puppetlabs / puppetlabs-augeas_core Goto Github PK

View Code? Open in Web Editor NEW

3.0 85.0 24.0 2.88 MB

Manage files using Augeas

License: Apache License 2.0

Ruby 99.78% Dockerfile 0.22%

augeas puppet module supported

puppetlabs-augeas_core's Introduction

augeas_core

Description
Setup - The basics of getting started with augeas_core
- Setup requirements
- Beginning with augeas_core
Usage - Configuration options and additional functionality
Reference - An under-the-hood peek at what the module is doing and how
Limitations - OS compatibility, etc.
Development - Guide for contributing to the module

Description

The augeas_core module is used to manage configuration files using Augeas. This module is suitable for any host for which there are Augeas libraries and ruby bindings.

Setup

Setup Requirements

The augeas libraries and ruby bindings must be installed in order to use this module. If you are using puppet-agent packages, then those prerequisites are already satisfied for most platforms.

Beginning with augeas_core

To manage a configuration file using augeas, use the following code:

augeas { 'add_services_entry':
  context => '/files/etc/services',
  incl    => '/etc/services',
  lens    => 'Services.lns',
  changes => [
    'ins service-name after service-name[last()]',
    'set service-name[last()] "Doom"',
    'set service-name[. = "Doom"]/port "666"',
    'set service-name[. = "Doom"]/protocol "udp"'
  ]
}

Usage

Please see REFERENCE.md for the reference documentation and examples for details on usage.

Reference

Please see REFERENCE.md for the reference documentation.

This module is documented using Puppet Strings.

For a quick primer on how Strings works, please see this blog post or the README.md for Puppet Strings.

To generate documentation locally, run the following command:

bundle install
bundle exec puppet strings generate ./lib/**/*.rb

This command will create a browsable _index.html file in the doc directory. The references available here are all generated from YARD-style comments embedded in the code base. When any development happens on this module, the impacted documentation should also be updated.

Limitations

This module is only available on platforms that have augeas libraries and ruby bindings installed.

Development

Puppet Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great. We can't access the huge number of platforms and myriad of hardware, software, and deployment configurations that Puppet is intended to serve.

We want to keep it as easy as possible to contribute changes so that our modules work in your environment. There are a few guidelines that we need contributors to follow so that we can have a chance of keeping on top of things.

For more information, see our module contribution guide.

puppetlabs-augeas_core's People

Contributors

Stargazers

Watchers

puppetlabs-augeas_core's Issues

Unable to add Match to /etc/sshd_conf

Unable to add to /etc/sshd_conf with module. Using augtool works without issues. Maybe I'm doing something wrong. Thank you for looking at this.

augtool> set /files/etc/ssh/sshd_config/Match/Condition/Address 192.168.0.3
augtool> set /files/etc/ssh/sshd_config/Match/Condition/User user
augtool> set /files/etc/ssh/sshd_config/Match/Settings/PubkeyAcceptedAlgorithms +ssh-rsa
augtool> save
Saved 1 file(s)

augeas { 'sshd_allow_rsa':
  incl    => '/etc/ssh/sshd_config',
  lens    => 'Sshd.lns',
  context => '/files/etc/ssh/sshd_config/Match/',
  changes => [
    'set Condition/Address 192.168.0.3',
    'set Condition/User user',
    'set Settings/PubkeyAcceptedAlgorithms +ssh-rsa',
   ],
   notify  => Service['ssh'],

debug run error

Debug: Augeas[sshd_allow_rsa](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/Match/Condition/Address", "192.168.0.3"]
Debug: Augeas[sshd_allow_rsa](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/Match/Condition/User", "user"]
Debug: Augeas[sshd_allow_rsa](provider=augeas): sending command 'set' with params ["/files/etc/ssh/sshd_config/Match/Settings/PubkeyAcceptedAlgorithms", "+ssh-rsa"]
Debug: Augeas[sshd_allow_rsa](provider=augeas): Put failed on one or more files, output from /augeas//error:
Debug: Augeas[sshd_allow_rsa](provider=augeas): /augeas/files/etc/ssh/sshd_config/error = put_failed
Debug: Augeas[sshd_allow_rsa](provider=augeas): /augeas/files/etc/ssh/sshd_config/error/path = /files/etc/ssh/sshd_config/files/etc/ssh/sshd_config/Match/Settings
Debug: Augeas[sshd_allow_rsa](provider=augeas): /augeas/files/etc/ssh/sshd_config/error/lens = /opt/puppetlabs/puppet/share/augeas/lenses/dist/sshd.aug:151.12-.44:
Debug: Augeas[sshd_allow_rsa](provider=augeas): /augeas/files/etc/ssh/sshd_config/error/message = Failed to match tree under /files/etc/ssh/sshd_config/Match/Settings

     { "PubkeyAcceptedAlgorithms" = "+ssh-rsa" }`

Set does not support negating a node in /etc/sudoers

Describe the Bug

Running this block to configure my sudo_accounts
augeas { 'sudo_accounts': context => '/files/etc/sudoers', changes => [ #Create a command alias for switching a user "set Cmnd_Alias/alias/name ELEVATING", "set Cmnd_Alias/alias/command[1] /bin/su", "set Cmnd_Alias/alias/command[2] /bin/usr/su", "set spec[user = '%wheel']/user %wheel", #Allow the wheel group to run all commands without a password, excepting the ELEVATING commands "set spec[user = '%wheel']/host_group/host ALL", "set spec[user = '%wheel']/host_group/command[1] ALL", "set spec[user = '%wheel']/host_group/command[1]/runas_user ALL", "set spec[user = '%wheel']/host_group/command[1]/tag NOPASSWD", "set spec[user = '%wheel']/host_group/command[2] ELEVATING", **"set spec[user = '%wheel']/host_group/command[2]/negate"],** "clear spec[user = '%wheel']/host_group/command[2]/negate"], onlyif => "match spec/user[.='%wheel'][../host_group/command/tag='NOPASSWD'] size == 0", }
Results in an error that I am missing the second argument for set.

Expected Behavior

Using the same augtool executable to run:

set /files/etc/sudoers/spec[3]/host_group/command/negate

Will result in the command on that line being negated.

In this particular example it turns:

%wheel ALL=(ALL) NOPASSWD : ALL , ELEVATING
=>
%wheel ALL=(ALL) NOPASSWD : ALL , !ELEVATING

Notably if I were to try to just use:

"set spec[user = '%wheel']/host_group/command[2] !ELEVATING",

in the puppet code above, that also fails. So I'm left with no options for set to negate a command in the sudoers file, which doesn't match the actual behaviour of augtool.

I am able to get around this by using:

"clear spec[user = '%wheel']/host_group/command[2]/negate"

But that's a little unintuitive.

Steps to Reproduce

I have provided the steps to reproduce as part of the above.

Environment

Puppet v7.30.0
augtool 1.14.1
Rocky 8.9
having a hard time determining what version of puppetlabs-augeas_core is in this version of puppet

Test

This is a test