[augeas-devel] Yet more novice questions, Re: path expression question

Patrick Spinler spinler.patrick at mayo.edu
Sun Oct 6 20:43:01 UTC 2013 

Still more questions on this and would appreciate more help please.

I still have an error someplace, and I'm struggling to track it down.  I
thought to try to manually specify a lens and incl path, but get another
error, and wonder if I'm specifying this correctly.

Observe what happens when I try to manually load iptables specifically:

$ sudo augtool --noload
augtool> print /augeas//errors
augtool> set /augeas/load/Iptables/lens Iptables.lns
augtool> set /augeas/load/Iptables/incl /etc/sysconfig/iptables
error: Too many matches for path expression

Yet, I can't find error info on this:

augtool> print /augeas//error
(no output)

It appears to load iptables cleanly if I don't try to force a lens and
incl, so:

ap00375 at ROFOMI901A sysconfig $ sudo augtool
augtool> print /augeas//error
(some output, but nothing related to iptables)
augtool> print /files/etc/sysconfig/iptables
(lots of output)

Advice, please?
-- Pat


On 10/3/13 7:42 PM, David Lutterkort wrote:
> The simplest path expression for what you want is probably
> 
> /files/etc/sysconfig/iptables/table/append[dport = '22']
> 
> Writing just 'append' is the same as writing 'append[*]'; if you wanted
> to find the dport entry, you'd write
> 
> /files/etc/sysconfig/iptables/table/append/dport[. = '22']
> 
> David
> 
> 
> On Mon, Sep 30, 2013 at 2:30 PM, Patrick Spinler
> <spinler.patrick at mayo.edu <mailto:spinler.patrick at mayo.edu>> wrote:
> 
> 
>     NVM, sorry.  I see I had included an extra "/" in my expression.  Found
>     my error only 2 minutes after sending out my inquiry, of course. :-(
> 
>     -- Pat, professional botherer of email lists with inane questions
> 
>     On 9/30/13 4:25 PM, Patrick Spinler wrote:
>     >
>     > Apologies for asking yet another novice question, but if I may,
>     please?
>     >
>     > I'd like to construct an expression to match any iptables nodes with a
>     > dport = <specific value>.  Here's an example:
>     >
>     > augtool> print /files/etc/sysconfig/iptables/table/append[28]
>     > /files/etc/sysconfig/iptables/table/append[28] = "Mayo-Firewall-INPUT"
>     > /files/etc/sysconfig/iptables/table/append[28]/protocol = "tcp"
>     > /files/etc/sysconfig/iptables/table/append[28]/match = "tcp"
>     > /files/etc/sysconfig/iptables/table/append[28]/dport = "21"
>     > /files/etc/sysconfig/iptables/table/append[28]/jump = "ACCEPT"
>     >
>     > So, I thought I'd just have to say somethine like
>     >
>     >   match .../append[*]/*[dport = 'XXXX']
>     >
>     > but I'm not finding what I expect:
>     >
>     > augtool> match
>     /files/etc/sysconfig/iptables/table/append[*]/*[dport = "21"]
>     >   (no matches)
>     > augtool> match /files/etc/sysconfig/iptables/table/*/*[dport = "21"]
>     >   (no matches)
>     > augtool> match /files/etc/sysconfig/iptables/table/*/*["dport" = "21"]
>     >   (no matches)
>     > augtool> match
>     /files/etc/sysconfig/iptables/table/append[28]/*["dport"
>     > = "21"]
>     >   (no matches)
>     >
>     >
>     > Guidance, please?  (And yes, I have read over the examples in the
>     "Path
>     > Expressions" page on the hercules-team/augeas Wiki).
>     >
>     >
>     > Apologies for the questions,
>     > -- Pat
>     >
>     > On 9/30/13 3:48 PM, Patrick Spinler wrote:
>     >>
>     >> Fantastic, and thank you!  This did indeed do the trick. :-)
>     >>
>     >> insert append before "/files/etc/sysconfig/iptables/table/append[. =
>     >> 'Mayo-Firewall-INPUT'][1]"
>     >>
>     >> Thank you muchly for your patience with my novice questions. :-)
>     >>
>     >> -- Pat
>     >>
>     >> On 9/30/13 3:31 PM, Raphaël Pinson wrote:
>     >>> Hi Pat,
>     >>>
>     >>>
>     >>> You need to select the first node matching your expression, by
>     filtering
>     >>> a second time:
>     >>>
>     >>> insert append before "/files/etc/sysconfig/
>     >>> iptables/table/append[position(. =
>     >>> 'Mayo-Firewall-INPUT')][1]"
>     >>>
>     >>>
>     >>> Regards,
>     >>>
>     >>> Raphaël
>     >>>
>     >>>
>     >>>
>     >>> On Mon, Sep 30, 2013 at 9:54 PM, Patrick Spinler
>     >>> <spinler.patrick at mayo.edu <mailto:spinler.patrick at mayo.edu>
>     <mailto:spinler.patrick at mayo.edu <mailto:spinler.patrick at mayo.edu>>>
>     wrote:
>     >>>
>     >>>
>     >>>     Okay, so I have a structure like this:
>     >>>
>     >>>     augtool> ls "/files/etc/sysconfig/iptables/table/"
>     >>>     chain[1]/ = INPUT
>     >>>     chain[2]/ = FORWARD
>     >>>     chain[3]/ = OUTPUT
>     >>>     chain[4]/ = Mayo-Firewall-INPUT
>     >>>     append[1]/ = INPUT
>     >>>     append[2]/ = INPUT
>     >>>     append[3]/ = INPUT
>     >>>     append[4]/ = INPUT
>     >>>     append[5]/ = INPUT
>     >>>     append[6]/ = INPUT
>     >>>     append[7]/ = FORWARD
>     >>>     append[8]/ = Mayo-Firewall-INPUT
>     >>>     append[9]/ = Mayo-Firewall-INPUT
>     >>>     append[10]/ = Mayo-Firewall-INPUT
>     >>>     (...snip...)
>     >>>     append[27]/ = Mayo-Firewall-INPUT
>     >>>     append[28]/ = Mayo-Firewall-INPUT
>     >>>     append[29]/ = Mayo-Firewall-INPUT
>     >>>
>     >>>     I'd like to insert a new node immediately before the first
>     >>>
>     >>>       append[. = 'Mayo-Firewall-INPUT']
>     >>>
>     >>>     node, that is, in this case, before append[8].  However,
>     that position
>     >>>     in the tree, [8], is obviously not constant.
>     >>>
>     >>>     How might I do this?
>     >>>
>     >>>     I've tried expressions like this:
>     >>>
>     >>>     augtool> insert append before
>     >>>     "/files/etc/sysconfig/iptables/table/append[. =
>     'Mayo-Firewall-INPUT']"
>     >>>     error: Too many matches for path expression
>     >>>
>     >>>     and expressions involving [position(...)], like this
>     >>>
>     >>>     augtool> insert append before
>     >>>     "/files/etc/sysconfig/iptables/table/append[position(. =
>     >>>     'Mayo-Firewall-INPUT')]"
>     >>>     error: Invalid path expression
>     >>>
>     >>>
>     >>>     which obviously both fail.  Thoughts?
>     >>>
>     >>>     Thanks,
>     >>>     -- Pat
>     >>>
>     >>>     _______________________________________________
>     >>>     augeas-devel mailing list
>     >>>     augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>
>     <mailto:augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>>
>     >>>     https://www.redhat.com/mailman/listinfo/augeas-devel
>     >>>
>     >>>
>     >>>
>     >>>
>     >>> --
>     >>> Raphaël Pinson
>     >>> Infrastructure Developer & Trainer
>     >>> +33 479 26 57 93 <tel:%2B33%20479%2026%2057%2093>
>     >>> +33 781 90 00 79 <tel:%2B33%20781%2090%2000%2079>
>     >>>
>     >>> Camptocamp France
>     >>> Savoie Technolac
>     >>> BP 352
>     >>> 48, avenue du Lac du Bourget
>     >>> 73372 Le Bourget du Lac, Cedex
>     >>> www.camptocamp.com <http://www.camptocamp.com>
>     <http://www.camptocamp.com>
>     >>
>     >> _______________________________________________
>     >> augeas-devel mailing list
>     >> augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>
>     >> https://www.redhat.com/mailman/listinfo/augeas-devel
>     >>
>     >
> 
>     _______________________________________________
>     augeas-devel mailing list
>     augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>
>     https://www.redhat.com/mailman/listinfo/augeas-devel
> 
>

More information about the augeas-devel mailing list