Adding several users with fixed UIDs in one go

[Christian Linden]

Hi,

I see: https://cfengine.com/learn/managing-users/

But I need to define the UIDs.

Here's my promise:

bundle agent add_nvs_user

{

vars:

    "Users"             slist  => { "NewUser1", "NewUser2" };

    "UIDs"              slist  => { "6667", "6668" };

    "UserDescriptions"  slist  => { "Description1", "Description2" };

  classes:

     "create_user_${Users}" not => userexists( ${Users} );

     "NVS_server_id" expression => fileexists("/etc/NVS.server");

  users:

    "create_user_${Users}.NVS_server"::

      "$(Users)"

        uid => "$(UIDs)",

        policy => "present",

        description => "$(UserDescriptions)",

        home_dir => "/home/$(Users)",

        home_bundle => setup_home_dir("$(Users)"),

        home_bundle_inherit => "true",

        group_primary => "users",

        password => ThePassword,

        shell => "/bin/bash",

          classes => if_repaired("nvs_user_added");

}

bundle agent setup_home_dir(Users)

{

  files:

        "/home/$(Users)/."

          create => "true";

}

body password ThePassword

    {

        format => "hash";

          data => "rrm7hjTCE9HZ"; # "asdf123"

    }

This is the result:

LinuLinden05:/var/cfengine/inputs/ # grep 666 /etc/passwd

NewUser1:x:6668:100:Description2:/home/NewUser1:/bin/bash

NewUser2:x:6667:100:Description2:/home/NewUser2:/bin/bash

It's messing up back and forth with the UIDs and Description.

It's not that for the first cycle all first list elements are taken. In the 2nd loop there still user1 created but with UID2, then user1 with description2 etc..

=(

Why isn't it promised with User1, 6667, Description1 in the first loop and with User2, 6668, Description2 in the second?

Thanks!

Chris

[Neil Watson]

CFEngine loops

https://docs.cfengine.com/docs/3.7/guide-language-concepts-loops.html#iterating-across-multiple-lists

All possible permutation will happen. e.g user1,uid2.description3.

You'll need a different data structure.

--
Neil H Watson @neil_h_watson
CFEngine reporting: https://github.com/neilhwatson/delta_reporting
CFEngine policy: https://github.com/neilhwatson/evolve_cfengine_freelib
CFEngine and vim: https://github.com/neilhwatson/vim_cf3

[Richard Jones]

On Wed 16 Nov 2016 at 16:10:56 GMT, Christian Linden wrote

> It's messing up back and forth with the UIDs and Description.
> It's not that for the first cycle all first list elements are taken. In the
> 2nd loop there still user1 created but with UID2, then user1 with
> description2 etc..
>
> =(
>
> Why isn't it promised with User1, 6667, Description1 in the first loop and
> with User2, 6668, Description2 in the second?

Hi Chris,

You’re iterating through two lists and getting the results of the last
substituted values. I’d use an array, or so something a bit more clever
with JSONy stuff. Here’s how I’ve done in the past (example untested):

vars:
”user[User1][uid]“ string => “6667”;
”user[User1][desc]“ string => “Desc1”;
”user[User2][uid]“ string => “6668”;
”user[User2][desc]“ string => “Desc2”;

”users” slist => getindices(“user”);

users:
“$users”
policy => “present”,
description => “$(user[$(users)][desc])“,
uid => “$(user[$(users)][uid])“;

Looking at it now, I think this is very similar to Diego’s
solution in his excellent book. Though I think he directly manipulated
the passwd file as CFE didn’t have the users: promise when it was
written.

Thanks,

Richard

--
jonze.com/privacy.html

[Christian Linden]

Richard, thanks a lot, absolutely correct, it's in the book but w/o the user: promise type.

But I've one problem left.

Here's my promise:

bundle agent add_nvs_users

{

        methods:

          "create_users" usebundle => create_users("add_nvs_users.users");

        vars:

          # Hier die User einpflegen, die angelegt werden sollen

          # Erster User

          "users[new_user1][uid]"               string => "6666";

          "users[new_user2][description]"       string => "NVS-NeuerUser1, R4, HZD";

          # Zweiter User

          "users[new_user2][uid]"               string => "6667";

          "users[new_user2][description]"       string => "NVS-NeuerUser2, R4, HZD";

          # Dritter User

          "users[new_user3][uid]"               string => "6668";

          "users[new_user3][description]"       string => "NVS-NeuerUser3, R4, HZD";

          # Weitere User wie oben reinpacken, je nach Bedarf

}

bundle agent create_users(info)

{

        vars:

        # Hier die Netzsegemente oder einzelne IPs eintragen, auf denen die User

        # User eingerichtet werden sollen UND ZWAR mit _ anstelle von .  !!!

          "NVS_ServerListe"   slist  => { "IPs" };

          "user"                slist  => getindices("$(info)");

          "uid"         slist  => { "1234" };

          "UserDescription"  slist  => { "Description of the user" };

        classes:

          "NVS_server" or => {@(NVS_ServerListe)};

          "add_${user}" not => userexists( ${user} );

        users:

          "add_${user}.NVS_server"::

            "$(user)"

              uid => " $($(info)[$(user)][uid])",

              policy => "present",

              description => "$($(info)[$(user)][description])",

              home_dir => "/home/$(user)",

              home_bundle => setup_home_dir("$(user)"),

              #home_bundle_inherit => "true",

              group_primary => "users",

              password => ThePassword,

              shell => "/bin/bash",

                classes => if_repaired("nvs_user_added");

}

bundle agent setup_home_dir(user)

{

  files:

        "/home/$(user)/."

          create => "true";

}

body password ThePassword

    {

        format => "hash";

          data => "rradadf9FasdfasdfHhA"; 

    }

---------

In the result the description of the 1rst user is missing:

LinuLinden05:/var/cfengine/inputs # grep 666 /etc/passwd

new_user3:x:6668:100:NVS-NeuerUser3, R4, HZD:/home/new_user3:/bin/bash

new_user2:x:6667:100:NVS-NeuerUser2, R4, HZD:/home/new_user2:/bin/bash

new_user1:x:6666:100::/home/new_user1:/bin/bash

LinuLinden05:/var/cfengine/inputs #

?

Chris

[Marco Marongiu]

On 17/11/16 13:54, Christian Linden wrote:
> In the result the description of the 1rst user is missing:

No surprise: you have a typo:

> "users[new_user2][description]" string => "NVS-NeuerUser1, R4, HZD";

:-)

[Christian Linden]

This was just a test if ex-extreme-MailingListMembers are still checking each code snippet =P

Thanks, Marco!

[Christian Linden]

Hi,

this way the home directories owner and group are root:root =)

As far as I see one has to add:

>> perms => og("$(user)","users"), <<

in the setup_home_dir bundle:

bundle agent setup_home_dir(user)

{

  files:

        "/home/$(user)/."

          perms => og("$(user)","users"),

          create => "true";

}

Similar prob with this example:

https://cfengine.com/learn/managing-users/

.. and it looks to my very limited view that Diego misses this lack in his book (page 94/95) as well.

But the useradd command from the shell he uses will probably set those correctly, I didn't check that.

Then you forgot this issue when implementing the users: promise type =)

Chris