Here's a cfengine bundle that I wrote for editing the sshd configuration file by passing an array with the parameters. Using an array is a very elegant way of defining the values to set. The bundle also restarts sshd after any changes are made, unless the no_restarts class is defined.
The first gist contains the edit_sshd bundle itself, together with the set_config_values bundle that actually performs the editing job (this should go into a library file, I have it in my personal version of cfengine_stdlib.cf). The second file is a sample bundle showing how to use edit_sshd.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Parameters are: | |
| # file: file to edit | |
| # params: an array indexed by parameter name, containing the corresponding values. For example: | |
| # "sshd[Protocol]" string => "2"; | |
| # "sshd[X11Forwarding]" string => "yes"; | |
| # "sshd[UseDNS]" string => "no"; | |
| # Diego Zamboni, November 2010 | |
| bundle agent edit_sshd(file,params) | |
| { | |
| files: | |
| "$(file)" | |
| handle => "edit_sshd", | |
| comment => "Set desired sshd_config parameters", | |
| edit_line => set_config_values("$(params)"), | |
| classes => if_repaired("restart_sshd"); | |
| commands: | |
| restart_sshd.!no_restarts:: | |
| "/etc/init.d/sshd restart" | |
| handle => "sshd_restart", | |
| comment => "Restart sshd if the configuration file was modified"; | |
| } | |
| bundle edit_line set_config_values(v) | |
| # Sets the RHS of configuration items in the file of the form | |
| # LHS RHS | |
| # If the line is commented out with #, it gets uncommented first. | |
| # Adds a new line if none exists. | |
| # The argument is an associative array containing v[LHS]="rhs" | |
| # Based on set_variable_values from cfengine_stdlib.cf, modified to | |
| # use whitespace as separator, and to handle commented-out lines. | |
| { | |
| vars: | |
| "index" slist => getindices("$(v)"); | |
| # Be careful if the index string contains funny chars | |
| "cindex[$(index)]" string => canonify("$(index)"); | |
| field_edits: | |
| # If the line is there, but commented out, first uncomment it | |
| "#+$(index)\s+.*" | |
| edit_field => col("\s+","1","$(index)","set"); | |
| # match a line starting like the key something | |
| "$(index)\s+.*" | |
| edit_field => col("\s+","2","$($(v)[$(index)])","set"), | |
| classes => if_ok("not_$(cindex[$(index)])"); | |
| insert_lines: | |
| "$(index) $($(v)[$(index)])", | |
| ifvarclass => "!not_$(cindex[$(index)])"; | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| bundle agent configfiles | |
| { | |
| vars: | |
| "sshdconfig" string => "/etc/ssh/sshd_config"; | |
| # SSHD configuration to set | |
| "sshd[Protocol]" string => "2"; | |
| "sshd[X11Forwarding]" string => "yes"; | |
| "sshd[UseDNS]" string => "no"; | |
| methods: | |
| "sshd" usebundle => edit_sshd("$(sshdconfig)", "configfiles.sshd"); | |
| } |