augeas only add if doesn't exist

[Eugene Vilensky]

Hello,

I'm trying to add an entry to /etc/hosts.allow only if the entry for
'client' (daemon) does not already exit.

In this #puppet log:
http://www.puppetlogs.com/puppet/%23puppet-2012-05-03.log.html

rodjek links a gist which should do exactly that:
https://gist.github.com/18c50d8800840696bac0

But I can't get it to execute with augtool:

augtool> set /files/etc/hosts.allow/*[process=nrpe]/client[last()+1] 1.1.1.1
error: Failed to execute command

What am I doing wrong? (I'm using the latest from here:
https://raw.github.com/lutter/augeas/master/lenses/hosts_access.aug)

Thank you kindly,
Eugene

[Jake - USPS]

First thing I would do is use 'augtool' on the command line and checking for any errors trying to parse your current /etc/hosts.allow file:

augtool

> ls /augeas/files/etc/hosts.allow/error

(maybe *errors* plural, can't remember off the top of my head ... play with the path as I may have typo'd something :P)

If that exists and has nodes under it check out what it says for an error and goto the line with the error in /etc/hosts.allow.  It means augeas is not able to parse the file as it is now before even trying to make the changes you want to make.

If the 'errors' didn't exist then try adding the entry puppet is trying to add manually.  I think you get get the augeas command puppet is trying to use by running 'puppet agent --debug' and then grepping on the augeas resource name.  So again, use augtool and manually try to edit the file through that and see if you are able to save your changes.  If it fails, I think you can then reference that error path I gave you to first check for whatever error may be generated from trying to make the change.

Hope that helps point you into a direction for a solution.

Regards,

Jake

[jmccann]

Wow, I think I totally missed reading the last part of your message.  Unfortunately I don't have a system currently to test what you are trying to do to further debug.  Sorry for posting so hastily.

Regards,
Jake

[Trammael]

On Monday, September 24, 2012 2:40:41 PM UTC-5, jmccann wrote:

First thing I would do is use 'augtool' on the command line and checking for any errors trying to parse your current /etc/hosts.allow file:

augtool

> ls /augeas/files/etc/hosts.allow/error

(maybe *errors* plural, can't remember off the top of my head ... play with the path as I may have typo'd something :P)

I'm starting to think that with Augtool I have to explicitly create a node, while with Puppet augeas provider, I do not.  Hmm.

[Dominic Cleal]

On 24/09/12 19:03, Eugene Vilensky wrote:
> Hello,
>
> I'm trying to add an entry to /etc/hosts.allow only if the entry for
> 'client' (daemon) does not already exit.
>
> In this #puppet log:
> http://www.puppetlogs.com/puppet/%23puppet-2012-05-03.log.html
>
> rodjek links a gist which should do exactly that:
> https://gist.github.com/18c50d8800840696bac0
>
> But I can't get it to execute with augtool:
>
> augtool> set /files/etc/hosts.allow/*[process=nrpe]/client[last()+1] 1.1.1.1
> error: Failed to execute command

You're missing quotes around "nrpe", the command should be:

set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1

rodjek's example has the quotes in, so just a transcription error.

On 12/10/12 21:08, Trammael wrote:>
> I'm starting to think that with Augtool I have to explicitly create a
> node, while with Puppet augeas provider, I do not. Hmm.

There's no difference like this. The Puppet provider parses the
commands but feeds them into the same API as augtool itself uses.

Were you having problems just with augtool, or from Puppet too?

Cheers,

--
Dominic Cleal
Red Hat Consulting
m: +44 (0)7817 878113

[Eugene Vilensky]

On Oct 14, 2012, at 12:40 PM, Dominic Cleal <dcl...@redhat.com> wrote:

You're missing quotes around "nrpe", the command should be:

set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1

rodjek's example has the quotes in, so just a transcription error.

Totally works for an existing 'nrpe' node (thanks!) but not if it does not exist.  I don't suppose there is a simple "create onlyif not exists" expression? (http://augeas.net/page/Path_expressions)

-Eugene

[Dominic Cleal]

On 15/10/12 16:52, Eugene Vilensky wrote:
>
> On Oct 14, 2012, at 12:40 PM, Dominic Cleal <dcl...@redhat.com

> <mailto:dcl...@redhat.com>> wrote:
>
>> You're missing quotes around "nrpe", the command should be:
>>
>> set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1
>>
>> rodjek's example has the quotes in, so just a transcription error.
>
>
> Totally works for an existing 'nrpe' node (thanks!) but not if it does
> not exist. I don't suppose there is a simple "create onlyif not exists"
> expression? (http://augeas.net/page/Path_expressions)

The best way to do this currently is two separate resources, splitting
out the responsibilities so that one adds "nrpe" and the client
"1.1.1.1" if the process isn't there already. The second, if you need
it, will run if "nrpe" is already listed but the client "1.1.1.1" isn't.

$process = "nrpe"
$client = "1.1.1.1"

# Responsible for adding nrpe if it isn't there
augeas { "process-${process}":
context => "/files/etc/hosts.allow",
changes => [
"set /files/etc/hosts.allow/01/process ${process}",
"set /files/etc/hosts.allow/01/client[.='${client}'] ${client}",
],
onlyif => "match *[process='${process}'] size == 0",
}

# Responsible for updating existing nrpe entries missing the client
augeas { "process-${process}-client":
context => "/files/etc/hosts.allow",
changes => "set
/files/etc/hosts.allow/*[process='${process}']/client[.='${client}']
${client}",
require => Augeas["process-${process}"],
}

I've changed this from last()+1 to a style that makes the command
idempotent.

[Dominic Cleal]

On 16/10/12 11:42, Dominic Cleal wrote:
> On 15/10/12 16:52, Eugene Vilensky wrote:
>>
>> On Oct 14, 2012, at 12:40 PM, Dominic Cleal <dcl...@redhat.com
>> <mailto:dcl...@redhat.com>> wrote:
>>
>>> You're missing quotes around "nrpe", the command should be:
>>>
>>> set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1
>>>
>>> rodjek's example has the quotes in, so just a transcription error.
>>
>>
>> Totally works for an existing 'nrpe' node (thanks!) but not if it does
>> not exist. I don't suppose there is a simple "create onlyif not exists"
>> expression? (http://augeas.net/page/Path_expressions)
>
> The best way to do this currently is two separate resources, splitting
> out the responsibilities so that one adds "nrpe" and the client
> "1.1.1.1" if the process isn't there already. The second, if you need
> it, will run if "nrpe" is already listed but the client "1.1.1.1" isn't.

Sorry, that wasn't a great example. I'd set context but not used it.

$process = "nrpe"
$client = "1.1.1.1"

# Responsible for adding nrpe if it isn't there
augeas { "process-${process}":
context => "/files/etc/hosts.allow",
changes => [

"set 01/process ${process}",
"set 01/client[.='${client}'] ${client}",

],
onlyif => "match *[process='${process}'] size == 0",
}

# Responsible for updating existing nrpe entries missing the client
augeas { "process-${process}-client":
context => "/files/etc/hosts.allow",

changes => "set *[process='${process}']/client[.='${client}'] ${client}",

require => Augeas["process-${process}"],
}