No. Regards,
AJ On 5/03/2009, at 12:18 AM, paul matthews wrote: > I could be out of line in saying this but rather than developing an > alternate to Puppet, would your efforts not be better served > producing something that is complementary. The puppet equivalent of > http://nagiosexchange.org > , springs to mind. As I understand it there is a need for a > repository for modules for parts of puppet which are non-core. > Nagiosexchange is a viable venture in its own right and the two co- > exist as mutually beneficial partners. At least I think that's the > case. > > Gaining knowledge from this group, to work on something which can > only be considered as a rival, seems somehow not quite right > > Paul > > 2009/3/4 AJ Christensen <a...@junglist.gen.nz> > > Hi David, > > Not sure if you looked at it, but I'm one of the developers of Chef; > an alternate ruby-based configuration management / systems integration > framework. > > What work is involved in getting a functional Augeas resource? I'm not > sure we want to expose the level of functionality of Augeas entirely, > but perhaps expose it through limited resources, that is unless we can > lock it down a little. There are ruby bindings, yes? > > Regards, > > AJ > > On 4/03/2009, at 5:55 PM, David Lutterkort wrote: > > > > > On Wed, 2009-03-04 at 12:46 +1100, Avi Miller wrote: > >> Hi David, > >> > >> David Lutterkort wrote: > >>> Yeah, that's what that means. Here's a dirty trick to check > multiple > >>> conditions: > >> > >> Your assistance so far has been awesome. If I had more time to > >> play, I'm > >> sure I could solve this in time, but I'm being hammered by the > >> security > >> teams and I need to get a solution onto our servers as soon as > >> possible. > >> > >> I'm trying to check/change /etc/pam.d/system-auth > >> > >> The initial (default set) lines look like this: > >> > >> password requisite pam_cracklib.so try_first_pass retry=3 > >> password sufficient pam_unix.so md5 shadow nullok > >> try_first_pass > >> use_authtok > >> > >> I want to change them to this (result set): > >> > >> password requisite pam_cracklib.so retry=3 lcredit=1 > ucredit=1 > >> dcredit=1 ocredit=1 > >> password sufficient pam_unix.so md5 shadow try_first_pass > >> use_authtok remember=7 > >> > >> Essentially, I need to check if the lines match the result set > and if > >> not, to make the change. I'm happily able to make the proper > changes, > >> using the following (using the first line as an example): > >> > >> changes => [ "rm *[module='pam_cracklib.so'][type='password']/ > >> argument", > >> "set *[module='pam_cracklib.so'][type='password']/argument[1] > >> retry=3", > >> "set *[module='pam_cracklib.so'][type='password']/argument[2] > >> lcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[3] > >> ucredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[4] > >> dcredit=1", > >> "set *[module='pam_cracklib.so'][type='password']/argument[5] > >> ocredit=1"], > >> > >> But I'm really struggling with the onlyif line to check that all > the > >> arguments are in place, the correct value and there are no extras. > >> I'm > >> able to test individual argument values and the overall count, > but I > >> seem unable to build a full match that checks everything at once, > >> i.e. > >> checks each of the first five argument values and ensures that > >> there are > >> only 5 arguments total. > > > > If you don't mind an unnecessary change the first time you run your > > Augeas resource on a system, you don't need the onlyif - unnecessary > > here means that system-auth might be changed simply because there's > > different amounts of spaces between the current file and what Augeas > > would generate based on your tree changes. > > > > Augeas will not actually change the file if it stays byte-for-byte > > identical, even if you made changes to the tree (e.g. change the > value > > of a node to something new, then back to the old thing) > > > > Depending on the version of the Augeas plugin you have, puppet > _might_ > > report changes even though none were necessary (or made) - Bryan > might > > be able to shed some light on the state of reporting in the Augeas > > type > > in 0.24.7 vs the latest in git. > > > > David > > > > > > > > > > > > > > > > -- > Paul Matthews > ---------------------------------------------------------------------- > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
