forked from ungleich-public/cdist
cleanup and rewrite
- add new --state parameter and support for deleting groups - add new --system parameter to create system groups if supported by the os - remove special case for legacy redhat/centos versions, they are long gone Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
This commit is contained in:
parent
0cf170b18e
commit
d247f083e8
7 changed files with 93 additions and 93 deletions
|
@ -1,2 +0,0 @@
|
||||||
- delete groups
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
#
|
#
|
||||||
|
@ -22,7 +22,6 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
name=$__object_id
|
name=$__object_id
|
||||||
os_version="$($__explorer/os_version)"
|
|
||||||
os="$($__explorer/os)"
|
os="$($__explorer/os)"
|
||||||
|
|
||||||
if [ "$os" = "freebsd" ]; then
|
if [ "$os" = "freebsd" ]; then
|
||||||
|
@ -30,13 +29,4 @@ if [ "$os" = "freebsd" ]; then
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
case "$os_version" in
|
getent gshadow "$name" || true
|
||||||
"Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
|
|
||||||
# TODO: find a way to get this information
|
|
||||||
echo "$os_version does not have getent gshadow"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
getent gshadow "$name" || true
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
#
|
#
|
||||||
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
|
# 2011-2015 Steven Armstrong (steven-cdist at armstrong.cc)
|
||||||
# 2011 Nico Schottelius (nico-cdist at schottelius.org)
|
# 2011 Nico Schottelius (nico-cdist at schottelius.org)
|
||||||
#
|
#
|
||||||
# This file is part of cdist.
|
# This file is part of cdist.
|
||||||
|
@ -23,91 +23,85 @@
|
||||||
#
|
#
|
||||||
|
|
||||||
name="$__object_id"
|
name="$__object_id"
|
||||||
os_version="$(cat "$__global/explorer/os_version")"
|
|
||||||
os="$(cat "$__global/explorer/os")"
|
os="$(cat "$__global/explorer/os")"
|
||||||
|
|
||||||
cd "$__object/parameter"
|
|
||||||
if grep -q "^${name}:" "$__object/explorer/group"; then
|
|
||||||
for property in $(ls .); do
|
|
||||||
new_value="$(cat "$property")"
|
|
||||||
# argument to pass the groupmod command for this property (exceptions
|
|
||||||
# are made in the case statement below)
|
|
||||||
proparg="--$property"
|
|
||||||
|
|
||||||
case "$property" in
|
# Use short option names for portability
|
||||||
password)
|
shorten_property() {
|
||||||
if [ "$os" = "freebsd" ]; then
|
case "$1" in
|
||||||
echo "group/$name: FreeBSD doesn't support password modification" >&2
|
gid) echo "-g";;
|
||||||
exit 1
|
password) echo "-p";;
|
||||||
fi
|
system) echo "-r";;
|
||||||
case "$os_version" in
|
esac
|
||||||
"Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
|
}
|
||||||
# TODO: Use gpasswd? Need to fix gshadow explorer first.
|
|
||||||
echo "group/$name: '$os_version' groupmod does not support password modification" >&2
|
|
||||||
exit 1
|
if [ "$state" = "present" ]; then
|
||||||
|
case "$os" in
|
||||||
|
freebsd)
|
||||||
|
supported_add_properties="gid"
|
||||||
|
supported_change_properties="gid"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
supported_add_properties="gid password system"
|
||||||
|
supported_change_properties="gid password"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
if grep -q "^${name}:" "$__object/explorer/group"; then
|
||||||
|
# change existing
|
||||||
|
for property in $supported_change_properties; do
|
||||||
|
if [ -f "$__object/parameter/$property" ]; then
|
||||||
|
new_value="$(cat "$__object/parameter/$property")"
|
||||||
|
unset current_value
|
||||||
|
case "$property" in
|
||||||
|
password)
|
||||||
|
current_value="$(awk -F: '{ print $2 }' "$__object/explorer/gshadow")"
|
||||||
|
;;
|
||||||
|
gid)
|
||||||
|
current_value="$(awk -F: '{ print $3 }' "$__object/explorer/group")"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")"
|
if [ "$new_value" != "$current_value" ]; then
|
||||||
;;
|
set -- "$@" "$(shorten_property $property)" \'$new_value\'
|
||||||
gid)
|
echo change $property $new_value $current_value >> "$__messages_out"
|
||||||
# set to -g to support older redhat/centos
|
fi
|
||||||
proparg="-g"
|
fi
|
||||||
current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")"
|
done
|
||||||
;;
|
if [ $# -gt 0 ]; then
|
||||||
esac
|
if [ "$os" = "freebsd" ]; then
|
||||||
|
echo pw groupmod "$@" "$name"
|
||||||
if [ "$new_value" != "$current_value" ]; then
|
else
|
||||||
set -- "$@" "$proparg" \"$new_value\"
|
|
||||||
echo change $property $new_value $current_value >> "$__messages_out"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ $# -gt 0 ]; then
|
|
||||||
echo mod >> "$__messages_out"
|
|
||||||
case $os in
|
|
||||||
freebsd)
|
|
||||||
echo pw group mod "$@" "$name"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo groupmod "$@" "$name"
|
echo groupmod "$@" "$name"
|
||||||
;;
|
fi
|
||||||
esac
|
echo mod >> "$__messages_out"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# create new
|
||||||
|
for property in $supported_change_properties; do
|
||||||
|
if [ -f "$__object/parameter/$property" ]; then
|
||||||
|
new_value="$(cat "$__object/parameter/$property")"
|
||||||
|
if [ -z "$new_value" ]; then
|
||||||
|
# Boolean parameters have no value
|
||||||
|
set -- "$@" "$(shorten_property $property)"
|
||||||
|
else
|
||||||
|
set -- "$@" "$(shorten_property $property)" \'$new_value\'
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ "$os" = "freebsd" ]; then
|
||||||
|
echo pw groupadd "$@" "$name"
|
||||||
|
else
|
||||||
|
echo groupadd "$@" "$name"
|
||||||
|
fi
|
||||||
|
done
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo add >> "$__messages_out"
|
# delete existing
|
||||||
for property in $(ls .); do
|
if grep -q "^${name}:" "$__object/explorer/group"; then
|
||||||
new_value="$(cat "$property")"
|
|
||||||
if [ "$os" = "freebsd" ]; then
|
if [ "$os" = "freebsd" ]; then
|
||||||
case $property in
|
echo pw groupdel "$name"
|
||||||
gid)
|
|
||||||
proparg="-g"
|
|
||||||
;;
|
|
||||||
password)
|
|
||||||
echo "group/$name: FreeBSD doesn't support password setting" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
# The type has been updated to support more properties than it knows how to handle for FreeBSD
|
|
||||||
# tell the user about this.
|
|
||||||
echo "Currently unknown property: $property" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
else
|
else
|
||||||
proparg="--$property"
|
echo groupdel "$name"
|
||||||
fi
|
fi
|
||||||
|
echo remove >> "$__messages_out"
|
||||||
set -- "$@" "$proparg" \"$new_value\"
|
fi
|
||||||
echo set $property $new_value >> "$__messages_out"
|
|
||||||
done
|
|
||||||
|
|
||||||
case $os in
|
|
||||||
freebsd)
|
|
||||||
echo pw group add "$@" "$name"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo groupadd "$@" "$name"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -20,18 +20,28 @@ None.
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
state::
|
||||||
|
absent or present, defaults to present
|
||||||
gid::
|
gid::
|
||||||
see groupmod(8)
|
see groupmod(8)
|
||||||
password::
|
password::
|
||||||
see above
|
see above
|
||||||
|
|
||||||
|
|
||||||
|
BOOLEAN PARAMETERS
|
||||||
|
------------------
|
||||||
|
system::
|
||||||
|
see groupadd(8), apply only on group creation
|
||||||
|
|
||||||
|
|
||||||
MESSAGES
|
MESSAGES
|
||||||
--------
|
--------
|
||||||
mod::
|
mod::
|
||||||
group is modified
|
group is modified
|
||||||
add::
|
add::
|
||||||
New group added
|
New group added
|
||||||
|
remove::
|
||||||
|
group is removed
|
||||||
change <property> <new_value> <current_value>::
|
change <property> <new_value> <current_value>::
|
||||||
Changed group property from current_value to new_value
|
Changed group property from current_value to new_value
|
||||||
set <property> <new_value>::
|
set <property> <new_value>::
|
||||||
|
@ -45,6 +55,12 @@ EXAMPLES
|
||||||
# Create a group 'foobar' with operating system default settings
|
# Create a group 'foobar' with operating system default settings
|
||||||
__group foobar
|
__group foobar
|
||||||
|
|
||||||
|
# Remove the 'foobar' group
|
||||||
|
__group foobar --state absent
|
||||||
|
|
||||||
|
# Create a system group 'myservice' with operating system default settings
|
||||||
|
__group myservice --system
|
||||||
|
|
||||||
# Same but with a specific gid
|
# Same but with a specific gid
|
||||||
__group foobar --gid 1234
|
__group foobar --gid 1234
|
||||||
|
|
||||||
|
@ -60,5 +76,5 @@ SEE ALSO
|
||||||
|
|
||||||
COPYING
|
COPYING
|
||||||
-------
|
-------
|
||||||
Copyright \(C) 2011 Steven Armstrong. Free use of this software is
|
Copyright \(C) 2011-2015 Steven Armstrong. Free use of this software is
|
||||||
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
granted under the terms of the GNU General Public License version 3 (GPLv3).
|
||||||
|
|
1
cdist/conf/type/__group/parameter/boolean
Normal file
1
cdist/conf/type/__group/parameter/boolean
Normal file
|
@ -0,0 +1 @@
|
||||||
|
system
|
|
@ -1,2 +1,3 @@
|
||||||
gid
|
gid
|
||||||
password
|
password
|
||||||
|
state
|
||||||
|
|
Loading…
Reference in a new issue