Hello,
Firstly, let me say that I'm not a puppet or augeas expert so apologies if this is code is a bit of a dogs breakfast!!
I've hit a problem and I was wondering if anyone could help?
I've cobbled together a puppet module from studying various sources to negate requiretty and insert the following lines into my /etc/sudoers file on a RHEL7 host.
nagios ALL = NOPASSWD: /sbin/iptables
PRIVUSR ALL=NOPASSWD: PRIVACC
Defaults !env_reset
Defaults env_delete-="PYTHONPATH"
Cmnd_Alias PRIVACC = /opt/commands/PRIVACC.py
User_Alias PRIVUSR = %groupa,%groupb,%groupc,%groupd
Here is the module:
class rh7config::sudoers_config {
augeas{ "sudousers" :
context => "/files/etc/sudoers",
changes => [
"set /spec[user = 'nagios']/user 'nagios'",
"set /spec[user = 'nagios']/host_group",
"set /spec[user = 'nagios']/host_group/host 'ALL'",
"set /spec[user = 'nagios']/host_group/command '/sbin/iptables'",
"set /spec[user = 'nagios']/host_group/command/tag 'NOPASSWD'",
"set /spec[user = 'PRIVUSR']/user 'PRIVUSR'",
"set /spec[user = 'PRIVUSR']/host_group",
"set /spec[user = 'PRIVUSR']/host_group/host 'ALL'",
"set /spec[user = 'PRIVUSR']/host_group/command 'PRIVACC'",
"set /spec[user = 'PRIVUSR']/host_group/command/tag 'NOPASSWD'",
"set /User_Alias[alias/name = 'PRIVUSR']/alias/name 'PRIVUSR'",
"set /User_Alias[alias/name = 'PRIVUSR']/alias/user[1] '%groupa'",
"set /User_Alias[alias/name = 'PRIVUSR']/alias/user[2] '%groupb'",
"set /User_Alias[alias/name = 'PRIVUSR']/alias/user[3] '%groupc'",
"set /User_Alias[alias/name = 'PRIVUSR']/alias/user[4] '%groupd'",
"set /Cmnd_Alias[alias/name = 'PRIVACC']/alias/name 'PRIVACC'",
"set /Cmnd_Alias[alias/name = 'PRIVACC']/alias/command '/opt/commands/PRIVACC.py'",
"set /*[env_reset]/env_reset/negate",
"set /*[requiretty]/requiretty/negate",
"ins Defaults before /Defaults[5]",
"set /Defaults[5]/env_delete",
"set /Defaults[5]/env_delete/remove",
"set /Defaults[5]/env_delete/var 'PYTHONPATH'",
],
onlyif => "match path[. = '/run'] size == 0", #required for insert above
}
}
These Augeas commands seem to work from the augtool command line but when I run a puppet agent -t, it errors with the message:
Error: /Stage[main]/Rh7config::Sudoers_config/Augeas[sudousers]: Could not evaluate: missing string argument 2 for set
I was wondering if anyone could see anything obvious in the code above as I'm stumped.
Any help would be greatly appreciated!
Kev
↧