[augeas-devel] Yet more novice questions, Re: path expression question
Patrick Spinler
spinler.patrick at mayo.edu
Sun Oct 6 20:43:01 UTC 2013
Still more questions on this and would appreciate more help please.
I still have an error someplace, and I'm struggling to track it down. I
thought to try to manually specify a lens and incl path, but get another
error, and wonder if I'm specifying this correctly.
Observe what happens when I try to manually load iptables specifically:
$ sudo augtool --noload
augtool> print /augeas//errors
augtool> set /augeas/load/Iptables/lens Iptables.lns
augtool> set /augeas/load/Iptables/incl /etc/sysconfig/iptables
error: Too many matches for path expression
Yet, I can't find error info on this:
augtool> print /augeas//error
(no output)
It appears to load iptables cleanly if I don't try to force a lens and
incl, so:
ap00375 at ROFOMI901A sysconfig $ sudo augtool
augtool> print /augeas//error
(some output, but nothing related to iptables)
augtool> print /files/etc/sysconfig/iptables
(lots of output)
Advice, please?
-- Pat
On 10/3/13 7:42 PM, David Lutterkort wrote:
> The simplest path expression for what you want is probably
>
> /files/etc/sysconfig/iptables/table/append[dport = '22']
>
> Writing just 'append' is the same as writing 'append[*]'; if you wanted
> to find the dport entry, you'd write
>
> /files/etc/sysconfig/iptables/table/append/dport[. = '22']
>
> David
>
>
> On Mon, Sep 30, 2013 at 2:30 PM, Patrick Spinler
> <spinler.patrick at mayo.edu <mailto:spinler.patrick at mayo.edu>> wrote:
>
>
> NVM, sorry. I see I had included an extra "/" in my expression. Found
> my error only 2 minutes after sending out my inquiry, of course. :-(
>
> -- Pat, professional botherer of email lists with inane questions
>
> On 9/30/13 4:25 PM, Patrick Spinler wrote:
> >
> > Apologies for asking yet another novice question, but if I may,
> please?
> >
> > I'd like to construct an expression to match any iptables nodes with a
> > dport = <specific value>. Here's an example:
> >
> > augtool> print /files/etc/sysconfig/iptables/table/append[28]
> > /files/etc/sysconfig/iptables/table/append[28] = "Mayo-Firewall-INPUT"
> > /files/etc/sysconfig/iptables/table/append[28]/protocol = "tcp"
> > /files/etc/sysconfig/iptables/table/append[28]/match = "tcp"
> > /files/etc/sysconfig/iptables/table/append[28]/dport = "21"
> > /files/etc/sysconfig/iptables/table/append[28]/jump = "ACCEPT"
> >
> > So, I thought I'd just have to say somethine like
> >
> > match .../append[*]/*[dport = 'XXXX']
> >
> > but I'm not finding what I expect:
> >
> > augtool> match
> /files/etc/sysconfig/iptables/table/append[*]/*[dport = "21"]
> > (no matches)
> > augtool> match /files/etc/sysconfig/iptables/table/*/*[dport = "21"]
> > (no matches)
> > augtool> match /files/etc/sysconfig/iptables/table/*/*["dport" = "21"]
> > (no matches)
> > augtool> match
> /files/etc/sysconfig/iptables/table/append[28]/*["dport"
> > = "21"]
> > (no matches)
> >
> >
> > Guidance, please? (And yes, I have read over the examples in the
> "Path
> > Expressions" page on the hercules-team/augeas Wiki).
> >
> >
> > Apologies for the questions,
> > -- Pat
> >
> > On 9/30/13 3:48 PM, Patrick Spinler wrote:
> >>
> >> Fantastic, and thank you! This did indeed do the trick. :-)
> >>
> >> insert append before "/files/etc/sysconfig/iptables/table/append[. =
> >> 'Mayo-Firewall-INPUT'][1]"
> >>
> >> Thank you muchly for your patience with my novice questions. :-)
> >>
> >> -- Pat
> >>
> >> On 9/30/13 3:31 PM, Raphaël Pinson wrote:
> >>> Hi Pat,
> >>>
> >>>
> >>> You need to select the first node matching your expression, by
> filtering
> >>> a second time:
> >>>
> >>> insert append before "/files/etc/sysconfig/
> >>> iptables/table/append[position(. =
> >>> 'Mayo-Firewall-INPUT')][1]"
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Raphaël
> >>>
> >>>
> >>>
> >>> On Mon, Sep 30, 2013 at 9:54 PM, Patrick Spinler
> >>> <spinler.patrick at mayo.edu <mailto:spinler.patrick at mayo.edu>
> <mailto:spinler.patrick at mayo.edu <mailto:spinler.patrick at mayo.edu>>>
> wrote:
> >>>
> >>>
> >>> Okay, so I have a structure like this:
> >>>
> >>> augtool> ls "/files/etc/sysconfig/iptables/table/"
> >>> chain[1]/ = INPUT
> >>> chain[2]/ = FORWARD
> >>> chain[3]/ = OUTPUT
> >>> chain[4]/ = Mayo-Firewall-INPUT
> >>> append[1]/ = INPUT
> >>> append[2]/ = INPUT
> >>> append[3]/ = INPUT
> >>> append[4]/ = INPUT
> >>> append[5]/ = INPUT
> >>> append[6]/ = INPUT
> >>> append[7]/ = FORWARD
> >>> append[8]/ = Mayo-Firewall-INPUT
> >>> append[9]/ = Mayo-Firewall-INPUT
> >>> append[10]/ = Mayo-Firewall-INPUT
> >>> (...snip...)
> >>> append[27]/ = Mayo-Firewall-INPUT
> >>> append[28]/ = Mayo-Firewall-INPUT
> >>> append[29]/ = Mayo-Firewall-INPUT
> >>>
> >>> I'd like to insert a new node immediately before the first
> >>>
> >>> append[. = 'Mayo-Firewall-INPUT']
> >>>
> >>> node, that is, in this case, before append[8]. However,
> that position
> >>> in the tree, [8], is obviously not constant.
> >>>
> >>> How might I do this?
> >>>
> >>> I've tried expressions like this:
> >>>
> >>> augtool> insert append before
> >>> "/files/etc/sysconfig/iptables/table/append[. =
> 'Mayo-Firewall-INPUT']"
> >>> error: Too many matches for path expression
> >>>
> >>> and expressions involving [position(...)], like this
> >>>
> >>> augtool> insert append before
> >>> "/files/etc/sysconfig/iptables/table/append[position(. =
> >>> 'Mayo-Firewall-INPUT')]"
> >>> error: Invalid path expression
> >>>
> >>>
> >>> which obviously both fail. Thoughts?
> >>>
> >>> Thanks,
> >>> -- Pat
> >>>
> >>> _______________________________________________
> >>> augeas-devel mailing list
> >>> augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>
> <mailto:augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>>
> >>> https://www.redhat.com/mailman/listinfo/augeas-devel
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> Raphaël Pinson
> >>> Infrastructure Developer & Trainer
> >>> +33 479 26 57 93 <tel:%2B33%20479%2026%2057%2093>
> >>> +33 781 90 00 79 <tel:%2B33%20781%2090%2000%2079>
> >>>
> >>> Camptocamp France
> >>> Savoie Technolac
> >>> BP 352
> >>> 48, avenue du Lac du Bourget
> >>> 73372 Le Bourget du Lac, Cedex
> >>> www.camptocamp.com <http://www.camptocamp.com>
> <http://www.camptocamp.com>
> >>
> >> _______________________________________________
> >> augeas-devel mailing list
> >> augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>
> >> https://www.redhat.com/mailman/listinfo/augeas-devel
> >>
> >
>
> _______________________________________________
> augeas-devel mailing list
> augeas-devel at redhat.com <mailto:augeas-devel at redhat.com>
> https://www.redhat.com/mailman/listinfo/augeas-devel
>
>
More information about the augeas-devel
mailing list