FAQ
Hello,

I'm trying to add an entry to /etc/hosts.allow only if the entry for
'client' (daemon) does not already exit.

In this #puppet log:
http://www.puppetlogs.com/puppet/%23puppet-2012-05-03.log.html

rodjek links a gist which should do exactly that:
https://gist.github.com/18c50d8800840696bac0

But I can't get it to execute with augtool:

augtool> set /files/etc/hosts.allow/*[process=nrpe]/client[last()+1] 1.1.1.1
error: Failed to execute command

What am I doing wrong? (I'm using the latest from here:
https://raw.github.com/lutter/augeas/master/lenses/hosts_access.aug)

Thank you kindly,
Eugene

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jake - USPS at Sep 24, 2012 at 8:40 pm
    First thing I would do is use 'augtool' on the command line and checking
    for any errors trying to parse your current /etc/hosts.allow file:

    augtool
    ls /augeas/files/etc/hosts.allow/error
    (maybe *errors* plural, can't remember off the top of my head ... play with
    the path as I may have typo'd something :P)

    If that exists and has nodes under it check out what it says for an error
    and goto the line with the error in /etc/hosts.allow. It means augeas is
    not able to parse the file as it is now before even trying to make the
    changes you want to make.

    If the 'errors' didn't exist then try adding the entry puppet is trying to
    add manually. I think you get get the augeas command puppet is trying to
    use by running 'puppet agent --debug' and then grepping on the augeas
    resource name. So again, use augtool and manually try to edit the file
    through that and see if you are able to save your changes. If it fails, I
    think you can then reference that error path I gave you to first check for
    whatever error may be generated from trying to make the change.

    Hope that helps point you into a direction for a solution.

    Regards,
    Jake

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/HMyjqovJzqQJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jmccann at Sep 24, 2012 at 7:44 pm
    Wow, I think I totally missed reading the last part of your message.
    Unfortunately I don't have a system currently to test what you are trying
    to do to further debug. Sorry for posting so hastily.

    Regards,
    Jake

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Bx4oHAw8nhcJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Trammael at Oct 12, 2012 at 8:13 pm

    On Monday, September 24, 2012 2:40:41 PM UTC-5, jmccann wrote:
    First thing I would do is use 'augtool' on the command line and checking
    for any errors trying to parse your current /etc/hosts.allow file:

    augtool
    ls /augeas/files/etc/hosts.allow/error
    (maybe *errors* plural, can't remember off the top of my head ... play
    with the path as I may have typo'd something :P)

    I'm starting to think that with Augtool I have to explicitly create a node,
    while with Puppet augeas provider, I do not. Hmm.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/W4PfBRR4zUgJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Dominic Cleal at Oct 14, 2012 at 5:46 pm

    On 24/09/12 19:03, Eugene Vilensky wrote:
    Hello,

    I'm trying to add an entry to /etc/hosts.allow only if the entry for
    'client' (daemon) does not already exit.

    In this #puppet log:
    http://www.puppetlogs.com/puppet/%23puppet-2012-05-03.log.html

    rodjek links a gist which should do exactly that:
    https://gist.github.com/18c50d8800840696bac0

    But I can't get it to execute with augtool:

    augtool> set /files/etc/hosts.allow/*[process=nrpe]/client[last()+1] 1.1.1.1
    error: Failed to execute command
    You're missing quotes around "nrpe", the command should be:

    set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1

    rodjek's example has the quotes in, so just a transcription error.

    On 12/10/12 21:08, Trammael wrote:>
    I'm starting to think that with Augtool I have to explicitly create a
    node, while with Puppet augeas provider, I do not. Hmm.
    There's no difference like this. The Puppet provider parses the
    commands but feeds them into the same API as augtool itself uses.

    Were you having problems just with augtool, or from Puppet too?

    Cheers,

    --
    Dominic Cleal
    Red Hat Consulting
    m: +44 (0)7817 878113

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Eugene Vilensky at Oct 15, 2012 at 3:52 pm

    On Oct 14, 2012, at 12:40 PM, Dominic Cleal wrote:

    You're missing quotes around "nrpe", the command should be:

    set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1

    rodjek's example has the quotes in, so just a transcription error.

    Totally works for an existing 'nrpe' node (thanks!) but not if it does not exist. I don't suppose there is a simple "create onlyif not exists" expression? (http://augeas.net/page/Path_expressions)

    -Eugene

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Dominic Cleal at Oct 16, 2012 at 10:48 am

    On 15/10/12 16:52, Eugene Vilensky wrote:
    On Oct 14, 2012, at 12:40 PM, Dominic Cleal wrote:

    You're missing quotes around "nrpe", the command should be:

    set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1

    rodjek's example has the quotes in, so just a transcription error.

    Totally works for an existing 'nrpe' node (thanks!) but not if it does
    not exist. I don't suppose there is a simple "create onlyif not exists"
    expression? (http://augeas.net/page/Path_expressions)
    The best way to do this currently is two separate resources, splitting
    out the responsibilities so that one adds "nrpe" and the client
    "1.1.1.1" if the process isn't there already. The second, if you need
    it, will run if "nrpe" is already listed but the client "1.1.1.1" isn't.

    $process = "nrpe"
    $client = "1.1.1.1"

    # Responsible for adding nrpe if it isn't there
    augeas { "process-${process}":
    context => "/files/etc/hosts.allow",
    changes => [
    "set /files/etc/hosts.allow/01/process ${process}",
    "set /files/etc/hosts.allow/01/client[.='${client}'] ${client}",
    ],
    onlyif => "match *[process='${process}'] size == 0",
    }

    # Responsible for updating existing nrpe entries missing the client
    augeas { "process-${process}-client":
    context => "/files/etc/hosts.allow",
    changes => "set
    /files/etc/hosts.allow/*[process='${process}']/client[.='${client}']
    ${client}",
    require => Augeas["process-${process}"],
    }

    I've changed this from last()+1 to a style that makes the command
    idempotent.

    --
    Dominic Cleal
    Red Hat Consulting
    m: +44 (0)7817 878113

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Dominic Cleal at Oct 16, 2012 at 11:13 am

    On 16/10/12 11:42, Dominic Cleal wrote:
    On 15/10/12 16:52, Eugene Vilensky wrote:

    On Oct 14, 2012, at 12:40 PM, Dominic Cleal <dcleal@redhat.com
    wrote:
    You're missing quotes around "nrpe", the command should be:

    set /files/etc/hosts.allow/*[process='nrpe']/client[last()+1] 1.1.1.1

    rodjek's example has the quotes in, so just a transcription error.

    Totally works for an existing 'nrpe' node (thanks!) but not if it does
    not exist. I don't suppose there is a simple "create onlyif not exists"
    expression? (http://augeas.net/page/Path_expressions)
    The best way to do this currently is two separate resources, splitting
    out the responsibilities so that one adds "nrpe" and the client
    "1.1.1.1" if the process isn't there already. The second, if you need
    it, will run if "nrpe" is already listed but the client "1.1.1.1" isn't.
    Sorry, that wasn't a great example. I'd set context but not used it.

    $process = "nrpe"
    $client = "1.1.1.1"

    # Responsible for adding nrpe if it isn't there
    augeas { "process-${process}":
    context => "/files/etc/hosts.allow",
    changes => [
    "set 01/process ${process}",
    "set 01/client[.='${client}'] ${client}",
    ],
    onlyif => "match *[process='${process}'] size == 0",
    }

    # Responsible for updating existing nrpe entries missing the client
    augeas { "process-${process}-client":
    context => "/files/etc/hosts.allow",
    changes => "set *[process='${process}']/client[.='${client}'] ${client}",
    require => Augeas["process-${process}"],
    }

    --
    Dominic Cleal
    Red Hat Consulting
    m: +44 (0)7817 878113

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedSep 24, '12 at 6:03p
activeOct 16, '12 at 11:13a
posts8
users3
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase