Puppet users - Aug 2011 - manage sudoers with augeas

Hello,

I am trying to use augeas via puppet,
augeas { "mailops":
context => "/files/etc/sudoers",
  changes => [
    "set spec[user = ''%mail-ops'']/user %mail-ops",
    "set spec[user = ''%mail-ops'']/host_group/host
ALL",
    "set spec[user = ''%mail-ops'']/host_group/command[1]
\"/bin/su imail
\"",
    "set spec[user =
''%mail-ops'']/host_group/command[1]/tag NOPASSWD",
  ],
}

the error :

err: /Stage[main]/Managesudo::mailops/Augeas[mailops]/returns: change
from need_to_run to 0 failed: Save failed with return code false

the augeas tool doesn''t return anything when I am trying to get the
actual spec
augtool> print /files/etc/sudoers
augtool>

How can I test augtool ?

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 25, 2011, at 9:05 AM, Vincent wrote:
> the augeas tool doesn''t return anything when I am trying to get
the
> actual spec
> augtool> print /files/etc/sudoers
> augtool>
> 
> How can I test augtool ?

From http://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Augeas

“You can see which files Augeas has successfully parsed by running augtool ls
/files/ and drilling down from there. If a file hasn’t been properly parsed by
Augeas, it simply won’t show up. This could mean that the file has a syntax
error, the file doesn’t exist, you don’t have permission to read the file, or it
could imply a failure in the lens itself.”

Are you running `augtool` as root?

-- 
Rob McBroom
<http://www.skurfer.com/>


-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

yes it was as root, why the ls /etc doesn''t return the sudoers ?


# augtool
augtool> ls /files/etc/sudoers
augtool> ls /files/etc/
modprobe.d/ = (none)
puppet/ = (none)
sysconfig/ = (none)
default/ = (none)
environment = (none)
ntp.conf/ = (none)
inittab/ = (none)
services/ = (none)
grub.conf/ = (none)
securetty/ = (none)
xinetd.d/ = (none)
hosts/ = (none)
exports = (none)
passwd/ = (none)
pam.d/ = (none)
cgrules.conf/ = (none)
postfix/ = (none)
krb5.conf/ = (none)
aliases/ = (none)
logrotate.conf/ = (none)
logrotate.d/ = (none)
sysctl.conf/ = (none)
fstab/ = (none)
ethers/ = (none)
group/ = (none)
yum/ = (none)
yum.conf/ = (none)
security/ = (none)
cgconfig.conf/ = (none)
ssh/ = (none)
crontab/ = (none)
cron.d/ = (none)
augtool>
augtool>


# ls -l /etc/sudoers
-rw-r----- 1 root root 3797 Aug 25 14:04 /etc/sudoers


On Aug 25, 3:23 pm, Rob McBroom <mailingli...@skurfer.com>
wrote:
> On Aug 25, 2011, at 9:05 AM, Vincent wrote:
>
> > the augeas tool doesn''t return anything when I am trying to
get the
> > actual spec
> > augtool> print /files/etc/sudoers
> > augtool>
>
> > How can I test augtool ?
>
> Fromhttp://projects.puppetlabs.com/projects/puppet/wiki/Puppet_Augeas
>
> “You can see which files Augeas has successfully parsed by running augtool
ls /files/ and drilling down from there. If a file hasn’t been properly parsed
by Augeas, it simply won’t show up. This could mean that the file has a syntax
error, the file doesn’t exist, you don’t have permission to read the file, or it
could imply a failure in the lens itself.”
>
> Are you running `augtool` as root?
>
> --
> Rob McBroom
> <http://www.skurfer.com/>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 25, 2011, at 9:35 AM, Vincent wrote:
> yes it was as root, why the ls /etc doesn''t return the sudoers ?
On Aug 25, 2011, at 9:23 AM, Rob McBroom wrote:
> If a file hasn’t been properly parsed by Augeas, it simply won’t show up.
This could mean that the file has a syntax error, the file doesn’t exist, you
don’t have permission to read the file, or it could imply a failure in the lens
itself.

-- 
Rob McBroom
<http://www.skurfer.com/>

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

How Can I detect why augeas doesn''t treat them ?
How can I know if it is a lens failure ?
Does augeas have a debug mode ?



2011/8/25 Rob McBroom <mailinglist0@skurfer.com>
> On Aug 25, 2011, at 9:35 AM, Vincent wrote:
>
> > yes it was as root, why the ls /etc doesn''t return the
sudoers ?
>
> On Aug 25, 2011, at 9:23 AM, Rob McBroom wrote:
>
> > If a file hasn’t been properly parsed by Augeas, it simply won’t show
up.
> This could mean that the file has a syntax error, the file doesn’t exist,
> you don’t have permission to read the file, or it could imply a failure in
> the lens itself.
>
>
> --
> Rob McBroom
> <http://www.skurfer.com/>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

My 2c: I avoid the augeas provider whenever possible.  I''ve got it in
one
manifest, but it''s a pain to troubleshoot.  I would either assemble the
file
from fragments using the concat module or drop prebuilt fragments in
/etc/sudoers.d/.  You may have to create the directory, but recent sudoers
releases support this and it''s easy to work with.  You just have to be
careful to chmod the files 440.

On Fri, Aug 26, 2011 at 1:15 AM, vincent <vincent@louviaux.com> wrote:
> How Can I detect why augeas doesn''t treat them ?
> How can I know if it is a lens failure ?
> Does augeas have a debug mode ?
>
>
>
>
> 2011/8/25 Rob McBroom <mailinglist0@skurfer.com>
>
>> On Aug 25, 2011, at 9:35 AM, Vincent wrote:
>>
>> > yes it was as root, why the ls /etc doesn''t return the
sudoers ?
>>
>> On Aug 25, 2011, at 9:23 AM, Rob McBroom wrote:
>>
>> > If a file hasn’t been properly parsed by Augeas, it simply won’t
show
>> up. This could mean that the file has a syntax error, the file doesn’t
>> exist, you don’t have permission to read the file, or it could imply a
>> failure in the lens itself.
>>
>>
>> --
>> Rob McBroom
>> <http://www.skurfer.com/>
>>
>> --
>> You received this message because you are subscribed to the Google
Groups
>> "Puppet Users" group.
>> To post to this group, send email to puppet-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> puppet-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/puppet-users?hl=en.
>>
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Aug 26, 2011, at 4:15 AM, vincent wrote:
> How Can I detect why augeas doesn''t treat them ?
> How can I know if it is a lens failure ?
> Does augeas have a debug mode ?
I don’t know how to get more detail from Augeas, but I would eliminate the
“syntax error in sudoers” possibility first. Maybe run visudo, since it checks
syntax, or temporarily replace it with a very simple file and see if it starts
working?

-- 
Rob McBroom
<http://www.skurfer.com/>

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.