How Linux servers manage configurations with puppet and Augeas

How the Linux server configures Linux Linux configuration management with puppet and Augeas management, puppet management configuration, Augeas management configuration Puppet is a centralized configuration management system for Linux, Unix, and Windows platforms, Using its own puppet description language, you can manage profiles, users, cron tasks, software packages, system services, and so on. Puppet these system entities as resources, Puppet's design goal is to simplify the management of these resources and to properly handle dependencies between resources.

While Puppet is a truly unique and useful tool, in some cases you can use it in a different way. For example, you have to modify the configuration files that are already on several servers, and they are slightly different from each other. Puppet Lab people are aware of this, and they have integrated a great tool called Augeas in Puppet, designed specifically for this use.

Augeas can be considered to fill gaps in puppet capabilities, such as the resource type of one of the specified objects (for example, the host resource used to maintain entries in/etc/hosts) is not available. In this document, you will learn how to use Augeas to ease the burden of managing your configuration files.

What is Augeas?

Augeas is basically a configuration editing tool. it resolves the configuration files in their native format and converts them to trees. The configuration changes can be done by manipulating the tree and can be saved in the native configuration file format.

What is the purpose of this tutorial?

We will install and configure Augeas for the puppet server we built earlier. We use this tool to create and test several different configuration files and learn how to use them appropriately to manage our system configuration.

Front Reading

We need a working puppet server and client. If you haven't, please follow my previous tutorial.

The Augeas installation package can be found in the standard Centos/rhel warehouse. Unfortunately, the Augeas Ruby package used by Puppet is only available in puppetlabs warehouses (or Epel). If you do not have this warehouse in your system, please use the following command:

On the Centos/rhel 6.5:

# RPM-IVH https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabsrelease610.noarch.rpm

On the Centos/rhel 7:

# RPM-IVH https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabsrelease710.noarch.rpm

After you have successfully installed this warehouse, install Rubyaugeas on your system:

# yum Install Rubyaugeas

Or if you continue with my last tutorial, install the package using the Puppet method. Modify your Custom_utils class in the/etc/puppet/manifests/site.pp and add "Rubyaugeas" to the packages line.

Class Custom_utils {package {"Nmap", "Telnet", "vimenhanced", "traceroute," "Rubyaugeas"]:ensure => latest,allow_ Virtual => false,}}

Augeas with no puppet.

As I said earlier, the initial augeas didn't come from puppet Labs, which means that even without puppet itself we can still use it. This approach allows you to verify that your changes and ideas are correct before you deploy them to the puppet environment. To do this, you need to install an additional package in your system. Please execute the following command:

# yum Install Augeas

Puppet Augeas Sample

For demos, here are a few augeas use cases.

Manage/etc/sudoers Files

Add sudo permissions to the wheel group.

This example will show you how to add sudo permissions to the%wheel group in your gnu/linux system.

# Install sudo package package {' sudo ': Ensure => installed, # ensure sudo package installed} # allow users to belong to the wheel group to use Sudoaugeas {' Sudo_wheel ': Context => ' /files/etc/sudoers ', # The target file is/etc/sudoerschanges => [# allows wheel user to use sudo ' set spec[user = '%wheel ']/user ', ' ' Set SPE ' C[user = "%wheel"]/host_group/host all, ' Set spec[user = '%wheel ']/host_group/command all ', ' Set spec[user = '%wheel ']/ Host_group/command/runas_user all ',]}

Now to explain what the code does: spec defines the user segment in/etc/sudoers, [user] defines the given user in the array, and all the definitions are placed after the user's slash (/) section. So in a typical configuration this can be expressed in this way:

User Host_group/host Host_group/command Host_group/command/runas_user

This will be converted to this line under/etc/sudoers:

%wheel all = (All)

Add Command Alias

The following section shows you how to define a command alias, which can be used in your Sudoer file.

# Create a new service alias that contains some basic privileged commands. Augeas {' Sudo_cmdalias ': Context => '/files/etc/sudoers ', # target file is/etc/sudoerschanges => [' Set cmnd_alias[alias/ name = ' Services ']/alias/name services ', ' Set cmnd_alias[alias/name = ' Services ']/alias/command[1]/sbin/service ', ' Set Cmnd_alias[alias/name = ' Services ']/alias/command[2]/sbin/chkconfig ', ' Set cmnd_alias[alias/name = ' Services ']/alias /COMMAND[3]/bin/hostname "," Set cmnd_alias[alias/name = ' SERVICES ']/alias/command[4]/sbin/shutdown ",]}

The syntax for the sudo command alias is simple: Cmnd_alias defines the command-name segment, [Alias/name] binds all the given aliases, and/alias/name SERVICES defines the real alias, Alias/command is an array of all the commands that belong to the alias. The above will be converted as follows:

Cmnd_alias SERVICES =/sbin/service,/sbin/chkconfig,/bin/hostname,/sbin/shutdown

For more information on/etc/sudoers, please visit the official documentation.

To join a user in a group

To add a user to a group using Augeas, you might want to add a new user, whether it's in the GID field or after the last user uid. We use the SVN group in this example. This can be achieved by the following command:

In the puppet:

Augeas {' Augeas_mod_group:context => '/files/etc/group ', #目标文件是/etc/groupchanges => ["Ins user after Svn/*[self:: GID or Self::user][last ()] ", set Svn/user[last ()] John",]}

Use Augtool:

augtool> ins user after/files/etc/group/svn/*[self::gid or Self::user][last ()] augtool> SET/FILES/ETC/GROUP/SVN /user[last ()] John

Summarize

So far, you should have some idea of how to use Augeas in puppet projects. Try it at random and you'll definitely need to browse the official Augeas document. This will help you understand how to use augeas correctly in your personal projects, and it will let you know how much time you can save with it.

If you have any questions, please post them in the comments below and I will try to answer and advise you.