Puppet users - Dec 2012 - augeas sudoer syntax help

I have a manifest like this


class sudoer::spectrum {

    augeas { "sudoer_spectrum_cmdalias":
        context => "/files/etc/sudoers",
        changes => [
            "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/name SPECTRUM_CMDS",
            "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[1] ''/bin/mount -o
loop,ro /opt/CA/iso/* /opt/iso/spectrum/*''",
            "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[2] ''/bin/umount
/opt/iso/spectrum/*''",
        ],
    }

    augeas { "sudoer_spectrum":
        context => "/files/etc/sudoers",
        changes => [
            "set spec[user = ''spectrum'']/user
spectrum",
            "set spec[user = ''spectrum'']/host_group/host
ALL",
            "set spec[user =
''spectrum'']/host_group/command/runas_user root",
            "set spec[user =
''spectrum'']/host_group/command/tag NOPASSWD",
            "set spec[user =
''spectrum'']/host_group/command SPECTRUM_CMDS",
        ],
    }

}


But this fails.

The "loop,ro" upsets things.

I also tried this

            "set Cmnd_Alias[alias/name = 
''SPECTRUM_CMDS'']/alias/command[1] ''/bin/mount -o
loop\,ro /opt/CA/iso/*
/opt/iso/spectrum/*''",

But the \ is passed through to the client file.

Cmnd_Alias SPECTRUM_CMDS = /bin/mount -o loop\,ro /optCA/iso/*
/opt/iso/spectrum/* , /bin/umount /opt/iso/spectrum/*


I see something called sep_com used with augeas, but I am not clear on how to
use it.

If I remove the ",ro" the sudoers file is upated on the client, but
without the "ro", the mount command fails.

How do I put a , in the middle of the line?  Or, how do I add a : in the middle
of the line as well, like this

            "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[3] ''/bin/chown -R
spectrum:spectrum /opt/iso/spectrum/*''",

Or, do I need to rethink how to update sudoers files?

Thanks

Craig

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.

Hi There,
Rather than building out files dynamically, have you considered possibly 
deploying snippets of sudoers configuration out to nodes using the 
/etc/sudoers.d/ framework that is available on many operating systems ?

This can be easily handled using the File type and applied to nodes as 
required / classified.

However, it may not offer the flexibility you require.

K

On Tuesday, December 18, 2012 1:55:54 PM UTC, cncook001
wrote:
>
> I have a manifest like this
>
> class sudoer::spectrum {
>
>     augeas { "sudoer_spectrum_cmdalias":
>         context => "/files/etc/sudoers",
>         changes => [
>             "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/name
> SPECTRUM_CMDS",
>             "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[1]
> ''/bin/mount -o loop,ro /opt/CA/iso/*
/opt/iso/spectrum/*''",
>             "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[2]
> ''/bin/umount /opt/iso/spectrum/*''",
>         ],
>     }
>
>     augeas { "sudoer_spectrum":
>         context => "/files/etc/sudoers",
>         changes => [
>             "set spec[user = ''spectrum'']/user
spectrum",
>             "set spec[user =
''spectrum'']/host_group/host ALL",
>             "set spec[user =
''spectrum'']/host_group/command/runas_user
> root",
>             "set spec[user =
''spectrum'']/host_group/command/tag NOPASSWD",
>             "set spec[user =
''spectrum'']/host_group/command SPECTRUM_CMDS",
>         ],
>     }
>
> }
>
> But this fails.
>
> The "loop,ro" upsets things.
>
> I also tried this
>
>             "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[1]
> ''/bin/mount -o loop\,ro /opt/CA/iso/*
/opt/iso/spectrum/*''",
>
> But the \ is passed through to the client file.
>
> Cmnd_Alias SPECTRUM_CMDS = /bin/mount -o loop\,ro /optCA/iso/* 
> /opt/iso/spectrum/* , /bin/umount /opt/iso/spectrum/*
>
>
> I see something called sep_com used with augeas, but I am not clear on how 
> to use it.
>
> If I remove the ",ro" the sudoers file is upated on the client,
but
> without the "ro", the mount command fails.
>
> How do I put a , in the middle of the line?  Or, how do I add a : in the 
> middle of the line as well, like this
>
>             "set Cmnd_Alias[alias/name =
''SPECTRUM_CMDS'']/alias/command[3]
> ''/bin/chown -R spectrum:spectrum
/opt/iso/spectrum/*''",
>  
> Or, do I need to rethink how to update sudoers files?
>
> Thanks
>
> Craig
>
-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/tvUvPwLyekMJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.