Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2015-10-08 Thread Seth Rice 
I know this is way late, by 5 years or so, but I wanted to share what I 
just discovered, related to your post. Since your post did help me discover 
it after all.  I only got into augeas 4 days ago, and puppet about a month 
ago. 

Though augeas is a harsh mistress, I found that you can do some good 
sudoers stuff with it. Also how to specify if you want it to wipe a 
matching entry and replace it, or just replace pieces of it. 

I have a module that has it's own user that will be created, and 
permissions granted in sudoers and locked down. Here is what I found works 
on the current opensource puppet today. 

This augeas (awe-geez) excerpt below is from the user manifest in that 
module. Above I have all the regular puppet jazz to create a user, it's 
home path, create keys, etc. It all references back to a params.pp file for 
the variables. I found that with puppet, things work more consistently if 
you use this type of setup for a variable. 

"${User}"

Double quotes, and braces between the $ and the actual variable. However 
Augeas doesn't like that setup. so once you start getting to the 'changes 
=> [ ' part, you need to change your variable statements to be what you'd 
have in bash. 

$User

Also note, as seen below, I use the double quotes for my commands when 
using a variable. Otherwise use single quotes. 

  augeas { "sudoers user ${User}":
   context  => '/files/etc/sudoers',
   changes  => [
"set spec[user = '$User']/user $User",
"set spec[user = '$User']/host_group/host ALL",
"set spec[user = '$User']/host_group/command ALL",
"set spec[user = '$User']/host_group/command/runas_user ALL",
"set spec[user = '$User']/host_group/command/tag NOPASSWD",
   ],
   require  => [ User[$User] ],
  }

  augeas { "sudoers user ${User} TTY":
   context  => '/files/etc/sudoers',
   changes  => [
"set Defaults[type = ':$User']/type :$User",
"set Defaults[type = ':$User']/requiretty/negate ''",
   ],
   require => [ augeas["sudoers user $User"] ],
  }

  augeas { "sudoers Cmnd_Alias ${CMNDALIAS}":
   context => '/files/etc/sudoers',
   changes => [
"rm  Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[.]",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/name $CMNDALIAS",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[1] 
/bin/cp",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[2] 
/bin/grep",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[3] 
/bin/date",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[4] 
/bin/ls",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[5] 
/bin/rm",
"set Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[6] 
/bin/mv",
   ],
   require => File['/etc/sudoers'],
  }


Now the key thing I wanted to point out that I just discovered in all this, 
is this line in the Cmnd_Alias section. 

"rm  Cmnd_Alias[alias/name = '$CMNDALIAS']/alias/command[.]",

There is a subtle difference between using a [.] or a [*]. Because I'm 
declaring which command goes in what order, the dot will match any command, 
and the * will match only the ones stated in this manifest, and ignore the 
rest. So I went to [6] in my command listing above. This means with a dot 
[.], it will blow away 1-6, as well as any others, like 7-999, or however 
high it can go. If I use the star [*], then it only replace 1-6, and leave 
7-999 or however high, well alone. 

Here is a command I've been running on the system I want to apply the 
changes on, to show me what augeas sees while I work. 

watch -n3 "augtool print /files/etc/sudoers | grep -Ei '(use 
r|host_group|alias|defaults\[11\])' | grep -Ev '(spec\[(1|2)\]|comment)'"

that output for me looks like this:

Every 3.0s: augtool print /files/etc/sudoers | grep ...  Thu Oct  8 
11:23:52 2015

/files/etc/sudoers/Defaults[6]/env_keep/var[5] = "USERNAME"
/files/etc/sudoers/spec[3]/user = "dude"
/files/etc/sudoers/spec[3]/host_group
/files/etc/sudoers/spec[3]/host_group/host = "ALL"
/files/etc/sudoers/spec[3]/host_group/command = "ALL"
/files/etc/sudoers/spec[3]/host_group/command/runas_user = "ALL"
/files/etc/sudoers/spec[3]/host_group/command/tag = "NOPASSWD"
/files/etc/sudoers/Defaults[11]
/files/etc/sudoers/Defaults[11]/type = ":dude"
/files/etc/sudoers/Defaults[11]/requiretty
/files/etc/sudoers/Defaults[11]/requiretty/negate
/files/etc/sudoers/Cmnd_Alias
/files/etc/sudoers/Cmnd_Alias/alias
/files/etc/sudoers/Cmnd_Alias/alias/name = "DUDEADMIN"
/files/etc/sudoers/Cmnd_Alias/alias/command[1] = "/bin/cp"
/files/etc/sudoers/Cmnd_Alias/alias/command[2] = "/bin/grep"
/files/etc/sudoers/Cmnd_Alias/alias/command[3] = "/bin/date"
/files/etc/sudoers/Cmnd_Alias/alias/command[4] = "/bin/ls"
/files/etc/sudoers/Cmnd_Alias/alias/command[5] = "/bin/rm"
/files/etc/sudoers/Cmnd_Alias/alias/command[6] = "/bin/mv"

So why does all this matter? As far as I can tell augeas

Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-26 Thread Rob McBroom 
On Feb 24, 2010, at 6:32 PM, David Lutterkort wrote:

> On Tue, 2010-02-23 at 14:02 -0500, Rob McBroom wrote:
>> I’d love to hear there’s a way (in 0.24.8).
> 
> I'd wager that the problem was that you were missing an onlyif that
> would keep the changes from being applied when the entries are there
> already.

I know that, and in theory you’re right. But bug #2141 has prevented so many of 
my `onlyif`s from working in 0.24.8 that I don’t even bother trying.

I’m basically waiting until EPEL gets 0.25.x to really use Augeas.

-- 
Rob McBroom


Because it screws up the order in which people normally read text.

Original message:

> Why is it bad to top-post your reply?




-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-24 Thread David Lutterkort 
On Tue, 2010-02-23 at 14:02 -0500, Rob McBroom wrote:
> On Feb 23, 2010, at 7:37 AM, Jesús Couto wrote:
> 
> > On a tangent, anybody using augeas under puppet to 
> > manage /etc/sudoers? ... and how?
> 
> I tried, but all I could get it to do was add the entries to the end
> of `/etc/sudoers` over and over every 30 minutes. I gave up and made a
> define that calls some hacky execs.
> 
> I’d love to hear there’s a way (in 0.24.8).

I'd wager that the problem was that you were missing an onlyif that
would keep the changes from being applied when the entries are there
already.

David


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-23 Thread Rob McBroom 
On Feb 23, 2010, at 7:37 AM, Jesús Couto wrote:

> On a tangent, anybody using augeas under puppet to manage /etc/sudoers? ... 
> and how?

I tried, but all I could get it to do was add the entries to the end of 
`/etc/sudoers` over and over every 30 minutes. I gave up and made a define that 
calls some hacky execs.

I’d love to hear there’s a way (in 0.24.8).

-- 
Rob McBroom


-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-23 Thread Jesús Couto 
On a tangent, anybody using augeas under puppet to manage /etc/sudoers? ...
and how?

I was thinking about doing so to add/delete several commands to an
administrator group as part of setting up an apache/tomcat/whatever
instance, but cant figure out how to do it, for reasons similar to this
example. And rm doesnt work for adding :-P



Jesús Couto F.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-23 Thread Paul Elliott 
Hi David,

On 22/02/10 19:25, David Lutterkort wrote:
> You can do this by looking for the entries with a single path
> expression:
> augtool> match /files/etc/hosts/*[ipaddr = '127.0.1.1']
> gives you all entries in /etc/hosts with that IP. To remove them, just
> do 'rm' instead of 'match'. From your post, I wasn't sure if you had

> [1] http://augeas.net/page/Path_expressions

Perfect, that's just what I was looking for and it works like a charm.

Thanks, Paul.

--
Paul Elliott, UNIX Systems Administrator
Computing Service, University of York

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Re: [Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-22 Thread David Lutterkort 
On Mon, 2010-02-22 at 16:23 +, Paul Elliott wrote:
> I'm just starting to look at using Augeas with Puppet to manage some of
> our configuration files. I thought I would start with a simple task of
> removing an entry from the /etc/hosts file. I'm not finding it simple
> though!
> 
> We have a number of hosts with entries in the /etc/hosts file like this:
> 
> 127.0.1.1 hostname
>
> We would like to remove these lines. Now I know this can be done with a
> simple exec of sed but if possible I would like to use it as a good test
> exercise with Augeas. Now, it's pretty easy to do this with augtool, as
> follows:
> 
> r...@miscreant:/home/pre500# augtool
> augtool> match /files/etc/hosts/*/ipaddr 127.0.1.1
> /files/etc/hosts/4/ipaddr

You can do this by looking for the entries with a single path
expression:

augtool> match /files/etc/hosts/*[ipaddr = '127.0.1.1']

gives you all entries in /etc/hosts with that IP. To remove them, just
do 'rm' instead of 'match'. From your post, I wasn't sure if you had
multiple such entries in /etc/hosts. If you do, and you want to delete
all of them except the one that has 'host.example.com' as a canonical
name, you can say

augtool> rm /files/etc/hosts/*[ipaddr = '127.0.1.1'][canonical != 
'host.example.com]

or, to delete all but the first one:

augtool> rm /files/etc/hosts/*[ipaddr = '127.0.1.1'][position() > 1]

Some docs about this notation is on the Augeas Wiki[1]

David

[1] http://augeas.net/page/Path_expressions



-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

[Puppet Users] Augeas type: Removing an entry from /etc/hosts

2010-02-22 Thread Paul Elliott 
Hi all,

I'm just starting to look at using Augeas with Puppet to manage some of
our configuration files. I thought I would start with a simple task of
removing an entry from the /etc/hosts file. I'm not finding it simple
though!

We have a number of hosts with entries in the /etc/hosts file like this:

127.0.1.1   hostname

We would like to remove these lines. Now I know this can be done with a
simple exec of sed but if possible I would like to use it as a good test
exercise with Augeas. Now, it's pretty easy to do this with augtool, as
follows:

r...@miscreant:/home/pre500# augtool
augtool> match /files/etc/hosts/*/ipaddr 127.0.1.1
/files/etc/hosts/4/ipaddr
augtool> rm /files/etc/hosts/4
rm : /files/etc/hosts/4 3
augtool> save
Saved 1 file(s)

But I can't see how this would translate to work in Puppet as I need to
match the relevant path before I can issue the rm. Am I missing
something obvious here?

--
Paul Elliott, UNIX Systems Administrator
Computing Service, University of York

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-us...@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.