Greetings, I am currently managing a configuration file for an application with puppet+file_line and so far everything is going well. I have about 30 rules that I need to ensure are in the configuration file. The tricky part is that the rest of the file I don''t care about but some admin somewhere *does*. I, as the puppet module dev/admin, may not care about "$someline" but AdminA may need "$someline" to exist where AdminB may need "$someline" to _not_ exist and AdminC may need "$someline" to exist with a different value associated with it (!). Due to this complexity I have given up trying the template route (maybe I am doing it wrong...but it was a pain trying to deal with all the different parameters...I didn''t get far before it was over my head in complexity). In short, I am managing 30 lines of a config file with puppet in a config file that may be anywhere between 30-100 lines long depending on the system, admin, and use. So what is the problem? Well up till this last rule, I haven''t cared what order these rules exist in the config file. It generally doesn''t make a difference. But not the latest addition to these rules that I am supposed to ensure exists. This new rule is kind of like an iptables "-A INPUT -j DROP" rule for this application. If it is anywhere *but* the last line of the file, then all the rest of the config lines are ignored. Thankfully the program at least complains about this so we can fix it manually, but it would be awesome if puppet would ensure that this line was /always/ the last line of the file. I tinkered with a few things (like anchors and stages) but the problem is that if the line already exists and isn''t at the end, nothing moves it to the end. Does anyone have any clever ideas on how to ensure that a line exists as the very last item of a file? Or maybe there is a suggestion on a better method of managing this config file? Thanks! ~Stack~ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/838c06ae-d4a2-4abb-a446-ce3b77925dad%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
You can use concat fragments to specify the order of stanzas or lines.
Forgive the pseudo code below but you should be able to get the idea
concat::fragment { original_file:
order => 10,
}
concat::fragment { other_stuff:
order => 50,
}
concat::fragment { last_line:
order => 99,
}
This will allow you to specify a file where other admins can edit
"original_file" and you can concat your changes in whatever order you
want.
On Wednesday, December 4, 2013 5:37:26 PM UTC-6, Stack Kororā
wrote:>
> Greetings,
>
> I am currently managing a configuration file for an application with
> puppet+file_line and so far everything is going well. I have about 30 rules
> that I need to ensure are in the configuration file. The tricky part is
> that the rest of the file I don''t care about but some admin
somewhere
> *does*. I, as the puppet module dev/admin, may not care about
"$someline"
> but AdminA may need "$someline" to exist where AdminB may need
"$someline"
> to _not_ exist and AdminC may need "$someline" to exist with a
different
> value associated with it (!). Due to this complexity I have given up trying
> the template route (maybe I am doing it wrong...but it was a pain trying to
> deal with all the different parameters...I didn''t get far before
it was
> over my head in complexity).
>
> In short, I am managing 30 lines of a config file with puppet in a config
> file that may be anywhere between 30-100 lines long depending on the
> system, admin, and use.
>
> So what is the problem? Well up till this last rule, I haven''t
cared what
> order these rules exist in the config file. It generally doesn''t
make a
> difference. But not the latest addition to these rules that I am supposed
> to ensure exists. This new rule is kind of like an iptables "-A INPUT
-j
> DROP" rule for this application. If it is anywhere *but* the last line
of
> the file, then all the rest of the config lines are ignored. Thankfully the
> program at least complains about this so we can fix it manually, but it
> would be awesome if puppet would ensure that this line was /always/ the
> last line of the file.
>
> I tinkered with a few things (like anchors and stages) but the problem is
> that if the line already exists and isn''t at the end, nothing
moves it to
> the end.
>
> Does anyone have any clever ideas on how to ensure that a line exists as
> the very last item of a file? Or maybe there is a suggestion on a better
> method of managing this config file?
>
> Thanks!
> ~Stack~
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/8255ddf3-053b-42b6-a4dc-5348fecf8d10%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
On 12/05/2013 03:33 PM, Sam Coffland wrote:> You can use concat fragments to specify the order of stanzas or lines.Yes, if applicable, this is certainly one of the cleanest approach. If you are willing to add augeas to your toolchain (I''m not, fwiw), that could probably solve your problem as well. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/52A5EAA5.7050707%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/groups/opt_out.
Thanks for the replies. I don''t have it working quite yet, but I am working on it. Yeah, I am steering clear of augeas right now because it has terrible support on SLES which unfortunately makes up a decent chunk of the datacenter. So whatever I do I need to work across Scientific, RH, and SLES (and possibly OSX in the near future..blech!). I think the only module I have pushed out that isn''t SLES compatible so far has been the iptables module because it is so darn useful for RH based distros, but everything else I have to really try and keep across all systems. Thanks again! -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/133dcb73-cd57-40bf-889d-adace9be0826%40googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.