On 3/30/17 1:58 PM, Peter K wrote:
> I'm trying to remove a specific configuration value, "minimum_uid=1000",
> from multiple lines in several files (currently 5 files) in /etc/pam.d/.
> A typical line looks like this:
> |
> auth     [success=1default=ignore]     pam_ldap.so use_first_pass
> minimum_uid=1000
> |
> 
> I've tried exec and sed, but I couldn't figure out the necessary
> escaping to get the filename variable to parse (here I test with 'abc'):
> |
> define removeMinimumUID(){
>     exec { '${filename}':
>       command => "/usr/bin/sed -i \'s|abc|cab|g\' ${filename}",
>       onlyif => '/usr/bin/test -e ${filename}',
>       refresh => '/usr/bin/true',
>       provider => 'posix',
>       logoutput => on_failure,
>     }
> }
> 
> RemoveMinimumUID { "/mnt/NY_Interactive/dev/peter/puppet/abc.txt": }
> |
> 
> Error:
> Executing: '/usr/bin/sed -i 's|abc|cab|g' '^[[0m
> ^[[mNotice:
> /Stage[main]/Main/Removeminimumuid[/mnt/NY_Interactive/dev/peter/puppet/abc.txt]/Exec[${filename}]/returns:
> /usr/bin/sed: no input files^[[0m
> 
> If I substitute the fully qualified filename with the filename variable
> on the 'commmand' parameter line, the script runs fine.
> 
> 
> 
> Then I tried stdlibs' file_line but I couldn't figure out how to replace
> a substring without identifying the entire replacement string:
> |
> 
> 
> file {'/home/peter/dev/puppet/abc.txt':
>   ensure=>present,
> }->
> file_line {'Append a line to /home/peter/dev/puppet/abc.txt':
>   path =>'/home/peter/dev/puppet/abc.txt',
>   line =>'cab',
>   multiple =>true,
>   match   =>"abc$",
> }
> |
> 
> 
> I'm currently looking at augeas but no luck yet.
> 
> Suggestions?
> thx...
> 

Hi Peter,

The Puppet approach would be to specify the end state as opposed to
running sed against a file. The sed approach will ensure you removed a
specific line, though it does not ensure the content of the entire file.
This is especially important with PAM to ensure it is configured correctly.

Checkout my Puppet Approved pam module[1] where you can specify what
lines should be in your pam configs.

[1] - https://forge.puppet.com/ghoneycutt/pam

Best regards,
-g


-- 
Garrett Honeycutt
@learnpuppet
Puppet Training with LearnPuppet.com
Mobile: +1.206.414.8658

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/0bbe179f-fca4-db60-53a0-920c10d85e59%40garretthoneycutt.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to