I’m a fan of pam_listuser, so all my Linux machines have a couple files that list important user IDs that are referenced during the login process.  While I’d like the generation of these files in Bcfg2 propper, currently they are generated by several other means.  But in any case, they must exist, even if empty, or pam_listfile will abort the authorization process.  I’ve seen this question asked about several configuration management systems.  How do you enforce a file’s existance but not its content?

In Bcfg2 you’ll need the ‘Probes’ and ‘TGenshi’ plugins turned on.  (You can use the TCheetah plugin instead, but this example will use TGenshi.)  Create a probe to return the output of the file or simply exit successfully if the file is not present.

#!/bin/bash FILE=/etc/hosers.local [ -f $FILE ] || exit 0 cat $FILE exit 0

Next, in the TGenshi directory, setup a template to generate that file. We simply use the output of the probe:

{# We just want to ensure this file exists #}\ ${metadata.Probes["hosers"]}

Run the Bcfg2 client on a test host and it will create the file if it does not exist. If it does exist its content will be preserved.

Previous   Up   Next


comments powered by Disqus