On Jun 30, 2010, at 9:12 AM, Jeff wrote:
> In that example, the command line looked like this:
>
> "set spec[last()]/host_group/command ALL",
>
> I added NOPASSWD: and it barfs with this message:
>
> err: //user::unixadmins/User::Virtual::Sudoer[joe]/Augeas[sudojoe]/
> returns: change from need_to_run to 0 failed: Save failed with return
> code false
>
> The problem seems to be the colon ':' since NOPASSWD:ALL also fails
> but this doesn't error:
>
> "set spec[last()]/host_group/command NOPASSWD ALL",
>
> Unfortunately, that doesn't produce a desirable output.
I don’t know about the colon, but any value with a space in it needs to be
quoted. Does your undesirable-but-working example command set the value to
“NOPASSWD ALL” or just to “NOPASSWD”? In any case, I would try this:
"set spec[last()]/host_group/command 'NOPASSWD: ALL’”,
Also note that your example as written will add this entry to the file on every
single Puppet run. You could add an “onlyif”, but by using `last() + 1` and
“onlyif” you can only add entries. You can’t modify them later. Well, maybe
with a really horrible looking “onlyif”, but forget that.
This is what my `sudoers` changes look like.
augeas { "sudorob":
context => "/files/etc/sudoers",
changes => [
"set spec[user = 'rmcbroom']/user rmcbroom",
"set spec[user = 'rmcbroom']/host_group/host ALL",
"set spec[user = 'rmcbroom']/host_group/command ALL",
"set spec[user = 'rmcbroom']/host_group/command/runas_user ALL”,
],
}
This will add the entry if it doesn’t exist, but it will also apply changes to
individual settings (like host_group/command). And if the entry exists as
defined, Puppet does nothing, which is what you want.
--
Rob McBroom
<http://www.skurfer.com/>
Don't try to tell me something is important to you if the whole of your
“support” entails getting Congress to force *others* to spend time and money on
it.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
