How to Use Puppet and Augeas to manage Linux configurations

How to Use Puppet and Augeas to manage Linux configurations

Although Puppet is a truly unique and useful tool, you can use it in some cases in a different way. For example, you need to modify several existing configuration files on the server, and they are slightly different from each other. People at the Puppet Lab also realized this. They integrated a great tool called Augeas in Puppet, which was designed for such use.

Augeas can be considered to fill the gaps in Puppet capabilities. For example, when the resource type of a specified object (such as the host resource used to maintain entries in/etc/hosts) is unavailable. In this document, you will learn how to use Augeas to ease the burden on managing configuration files.

What is Augeas?

Augeas is basically a configuration editing tool. It parses configuration files in their native format and converts them into trees. Configuration changes can be completed through the operation tree and saved in the native configuration file format.

Puppet Learning Series:

Puppet Learning 1: Installation and simple instance applications

Puppet 2: simple module configuration and application

Research on three Backup Recovery solutions for Puppet agent
Register your Puppet node in a safer way
Deep understanding of Puppet syntax and working mechanism through SSH Configuration
Puppet uses Nginx multiple ports for Load Balancing
C/S mode instance of Puppet in CentOS (5 and 6)

What is the purpose of this tutorial?

We will install and configure Augeas for the Puppet server we built earlier. We will use this tool to create and test several different configuration files and learn how to use it appropriately to manage our system configurations.

Pre-reading

We need a working Puppet server and client. If you do not have one, follow my previous tutorial.

The Augeas installation package can be found in the standard CentOS/RHEL repository. Unfortunately, the Augeas ruby encapsulation used by Puppet is only available in the puppetlabs repository (or EPEL. If you do not have this repository in your system, use the following command:

On CentOS/RHEL 6.5:

1. # Rpm-­ ivh restart

On CentOS/RHEL 7:

1. # Rpm-­ ivh restart

After you have successfully installed this repository, install Ruby in your system:

1. # Yum install ruby-augeas

Or, if you continue from my previous tutorial, use the puppet method to install this package. Modify Your custom_utils class in/etc/puppet/manifests/site. pp and add "ruby-augeas" to the packages line ".

1. Class custom_utils {
2. Package {["nmap", "telnet", "vim ­ enhanced", "traceroute", "ruby ­ augeas"]:
3. Ensure => latest,
4. Allow_virtual => false,
5. }
6. }

Augeas without Puppet

As I said earlier, Augeas was not originally from the Puppet lab, which means we can still use it even if there is no Puppet itself. This method verifies whether your modifications and ideas are correct before you deploy them in the Puppet environment. To do this, you need to install an additional software package in your system. Run the following command:

1. # Yum install augeas

Puppet Augeas example

Used for demonstration. Here are several Augeas use cases.

Manage/etc/sudoers files

1. Add the sudo permission to the wheel group.

This example shows how to add sudo permissions to the % wheel group in your GNU/Linux system.

1. # Install the sudo package
2. Package {'sudo ':
3. Ensure => installed, # Make sure The sudo package is installed
4. }
5.  
6. # Allow users to belong to the wheel group to use sudo
7. Augeas {'sudo _ wheel ':
8. Context => '/files/etc/sudoers', # the target file is/etc/sudoers.
9. Changes => [
10. # Allow the user of the wheel to use sudo
11. 'Set spec [user = "% wheel"]/user % wheel ',
12. 'Set spec [user = "% wheel"]/host_group/host all ',
13. 'Set spec [user = "% wheel"]/host_group/command all ',
14. 'Set spec [user = "% wheel"]/host_group/command/runas_user all ',
15. ]
16. }

Now let's explain what the code has done: spec defines the user segment in/etc/sudoers, and [user] defines the user specified in the array, all definitions are placed after the user's slash. Therefore, in typical configurations, this can be expressed as follows:

1. User host_group/host host_group/command/runas_user

This will be converted to this line under/etc/sudoers:

1. % Wheel ALL = (ALL) ALL

1. Add command alias

The following sections show you how to define the command alias, which can be used in your sudoer file.

1. # Create a new SERVICE alias, which contains some basic privileged commands.
2. Augeas {'sudo _ Same alias ':
3. Context => '/files/etc/sudoers', # the target file is/etc/sudoers.
4. Changes => [
5. "Set Cmnd_Alias [alias/name = 'service']/alias/name SERVICES ",
6. "Set Cmnd_Alias [alias/name = 'service']/alias/command [1]/sbin/service ",
7. "Set Cmnd_Alias [alias/name = 'service']/alias/command [2]/sbin/chkconfig ",
8. "Set Cmnd_Alias [alias/name = 'service']/alias/command [3]/bin/hostname ",
9. "Set Cmnd_Alias [alias/name = 'service']/alias/command [4]/sbin/shutdown ",
10. ]
11. }

The syntax for sudo command alias is simple: Cmnd_Alias defines the command alias field, [alias/name] binds all given aliases,/alias/name SERVICES defines real aliases, alias/command is an array of all commands belonging to this alias. The above will be converted as follows:

1. Cmnd_Alias SERVICES =/sbin/service,/sbin/chkconfig,/bin/hostname,/sbin/shutdown

For more information about/etc/sudoers, visit the official documentation.

Add a user to a group

To use Augeas to add users to a group, you may want to add a new user, either after the gid field or the last user uid. In this example, the SVN group is used. This can be achieved through the following command:

In Puppet:

1. Augeas {'augeas _ mod_group:
2. Context => '/files/etc/group', # the target file is/etc/group.
3. Changes => [
4. "Ins user after svn/* [self: gid or self: user] [last ()]",
5. "Set svn/user [last ()] john ",
6. ]
7. }

Use augtool:

1. Augtool> ins user after/files/etc/group/svn/* [self: gid or self: user] [last ()] augtool> set/files/etc/group/svn/user [last ()] john

Summary

So far, you should understand how to use Augeas In the Puppet project. If you want to give it a try, you must browse the official Augeas document. This helps you understand how to use Augeas correctly in your personal project and how much time it can save.

If you have any questions, please post them in the following comments. I will try my best to answer them and give you suggestions.

Useful Links

• Http://www.watzmann.net/categories/augeas.html: contains many tutorials on the use of Augeas.
• Http://projects.puppetlabs.com/projects/1/wiki/puppet_augeas: Puppet wiki has many instances.

For more information about Puppet, click here.
Puppet: click here

This article permanently updates the link address: