Cloud init configuration management with Puppet

[Craig Barr]

I thought this would be super easy but hit a road block (at least in terms of an elegance solution - yes I know how to use exec type with sed and grep but that feels a bit to much like a workaround)

My requirements is for a file at /etc/cloud/cloud.cfg that looks like this:

users:

 - default

 - name: ec2-user

   primary-group: users

   groups: users

   lock-passwd: false

   sudo: ['ALL=(ALL) NOPASSWD:ALL']

 

disable_root: 1

ssh_pwauth:   0




to be changed to this (The only change is highlighted below in yellow... ssh_pwauthfrom 0 to 1):

users:

 - default

 - name: ec2-user

   primary-group: users

   groups: users

   lock-passwd: false

   sudo: ['ALL=(ALL) NOPASSWD:ALL']

 

disable_root: 1

ssh_pwauth:   1

The file is pre-existing in the AMI and is not created by Puppet. If something like this worked, I would be super happy.... but, it doesn't.

  augeas { "enable-ssh-pwauth" :

     changes => ["set /files/etc/ssh/sshd_config/ssh_pwauth 1",]

  } 

I've tried

Augeas 1.0.0 and 1.4.0 on OracleLinux 6.6... Neither seem to work

Is Yaml-like lens in augeas even supported? And, if not, is there any other way I can solve this without grep + sed exec type pattern?

Thoughts?

[Jeremy T. Bouse]

I believe you're looking at it from the wrong view point if you're
trying to simply use an existing AMI and not for the creation of a new
AMI to load.

The cloud-init configuration can be manipulated using the user-data
passed to the EC2 instance on initialization just as you can trigger the
puppet installation. I suggest you check out the cloud-init
documentation for the version installed on your AMI.

> doesnt.

>
>   augeas { "enable-ssh-pwauth" :
>      changes => ["set /files/etc/ssh/sshd_config/ssh_pwauth 1",]
>   } 
>

> Ive tried

> Augeas 1.0.0 and 1.4.0 on OracleLinux 6.6... Neither seem to work
>
> Is Yaml-like lens in augeas even supported? And, if not, is there any
> other way I can solve this without grep + sed exec type pattern?
> Thoughts?
>

> --
> You received this message because you are subscribed to the Google
> Groups "Puppet Users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to puppet-users...@googlegroups.com [1].
> To view this discussion on the web visit
>
> https://groups.google.com/d/msgid/puppet-users/b6d54be7-a3fe-41cc-95c1-ad9e034f9a04%40googlegroups.com
> [2].
> For more options, visit https://groups.google.com/d/optout [3].
>
>
> Links:
> ------
> [1] mailto:puppet-users...@googlegroups.com
> [2]
>
> https://groups.google.com/d/msgid/puppet-users/b6d54be7-a3fe-41cc-95c1-ad9e034f9a04%40googlegroups.com?utm_medium=email&utm_source=footer
> [3] https://groups.google.com/d/optout

[Craig Barr]

Thanks Jeremy,

I should have mentioned that the Puppet code is being called in a Packer run not the AWS user-data run. Basically, I'm creating a new AMI from a source AMI.

For the record, I solved the problem but it wasn't as elegant as I had hoped.

class profiles::aws {  

  # Enable SSH Password Authentication
  $cloud_init_file = '/etc/cloud/cloud.cfg'
  $ssh_pwauth_property_name = "ssh_pwauth"
  $ssh_pwauth_desired_state = "${ssh_pwauth_property_name}:   1"
  exec {'enable_ssh_pwauth':
    command => "/bin/sed -i 's/ssh_pwauth.*/${ssh_pwauth_desired_state}/' ${cloud_init_file}",
    unless  => "/bin/grep '${ssh_pwauth_desired_state}' ${cloud_init_file}",
  }

> [1] mailto:puppet-users+unsub...@googlegroups.com