In Linux, how does one manage configurations with Puppet and Augeas?

In Linux, how does one manage configurations with Puppet and Augeas?

Although Puppet is a very unique and practical tool, you may use a different method in some cases. For example, modify a configuration file that is already on several of your servers and is unique on each server. Puppet lab staff also recognized this situation and have developed an excellent tool named Augeas, which is specifically designed for this purpose.

 

To be precise, Augeas can make up for the shortcomings of Puppet functions when the resource type for a specific object is missing, such as the host resource for processing the/etc/hosts entry. In this practical article, you will learn how to use Augeas to simplify configuration file management.

Introduction to Augeas

Augeas is basically a configuration editing tool. It can analyze configuration files in native format and convert them into a tree. You only need to process this tree and save it back as a native configuration file, you can change the configuration.

What is the purpose of this tutorial?

We will install and configure the Augeas tool to work with the Puppet server we built earlier. We will use this tool to create and test several different configurations and learn how to use it properly to manage our system configurations.

Prerequisites

We need a running Puppet server and client environment. If you do not have this environment, see my previous tutorial: http://xmodulo.com/manage-configurations-linux-puppet-augeas.html.

You can find the Augeas software package in our CentOS/RHEL standard software library. Unfortunately, Puppet uses the puppetlabs software library or EPEL. If you do not have the software library in your system, use the following command to add it:

On CentOS/RHEL 6.5:

 
 

  
  
# rpm -­ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs­release­6­10.noarch.rpm 
 
 

On CentOS/RHEL 7:

 
 

  
  
# rpm -­ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs­release­7­10.noarch.rpm 
 
 

After successfully adding this software library, install Ruby in your system:

 
 

  
  
# yum install ruby­augeas 
 
 

Alternatively, you can use Puppet to install the software package. Modify the custom_utils class in/etc/puppet/manifests/site. pp to include "ruby-augeas" in the package array ":

 
 

  
  
class custom_utils {  
  
  
 
  
  
package { ["nmap","telnet","vim­enhanced","traceroute","ruby­augeas"]:  
  
  
 
  
  
ensure => latest,  
  
  
allow_virtual => false,  
  
  
}  
  
  
}  
  
  
 
 
 

Do not use Puppet's Augeas

As mentioned at the beginning of this article, Augeas was not originally from the Puppet lab, which means that we can still use it without even having to use Puppet itself. This method is suitable for verifying your changes and ideas and then applying them to your Puppet environment. To make this possible, you need to install an additional software package in the system. To do this, run the following command:

 
 

  
  
# yum install augeas 
 
 

Puppet Augeas example

For ease of demonstration, the following are examples of Augeas.

Manage/etc/sudoers files

1. Add the sudo permission to the wheel group.

This example shows how to add simple sudo permissions to group % wheel in your GNU/Linux system.

 
 

  
  
# Install sudo package   
  
  
package { 'sudo':   
  
  
    ensure => installed, # ensure sudo package installed   
  
  
}   
  
  
    
  
  
# Allow users belonging to wheel group to use sudo   
  
  
augeas { 'sudo_wheel':   
  
  
    context => '/files/etc/sudoers', # The target file is /etc/sudoers   
  
  
    changes => [   
  
  
        # allow wheel users to use sudo   
  
  
        'set spec[user = "%wheel"]/user %wheel',   
  
  
        'set spec[user = "%wheel"]/host_group/host ALL',   
  
  
        'set spec[user = "%wheel"]/host_group/command ALL',   
  
  
        'set spec[user = "%wheel"]/host_group/command/runas_user ALL',   
  
  
    ]   
  
  
}  
 
 

The purpose of the code can be explained now: spec specifies the user section in/etc/sudoers, and [user] defines specific users from the array, with a slash /) all subsequent definitions are the sub-parts of the user. Therefore, in typical configurations, this is interpreted:

 
 

  
  
user host_group/host host_group/command host_group/command/runas_user 
 
 

This is equivalent to this line of/etc/sudoers:

 
 

  
  
%wheel ALL = (ALL) ALL  
 
 

2. Add command alias

The following section shows how to define the command alias that you can use in the sudoers file.

 
 

  
  
# Create new alias SERVICES which contains some basic privileged commands   
  
  
augeas { 'sudo_cmdalias':   
  
  
    context => '/files/etc/sudoers', # The target file is /etc/sudoers   
  
  
    changes => [   
  
  
      "set Cmnd_Alias[alias/name = 'SERVICES']/alias/name SERVICES",   
  
  
      "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[1] /sbin/service",   
  
  
      "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[2] /sbin/chkconfig",   
  
  
      "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[3] /bin/hostname",   
  
  
      "set Cmnd_Alias[alias/name = 'SERVICES']/alias/command[4] /sbin/shutdown",   
  
  
    ]   
  
  
}  
 
 

The syntax of the sudo command alias is quite simple: Cmnd_Alias defines the part of the command alias, [alias/name] binds all to a specific alias name, /alias/name SERVICES defines the actual alias name, And alias/command is an array composed of all commands that should belong to the alias. The output result of this command is as follows:

 
 

  
  
Cmnd_Alias SERVICES = /sbin/service , /sbin/chkconfig , /bin/hostname , /sbin/shutdown 
 
 

For more information about/etc/sudoers, visit the official documentation: http://augeas.net/docs/references/lenses/files/sudoers-aug.html.

Add users to a group

To use Augeas to add users to a group, you may need to add new users after the gid field or after the previous user. For this example, we will use the group SVN. You can use the following command to do this:

In Puppet:

 
 

  
  
augeas { 'augeas_mod_group:   
  
  
    context => '/files/etc/group', # The target file is /etc/group   
  
  
    changes => [  
  
  
        "ins user after svn/*[self::gid or self::user][last()]",   
  
  
        "set svn/user[last()] john",   
  
  
    ]  
  
  
} 
 
 

Use augtool:

 
 

  
  
augtool> ins user after /files/etc/group/svn/*[self::gid or self::user][last()] augtool> set /files/etc/group/svn/user[last()] john 
 
 

Conclusion

Now you should have a clear understanding of how to use Augeas in your Puppet project. Please try it out at will. Of course, please refer to the official Augeas instructions. It helps you understand how to use Augeas properly in your project and shows how much time you can actually save using it.

If you have any questions, please leave a message.

Practical links

You can refer to the tutorial of augeas at http://www.watzmann.net/categories/augeas.html.

Bytes.
 

Http://xmodulo.com/manage-configurations-linux-puppet-augeas.html.