Augeas tips and tricks for Puppet user: edit a complex node.
By gildor on Saturday, August 17 2013, 01:16 - Permalink
I have a recurring problem when trying to use augeas on a complex node: trying to edit a specific entry in a list which is uniquely defined by many attributes.
You probably don't know that you have this problem, but it is easy to spot it into your augeas/puppet resource.
Here are some symptoms of this problem:
- you need to use
onlyif
with multiple constraint on the selection - you use
last()
andlast() +1
augeas { "setup-shorewall": changes => [ "set entry[last() + 1]/source 'all'", "set entry[last()]/dest 'all'", "set entry[last()]/policy 'REJECT'", "set entry[last()]/log_level 'info'", ], onlyif => "match entry[source = 'all'][dest = 'all'][policy = 'REJECT'] size == 0";
For a long time, I thought it was the only solution. But last week, I read again the documentation and found another solution.
My main concerns are the onlyif
and last()
parts, it doesn't look clean to me. The problem is that I cannot define the entry all at once and if I use a value that will be set
late, the node cannot be targeted in between.
The clean way to do this was to define first the target attribute. Typically, in augeas changes:
set spec[user = '$name']/user '$name'
This way if the node doesn't exist it is created and you can then use it directly:
set spec[user = '$name']/host_group/host 'ALL' set spec[user = '$name']/host_group/command1 'ALL' set spec[user = '$name']/host_group/command1/tag 'PASSWD'
But sometimes it is not possible to set the attribute directly -- typically when you need to use multiple attribute. The solution in this case is to use defnode
:
defnode target entry[#comment = 'puppet: <%= name %>']/ "<%= name %>" set $target/action '<%= action %>' set $target/source '<%= source %>' set $target/#comment 'puppet: <%= name %>' clear $target
The big trick here is that defnode
needs a value, but most of the time you cannot set a value for the node -- because it has none. To solve this, you set a value with defnode
, process with your change and you clear
the node at the end.
This recent discovery has simplify a lot some augeas changes I use.
Feel free to leave comment on your personal technique to deal with augeas and puppet.
Comments
Hey, this is great solution. I always used this last() trick. But this is definetelly way better. Augeas always looked to me like some sprt of dark magic.