Puppet users - Sep 2008 - how to change the content of a config file

Hi all

I am new with puppet. After reading throuhg most of the documentation
I have the following question.

By configuring a server you not only need to install SW, users etc,
one also needs to change the content of configuration files. How do I
do that with puppet?
E.g. in sshd_config I want to disable root access, enable certificate
authentication etc.

--
Any help is very much appreciated
Mike

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Tue, Sep 2, 2008 at 7:54 AM, itsec <itsec.listuser@gmail.com>
wrote:
>
> Hi all
>
> I am new with puppet. After reading throuhg most of the documentation
> I have the following question.
>
> By configuring a server you not only need to install SW, users etc,
> one also needs to change the content of configuration files. How do I
> do that with puppet?
> E.g. in sshd_config I want to disable root access, enable certificate
> authentication etc.
You can''t really "change" the content of a config file. You
can only
replace an existing one. The philosophy with puppet is that you would
ideally use an OS provided application to make changes to a config
file. e.g. Think useradd for editing /etc/passwd.

That said, people generally store a central repository of config files
and push them out using puppet. One optional step beyond simple file
distribution, is to use ERB templating, were you embed ruby code in
your config file templetes and can generate them programmaticly. (e.g.
You could have a hostname, IP address or environment name cooked into
a config file.) Templating basically allows you to use variables in
config files that don''t support them.

Cheers,
Brian
>
> --
> Any help is very much appreciated
> Mike
>
> >
>


-- 
- Brian Gupta

http://opensolaris.org/os/project/nycosug/

http://www.genunix.org/wiki/index.php/OpenSolaris_New_User_FAQ

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

2008/9/2 Brian Gupta <brian.gupta@gmail.com>
>
> On Tue, Sep 2, 2008 at 7:54 AM, itsec <itsec.listuser@gmail.com>
wrote:
> >
> > Hi all
> >
> > I am new with puppet. After reading throuhg most of the documentation
> > I have the following question.
> >
> > By configuring a server you not only need to install SW, users etc,
> > one also needs to change the content of configuration files. How do I
> > do that with puppet?
> > E.g. in sshd_config I want to disable root access, enable certificate
> > authentication etc.
>
> You can''t really "change" the content of a config file.
You can only
> replace an existing one. The philosophy with puppet is that you would
> ideally use an OS provided application to make changes to a config
> file. e.g. Think useradd for editing /etc/passwd.
>
If you really want to there is nothing stopping you from changing content.
You can make a class that check for a pattern and then does something with
the pattern. I tend to do this to make sure certain config files
doesn''t
contain a spesific pattern.

Eg something like this:

make a file called delete.pp which contains

define delete_lines($file, $pattern) {
   exec { "/bin/sed -i -r -e ''/$pattern/d'' $file":
      onlyif => "/bin/grep -E ''$pattern''
''$file''",
   }
}

Then call it somewhere else with:

    import "delete.pp"
      delete_lines { title:
      file => "/path/to/file",
      pattern => "InsertRegExpHere",
   }




>
> That said, people generally store a central repository of config files
> and push them out using puppet. One optional step beyond simple file
> distribution, is to use ERB templating, were you embed ruby code in
> your config file templetes and can generate them programmaticly. (e.g.
> You could have a hostname, IP address or environment name cooked into
> a config file.) Templating basically allows you to use variables in
> config files that don''t support them.
>

I agree, this is really first choice.

Regards
Bjørn Dyresen

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi
>>> I am new with puppet. After reading throuhg most of the
documentation
>>> I have the following question.
>>>
>>> By configuring a server you not only need to install SW, users etc,
>>> one also needs to change the content of configuration files. How do
I
>>> do that with puppet?
>>> E.g. in sshd_config I want to disable root access, enable
certificate
>>> authentication etc.
>> You can''t really "change" the content of a config
file. You can only
>> replace an existing one. The philosophy with puppet is that you would
>> ideally use an OS provided application to make changes to a config
>> file. e.g. Think useradd for editing /etc/passwd.
>>
> 
> If you really want to there is nothing stopping you from changing content.
> You can make a class that check for a pattern and then does something with
> the pattern. I tend to do this to make sure certain config files
doesn''t
> contain a spesific pattern.

or wait for/impelement augeas<->puppet integration.

greets Pete

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

There actually is already a puppet recipe for this.  There is the
simple text edit recipe, which can add/delete lines, and, at the
bottom of that same recipe page, there is a recipe for key value
editing, which I am using for exactly this function.
It looks for AllowGroups in sshd_config, and sets that to the correct
value.

One caveat to that, as it uses system commands, you might need to edit
it to use the full path to those commands (i.e. change sed to /usr/bin/
sed).  I did, and it worked great.

On Sep 2, 9:11 am, "Bjørn Dyre Dyresen" <bj...@dyresen.net>
wrote:
> 2008/9/2 Brian Gupta <brian.gu...@gmail.com>
>
>
>
>
>
> > On Tue, Sep 2, 2008 at 7:54 AM, itsec <itsec.listu...@gmail.com>
wrote:
>
> > > Hi all
>
> > > I am new with puppet. After reading throuhg most of the
documentation
> > > I have the following question.
>
> > > By configuring a server you not only need to install SW, users
etc,
> > > one also needs to change the content of configuration files. How
do I
> > > do that with puppet?
> > > E.g. in sshd_config I want to disable root access, enable
certificate
> > > authentication etc.
>
> > You can''t really "change" the content of a config
file. You can only
> > replace an existing one. The philosophy with puppet is that you would
> > ideally use an OS provided application to make changes to a config
> > file. e.g. Think useradd for editing /etc/passwd.
>
> If you really want to there is nothing stopping you from changing content.
> You can make a class that check for a pattern and then does something with
> the pattern. I tend to do this to make sure certain config files
doesn''t
> contain a spesific pattern.
>
> Eg something like this:
>
> make a file called delete.pp which contains
>
> define delete_lines($file, $pattern) {
>    exec { "/bin/sed -i -r -e ''/$pattern/d''
$file":
>       onlyif => "/bin/grep -E ''$pattern''
''$file''",
>    }
>
> }
>
> Then call it somewhere else with:
>
>     import "delete.pp"
>       delete_lines { title:
>       file => "/path/to/file",
>       pattern => "InsertRegExpHere",
>    }
>
>
>
> > That said, people generally store a central repository of config files
> > and push them out using puppet. One optional step beyond simple file
> > distribution, is to use ERB templating, were you embed ruby code in
> > your config file templetes and can generate them programmaticly. (e.g.
> > You could have a hostname, IP address or environment name cooked into
> > a config file.) Templating basically allows you to use variables in
> > config files that don''t support them.
>
> I agree, this is really first choice.
>
> Regards
> Bjørn Dyresen
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---

On Tue, 2008-09-02 at 15:14 +0200, Peter Meier wrote:
> or wait for/impelement augeas<->puppet integration.
That is actually working now (I have it on good authority :) What you
need is (1) Augeas[1] (2) the Augeas Ruby bindings[2] and (3) Bryan
Kearney''s augeas puppet type[3]

On Fedora systems, you can get the first two with a ''yum install
ruby-augeas'' - Augeas is also available for Debian and Ubuntu; I am
looking for a volunteer to submit the Ruby bindings in Debian and/or
Ubuntu.

David

[1] http://augeas.net/
[2] http://augeas.net/download.html
[3] http://git.et.redhat.com/?p=ace.git;a=tree;f=modules/augeas


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com
To unsubscribe from this group, send email to
puppet-users+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en
-~----------~----~----~----~------~----~------~--~---