[augeas-devel] Managing a file as a whole with puppet and augeas

Mickaël Canévet mickael.canevet at gmail.com
Fri Jun 26 14:38:16 UTC 2015 

Hello,

I'd like to be able to manage a file as a whole with puppet and augeas. The
typical use case is to take a sample file, or a systemd service file,
provided by a package as source and apply some augeas translations on it,
then write to a destination file.

I could use:

file { '/etc/foo/foo.conf':
  ensure => file,
  source => 'file:///usr/share/doc/foo/example/foo.conf',
  replace => false,
}
augeas { 'bar':
  context => '/files/etc/foo/foo.conf',
  changes => [ ... ],
}

But I don't like it because:
- If the sample file is updated (because of security reason for example),
my configuration file will not be updated,
- The configuration file is not managed as whole, and thus can be manually
corrupted.

I'd like to have either something like an Augeas_builder resource that
takes the source and apply any augeas transformation on it:

file { '/etc/foo/foo.conf':
  ensure => file,
}
augeas_builder { '/etc/foo/foo.conf':
  source => 'file:///usr/share/doc/foo/example/foo.conf',
}
augeas { 'bar':
  context => '/files/etc/foo/foo.conf',
  changes => [ ... ],
}

Or even a new provider for File resource that would take the source and
apply any augeas transformation on it and compares with the destination
file:

file { '/etc/foo/foo.conf':
  ensure => file,
  source => 'file:///usr/share/doc/foo/example/foo.conf',
  provider => 'augeas',
}
augeas { 'bar':
  context => '/files/etc/foo/foo.conf',
  changes => [ ... ],
}

I see lots of advantages over concat:
- You don't have to manage the whole file, just have to code the
transformations you want to apply on the source file,
- A run with --noop should show a diff of the whole file, not just the diff
of a fragment and yield about failing dependencies.

I'd like to have your opinion on:
- is is feasible?
- would this be useful?
- how to do it properly?
- how to deal with all augeas transformation? (Augeas resources, augeas
providers...)
- should I create a new Augeas_builder type or a new augeas provider for
File resource?
- anything else

I already discussed that with Raphaël IRL, but I'd also like to have
Dominic's and/or lutter's advice (or anyone else).

Regards,
Mickaël
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20150626/8416cfb9/attachment.htm>

More information about the augeas-devel mailing list