sbin/chkconfig --del sshd \&\& /sbin/chkconfig --add sshd";
# Class specific parameters
# Class specific parameters
rudder_openssh_server_address_family_edit.!(debian_3|redhat_3|redhat_4|centos_3|centos_4)::
"sshd[AddressFamily]"
string => "&OPENSSH_SERVER_ADDRESSFAMILY&";
......
comment => "Insert the standard Rudder disclaimer in the OpenSSHd configuration file";
(debian|redhat|SuSE)::
# This promise will detect if there is a startup script for OpenSSH enabled on the system,
# and set a class if there is one indeed.
# This promise will detect if there is a startup script for OpenSSH enabled on the system,
# and set a class if there is one indeed.
"${rudder_openssh_server_startup_script_regex}"
create => "true",
action => WarnOnly,
techniques/systemSettings/remoteAccess/sshConfiguration/2.0/installation.st
string => "openssh";
packages:
# Install OpenSSH if needed, using generic installation.
# Install OpenSSH if needed, using generic installation.
(debian|redhat|SuSE)::
"${rudder_openssh_server_package_name}"
package_policy => "add",
techniques/systemSettings/remoteAccess/sshConfiguration/3.0/config.st
"rudder_openssh_server_config[edit_ports]"
string => "&OPENSSH_SERVER_PORTSEDIT&";
# Class specific parameters
# Class specific parameters
rudder_openssh_server_address_family_edit.!(debian_3|redhat_3|redhat_4|centos_3|centos_4)::
"rudder_openssh_server_config[config][AddressFamily]"
string => "&OPENSSH_SERVER_ADDRESSFAMILY&";
techniques/systemSettings/remoteAccess/sshConfiguration/3.0/installation.st
string => "openssh";
packages:
# Install OpenSSH if needed, using generic installation.
# Install OpenSSH if needed, using generic installation.
linux::
"${rudder_openssh_server_package_name}"
package_policy => "add",
techniques/systemSettings/remoteAccess/sshConfiguration/3.0/main.st
# If ssh is not installed, install it (linux)
# Change the server configuration, and restart the daemon
# if the configuration changed
# WARNING : You may inadvertently create conflict with processManagement !
# WARNING : You may inadvertently create conflict with processManagement !
# This promise restarts sshd if not there, which could be done by processManagement too.
# dontchange is a generic value to prohibit the edition of the value
#####################################################################################
......
comment => "Insert the standard Rudder disclaimer in the OpenSSHd configuration file";
(debian|redhat|SuSE)::
# This promise will detect if there is a startup script for OpenSSH enabled on the system,
# and set a class if there is one indeed.
# This promise will detect if there is a startup script for OpenSSH enabled on the system,
# and set a class if there is one indeed.
"${rudder_openssh_server_startup_script_regex}"
create => "true",
action => WarnOnly,
techniques/systemSettings/remoteAccess/sshConfiguration/4.0/config.st
"rudder_openssh_server_config[edit_ports]"
string => "&OPENSSH_SERVER_PORTSEDIT&";
# Class specific parameters
# Class specific parameters
rudder_openssh_server_address_family_edit.!(debian_3|redhat_3|redhat_4|centos_3|centos_4)::
"rudder_openssh_server_config[config][AddressFamily]"
string => "&OPENSSH_SERVER_ADDRESSFAMILY&";
techniques/systemSettings/remoteAccess/sshConfiguration/4.0/installation.st
string => "openssh";
packages:
# Install OpenSSH if needed, using generic installation.
# Install OpenSSH if needed, using generic installation.
linux::
"${rudder_openssh_server_package_name}"
package_policy => "add",
techniques/systemSettings/remoteAccess/sshConfiguration/4.0/main.st
# If ssh is not installed, install it (linux)
# Change the server configuration, and restart the daemon
# if the configuration changed
# WARNING : You may inadvertently create conflict with processManagement !
# WARNING : You may inadvertently create conflict with processManagement !
# This promise restarts sshd if not there, which could be done by processManagement too.
# dontchange is a generic value to prohibit the edition of the value
#####################################################################################
......
"rudder_openssh_server_startup_command"
string => "/usr/bin/stopsrc -s sshd \&\& until /usr/bin/lssrc -s sshd | ${paths.grep} -q inoperative; do ${paths.perl} -e 'select(undef,undef,undef,.25)'; done; /usr/bin/startsrc -s sshd";
# Here are the details about the arguments given to mkssys:
## -p: Specifies the absolute path to the subsystem executable program.
## -s: Specifies a name that uniquely identifies the subsystem.
# Here are the details about the arguments given to mkssys:
## -p: Specifies the absolute path to the subsystem executable program.
## -s: Specifies a name that uniquely identifies the subsystem.
## -G: Specifies that the subsystem belongs to the Group specified.
## -u: Specifies the user ID for the subsystem.
## -S: Specifies that the subsystem uses the signals communication method.
techniques/systemSettings/remoteAccess/sshConfiguration/5.0/config.st
"rudder_openssh_server_config[edit_addresses]"
string => "&OPENSSH_SERVER_ADDRESSESEDIT&";
# Class specific parameters
# Class specific parameters
rudder_openssh_server_address_family_edit.!(debian_3|redhat_3|redhat_4|centos_3|centos_4)::
"rudder_openssh_server_config[config][AddressFamily]"
string => "&OPENSSH_SERVER_ADDRESSFAMILY&";
techniques/systemSettings/remoteAccess/sshConfiguration/5.0/installation.st
string => "openssh";
packages:
# Install OpenSSH if needed, using generic installation.
# Install OpenSSH if needed, using generic installation.
linux::
"${rudder_openssh_server_package_name}"
package_policy => "add",
techniques/systemSettings/remoteAccess/sshConfiguration/5.0/main.st
# If ssh is not installed, install it (linux)
# Change the server configuration, and restart the daemon
# if the configuration changed
# WARNING : You may inadvertently create conflict with processManagement !
# WARNING : You may inadvertently create conflict with processManagement !
# This promise restarts sshd if not there, which could be done by processManagement too.
# dontchange is a generic value to prohibit the edition of the value
#####################################################################################
......
"rudder_openssh_server_startup_command"
string => "/usr/bin/stopsrc -s sshd \&\& until /usr/bin/lssrc -s sshd | ${paths.grep} -q inoperative; do ${paths.perl} -e 'select(undef,undef,undef,.25)'; done; /usr/bin/startsrc -s sshd";
# Here are the details about the arguments given to mkssys:
## -p: Specifies the absolute path to the subsystem executable program.
## -s: Specifies a name that uniquely identifies the subsystem.
# Here are the details about the arguments given to mkssys:
## -p: Specifies the absolute path to the subsystem executable program.
## -s: Specifies a name that uniquely identifies the subsystem.
## -G: Specifies that the subsystem belongs to the Group specified.
## -u: Specifies the user ID for the subsystem.
## -S: Specifies that the subsystem uses the signals communication method.
techniques/systemSettings/remoteAccess/sshKeyDistribution/2.0/sshKeyDistribution.st
"homedir[${sshkey_distribution_index}]"
string => "${userarray_${sshkey_distribution_index}[${sshkey_distribution_name[${sshkey_distribution_index}]}][5]}";
# Only Linuxes (not Slackware), Solaris and FreeBSD support PAM/getent
# Only Linuxes (not Slackware), Solaris and FreeBSD support PAM/getent
(linux.!slackware)|solaris|freebsd::
"userdata_${sshkey_distribution_index}"
string => execresult("/usr/bin/getent passwd ${sshkey_distribution_name[${sshkey_distribution_index}]}", "noshell");
# On systems without PAM, directly read entries from /etc/passwd instead (compatibility)
# On systems without PAM, directly read entries from /etc/passwd instead (compatibility)
!((linux.!slackware)|solaris|freebsd)::
"userdata_${sshkey_distribution_index}"
techniques/systemSettings/remoteAccess/sshKeyDistribution/3.0/sshKeyDistribution.st
"homedir[${sshkey_distribution_index}]"
string => "${userarray_${sshkey_distribution_index}[${sshkey_distribution_name[${sshkey_distribution_index}]}][5]}";
# Only Linuxes (not Slackware), Solaris and FreeBSD support PAM/getent
# Only Linuxes (not Slackware), Solaris and FreeBSD support PAM/getent
(linux.!slackware)|solaris|freebsd::
"userdata_${sshkey_distribution_index}"
string => execresult("/usr/bin/getent passwd ${sshkey_distribution_name[${sshkey_distribution_index}]}", "noshell");
# On systems without PAM, directly read entries from /etc/passwd instead (compatibility)
# On systems without PAM, directly read entries from /etc/passwd instead (compatibility)
!((linux.!slackware)|solaris|freebsd)::
"userdata_${sshkey_distribution_index}"
techniques/systemSettings/systemManagement/motdConfiguration/2.0/main.st
"rudder_motd_absent" not => fileexists("/etc/motd");
files:
# Set every MOTD file to the wanted value
# Set every MOTD file to the wanted value
!windows::
"${rudder_motd_file}"
create => "true",
techniques/systemSettings/systemManagement/motdConfiguration/3.0/main.st
"rudder_motd_absent" not => fileexists("/etc/motd");
files:
# Set every MOTD file to the wanted value
# Set every MOTD file to the wanted value
!windows::
"${rudder_motd_file}"
create => "true",
techniques/systemSettings/systemManagement/motdConfiguration/3.1/main.st
"rudder_motd_absent" not => fileexists("/etc/motd");
files:
# Set every MOTD file to the wanted value
# Set every MOTD file to the wanted value
!windows::
"${rudder_motd_file}"
create => "true",
techniques/systemSettings/systemManagement/motdConfiguration/3.2/main.st
"pass1" expression => "any";
files:
# Set every MOTD file to the wanted value
# Set every MOTD file to the wanted value
pass2.!windows::
"${rudder_motd_issue_files}"
create => "true",
techniques/systemSettings/userManagement/userManagement/3.0/userManagement.st
aix::
# Only execute this on AIX to prevent costly executions on irrelevant OSes:
# Only execute this on AIX to prevent costly executions on irrelevant OSes:
# We only need this to update /etc/security/passwd, which is AIX specific.
"timestamp" string => execresult("/bin/date +%s", "noshell");
......
classes => kept_if_else("usermanagement_user_password_ok_${usergroup_user_index}", "usermanagement_user_password_repaired_${usergroup_user_index}", "usermanagement_user_password_failed_${usergroup_user_index}"),
ifvarclass => "(usermanagement_login_add_${usergroup_user_index}_repaired.usermanagement_user_pwoneshot_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})|(usermanagement_user_update_${usergroup_user_index}.usermanagement_user_exists_${usergroup_user_index}.usermanagement_user_pweverytime_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})";
# AIX has a specific approach for passwords, needing a different approach (no tabular edition)
# AIX has a specific approach for passwords, needing a different approach (no tabular edition)
aix::
......
classes => kept_if_else("usermanagement_user_password_ok_${usergroup_user_index}", "usermanagement_user_password_repaired_${usergroup_user_index}", "usermanagement_user_password_failed_${usergroup_user_index}"),
ifvarclass => "(usermanagement_login_add_${usergroup_user_index}_repaired.usermanagement_user_pwoneshot_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})|(usermanagement_user_update_${usergroup_user_index}.usermanagement_user_exists_${usergroup_user_index}.usermanagement_user_pweverytime_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})";
# If a password update is needed, also update the timestamp to avoid administrative headaches (password expiration/policies)
# If a password update is needed, also update the timestamp to avoid administrative headaches (password expiration/policies)
"/etc/security/passwd"
create => "false",
edit_line => rudder_change_aix_password_entry("${usergroup_user_login[${usergroup_user_index}]}", "lastupdate", "${timestamp}"),
techniques/systemSettings/userManagement/userManagement/4.0/userManagement.st
aix::
# Only execute this on AIX to prevent costly executions on irrelevant OSes:
# Only execute this on AIX to prevent costly executions on irrelevant OSes:
# We only need this to update /etc/security/passwd, which is AIX specific.
"timestamp" string => execresult("/bin/date +%s", "noshell");
......
classes => kept_if_else("usermanagement_user_password_ok_${usergroup_user_index}", "usermanagement_user_password_repaired_${usergroup_user_index}", "usermanagement_user_password_failed_${usergroup_user_index}"),
ifvarclass => "(usermanagement_login_add_${usergroup_user_index}_repaired.usermanagement_user_pwoneshot_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})|(usermanagement_user_update_${usergroup_user_index}.usermanagement_user_exists_${usergroup_user_index}.usermanagement_user_pweverytime_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})";
# AIX has a specific approach for passwords, needing a different approach (no tabular edition)
# AIX has a specific approach for passwords, needing a different approach (no tabular edition)
aix::
......
classes => kept_if_else("usermanagement_user_password_ok_${usergroup_user_index}", "usermanagement_user_password_repaired_${usergroup_user_index}", "usermanagement_user_password_failed_${usergroup_user_index}"),
ifvarclass => "(usermanagement_login_add_${usergroup_user_index}_repaired.usermanagement_user_pwoneshot_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})|(usermanagement_user_update_${usergroup_user_index}.usermanagement_user_exists_${usergroup_user_index}.usermanagement_user_pweverytime_${usergroup_user_index}.!usermanagement_user_pwempty_${usergroup_user_index})";
# If a password update is needed, also update the timestamp to avoid administrative headaches (password expiration/policies)
# If a password update is needed, also update the timestamp to avoid administrative headaches (password expiration/policies)
"/etc/security/passwd"
create => "false",
edit_line => rudder_change_aix_password_entry("${usergroup_user_login[${usergroup_user_index}]}", "lastupdate", "${timestamp}"),

Also available in: Unified diff