POST
Editing sshd configuration files with cfengine3
Here's a cfengine bundle that I wrote for editing the sshd configuration file by passing an array with the parameters. Using an array is a very elegant way of defining the values to set. The bundle also restarts sshd after any changes are made, unless the no_restarts class is defined.
The first gist contains the edit_sshd bundle itself, together with the set_config_values bundle that actually performs the editing job (this should go into a library file, I have it in my personal version of cfengine_stdlib.cf). The second file is a sample bundle showing how to use edit_sshd.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Parameters are: | |
| # file: file to edit | |
| # params: an array indexed by parameter name, containing the corresponding values. For example: | |
| # "sshd[Protocol]" string => "2"; | |
| # "sshd[X11Forwarding]" string => "yes"; | |
| # "sshd[UseDNS]" string => "no"; | |
| # Diego Zamboni, November 2010 | |
| bundle agent edit_sshd(file,params) | |
| { | |
| files: | |
| "$(file)" | |
| handle => "edit_sshd", | |
| comment => "Set desired sshd_config parameters", | |
| edit_line => set_config_values("$(params)"), | |
| classes => if_repaired("restart_sshd"); | |
| commands: | |
| restart_sshd.!no_restarts:: | |
| "/etc/init.d/sshd restart" | |
| handle => "sshd_restart", | |
| comment => "Restart sshd if the configuration file was modified"; | |
| } | |
| bundle edit_line set_config_values(v) | |
| # Sets the RHS of configuration items in the file of the form | |
| # LHS RHS | |
| # If the line is commented out with #, it gets uncommented first. | |
| # Adds a new line if none exists. | |
| # The argument is an associative array containing v[LHS]="rhs" | |
| # Based on set_variable_values from cfengine_stdlib.cf, modified to | |
| # use whitespace as separator, and to handle commented-out lines. | |
| { | |
| vars: | |
| "index" slist => getindices("$(v)"); | |
| # Be careful if the index string contains funny chars | |
| "cindex[$(index)]" string => canonify("$(index)"); | |
| field_edits: | |
| # If the line is there, but commented out, first uncomment it | |
| "#+$(index)\s+.*" | |
| edit_field => col("\s+","1","$(index)","set"); | |
| # match a line starting like the key something | |
| "$(index)\s+.*" | |
| edit_field => col("\s+","2","$($(v)[$(index)])","set"), | |
| classes => if_ok("not_$(cindex[$(index)])"); | |
| insert_lines: | |
| "$(index) $($(v)[$(index)])", | |
| ifvarclass => "!not_$(cindex[$(index)])"; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bundle agent configfiles | |
| { | |
| vars: | |
| "sshdconfig" string => "/etc/ssh/sshd_config"; | |
| # SSHD configuration to set | |
| "sshd[Protocol]" string => "2"; | |
| "sshd[X11Forwarding]" string => "yes"; | |
| "sshd[UseDNS]" string => "no"; | |
| methods: | |
| "sshd" usebundle => edit_sshd("$(sshdconfig)", "configfiles.sshd"); | |
| } |
- Related:
- Limited Time Promotion! 50% off "Learning CFEngine 3"
- New Release of "Learning CFEngine 3"
- CFEngine talks at PICC'12 conference
- Learning CFEngine 3 has been released
- CFEngine posts moving to cf-learn.info
- cf-cmd: A command-line tool for running CFEngine snippets
- New website for "Learning CFEngine 3"
- "Learning CFEngine 3" Early Release now available -use AUTHD to get 40-50% off
- "Security in the Third Wave of IT Engineering"
- What's New in CFEngine 3: Making System Administration Even More Powerful - O'Reilly Radar
- "Introduction to CFEngine 3 Nova" webinar
- New job, new book
- Installing cfengine on Mac OS X
- Cfengine3 lexer for Pygments
- Storing CFEngine configuration in CVS
- Hierarchical copying with cfengine3
- The State of Open Source System Automation
- Editing whitespace-separated config files with cfengine
- cfengine Community Open Promise Body Library on GitHub
- Detecting NICs that match certain IP addresses
- Implementing "single-copy nirvana" in cfengine3
- Installing cfengine on Windows 7 under cygwin