Shulou(Shulou.com)06/01 Report--

This article is about how to manage configuration with Puppet and Augeas in Linux. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Although Puppet is a very unique and useful tool, in some cases you may use a slightly different approach. In this case, for example, changes are already made on several of your servers and unique configuration files on each server at the same time. Puppet Lab staff are also aware of this situation and have developed an excellent tool called Augeas, which is specifically designed for this purpose.

Specifically, in the absence of object-specific resource types (such as host resources that process / etc/hosts entries), Augeas can make up for the lack of Puppet functionality. In this practical article, you will learn how to use Augeas to simplify the management of configuration files.

Introduction to Augeas

Augeas is basically a configuration editing tool. It can analyze configuration files in native format and turn them into a tree. You can change the configuration as long as you process the tree and save it back to the native configuration file.

What are we going to achieve in this tutorial?

We will install and configure the Augeas tool for use with the Puppet server we built earlier. We will use this tool to create and test several different configurations and learn how to use it properly to manage our system configuration.

prerequisite

We need a working Puppet server and client environment. If you don't already have this environment, please refer to my previous tutorial: http://xmodulo.com/manage-configurations-linux-puppet-augeas.html.

The Augeas package can be found in our CentOS/RHEL standard software library. Unfortunately, Puppet uses the Augeas ruby wrapper found only in the puppetlabs software library (or EPEL). If you don't already have this software library in your system, use the following command to add it:

On CentOS/RHEL 6.5:

# rpm-­ivh https://yum.puppetlabs.com/el/6.5/products/x86_64/puppetlabs ­release ­6 ­10.noarch.rpm

On CentOS/RHEL 7:

# rpm-­ivh https://yum.puppetlabs.com/el/7/products/x86_64/puppetlabs ­release ­7 ­10.noarch.rpm

After successfully adding this software library, install Ruby ­Augeas on your system:

# yum install ruby ­augeas

Or you can use Puppet to install the package. Modify the custom_utils class in / etc/puppet/manifests/site.pp to include "ruby ­augeas" in the package array:

Class custom_utils {package {["nmap", "telnet", "vim ­enhanced", "traceroute", "ruby augeas"]: ensure = > latest, allow_virtual = > false,}}

Augeas without Puppet

As mentioned at the beginning of the article, Augeas didn't come from the Puppet lab in the first place, which means we don't even need Puppet itself to use it. This method can be used to validate your changes and ideas, and then apply them to your Puppet environment. To make this possible, you need to install an additional package on the system. To do this, execute the following command:

# yum install augeas

Puppet Augeas example

For demonstration purposes, here are several sample Augeas use cases.

Manage / etc/sudoers Fil

1. Add sudo permissions to the wheel group

This example will show how to add simple sudo permissions to group% wheel on your GNU/Linux system.

# Install sudo package package {'sudo': ensure = > installed, # ensure sudo package installed} # Allow users belonging to wheel group to use sudo augeas {' sudo_wheel': context = >'/ files/etc/sudoers', # The target file is / etc/sudoers changes = > [# allow wheel users to use sudo' set spec [user = "% wheel"] / user% wheel' 'set spec [user = "% wheel"] / host_group/host ALL', 'set spec [user = "% wheel"] / host_group/command ALL',' set spec [user = "% wheel"] / host_group/command/runas_user ALL',]}

Now it's time to explain what the code does: spec specifies the user part of / etc/sudoers, [user] defines a specific user from the array, and all definitions after the slash (/) are subparts of that user. So in a typical configuration, this would be interpreted as:

User host_group/host host_group/command host_group/command/runas_user

This is equivalent to this line of / etc/sudoers:

% wheel ALL = (ALL) ALL

two。 Add command alias

The following section shows how to define command aliases that you can use in sudoers files.

# Create new alias SERVICES which contains some basic privileged commands augeas {'sudo_cmdalias': context = >' / files/etc/sudoers', # The target file is / etc/sudoers changes = > ["set Cmnd_ Alias [alias / name = 'SERVICES'] / alias/name SERVICES", "set Cmnd_ Alias [alias / name =' SERVICES'] / alias/command [1] / sbin/service" "set Cmnd_ Alias [alias / name = 'SERVICES'] / alias/command [2] / sbin/chkconfig", "set Cmnd_ Alias [name =' SERVICES'] / alias/command [3] / bin/hostname", "set Cmnd_ Alias [alias / name = 'SERVICES'] / alias/command [4] / sbin/shutdown",]}

The syntax for sudo command aliases is fairly simple: Cmnd_Alias defines the part of the command alias, [alias/name] binds everything to a specific alias name, / alias/name SERVICES defines the actual alias name, and alias/command is an array of all commands that should be part of that alias. The output of this command will be as follows:

Cmnd_Alias SERVICES = / sbin/service, / sbin/chkconfig, / bin/hostname, / sbin/shutdown

For more information about / etc/sudoers, please visit the official documentation: http://augeas.net/docs/references/lenses/files/sudoers-aug.html.

Add users to a group

To add users to a group using Augeas, you may need to add new users after the gid field or after the previous user. For this example, we will use the group SVN. You can do this using the following command:

In Puppet:

Augeas {'augeas_mod_group: context = >' / files/etc/group', # The target file is / etc/group changes = > ["ins user after svn/* [self::gid or self::user] [last ()]", "set svn/user [last ()] john",]}

Use augtool:

Augtool > ins user after / files/etc/group/svn/* [self::gid or self::user] [last ()] augtool > set / files/etc/group/svn/user [last ()] john Thank you for reading! This is the end of this article on "how to manage configuration with the help of Puppet and Augeas in Linux". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it out for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.