Puppet users - Mar 2012 - Removing lines from a file

Hello all,
I am fairly new to Puppet but learning.
I know what I want to do can be done I just can not get things to go
right...

We want to start using the capability of sudo to look in /etc/sudoers.d to
get user specific sudo permissions. Before we add a User_Alias file, the
corresponding configuration needs to be removed from the sudoers file:

# grep ADMINS /etc/sudoers
User_Alias ADMINS = john,chris,james
ADMINS          ALL=(ALL)       ALL

removed before

# cat /etc/sudoers.d/ADMINS
User_Alias ADMINS = john,chris,james
 ADMINS          ALL=(ALL)       ALL

put in place.

I tried the methods in:
http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns?version=5
 but none have worked.

Using line as defined like (my preferred method):

define line($file, $line, $ensure = ''present'') {
    case $ensure {
        default : { err ( "unknown ensure value ${ensure}" ) }
        present: {
            exec { "/bin/echo ''${line}'' >>
''${file}''":
                unless => "/bin/grep -qFx ''${line}''
''${file}''"
            }
        }
        absent: {
            exec { "/usr/bin/perl -ni -e ''print unless
/^\\Q${line}\\E\$/'' ''${file}''":
                onlyif => "/bin/grep -qFx ''${line}''
''${file}''"
            }
        }
    }
}

Called as:

    line { "sudoers.d":
      file   => ''/etc/sudoers'',
      line   => "#includedir /etc/sudoers.d",
      ensure => "absent",
    }

gave this error (I know 0 perl and can not decypher the line or the error
about it):

err: /Stage[main]/Sudo/Line[sudoers.d]/Exec[/usr/bin/perl -ni -e ''print
unless /^\Q#includedir /etc/sudoers.d\E$/''
''/etc/sudoers'']/returns: change
from notrun to 0 failed: /usr/bin/perl -ni -e ''print unless
/^\Q#includedir
/etc/sudoers.d\E$/'' ''/etc/sudoers'' returned 255
instead of one of [0] at
/etc/puppetlabs/puppet/modules/sudo/manifests/init.pp:12

- NOTE: I am adding and removing the #includedir line for testing...

What needs to be changed to get this to work?

Thanks,
John

John Kennedy

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On 21/03/2012 11:48, John Kennedy wrote:
> Hello all,
> I am fairly new to Puppet but learning.
> I know what I want to do can be done I just can not get things to go 
> right...
>
> We want to start using the capability of sudo to look in 
> /etc/sudoers.d to get user specific sudo permissions. Before we add a 
> User_Alias file, the corresponding configuration needs to be removed 
> from the sudoers file:
I would suggest looking at Augeas..

http://augeas.net

Theres some useful documentation about using it with Puppet here 
(including some examples around sudoers)

http://projects.puppetlabs.com/projects/1/wiki/puppet_augeas

Regards
Craig

-- 
Craig Dunn | http://www.craigdunn.org
Yahoo/Skype: craigrdunn | Twitter: @crayfishX

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Wed, Mar 21, 2012 at 12:02, Craig Dunn <craig@craigdunn.org> wrote:
>  On 21/03/2012 11:48, John Kennedy wrote:
>
> Hello all,
> I am fairly new to Puppet but learning.
> I know what I want to do can be done I just can not get things to go
> right...
>
> We want to start using the capability of sudo to look in /etc/sudoers.d to
> get user specific sudo permissions. Before we add a User_Alias file, the
> corresponding configuration needs to be removed from the sudoers file:
>
>
> I would suggest looking at Augeas..
>
> http://augeas.net
>
> Theres some useful documentation about using it with Puppet here
> (including some examples around sudoers)
>
>
http://projects.puppetlabs.​com/projects/1/wiki/puppet_​augeas<http://projects.puppetlabs.com/projects/1/wiki/puppet_augeas>
>
> Regards
> Craig
>
Thanks Craig. I think the problem was the # at the beginning...I tried
again just now using a different line (User_Alias ADMINS john,chris,james) and
it worked. Now I just need to get it to delete more
than one line...
I will look at Augeas as well.

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Mar 21, 6:48 am, John Kennedy <skeb...@gmail.com>
wrote:
> Hello all,
> I am fairly new to Puppet but learning.
> I know what I want to do can be done I just can not get things to go
> right...
>
> We want to start using the capability of sudo to look in /etc/sudoers.d to
> get user specific sudo permissions. Before we add a User_Alias file, the
> corresponding configuration needs to be removed from the sudoers file:
>
> # grep ADMINS /etc/sudoers
> User_Alias ADMINS = john,chris,james
> ADMINS          ALL=(ALL)       ALL
>
> removed before
>
> # cat /etc/sudoers.d/ADMINS
> User_Alias ADMINS = john,chris,james
>  ADMINS          ALL=(ALL)       ALL
>
> put in place.
>
> I tried the methods
in:http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patte...
>  but none have worked.
>
> Using line as defined like (my preferred method):
>
> define line($file, $line, $ensure = ''present'') {
>     case $ensure {
>         default : { err ( "unknown ensure value ${ensure}" ) }
>         present: {
>             exec { "/bin/echo ''${line}'' >>
''${file}''":
>                 unless => "/bin/grep -qFx
''${line}'' ''${file}''"
>             }
>         }
>         absent: {
>             exec { "/usr/bin/perl -ni -e ''print unless
> /^\\Q${line}\\E\$/'' ''${file}''":
>                 onlyif => "/bin/grep -qFx
''${line}'' ''${file}''"
>             }
>         }
>     }
>
> }
>
> Called as:
>
>     line { "sudoers.d":
>       file   => ''/etc/sudoers'',
>       line   => "#includedir /etc/sudoers.d",
>       ensure => "absent",
>     }
>
> gave this error (I know 0 perl and can not decypher the line or the error
> about it):
>
> err: /Stage[main]/Sudo/Line[sudoers.d]/Exec[/usr/bin/perl -ni -e
''print
> unless /^\Q#includedir /etc/sudoers.d\E$/''
''/etc/sudoers'']/returns: change
> from notrun to 0 failed: /usr/bin/perl -ni -e ''print unless
/^\Q#includedir
> /etc/sudoers.d\E$/'' ''/etc/sudoers'' returned 255
instead of one of [0] at
> /etc/puppetlabs/puppet/modules/sudo/manifests/init.pp:12
>
> - NOTE: I am adding and removing the #includedir line for testing...
>
> What needs to be changed to get this to work?

Have you considered using sed instead of perl?  It''s lighter-weight
and very good at this sort of thing.

Personally, however, I would be looking at using a File resource to
manage the *whole file* instead of filtering out a few lines.


John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Mar 22, 2012 at 13:02, jcbollinger
<John.Bollinger@stjude.org>wrote:
>
> > - NOTE: I am adding and removing the #includedir line for testing...
> >
> > What needs to be changed to get this to work?
>
>
> Have you considered using sed instead of perl?  It''s
lighter-weight
> and very good at this sort of thing.
>
> Personally, however, I would be looking at using a File resource to
> manage the *whole file* instead of filtering out a few lines.
>
>
> John
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
John

I was hoping to use the File resource to deal with the whole file but the
man in charge says no...My goal was for /etc/sudoers to contain the basics
plus the includedir directive then all else would be managed from
/etc/sudoers.d but that won''t be happening.

I have seen some sed options but this one does seem to work on anything not
starting with a ''#'' so we are going with it...Plus a single
define for both
adding and removing lines is not a bad thing.

John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thursday, March 22, 2012 at 6:23 AM, John Kennedy wrote:
> 
> On Thu, Mar 22, 2012 at 13:02, jcbollinger <John.Bollinger@stjude.org
(mailto:John.Bollinger@stjude.org)> wrote:
> > 
> > > - NOTE: I am adding and removing the #includedir line for
testing...
> > >
> > > What needs to be changed to get this to work?
> > 
> > 
> > Have you considered using sed instead of perl?  It''s
lighter-weight
> > and very good at this sort of thing.
> > 
> > Personally, however, I would be looking at using a File resource to
> > manage the *whole file* instead of filtering out a few lines.
> > 
Have you looked at the ''file_line'' type in Puppet''s
stdlib? 
https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type/file_line.rb

 
> > 
> > John
> > 
> > --
> > You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
> > To post to this group, send email to puppet-users@googlegroups.com
(mailto:puppet-users@googlegroups.com).
> > To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
(mailto:puppet-users%2Bunsubscribe@googlegroups.com).
> > For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
> > 
> 
> John
> 
> I was hoping to use the File resource to deal with the whole file but the
man in charge says no...My goal was for /etc/sudoers to contain the basics plus
the includedir directive then all else would be managed from /etc/sudoers.d but
that won''t be happening.
> 
> I have seen some sed options but this one does seem to work on anything not
starting with a ''#'' so we are going with it...Plus a single
define for both adding and removing lines is not a bad thing.
> 
> John
> -- 
> You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com
(mailto:puppet-users@googlegroups.com).
> To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
(mailto:puppet-users+unsubscribe@googlegroups.com).
> For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi,
> Have you looked at the ''file_line'' type in
Puppet''s stdlib?
> https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type
> /file_line.rb
What''s Puppet''s stdlib? Is it something bundled inside? Are
there any other
types available?

I can''t see the file_line type in the manual:
http://docs.puppetlabs.com/references/2.7.0/type.html

Thanks!
Pablo

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

It''s a module on github, it provides a lot of nice Ruby functions to
Puppet:

https://github.com/puppetlabs/puppetlabs-stdlib

On 23/03/12 09:23, Pablo Fernandez wrote:
>
> Hi,
>
> > Have you looked at the ''file_line'' type in
Puppet''s stdlib?
>
> > 
> https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type
>
> > /file_line.rb
>
> What''s Puppet''s stdlib? Is it something bundled inside?
Are there any
> other types available?
>
> I can''t see the file_line type in the manual:
>
> http://docs.puppetlabs.com/references/2.7.0/type.html
>
> Thanks!
> Pablo
>
> -- 
> You received this message because you are subscribed to the Google 
> Groups "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to 
> puppet-users+unsubscribe@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/puppet-users?hl=en.

-- 
Luke Bigum

Information Systems
Ph: +44 (0) 20 3192 2520
luke.bigum@lmax.com | http://www.lmax.com
LMAX, Yellow Building, 1A Nicholas Road, London W11 4AN



The information in this e-mail and any attachment is confidential and is
intended only for the named recipient(s). The e-mail may not be disclosed or
used by any person other than the addressee, nor may it be copied in any way. If
you are not a named recipient please notify the sender immediately and delete
any copies of this message. Any unauthorized copying, disclosure or distribution
of the material in this e-mail is strictly forbidden. Any view or opinions
presented are solely those of the author and do not necessarily represent those
of the company.

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Thu, Mar 22, 2012 at 23:48, Gary Larizza <gary@puppetlabs.com> wrote:
>
> On Thursday, March 22, 2012 at 6:23 AM, John Kennedy wrote:
>
>
> On Thu, Mar 22, 2012 at 13:02, jcbollinger
<John.Bollinger@stjude.org>wrote:
>
>
> > - NOTE: I am adding and removing the #includedir line for testing...
> >
> > What needs to be changed to get this to work?
>
>
> Have you considered using sed instead of perl?  It''s
lighter-weight
> and very good at this sort of thing.
>
> Personally, however, I would be looking at using a File resource to
> manage the *whole file* instead of filtering out a few lines.
>
>
> Have you looked at the ''file_line'' type in
Puppet''s stdlib?
>
https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/type/file_line.rb
>
>
>
>
Gary,
I can see where ''file_line'' will add a line but I
don''t know enough ruby to
know, will it remove a line that does exist?
Thanks,
John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi John
 
> I can see where ''file_line'' will add a line but I
don''t know enough ruby
> to know, will it remove a line that does exist?
>
''ensurable'' sounds like it can manage both ''ensure
=> present'' and ''ensure
=> absent''. And sure enough, if you look into the provider: 
https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/provider/file_line/ruby.rb
there
is code for removing the line as well.

I would also recommend that you take a look at the awesome concat module: 
https://github.com/ripienaar/puppet-concat if you cannot manage the whole 
file easily using templates.

Cheers,
Paul

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/l2caIElWDu8J.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

On Fri, Mar 23, 2012 at 11:10, Paul Tötterman
<paul.totterman@gmail.com>wrote:
> Hi John
>
>
>> I can see where ''file_line'' will add a line but I
don''t know enough ruby
>> to know, will it remove a line that does exist?
>>
>
> ''ensurable'' sounds like it can manage both
''ensure => present'' and ''ensure
> => absent''. And sure enough, if you look into the provider:
>
https://github.com/puppetlabs/puppetlabs-stdlib/blob/master/lib/puppet/provider/file_line/ruby.rb
there
> is code for removing the line as well.
>
> I would also recommend that you take a look at the awesome concat module:
> https://github.com/ripienaar/puppet-concat if you cannot manage the whole
> file easily using templates.
>
> Cheers,
> Paul
>
>
> Thanks Paul. I will also look at the concat module.
One (hopefully) last question...How do I take the file_line.rb file and put
it so puppet recognises it? Do I do that with a define or can I just take
the file and place it somewhere for it to work?
I am pretty new to puppet and still working on the basics.
John

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

>
> One (hopefully) last question...How do I take the file_line.rb file and 
> put it so puppet recognises it? Do I do that with a define or can I just 
> take the file and place it somewhere for it to work?
>
Read about modules ( http://docs.puppetlabs.com/guides/modules.html ) and 
use the puppet-stdlib module as a whole. Don''t pick individual files.

Paul

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/KcINS6R_zXQJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.