On Mar 21, 6:48 am, John Kennedy <skeb...@gmail.com> wrote: > Hello all, > I am fairly new to Puppet but learning. > I know what I want to do can be done I just can not get things to go > right... > > We want to start using the capability of sudo to look in /etc/sudoers.d to > get user specific sudo permissions. Before we add a User_Alias file, the > corresponding configuration needs to be removed from the sudoers file: > > # grep ADMINS /etc/sudoers > User_Alias ADMINS = john,chris,james > ADMINS ALL=(ALL) ALL > > removed before > > # cat /etc/sudoers.d/ADMINS > User_Alias ADMINS = john,chris,james > ADMINS ALL=(ALL) ALL > > put in place. > > I tried the methods > in:http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patte... > but none have worked. > > Using line as defined like (my preferred method): > > define line($file, $line, $ensure = 'present') { > case $ensure { > default : { err ( "unknown ensure value ${ensure}" ) } > present: { > exec { "/bin/echo '${line}' >> '${file}'": > unless => "/bin/grep -qFx '${line}' '${file}'" > } > } > absent: { > exec { "/usr/bin/perl -ni -e 'print unless > /^\\Q${line}\\E\$/' '${file}'": > onlyif => "/bin/grep -qFx '${line}' '${file}'" > } > } > } > > } > > Called as: > > line { "sudoers.d": > file => '/etc/sudoers', > line => "#includedir /etc/sudoers.d", > ensure => "absent", > } > > gave this error (I know 0 perl and can not decypher the line or the error > about it): > > err: /Stage[main]/Sudo/Line[sudoers.d]/Exec[/usr/bin/perl -ni -e 'print > unless /^\Q#includedir /etc/sudoers.d\E$/' '/etc/sudoers']/returns: change > from notrun to 0 failed: /usr/bin/perl -ni -e 'print unless /^\Q#includedir > /etc/sudoers.d\E$/' '/etc/sudoers' returned 255 instead of one of [0] at > /etc/puppetlabs/puppet/modules/sudo/manifests/init.pp:12 > > - NOTE: I am adding and removing the #includedir line for testing... > > What needs to be changed to get this to work?
Have you considered using sed instead of perl? It's lighter-weight and very good at this sort of thing. Personally, however, I would be looking at using a File resource to manage the *whole file* instead of filtering out a few lines. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
