so I have this sudo module that I''ve been working on:
class auth::sudo {
package { sudo: ensure => installed }
file { sudo_config:
name => "/tmp/sudoers",
owner => "root",
group => "root",
mode => 0440,
notify => Exec["sudoers-syntax"],
source => [
"puppet:///auth/sudo/${fqdn}/sudoers",
"puppet:///auth/sudo/sudoers"
]
}
exec { "sudoers-syntax":
command => "/bin/cp /tmp/sudoers /etc/sudoers",
onlyif => "/usr/sbin/visudo -c /tmp/sudoers",
refreshonly => true,
}
}
it works very well but I''m wondering if there is another way (cleaner
perhaps) to use an external command to verfiy a file prior to deployment.
Is there way to access a potential file before it''s deployed? Or get
at
the previous version if something doesn''t pass a sniff test.
C
--
stickm@gmail.com
-==< Stick >==-
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users
This worked for me:
http://reductivelabs.com/trac/puppet/wiki/TemplateValidationFunction for
the validation. It''s actually more like a general case with an example
for sudo... should be good for you!
You''ll barf on a parse error if the syntax was invalid according to
visudo. You could plug in another script other than visudo if you
wanted additional validation.
Derek
________________________________
From: puppet-users-bounces@madstop.com
[mailto:puppet-users-bounces@madstop.com] On Behalf Of Chris MacLeod
Sent: 18 October 2007 05:27
To: Puppet User Discussion
Subject: [Puppet-users] verify before deploy
so I have this sudo module that I''ve been working on:
class auth::sudo {
package { sudo: ensure => installed }
file { sudo_config:
name => "/tmp/sudoers",
owner => "root",
group => "root",
mode => 0440,
notify => Exec["sudoers-syntax"],
source => [
"puppet:///auth/sudo/${fqdn}/sudoers",
"puppet:///auth/sudo/sudoers"
]
}
exec { "sudoers-syntax":
command => "/bin/cp /tmp/sudoers /etc/sudoers",
onlyif => "/usr/sbin/visudo -c /tmp/sudoers",
refreshonly => true,
}
}
it works very well but I''m wondering if there is another way (cleaner
perhaps) to use an external command to verfiy a file prior to
deployment. Is there way to access a potential file before it''s
deployed? Or get at the previous version if something doesn''t pass a
sniff test.
C
--
stickm@gmail.com
-==< Stick >==-
------------------------------------------------------------------------
For important statutory and regulatory disclosures and more information about
Barclays Capital, please visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays Group does not
accept legal responsibility for the contents of this message. Although the
Barclays Group operates anti-virus programmes, it does not accept responsibility
for any damage whatsoever that is caused by viruses being passed. Any views or
opinions presented are solely those of the author and do not necessarily
represent those of the Barclays Group. Replies to this email may be monitored
by the Barclays Group for operational or business reasons.
Barclays Capital is the investment banking division of Barclays Bank PLC, a
company registered in England (number 1026167) with its registered office at 1
Churchill Place, London, E14 5HP. This email may relate to or be sent from other
members of the Barclays Group.
------------------------------------------------------------------------
ahh... that''s very helpful. I''m not sure though how you could use a validate function with a source file rather than a content file. On 10/18/07, Derek.Whayman@barclayscapital.com < Derek.Whayman@barclayscapital.com> wrote:> > This worked for me: > http://reductivelabs.com/trac/puppet/wiki/TemplateValidationFunction for > the validation. It''s actually more like a general case with an example > for sudo... should be good for you! > > You''ll barf on a parse error if the syntax was invalid according to > visudo. You could plug in another script other than visudo if you > wanted additional validation. > > Derek > > > ________________________________ > > From: puppet-users-bounces@madstop.com > [mailto:puppet-users-bounces@madstop.com] On Behalf Of Chris MacLeod > Sent: 18 October 2007 05:27 > To: Puppet User Discussion > Subject: [Puppet-users] verify before deploy > > > so I have this sudo module that I''ve been working on: > > class auth::sudo { > package { sudo: ensure => installed } > file { sudo_config: > name => "/tmp/sudoers", > owner => "root", > group => "root", > mode => 0440, > notify => Exec["sudoers-syntax"], > source => [ > "puppet:///auth/sudo/${fqdn}/sudoers", > "puppet:///auth/sudo/sudoers" > ] > } > > exec { "sudoers-syntax": > command => "/bin/cp /tmp/sudoers /etc/sudoers", > onlyif => "/usr/sbin/visudo -c /tmp/sudoers", > refreshonly => true, > } > > } > > it works very well but I''m wondering if there is another way (cleaner > perhaps) to use an external command to verfiy a file prior to > deployment. Is there way to access a potential file before it''s > deployed? Or get at the previous version if something doesn''t pass a > sniff test. > > C > > -- > stickm@gmail.com > -==< Stick >==- > ------------------------------------------------------------------------ > For important statutory and regulatory disclosures and more information > about Barclays Capital, please visit our web site at http://www.barcap.com > . > > Internet communications are not secure and therefore the Barclays Group > does not accept legal responsibility for the contents of this > message. Although the Barclays Group operates anti-virus programmes, it > does not accept responsibility for any damage whatsoever that is caused by > viruses being passed. Any views or opinions presented are solely those of > the author and do not necessarily represent those of the Barclays > Group. Replies to this email may be monitored by the Barclays Group for > operational or business reasons. > > Barclays Capital is the investment banking division of Barclays Bank PLC, > a company registered in England (number 1026167) with its registered office > at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent > from other members of the Barclays Group. > ------------------------------------------------------------------------ > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >-- stickm@gmail.com -==< Stick >==- _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
I wrote a little test to make sure that the sudoers file was syntactically
valid. Here''s the bit that does the work.
class SudoersFile
def initialize(sudoers_file)
sudo=''/usr/sbin/visudo''
command="#{sudo} -c -f #{sudoers_file}"
end
def validate
system(command)
end
end
J.
On 18/10/2007, Chris MacLeod <stickm@gmail.com>
wrote:>
> ahh... that''s very helpful. I''m not sure though how you
could use a
> validate function with a source file rather than a content file.
>
> On 10/18/07, Derek.Whayman@barclayscapital.com <
> Derek.Whayman@barclayscapital.com> wrote:
> >
> > This worked for me:
> > http://reductivelabs.com/trac/puppet/wiki/TemplateValidationFunction
for
> > the validation. It''s actually more like a general case with
an example
> > for sudo... should be good for you!
> >
> > You''ll barf on a parse error if the syntax was invalid
according to
> > visudo. You could plug in another script other than visudo if you
> > wanted additional validation.
> >
> > Derek
> >
> >
> > ________________________________
> >
> > From: puppet-users-bounces@madstop.com
> > [mailto:puppet-users-bounces@madstop.com] On Behalf Of Chris MacLeod
> > Sent: 18 October 2007 05:27
> > To: Puppet User Discussion
> > Subject: [Puppet-users] verify before deploy
> >
> >
> > so I have this sudo module that I''ve been working on:
> >
> > class auth::sudo {
> > package { sudo: ensure => installed }
> > file { sudo_config:
> > name => "/tmp/sudoers",
> > owner => "root",
> > group => "root",
> > mode => 0440,
> > notify => Exec["sudoers-syntax"],
> > source => [
> > "puppet:///auth/sudo/${fqdn}/sudoers",
> > "puppet:///auth/sudo/sudoers"
> > ]
> > }
> >
> > exec { "sudoers-syntax":
> > command => "/bin/cp /tmp/sudoers
/etc/sudoers",
> > onlyif => "/usr/sbin/visudo -c
/tmp/sudoers",
> > refreshonly => true,
> > }
> >
> > }
> >
> > it works very well but I''m wondering if there is another way
(cleaner
> > perhaps) to use an external command to verfiy a file prior to
> > deployment. Is there way to access a potential file before
it''s
> > deployed? Or get at the previous version if something
doesn''t pass a
> > sniff test.
> >
> > C
> >
> > --
> > stickm@gmail.com
> > -==< Stick >==-
> >
------------------------------------------------------------------------
> > For important statutory and regulatory disclosures and more
information
> > about Barclays Capital, please visit our web site at
> > http://www.barcap.com.
> >
> > Internet communications are not secure and therefore the Barclays
Group
> > does not accept legal responsibility for the contents of this
> > message. Although the Barclays Group operates anti-virus programmes,
it
> > does not accept responsibility for any damage whatsoever that is
caused by
> > viruses being passed. Any views or opinions presented are solely
those of
> > the author and do not necessarily represent those of the Barclays
> > Group. Replies to this email may be monitored by the Barclays Group
for
> > operational or business reasons.
> >
> > Barclays Capital is the investment banking division of Barclays Bank
> > PLC, a company registered in England (number 1026167) with its
registered
> > office at 1 Churchill Place, London, E14 5HP. This email may relate to
or be
> > sent from other members of the Barclays Group.
> >
------------------------------------------------------------------------
> > _______________________________________________
> > Puppet-users mailing list
> > Puppet-users@madstop.com
> > https://mail.madstop.com/mailman/listinfo/puppet-users
> >
>
>
>
> --
> stickm@gmail.com
> -==< Stick >==-
> _______________________________________________
> Puppet-users mailing list
> Puppet-users@madstop.com
> https://mail.madstop.com/mailman/listinfo/puppet-users
>
>
--
Julian Simpson
Build and Deploy Guy
http://www.juliansimpson.org
_______________________________________________
Puppet-users mailing list
Puppet-users@madstop.com
https://mail.madstop.com/mailman/listinfo/puppet-users