Forum: CFEngine Help Subject: Re: About "new" templates correct usage or limitations Author: zzamboni Link to topic: https://cfengine.com/forum/read.php?3,26723,26834#msg-26834
> - copy a main.cf.tmpl template file (which would > embed variables to be expanded according to class > expressions stated in the .cf file) > > - expand this template via expand_template into > the non-existing main.cf.tmp file (thus fast > expand since no check for already existing lines) > - maybe check and delete if it's still around. > > - rename main.cf.tmp (via a CFEngine promise of > course) to main.cf This would work. I would change the final rename to copy-then-delete, to avoid unnecessary moving of files if they have not changed (copy can check whether the files differ before copying, whereas rename will always move the file). > > Another way I imagined was : > > - copy main.cf to main.cf.tmp > > - make the chirugical edits in the same way as > your sshd_config example > > - rename main.cf.tmp to main.cf > > Is that was you are describing ? This could work as well - although what I was describing was using a separate, "master" file or template in the first step, rather than the already-existing file. Note that unless you are doing the file edits over several different edit_lines promises, doing this gains you nothing. As long as all the edits (which could be a complex sequence involving insert/delete/edit lines) happen within the same edit_lines promise, all the changes are atomic, as described in the reference (search for 'All file edits specified in a single edit_line bundle are handled "atomically"'). > Another way of seeing things is that using > templates is not such a good idea because it's not > very flexible. > You may want to merge local non CFEngine managed > edits with some policy CFEngine enforced values. > With templates you lose this possibility... If you want to have non-CFEngine-managed edits (why would you want that?), then templates are definitely not a good option, because templates are meant to generate the entire file. But I wouldn't call this "not such a good idea" - in fact I think it's an excellent idea to have the entire file under CFEngine control. But if you really want to have non-CFEngine-managed edits, you can still use other edit_line promises to make the changes you want CFEngine to control, while leaving the rest of the file alone. I don't know if you've seen this, but the Special Topics Guide on Editing covers all of these models for editing files, and provides a lot of examples: https://cfengine.com/manuals/st-editing Best regards, _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
