Removing lines from a file

[John Kennedy]

Hello all,
I am fairly new to Puppet but learning.
I know what I want to do can be done I just can not get things to go right...

We want to start using the capability of sudo to look in /etc/sudoers.d to get user specific sudo permissions. Before we add a User_Alias file, the corresponding configuration needs to be removed from the sudoers file:

# grep ADMINS /etc/sudoers
User_Alias ADMINS = john,chris,james
ADMINS          ALL=(ALL)       ALL

removed before

# cat /etc/sudoers.d/ADMINS
User_Alias ADMINS = john,chris,james
ADMINS          ALL=(ALL)       ALL

put in place.

I tried the methods in:
http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns?version=5
 but none have worked.

Using line as defined like (my preferred method):

define line($file, $line, $ensure = 'present') {
    case $ensure {
        default : { err ( "unknown ensure value ${ensure}" ) }
        present: {
            exec { "/bin/echo '${line}' >> '${file}'":
                unless => "/bin/grep -qFx '${line}' '${file}'"
            }
        }
        absent: {
            exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'":
                onlyif => "/bin/grep -qFx '${line}' '${file}'"
            }
        }
    }
}

Called as:

    line { "sudoers.d":
      file   => '/etc/sudoers',
      line   => "#includedir /etc/sudoers.d",
      ensure => "absent",
    }

gave this error (I know 0 perl and can not decypher the line or the error about it):

err: /Stage[main]/Sudo/Line[sudoers.d]/Exec[/usr/bin/perl -ni -e 'print unless /^\Q#includedir /etc/sudoers.d\E$/' '/etc/sudoers']/returns: change from notrun to 0 failed: /usr/bin/perl -ni -e 'print unless /^\Q#includedir /etc/sudoers.d\E$/' '/etc/sudoers' returned 255 instead of one of [0] at /etc/puppetlabs/puppet/modules/sudo/manifests/init.pp:12

- NOTE: I am adding and removing the #includedir line for testing...

What needs to be changed to get this to work?

Thanks,
John

John Kennedy

[Craig Dunn]

On 21/03/2012 11:48, John Kennedy wrote:

Hello all,
I am fairly new to Puppet but learning.
I know what I want to do can be done I just can not get things to go right...

We want to start using the capability of sudo to look in /etc/sudoers.d to get user specific sudo permissions. Before we add a User_Alias file, the corresponding configuration needs to be removed from the sudoers file:

I would suggest looking at Augeas..

http://augeas.net

Theres some useful documentation about using it with Puppet here (including some examples around sudoers)

http://projects.puppetlabs.com/projects/1/wiki/puppet_augeas

Regards
Craig

-- 
Craig Dunn | http://www.craigdunn.org
Yahoo/Skype: craigrdunn | Twitter: @crayfishX

[John Kennedy]

On Wed, Mar 21, 2012 at 12:02, Craig Dunn <cr...@craigdunn.org> wrote:

On 21/03/2012 11:48, John Kennedy wrote:

Hello all,
I am fairly new to Puppet but learning.
I know what I want to do can be done I just can not get things to go right...

We want to start using the capability of sudo to look in /etc/sudoers.d to get user specific sudo permissions. Before we add a User_Alias file, the corresponding configuration needs to be removed from the sudoers file:

I would suggest looking at Augeas..

http://augeas.net

Theres some useful documentation about using it with Puppet here (including some examples around sudoers)

http://projects.puppetlabs.​com/projects/1/wiki/puppet_​augeas

Regards
Craig

Thanks Craig. I think the problem was the # at the beginning...I tried again just now using a different line (User_Alias ADMINS = john,chris,james) and it worked. Now I just need to get it to delete more than one line...
I will look at Augeas as well.

John

[jcbollinger]

On Mar 21, 6:48 am, John Kennedy <skeb...@gmail.com> wrote:
> Hello all,
> I am fairly new to Puppet but learning.
> I know what I want to do can be done I just can not get things to go
> right...
>
> We want to start using the capability of sudo to look in /etc/sudoers.d to
> get user specific sudo permissions. Before we add a User_Alias file, the
> corresponding configuration needs to be removed from the sudoers file:
>
> # grep ADMINS /etc/sudoers
> User_Alias ADMINS = john,chris,james
> ADMINS          ALL=(ALL)       ALL
>
> removed before
>
> # cat /etc/sudoers.d/ADMINS
> User_Alias ADMINS = john,chris,james
>  ADMINS          ALL=(ALL)       ALL
>
> put in place.
>

> I tried the methods in:http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patte...

Have you considered using sed instead of perl? It's lighter-weight
and very good at this sort of thing.

Personally, however, I would be looking at using a File resource to
manage the *whole file* instead of filtering out a few lines.


John

[John Kennedy]

On Thu, Mar 22, 2012 at 13:02, jcbollinger <John.Bo...@stjude.org> wrote:

> - NOTE: I am adding and removing the #includedir line for testing...
>
> What needs to be changed to get this to work?

Have you considered using sed instead of perl?  It's lighter-weight
and very good at this sort of thing.

Personally, however, I would be looking at using a File resource to
manage the *whole file* instead of filtering out a few lines.


John

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

John

I was hoping to use the File resource to deal with the whole file but the man in charge says no...My goal was for /etc/sudoers to contain the basics plus the includedir directive then all else would be managed from /etc/sudoers.d but that won't be happening.

I have seen some sed options but this one does seem to work on anything not starting with a '#' so we are going with it...Plus a single define for both adding and removing lines is not a bad thing.

John

[Gary Larizza]

On Thursday, March 22, 2012 at 6:23 AM, John Kennedy wrote:

On Thu, Mar 22, 2012 at 13:02, jcbollinger <John.Bo...@stjude.org> wrote:

> - NOTE: I am adding and removing the #includedir line for testing...
>
> What needs to be changed to get this to work?

Have you considered using sed instead of perl?  It's lighter-weight
and very good at this sort of thing.

Personally, however, I would be looking at using a File resource to
manage the *whole file* instead of filtering out a few lines.

Have you looked at the 'file_line' type in Puppet's stdlib?  https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type/file_line.rb

[Pablo Fernandez]

Hi,

 

> Have you looked at the 'file_line' type in Puppet's stdlib?

> https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type

> /file_line.rb

 

What's Puppet's stdlib? Is it something bundled inside? Are there any other types available?

 

I can't see the file_line type in the manual:

http://docs.puppetlabs.com/references/2.7.0/type.html

 

Thanks!
Pablo

[Luke Bigum]

It's a module on github, it provides a lot of nice Ruby functions to Puppet:

https://github.com/puppetlabs/puppetlabs-stdlib

--

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

-- 
Luke Bigum

Information Systems
Ph: +44 (0) 20 3192 2520
luke....@lmax.com | http://www.lmax.com
LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN

The information in this e-mail and any attachment is confidential and is intended only for the named recipient(s). The e-mail may not be disclosed or used by any person other than the addressee, nor may it be copied in any way. If you are not a named recipient please notify the sender immediately and delete any copies of this message. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Any view or opinions presented are solely those of the author and do not necessarily represent those of the company.

[John Kennedy]

On Thu, Mar 22, 2012 at 23:48, Gary Larizza <ga...@puppetlabs.com> wrote:

On Thursday, March 22, 2012 at 6:23 AM, John Kennedy wrote:

On Thu, Mar 22, 2012 at 13:02, jcbollinger <John.Bo...@stjude.org> wrote:

> - NOTE: I am adding and removing the #includedir line for testing...
>
> What needs to be changed to get this to work?

Have you considered using sed instead of perl?  It's lighter-weight
and very good at this sort of thing.

Personally, however, I would be looking at using a File resource to
manage the *whole file* instead of filtering out a few lines.

Have you looked at the 'file_line' type in Puppet's stdlib?  https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type/file_line.rb

 

Gary,
I can see where 'file_line' will add a line but I don't know enough ruby to know, will it remove a line that does exist?
Thanks,
John

[Paul Tötterman]

Hi John

 

I can see where 'file_line' will add a line but I don't know enough ruby to know, will it remove a line that does exist?

'ensurable' sounds like it can manage both 'ensure => present' and 'ensure => absent'. And sure enough, if you look into the provider: https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/provider/file_line/ruby.rb there is code for removing the line as well.

I would also recommend that you take a look at the awesome concat module: https://github.com/ripienaar/puppet-concat if you cannot manage the whole file easily using templates.

Cheers,

Paul

[John Kennedy]

Thanks Paul. I will also look at the concat module.
One (hopefully) last question...How do I take the file_line.rb file and put it so puppet recognises it? Do I do that with a define or can I just take the file and place it somewhere for it to work?
I am pretty new to puppet and still working on the basics.
John

[Paul Tötterman]

One (hopefully) last question...How do I take the file_line.rb file and put it so puppet recognises it? Do I do that with a define or can I just take the file and place it somewhere for it to work?

Read about modules ( http://docs.puppetlabs.com/guides/modules.html ) and use the puppet-stdlib module as a whole. Don't pick individual files.

Paul