I could be out of line in saying this but rather than developing an alternate to Puppet, would your efforts not be better served producing something that is complementary. The puppet equivalent of http://nagiosexchange.org, springs to mind. As I understand it there is a need for a repository for modules for parts of puppet which are non-core. Nagiosexchange is a viable venture in its own right and the two co-exist as mutually beneficial partners. At least I think that's the case.
Gaining knowledge from this group, to work on something which can only be considered as a rival, seems somehow not quite right Paul 2009/3/4 AJ Christensen <a...@junglist.gen.nz> > > Hi David, > > Not sure if you looked at it, but I'm one of the developers of Chef; > an alternate ruby-based configuration management / systems integration > framework. > > What work is involved in getting a functional Augeas resource? I'm not > sure we want to expose the level of functionality of Augeas entirely, > but perhaps expose it through limited resources, that is unless we can > lock it down a little. There are ruby bindings, yes? > > Regards, > > AJ > > On 4/03/2009, at 5:55 PM, David Lutterkort wrote: > > > > > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: > >> Hi David, > >> > >> David Lutterkort wrote: > >>> Yeah, that's what that means. Here's a dirty trick to check multiple > >>> conditions: > >> > >> Your assistance so far has been awesome. If I had more time to > >> play, I'm > >> sure I could solve this in time, but I'm being hammered by the > >> security > >> teams and I need to get a solution onto our servers as soon as > >> possible. > >> > >> I'm trying to check/change /etc/pam.d/system-auth > >> > >> The initial (default set) lines look like this: > >> > >> password requisite pam_cracklib.so try_first_pass retry=3 > >> password sufficient pam_unix.so md5 shadow nullok > >> try_first_pass > >> use_authtok > >> > >> I want to change them to this (result set): > >> > >> password requisite pam_cracklib.so retry=3 lcredit=1 ucredit=1 > >> dcredit=1 ocredit=1 > >> password sufficient pam_unix.so md5 shadow try_first_pass > >> use_authtok remember=7 > >> > >> Essentially, I need to check if the lines match the result set and if > >> not, to make the change. I'm happily able to make the proper changes, > >> using the following (using the first line as an example): > >> > >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ > >> argument", > >> "set *[module='pam_cracklib.so'][type='password']/argument[1] > >> retry=3", > >> "set *[module='pam_cracklib.so'][type='password']/argument[2] > >> lcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[3] > >> ucredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[4] > >> dcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[5] > >> ocredit=1"], > >> > >> But I'm really struggling with the onlyif line to check that all the > >> arguments are in place, the correct value and there are no extras. > >> I'm > >> able to test individual argument values and the overall count, but I > >> seem unable to build a full match that checks everything at once, > >> i.e. > >> checks each of the first five argument values and ensures that > >> there are > >> only 5 arguments total. > > > > If you don't mind an unnecessary change the first time you run your > > Augeas resource on a system, you don't need the onlyif - unnecessary > > here means that system-auth might be changed simply because there's > > different amounts of spaces between the current file and what Augeas > > would generate based on your tree changes. > > > > Augeas will not actually change the file if it stays byte-for-byte > > identical, even if you made changes to the tree (e.g. change the value > > of a node to something new, then back to the old thing) > > > > Depending on the version of the Augeas plugin you have, puppet _might_ > > report changes even though none were necessary (or made) - Bryan might > > be able to shed some light on the state of reporting in the Augeas > > type > > in 0.24.7 vs the latest in git. > > > > David > > > > > > > > > > > > > > -- Paul Matthews ---------------------------------------------------------------------- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
