[augeas-devel] Re: Augeas and Puppet

David Lutterkort dlutter at redhat.com
Fri Aug 1 17:16:31 UTC 2008 

On Fri, 2008-08-01 at 00:17 +0200, Kjetil Torgrim Homme wrote:
> Bryan Kearney <bkearney at redhat.com> writes:
> > I am going to work on getting this into the puppet common modules,
> > but if you are using puppet we have a module [1] which exposes
> > augeas to puppet. It accepts a set of changes as either a single
> > string, or an array of strings. It replaces using regular
> > expressions to edit files, or to put an entire file into puppet as a
> > template.
> 
> can you give us an example or two?
> 
> it's with Puppet I want to use Augeas, and what I had envisioned is
> something like
> 
>    editfile { "/etc/my.cnf":
>       lens => 'generic-ini,
>       set => '/mysqld/query_cache_limit=1048576',
>       rm => '/mysqld/log-slow-queries',
>   }
> 
> perhaps it needs to match augtool commands more closely to keep
> everyone sane.

As Bryan said, that's pretty close to how his Augeas type currently
works. You'd write

        augeas { "some-random-name":
          context => "/files/etc/yum.repos.d",
          changes => [
            "set fedora.repo/fedora/enabled 1",
            "set fedora.repo/fedora/gpgcheck 1",
            "set fedora-updates.repo/fedora-updates/enabled 1",
            "set fedora-updates.repo/fedora-updates/gpgcheck 1"
          ]
        }
        
'context' is just a convenience so you don't have to type the same path
prefix over and over, and all the relative paths in 'changes' are
relative to that.

For now, there's no way to specify a specific lens - the assumption is
that the lenses installed on the system agree with what you're doing in
your puppet manifest.

Even thoug the Augeas type talks about 'changes', the idea is that
Augeas will only change the underlying file if you've actually changed
the tree - if all those values in the above snippet are already set to
'1', no change should be made.

> (I think the /system/config concept is a bit too ambitious for now,
> hence "generic-ini".)

Not sure I understand what that means.

> "lens" indicates the filename of the lens, ie. append ".aug" and look
> in the configured search path.


We might add that at some point; I'd need to add loading specific files
to the API first, though. But it's definitely needed, especially as we
get more standard lenses, loading everything they know about into the
tree becomes more and more wasteful.

> another example:
> 
>    editfile { "/etc/ssh/sshd_config":
>       lens => 'sshd,
>       match => '/sshd/AcceptEnv/*',
>       rm => 'match',
>   }
> 
> here "match" is magic (notice no leading slash) and stands for all
> matching nodes.

Yeah, to make that more usable from puppet, Augeas needs a more complete
XPath[1] implementation, so that you can say things like

        augeas {
          context => "/files/etc/hosts/*[ipaddr = '127.0.0.1']",
          changes => [ .. ]
        }
        
to make changes to the line in /etc/hosts that talks about localhost.

David

[1] http://www.w3.org/TR/xpath

More information about the augeas-devel mailing list