[augeas-devel] Managing a file as a whole with puppet and augeas

Raphaël Pinson raphael.pinson at camptocamp.com
Wed Jul 29 06:34:41 UTC 2015 

On Tue, Jul 28, 2015 at 8:09 PM, Mickaël Canévet <mickael.canevet at gmail.com>
wrote:

> Well, this is great, but unless I' wrong there is no way to manage the
> same file from multiple resources.
> It looks like all augeas transformations must be done in the same
> augeas_file resource.
>
> Would it be possible to use the existing augeas type to define the augeas
> transformations and use your code in an augeas_file resource that applies
> the transformations of all augeas resources in the catalog?
>
>

This could indeed be the next step. It will probably be more complex, but
I'd like to make augeas_file a kind of plugin on top of the augeas type and
augesproviders. Something like:


augeas_file { '/etc/foo.conf':
  base => '/usr/share/doc/foo/examples/foo.conf',
}

augeas { 'foo bar':
  incl         => '/etc/foo.conf',
  lens        => 'Foo.lns',
  changes => 'set bar baz',
}

foo { 'baz':
  value => 'qux',
  target => '/etc/foo.conf',
}


Both the augeas and the foo (augeasprovider) resources would be
collected/hijacked so as to be applied in memory by the augeas_file
resource. It's obivously much more complex to implement than the current
PoC though…


Raphaël




> Le mar. 28 juil. 2015 à 15:07, Raphaël Pinson <
> raphael.pinson at camptocamp.com> a écrit :
>
>> I started a proof-of-concept implementation as
>> https://github.com/raphink/puppet-augeas_file
>>
>> Feedback welcome!
>>
>>
>> Raphaël
>>
>>
>> On Thu, Jul 23, 2015 at 11:47 AM, Raphaël Pinson <
>> raphael.pinson at camptocamp.com> wrote:
>>
>>>
>>>
>>> On Fri, Jun 26, 2015 at 5:00 PM, Dominic Cleal <dcleal at redhat.com>
>>> wrote:
>>>
>>>> On 26/06/15 15:38, Mickaël Canévet wrote:
>>>> > Hello,
>>>> >
>>>> > I'd like to be able to manage a file as a whole with puppet and
>>>> augeas.
>>>> > The typical use case is to take a sample file, or a systemd service
>>>> > file, provided by a package as source and apply some augeas
>>>> translations
>>>> > on it, then write to a destination file.
>>>> >
>>>> > I could use:
>>>> >
>>>> > file { '/etc/foo/foo.conf':
>>>> >   ensure => file,
>>>> >   source => 'file:///usr/share/doc/foo/example/foo.conf',
>>>> >   replace => false,
>>>> > }
>>>> > augeas { 'bar':
>>>> >   context => '/files/etc/foo/foo.conf',
>>>> >   changes => [ ... ],
>>>> > }
>>>> >
>>>> > But I don't like it because:
>>>> > - If the sample file is updated (because of security reason for
>>>> > example), my configuration file will not be updated,
>>>> > - The configuration file is not managed as whole, and thus can be
>>>> > manually corrupted.
>>>>
>>>> Do you remember this function?
>>>>
>>>>
>>>> https://github.com/camptocamp/puppet-augeas/blob/master/lib/puppet/parser/functions/augeas.rb
>>>>
>>>> It was written with the same ideas in mind - that you'd have some stock
>>>> file, probably inside the module, copied from /usr/share/doc which would
>>>> be transformed on the master by Augeas and put into the catalog.  That
>>>> has the same disadvantage as the first, the file needs to be copied from
>>>> the master.
>>>>
>>>>
>>>
>>> We did consider this function, for sure. However, it requires to store
>>> the file on the master side. The idea Mickaël and I have would be to use a
>>> template on the agent, not on the master.
>>>
>>> This might be doable using aug_text_store and aug_text_retrieve, by:
>>>
>>> * Shortcut: copying the file if target does not exist yet
>>> * Reading the template file
>>> * Inserting the template content into the tree with aug_text_store
>>> * Applying changes to the tree
>>> * Moving the resulting tree to the target file tree
>>> * Saving
>>>
>>>
>>> The problem is how to modelize that with resources? Obviously, the
>>> template parameter does not really go well with the augeas resource type or
>>> augeasproviders, as it would allow to specify a different template for
>>> entries in the same target…
>>>
>>> One possibility we considered would be to add augeas transforms to the
>>> file resource type. Theses transforms would be applied to the resulting
>>> content of the file resource (whether using source or content), using
>>> aug_text_store/aug_text_retrieve.
>>>
>>> Arguably, this could be done with two resources:
>>>
>>> file { 'foo': replace => false } -> augeas { 'transform foo': }
>>>
>>> The problem with that is that when the template changes, the file is not
>>> refreshed. And if we don't use replace => false, then it won't be
>>> idempotent…
>>>
>>>
>>> Any thoughts on that?
>>>
>>>
>>>
>>> --
>>> Raphaël Pinson
>>> Infrastructure Developer & Training Leader
>>> +33 458 482 013
>>>
>>> Camptocamp France
>>> Savoie Technolac
>>> BP 352
>>> 48, avenue du Lac du Bourget
>>> 73372 Le Bourget du Lac, Cedex
>>> www.camptocamp.com
>>>
>>
>>
>>
>> --
>> Raphaël Pinson
>> Infrastructure Developer & Training Leader
>> +33 458 482 013
>>
>> Camptocamp France
>> Savoie Technolac
>> BP 352
>> 48, avenue du Lac du Bourget
>> 73372 Le Bourget du Lac, Cedex
>> www.camptocamp.com
>>  _______________________________________________
>> augeas-devel mailing list
>> augeas-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/augeas-devel
>
>


-- 
Raphaël Pinson
Infrastructure Developer & Training Leader
+33 458 482 013

Camptocamp France
Savoie Technolac
BP 352
48, avenue du Lac du Bourget
73372 Le Bourget du Lac, Cedex
www.camptocamp.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20150729/86a03cbd/attachment.htm>

More information about the augeas-devel mailing list