augeas onlyif problem

1,350 views
Skip to first unread message

Jist Anidiot

unread,
Nov 6, 2013, 4:17:37 PM11/6/13
to puppet...@googlegroups.com
I'm trying to make sure a specific user has a special ssh key used as his identity file.

so I'm trying something like:

 augeas{"user_second_key":
    context => "/files/home/user/.ssh/config",
    changes => [ "ins IdentityFile after /files/home/user/.ssh/config/IdentityFile[last()]",
                 " set /files/home/user/.ssh/config/IdentityFile[last()] ~/.ssh/user2nd_rsa",
                 ],
    onlyif => "match /files/home/user/.ssh/config/IdentityFile not_include ~/.ssh/user2nd_rsa", 
    
  }

However it adds the line every puppet run.  I'm wondering what I might be doing wrong. 

Dominic Cleal

unread,
Nov 8, 2013, 12:23:11 PM11/8/13
to puppet...@googlegroups.com
Try:

onlyif => "match
/files/home/user/.ssh/config/IdentityFile[.='~/.ssh/user2nd_rsa'] size == 0"

--
Dominic Cleal
Red Hat Engineering

Jist Anidiot

unread,
Nov 11, 2013, 10:18:28 AM11/11/13
to puppet...@googlegroups.com
Thanks that works.  

So what's the point of include and not_include if you have to do this weird size thing? 

Dominic Cleal

unread,
Nov 11, 2013, 5:06:30 PM11/11/13
to puppet...@googlegroups.com
include/not_include check the return value of the "match <arg>" command
and whether it includes or doesn't include the argument.

A match API call in Augeas' API returns a list of paths that match the
argument you pass, so you're actually checking whether those paths
include or don't include a certain value. It doesn't return the values
of those nodes, which is what you expected.

It's possible the "get <arg>" command would work better with
include/not_include, except that API call will only match a single path
and return one value value - so isn't much help with include.

We could do with something better here in the provider for sure, care to
raise a feature request? Please add me to the watchlist if you do.

Jist Anidiot

unread,
Nov 14, 2013, 10:18:54 AM11/14/13
to puppet...@googlegroups.com
Well I expected "match /files/home/user/.ssh/config/IdentityFile not_include ~/.ssh/user2nd_rsa"" to be true if ~/.ssh/user2nd_rsa wasn't one of the values found with the match (and false if it was).  That obviously isn't how it works in practice.  

In augtool "match /files/home/user/.ssh/config/IdentityFile" returns:

/files/home/user/.ssh/config/IdentityFile[1] = ~/.ssh/id_rsa
/files/home/user/.ssh/config/IdentityFile[2] = ~/.ssh/user2nd_rsa
/files/home/user/.ssh/config/IdentityFile[3] = ~/.ssh/git_user_rsa

so I'm still not understanding why the not_include in the onlyif returns false in my case -- Unless it is trying to check against the entire line where I'll never be certain if it is [2] or [3] or something else so it will be fairly useless for me in this case.  

On the bright side the size thing works (just that I would have never thought of trying it.).

 
It's possible the "get <arg>" command would work better with
include/not_include, except that API call will only match a single path
and return one value value - so isn't much help with include.

We could do with something better here in the provider for sure, care to
raise a feature request?  Please add me to the watchlist if you do.


I suspect the only features I need are more examples in the documentation.  
 
Reply all
Reply to author
Forward
0 new messages