[augeas-devel] Ensuring a multi-value node has a value present

Sat Feb 28 02:27:57 UTC 2015

Hi Andrew,

On Sun, Jan 25, 2015 at 12:47 AM, Andrew Beverley <andy at andybev.com> wrote:

> Hi guys,
>
> Firstly, thanks for Augeas. I've only just come across it, but it's
> really useful!
>
> I'm using Augeus to alter an sshd config file. For simple options, I can
> just do (for example):
>
>     set /files/etc/ssh/sshd_config/PermitRootLogin without-password
>
> If it's not set, then it will be added, if it is set, then it will be
> updated as required.
>
> However, what if I want to ensure that a particular group is in
> AllowGroups? I can do
>
>     set /files/etc/ssh/sshd_config/AllowGroups/0 sshers
>
> But that will only work if that's the only group I set.
>
> Is there a way I can say "add this value if it doesn't already exist"?
>

There's no way currently to do that in Augeas; to get this sort of
conditional logic, you'd have to resort to some sort of scripting language
(e.g., using hte Python or Ruby bindings)

> I realise that I can check the value first (which is what I am doing
> now) but it would be nice to be able to write an idempotent command.
>

I agree that would be nice, though it seems that coming up with a command
that covers the general case of 'make this tree look like this' might be a
bit tricky. I've been thinking of adding something like

ensure EXPR ROOT TREE

with the meaning that the ensure command would first evaluate EXPR and make
sure that the resulting tree is the same as TREE; if nothing matches EXPR,
it would create a node according to ROOT and put TREE underneath it.

In your case, that might look like (using $s as a shorthand for
/files/etc/ssh/sshd_config/)

ensure $s/AllowGroups/*[. = 'sshers'] $s/AllowGroups/01 'sshers'

For the more general case, for example to set up a certain line in
/etc/hosts ($h == /files/etc/hosts), it would be

ensure $h/*[ipaddr = "192.168.0.1"] $h/01 { "ipaddr" = "192.168.0.1" } {
"canonical" = "example.com" }

I am not sure how usable that ultimately would be; in particular, writing
down the subtree in an understandable manner seems a bit of a head
scratcher.

Thinking about this some more, EXPR and ROOT both give you the root node
for your subtree, and you want to be able to both set the value of that
root node (as in your example) and the children of that node (as in the
/etc/hosts example) so that the ensure command really would need to be

ensure EXPR ROOT VALUE CHILDREN

where VALUE would be a string and CHILDREN would be a list of trees. We
could probably have specialized variants like 'ensure_value EXPR ROOT
VALUE' or some such.

Would anybody be able to use that successfully ? Would that even cover most
cases where people want to idempotently set things up in the tree ?

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20150227/52661ec5/attachment.htm>