[augeas-devel] Managing a file as a whole with puppet and augeas

Thu Jul 23 09:47:18 UTC 2015

On Fri, Jun 26, 2015 at 5:00 PM, Dominic Cleal <dcleal at redhat.com> wrote:

> On 26/06/15 15:38, Mickaël Canévet wrote:
> > Hello,
> >
> > I'd like to be able to manage a file as a whole with puppet and augeas.
> > The typical use case is to take a sample file, or a systemd service
> > file, provided by a package as source and apply some augeas translations
> > on it, then write to a destination file.
> >
> > I could use:
> >
> > file { '/etc/foo/foo.conf':
> >   ensure => file,
> >   source => 'file:///usr/share/doc/foo/example/foo.conf',
> >   replace => false,
> > }
> > augeas { 'bar':
> >   context => '/files/etc/foo/foo.conf',
> >   changes => [ ... ],
> > }
> >
> > But I don't like it because:
> > - If the sample file is updated (because of security reason for
> > example), my configuration file will not be updated,
> > - The configuration file is not managed as whole, and thus can be
> > manually corrupted.
>
> Do you remember this function?
>
>
> https://github.com/camptocamp/puppet-augeas/blob/master/lib/puppet/parser/functions/augeas.rb
>
> It was written with the same ideas in mind - that you'd have some stock
> file, probably inside the module, copied from /usr/share/doc which would
> be transformed on the master by Augeas and put into the catalog.  That
> has the same disadvantage as the first, the file needs to be copied from
> the master.
>
>

We did consider this function, for sure. However, it requires to store the
file on the master side. The idea Mickaël and I have would be to use a
template on the agent, not on the master.

This might be doable using aug_text_store and aug_text_retrieve, by:

* Shortcut: copying the file if target does not exist yet
* Reading the template file
* Inserting the template content into the tree with aug_text_store
* Applying changes to the tree
* Moving the resulting tree to the target file tree
* Saving

The problem is how to modelize that with resources? Obviously, the template
parameter does not really go well with the augeas resource type or
augeasproviders, as it would allow to specify a different template for
entries in the same target…

One possibility we considered would be to add augeas transforms to the file
resource type. Theses transforms would be applied to the resulting content
of the file resource (whether using source or content), using
aug_text_store/aug_text_retrieve.

Arguably, this could be done with two resources:

file { 'foo': replace => false } -> augeas { 'transform foo': }

The problem with that is that when the template changes, the file is not
refreshed. And if we don't use replace => false, then it won't be
idempotent…

Any thoughts on that?

-- 
Raphaël Pinson
Infrastructure Developer & Training Leader
+33 458 482 013

Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget du Lac, Cedex
www.camptocamp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20150723/868903ce/attachment.htm>