[augeas-devel] Some ideas about how to use Augeas with IPA

Dmitri Pal dpal at redhat.com
Tue May 13 19:00:17 UTC 2008 

Thank you Dominique.

Can you please add links to [1] and [2]?

Dominique Dumont wrote:
> Hello
>
> I hope David will not mind me pushing another project which is more
> complementary than competitive to Augeas.
>
> Dmitri Pal <dpal at redhat.com> writes:
>   
>> I have been evaluating the Augeas library for potential use with IPA
>> (especially for the centralized policy management) and found that
>> though it is a pretty powerful tool there are certain features that
>> would make it much more attractive for the IPA project.
>> I will list the requirements with the explanation of the use case .
>>     
>
> I think that Config::Model [1] on top of Augeas would fill most of
> your requirements. Please read on for more detailed explanations.
>
>   
>> 1) When setting the value validate the provided data against the
>> regular expression.  Let us say that we have a file that reads
>> several comma separated values per rule.  Then the lenses will
>> contain a definition of the "word" as any character that is not a
>> space or a comma. The defined "word" will be used in the parsing
>> rule. If then when use set command to update the values in the entry
>> we provide value that contains comma the set command should fail
>> since the data when saved will violate the lenses grammar and
>> library will fail to parse it back.
>>     
>
> With Config::Model, Augeas would be used to read your IPA
> configuration file and store IPA conf data into Config::Model internal
> representation. Your user would need to use Config::Model equivalent
> of "set_command" to enter new data. Config::Model would check the
> validity of the new configuration data at that time, not when saving
> data.
>
>   
>> 2) The match command matches the exact value of the label. It would
>> be very useful to be able to do the regular expression
>> searches. This would help if you have to combine two files and want
>> to extract a subset of the entries that matches the regular
>> expression. I also means that there should be a way to iterate
>> through the result set.
>>     
>
> I've not understood this use case.
>
>   
>> 3) Currently the library is bound to the physical file. There should
>> be an option to save/read the data to/from the buffer so that the
>> caller can take advantage of the fact that data can come from
>> different sources. This can be used when parts of the file are stored
>> in the external facility other than the file - for example in the DB
>> or LDAP. Let us imagine that there is an XML data stored in the ldap
>> field. The application can connect to LDAP, request the attribute,
>> feed it to Augeas library specifying a read lenses and then save the
>> Augeas tree in a file using a different lenses. It creates a very
>> powerful mechanism.
>>     
>
> With Config::Model you can write data back with several
> backends. Could be Augeas, XML, or LDAP. The only hitch is that these
> backends are not (yet) implemented.
>
>   
>> 4) Managing the order of the entries. Currently I do not see a way of
>> inserting the entries in the middle of the file. Some configuration
>> files have rules that are applied in order so capability of inserting
>> a new entry in the middle is very important.
>>     
>
> Not a problem with Config::Model. Could you specify if you want to
> offer your user an interactive session or batch session for
> configuration activities ?
>
>   
>> 5) To be able to effectively merge the configuration data from
>> different sources and apply changes to the file it might be very
>> beneficial to be able to sort the entries in the node tree by a
>> specific criteria. This capability will allow a much simpler
>> implementation logic when 2 different trees need to be compared and
>> merged.
>>     
>
> Data are sorted according to the IPA configuration model stored in
> Config::Model. The catch: you would need to provide this configuration
> model that describe the structure and constraints of IPA
> configuration. See [2] as an example of a configuration model for
> sshd_config.
>
> Simple merge would means loading one IPA conf file and then
> another. The second file would override already existing data. Do you
> need more "subtle" merge functionality ?
>
>   
>> 6) Create a copy of the node tree. If I have a tree that I read from
>> the file and I want to start playing with it in therms of sorting or
>> merging it would be nice to be able create a copy of the tree before
>> starting the procedure so that the original tree can be preserved
>> and would not require re-red from the disk of merge comes to an
>> unresolvable error.
>>     
>
> That would be possible with Config::Model since it uses an internal
> tree representation of data (an instance in Config::Model's doc).
>
> Feel free to ask more details.
>
> All the best
>
> Dominique
>   


-- 
Dmitri Pal
Engineering Manager
Red Hat Inc.

More information about the augeas-devel mailing list