Puppet users - Nov 2013 - augeas onlyif problem

I''m trying to make sure a specific user has a special ssh key used as
his
identity file.

so I''m trying something like:

 augeas{"user_second_key":
    context => "/files/home/user/.ssh/config",
    changes => [ "ins IdentityFile after 
/files/home/user/.ssh/config/IdentityFile[last()]",
                 " set /files/home/user/.ssh/config/IdentityFile[last()] 
~/.ssh/user2nd_rsa",
                 ],
    onlyif => "match /files/home/user/.ssh/config/IdentityFile
not_include
~/.ssh/user2nd_rsa", 
    
  }

However it adds the line every puppet run.  I''m wondering what I might
be
doing wrong. 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/84ee6cf2-0e49-41ee-84b4-5a960335bee9%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On 06/11/13 21:17, Jist Anidiot wrote:
> I''m trying to make sure a specific user has a special ssh key used
as
> his identity file.
> 
> so I''m trying something like:
> 
>  augeas{"user_second_key":
>     context => "/files/home/user/.ssh/config",
>     changes => [ "ins IdentityFile after
> /files/home/user/.ssh/config/IdentityFile[last()]",
>                  " set
/files/home/user/.ssh/config/IdentityFile[last()]
> ~/.ssh/user2nd_rsa",
>                  ],
>     onlyif => "match /files/home/user/.ssh/config/IdentityFile
> not_include ~/.ssh/user2nd_rsa", 
>     
>   }
> 
> However it adds the line every puppet run.  I''m wondering what I
might
> be doing wrong. 
Try:

onlyif => "match
/files/home/user/.ssh/config/IdentityFile[.=''~/.ssh/user2nd_rsa'']
size == 0"

-- 
Dominic Cleal
Red Hat Engineering

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/527D1DFF.60906%40redhat.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal
wrote:
>
> On 06/11/13 21:17, Jist Anidiot wrote: 
> > I''m trying to make sure a specific user has a special ssh key
used as
> > his identity file. 
> > 
> > so I''m trying something like: 
> > 
> >  augeas{"user_second_key": 
> >     context => "/files/home/user/.ssh/config", 
> >     changes => [ "ins IdentityFile after 
> > /files/home/user/.ssh/config/IdentityFile[last()]", 
> >                  " set
/files/home/user/.ssh/config/IdentityFile[last()]
> > ~/.ssh/user2nd_rsa", 
> >                  ], 
> >     onlyif => "match /files/home/user/.ssh/config/IdentityFile
> > not_include ~/.ssh/user2nd_rsa", 
> >     
> >   } 
> > 
> > However it adds the line every puppet run.  I''m wondering
what I might
> > be doing wrong. 
>
> Try: 
>
> onlyif => "match 
>
/files/home/user/.ssh/config/IdentityFile[.=''~/.ssh/user2nd_rsa'']
size ==
> 0" 
>
>
>
Thanks that works.  

So what''s the point of include and not_include if you have to do this
weird
size thing? 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/88458230-d854-4d01-a548-0294357de04c%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

On 11/11/13 15:18, Jist Anidiot wrote:
> 
> 
> On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal wrote:
> 
>     On 06/11/13 21:17, Jist Anidiot wrote:
>     > I''m trying to make sure a specific user has a special ssh
key used as
>     > his identity file.
>     >
>     > so I''m trying something like:
>     >
>     >  augeas{"user_second_key":
>     >     context => "/files/home/user/.ssh/config",
>     >     changes => [ "ins IdentityFile after
>     > /files/home/user/.ssh/config/IdentityFile[last()]",
>     >                  " set
>     /files/home/user/.ssh/config/IdentityFile[last()]
>     > ~/.ssh/user2nd_rsa",
>     >                  ],
>     >     onlyif => "match
/files/home/user/.ssh/config/IdentityFile
>     > not_include ~/.ssh/user2nd_rsa",
>     >    
>     >   }
>     >
>     > However it adds the line every puppet run.  I''m wondering
what I
>     might
>     > be doing wrong.
> 
>     Try:
> 
>     onlyif => "match
>    
/files/home/user/.ssh/config/IdentityFile[.=''~/.ssh/user2nd_rsa'']
>     size == 0"
> 
> 
> 
> Thanks that works.  
> 
> So what''s the point of include and not_include if you have to do
this
> weird size thing? 
include/not_include check the return value of the "match <arg>"
command
and whether it includes or doesn''t include the argument.

A match API call in Augeas'' API returns a list of paths that match the
argument you pass, so you''re actually checking whether those paths
include or don''t include a certain value.  It doesn''t return
the values
of those nodes, which is what you expected.

It''s possible the "get <arg>" command would work better
with
include/not_include, except that API call will only match a single path
and return one value value - so isn''t much help with include.

We could do with something better here in the provider for sure, care to
raise a feature request?  Please add me to the watchlist if you do.

-- 
Dominic Cleal
Red Hat Engineering

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/528154E6.2060206%40redhat.com.
For more options, visit https://groups.google.com/groups/opt_out.

On Monday, November 11, 2013 5:06:30 PM UTC-5, Dominic Cleal
wrote:
>
> On 11/11/13 15:18, Jist Anidiot wrote: 
> > 
> > 
> > On Friday, November 8, 2013 12:23:11 PM UTC-5, Dominic Cleal wrote: 
> > 
> >     On 06/11/13 21:17, Jist Anidiot wrote: 
> >     > I''m trying to make sure a specific user has a
special ssh key used
> as 
> >     > his identity file. 
> >     > 
> >     > so I''m trying something like: 
> >     > 
> >     >  augeas{"user_second_key": 
> >     >     context => "/files/home/user/.ssh/config", 
> >     >     changes => [ "ins IdentityFile after 
> >     > /files/home/user/.ssh/config/IdentityFile[last()]", 
> >     >                  " set 
> >     /files/home/user/.ssh/config/IdentityFile[last()] 
> >     > ~/.ssh/user2nd_rsa", 
> >     >                  ], 
> >     >     onlyif => "match
/files/home/user/.ssh/config/IdentityFile
> >     > not_include ~/.ssh/user2nd_rsa", 
> >     >     
> >     >   } 
> >     > 
> >     > However it adds the line every puppet run.  I''m
wondering what I
> >     might 
> >     > be doing wrong. 
> > 
> >     Try: 
> > 
> >     onlyif => "match 
> >    
/files/home/user/.ssh/config/IdentityFile[.=''~/.ssh/user2nd_rsa'']
> >     size == 0" 
> > 
> > 
> > 
> > Thanks that works.   
> > 
> > So what''s the point of include and not_include if you have to
do this
> > weird size thing? 
>
> include/not_include check the return value of the "match
<arg>" command
> and whether it includes or doesn''t include the argument. 
>
> A match API call in Augeas'' API returns a list of paths that match
the
> argument you pass, so you''re actually checking whether those paths
> include or don''t include a certain value.  It doesn''t
return the values
> of those nodes, which is what you expected. 
>
>
Well I expected "match /files/home/user/.ssh/config/IdentityFile 
not_include ~/.ssh/user2nd_rsa"" to be true if ~/.ssh/user2nd_rsa
wasn''t
one of the values found with the match (and false if it was).  That 
obviously isn''t how it works in practice.  

In augtool "match /files/home/user/.ssh/config/IdentityFile" returns:

/files/home/user/.ssh/config/IdentityFile[1] = ~/.ssh/id_rsa
/files/home/user/.ssh/config/IdentityFile[2] = ~/.ssh/user2nd_rsa
/files/home/user/.ssh/config/IdentityFile[3] = ~/.ssh/git_user_rsa

so I''m still not understanding why the not_include in the onlyif
returns
false in my case -- Unless it is trying to check against the entire line 
where I''ll never be certain if it is [2] or [3] or something else so it
will be fairly useless for me in this case.  

On the bright side the size thing works (just that I would have never 
thought of trying it.).

 
> It''s possible the "get <arg>" command would work
better with
> include/not_include, except that API call will only match a single path 
> and return one value value - so isn''t much help with include. 
>
> We could do with something better here in the provider for sure, care to 
> raise a feature request?  Please add me to the watchlist if you do. 
>
>
I suspect the only features I need are more examples in the documentation.  
 

-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/e8e76f79-00d2-47ca-b2c2-2b230fbd1cbc%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.