I've looked high and low for a solution to my woes, but alas I have not
found one, so before I put my head through a wall :-), I've finally decided
to come here for some insight and assistance! Here is the breakdown of my
problem, routes already explored, and sample code :
1.) I am in need of managing entries for various protocols and subnets
within /etc/hosts.allow.
2.) There are some exception entries on various hosts within my
infrastructure that I am unable to effectively manage with Puppet,
therefore I am unable to manage the file as a *whole**.*
*Options*1.) Template - I am unable to utilize a template for the reason
outlined in #2 above, I am unable to effectively manage the whole file
2.) file_line function from stdlib module - This option* worked*, however
it doesn't seem to display a diff, so I am completely blind to what changes
it is making and therefore quite unsuitable in my environment, as I really
need to run through each change with a "noop" and see what is being
modified before rolling forward with changes, particularly in prod
environments
3.) Augeas / Type - This seems to be my best option thus far. However,
I've ran in to a bit of a snag in how to get an array to work with Augeas
resource declarations within a defined type. When I execute the sample
code below, what I get is an entire "blob" where my resulting line in
/etc/hosts.allow is something like "sshd: 1.1.1.2.2.2.3.3.3.", instead of
the desired and expected end-result of "sshd: 1.1.1., 2.2.2., 3.3.3.".
I gather that when using an array, one would not want to shroud it in
double-quotes, otherwise it's converted to a string which seems to relate
to my issue. However, I see no way of being able to omit double-quotes
when the array is being used within the "changes" parameter of an Augeas
resource declaration. As expected, omitting double-quotes simply results
in an error. I imagine this fact alone is contributing to my issue, as if
I were using something such as a "package" or "service" resource
declaration within the defined type, I could simply omit use of quotes
where the array would *only* be used for the name/title, and therefore not
have an issue.
In summary, I would be superbly grateful if someone could either A) Point
me in the direction of how to fix the given defined type and/or augeas
resource declaration to properly handle the array being passed to it, or B)
An alternative solution that still allows me to only manage part of
/etc/hosts.allow for the protocols and subnets of interest, as well as
displays a single diff for changes that are made to each line/protocol on a
given run. A sincere thank you to anyone who is able to bestow some
knowledge upon me, and let me know if any additional information is needed
to properly conjure up a solution that meets all needs/desires!
*Sample Code*class hosts_allow {
hosts_allow_modify {
'sshd':
clients => ['1.1.1.', '2.2.2.', '3.3.3.'];
* }* define hosts_allow_modify (
$process = $title,
$clients,
) {
# Responsible for adding the process if it isn't there
augeas { "hosts_allow-${process}":
context => "/files/etc/hosts.allow",
changes => [
"set 01/process ${process}",
"set 01/client[.='${clients}'] ${clients}",
],
onlyif => "match *[process='${process}'] size == 0",
}
# Responsible for updating existing process entries missing
the client
augeas { "hosts_allow-${process}-client":
context => "/files/etc/hosts.allow",
changes => "set
*[process='${process}']/client[.='${clients}'] ${clients}",
require => Augeas["hosts_allow-${process}"],
}
}
}
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2bbb48b5-ef2c-45a0-af13-ab4970ae8bb8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
