Re: [augeas-devel] Managing a file as a whole with puppet and augeas

On Fri, Jun 26, 2015 at 5:00 PM, Dominic Cleal <dcleal redhat com> wrote:
On 26/06/15 15:38, Mickaël Canévet wrote:
> Hello,
> I'd like to be able to manage a file as a whole with puppet and augeas.
> The typical use case is to take a sample file, or a systemd service
> file, provided by a package as source and apply some augeas translations
> on it, then write to a destination file.
> I could use:
> file { '/etc/foo/foo.conf':
>   ensure => file,
>   source => 'file:///usr/share/doc/foo/example/foo.conf',
>   replace => false,
> }
> augeas { 'bar':
>   context => '/files/etc/foo/foo.conf',
>   changes => [ ... ],
> }
> But I don't like it because:
> - If the sample file is updated (because of security reason for
> example), my configuration file will not be updated,
> - The configuration file is not managed as whole, and thus can be
> manually corrupted.

Do you remember this function?


It was written with the same ideas in mind - that you'd have some stock
file, probably inside the module, copied from /usr/share/doc which would
be transformed on the master by Augeas and put into the catalog.  That
has the same disadvantage as the first, the file needs to be copied from
the master.

We did consider this function, for sure. However, it requires to store the file on the master side. The idea Mickaël and I have would be to use a template on the agent, not on the master.

This might be doable using aug_text_store and aug_text_retrieve, by:

* Shortcut: copying the file if target does not exist yet
* Reading the template file
* Inserting the template content into the tree with aug_text_store
* Applying changes to the tree
* Moving the resulting tree to the target file tree
* Saving

The problem is how to modelize that with resources? Obviously, the template parameter does not really go well with the augeas resource type or augeasproviders, as it would allow to specify a different template for entries in the same target…

One possibility we considered would be to add augeas transforms to the file resource type. Theses transforms would be applied to the resulting content of the file resource (whether using source or content), using aug_text_store/aug_text_retrieve.

Arguably, this could be done with two resources:

file { 'foo': replace => false } -> augeas { 'transform foo': }

The problem with that is that when the template changes, the file is not refreshed. And if we don't use replace => false, then it won't be idempotent…

Any thoughts on that?

