SlideShare a Scribd company logo

A DECADE OF CONFIGURATION SURGERY

L
lutter

Introduction to Augeas and examples for how to use it to edit configuration files programmatically from cfgmgmtcamp

Software
1 of 43
Download to read offline
David Lutterkort lutter@puppet.com Augeas A decade of configuration surgery
What's the problem?
The problem: Edit configuration files programmatically
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/'
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/'
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/'
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/' $ grep PermitRootLogin /etc/ssh/sshd_config # PermitRootLogin no
The real problem: Large number of config file formats
Reading files is easy. Modifying them is hard.
Whole-file management not always feasible
How does Augeas work?
Handle config files in place and in their native format
Use the same data structure for all files
Preserve 'unimportant' detail and minimize changes
How do you use Augeas?
C library with lots of language bindings (Ruby, Python, Go, Rust, Lua, Node, Haskell, OCaml, …)
Included in top-shelf config mgmt systems (Puppet type, augeasproviders, Salt, Mgmt, …)
Getting started: augtool $ augtool augtool> help Admin commands: context - change how relative paths are interpreted load - (re)load files under /files save - save all pending changes ... Informational commands: errors - show all errors encountered in processing files ...
Getting started: augtool $ augtool --help Usage: augtool [OPTIONS] [COMMAND] -b, --backup preserve originals of modified files with extension '.augsave' -r, --root ROOT use ROOT as the root of the filesystem -t, --transform XFM add a file transform -l, --load-file FILE load individual FILE in the tree -f, --file FILE read commands from FILE -L, --noload do not load any files into the tree on startup -A, --noautoload do not autoload modules from the search path
Getting started: augmatch (new in 1.10.1) $ docker pull lutter/augmatch $ docker run -ti lutter/augmatch / # augmatch --help Usage: augmatch [OPTIONS] FILE Print the contents of a file as parsed by augeas. Options: -l, --lens LENS use LENS to transform the file -m, --match EXPR start printing where nodes match EXPR -e, --exact print only exact matches ...
Example: /etc/exports $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync dir[2]/client[2] = 192.168.50.2/32 dir[2]/client[2]/option[1] = rw dir[2]/client[2]/option[2] = root_squash ...
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export a directory $ augmatch --only-value --exact --match dir/client /etc/exports 207.46.0.0/16 207.46.0.0/16 192.168.50.2/32 207.46.0.0/16 *
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export the /home directory $ augmatch -eom 'dir["/home"]/client ' /etc/exports 207.46.0.0/16 192.168.50.2/32
Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) $ augmatch -eom 'dir[client[not(option = "root_squash")]]' /etc/exports /local /home /pub
Getting started: augmatch (new in 1.10.1) # How match dir[client[not(option = "root_squash")]] works $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync ...
Example: Idempotent change Ensure options of a particular client for a particular directory
Strategy 1. Initialize Augeas and load file(s) 2. Create entry in /scratch 3. Move or append entry
Idempotent change $ augtool print /files/etc/exports/dir["/home"]/client[1] /files/etc/exports/dir[2]/client[1] = "207.46.0.0/16" /files/etc/exports/dir[2]/client[1]/option[1] = "rw" /files/etc/exports/dir[2]/client[1]/option[2] = "root_squash" /files/etc/exports/dir[2]/client[1]/option[3] = "sync"
Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
/files file contents /augeas metadata /context current 'directory' /load file/lens mappings /root file system root /save how to save files /version current version
/augeas/files/<path> file metadata /path path under /files /mtime file's mtime /lens lens used to process /error error detail
How can I get involved?
Need to reorganize and expand docs (Want to move to gitbook)
Other ideas - Many language bindings could use some love - Write moar lenses - Make Augeas work on Windows
Learn more and get in touch https://augeas.net/

Recommended

Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...Vi Grey
 
Solaris_quickref.pdf
Solaris_quickref.pdfSolaris_quickref.pdf
Solaris_quickref.pdfRobertoBravo58
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X ServerYasuhiro Asaka
 
GDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしようGDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしようSatoshi Noda
 
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...Zyxware Technologies
 
Linux Command Line
Linux Command LineLinux Command Line
Linux Command LinePrima Yogi Loviniltra
 
NUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline TutorialNUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline TutorialGagah Arifianto
 
Unix 5 en
Unix 5 enUnix 5 en
Unix 5 enSimonas Kareiva
 

Recommended

Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...Vi Grey
 
Solaris_quickref.pdf
Solaris_quickref.pdfSolaris_quickref.pdf
Solaris_quickref.pdfRobertoBravo58
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X ServerYasuhiro Asaka
 
GDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしようGDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしようSatoshi Noda
 
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...Zyxware Technologies
 
Linux Command Line
Linux Command LineLinux Command Line
Linux Command LinePrima Yogi Loviniltra
 
NUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline TutorialNUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline TutorialGagah Arifianto
 
Unix 5 en
Unix 5 enUnix 5 en
Unix 5 enSimonas Kareiva
 
What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit Meenu Chopra
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to ProveKazuho Oku
 
Goの標準的な開発の流れ
Goの標準的な開発の流れGoの標準的な開発の流れ
Goの標準的な開発の流れRyuji Iwata
 
Unix shell scripting
Unix shell scriptingUnix shell scripting
Unix shell scriptingPavan Devarakonda
 
Fun with processes - lightning talk
Fun with processes - lightning talkFun with processes - lightning talk
Fun with processes - lightning talkPaweł Dawczak
 
clonehd01
clonehd01clonehd01
clonehd01Luiz Francisco Bozo
 
Unix shell scripting basics
Unix shell scripting basicsUnix shell scripting basics
Unix shell scripting basicsManav Prasad
 
Container Security
Container SecurityContainer Security
Container Securityamouat
 
PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12Kazuki KOMORI
 
Linux basic3
Linux basic3Linux basic3
Linux basic3Hideo Amezawa
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with PerlKazuho Oku
 
Windows shutdown virus source code c++
Windows shutdown virus source code c++Windows shutdown virus source code c++
Windows shutdown virus source code c++Andi Master Hiyperterminal
 
mapserver_install_linux
mapserver_install_linuxmapserver_install_linux
mapserver_install_linuxtutorialsruby
 
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...Puppet
 
Linux system admin
Linux system adminLinux system admin
Linux system adminMohammed Zainul Abiddin
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scriptingCorrado Santoro
 
Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Lingfei Kong
 
C99[2]
C99[2]C99[2]
C99[2]guest8914af
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 
A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementLubomir Rintel
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Augeas @RMLL 2012
Augeas @RMLL 2012Augeas @RMLL 2012
Augeas @RMLL 2012Raphaël PINSON
 

More Related Content

What's hot

What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit Meenu Chopra
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to ProveKazuho Oku
 
Goの標準的な開発の流れ
Goの標準的な開発の流れGoの標準的な開発の流れ
Goの標準的な開発の流れRyuji Iwata
 
Fun with processes - lightning talk
Fun with processes - lightning talkFun with processes - lightning talk
Fun with processes - lightning talkPaweł Dawczak
 
Unix shell scripting basics
Unix shell scripting basicsUnix shell scripting basics
Unix shell scripting basicsManav Prasad
 
Container Security
Container SecurityContainer Security
Container Securityamouat
 
PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12Kazuki KOMORI
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with PerlKazuho Oku
 
mapserver_install_linux
mapserver_install_linuxmapserver_install_linux
mapserver_install_linuxtutorialsruby
 
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...Puppet
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scriptingCorrado Santoro
 
Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Lingfei Kong
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingDan Morrill
 

What's hot (19)

What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to Prove
 
Goの標準的な開発の流れ
Goの標準的な開発の流れGoの標準的な開発の流れ
Goの標準的な開発の流れ
 
Unix shell scripting
Unix shell scriptingUnix shell scripting
Unix shell scripting
 
Fun with processes - lightning talk
Fun with processes - lightning talkFun with processes - lightning talk
Fun with processes - lightning talk
 
clonehd01
clonehd01clonehd01
clonehd01
 
Unix shell scripting basics
Unix shell scripting basicsUnix shell scripting basics
Unix shell scripting basics
 
Container Security
Container SecurityContainer Security
Container Security
 
PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with Perl
 
Windows shutdown virus source code c++
Windows shutdown virus source code c++Windows shutdown virus source code c++
Windows shutdown virus source code c++
 
mapserver_install_linux
mapserver_install_linuxmapserver_install_linux
mapserver_install_linux
 
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
 
Linux system admin
Linux system adminLinux system admin
Linux system admin
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scripting
 
Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本
 
C99[2]
C99[2]C99[2]
C99[2]
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
 

Similar to A DECADE OF CONFIGURATION SURGERY

A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementLubomir Rintel
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with AugeasPuppet
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansiblebcoca
 
Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguideAdarsh Patil
 
Tame your Infrastructure with Puppet
Tame your Infrastructure with PuppetTame your Infrastructure with Puppet
Tame your Infrastructure with Puppetdelimiter
 
Rush, a shell that will yield to you
Rush, a shell that will yield to youRush, a shell that will yield to you
Rush, a shell that will yield to youguestdd9d06
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?Ben Hall
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis OverviewLeo Lorieri
 
Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)Dominic Cleal
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from githubAntony Gitomeh
 
10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming languageYaroslav Tkachenko
 
Adventures in infrastructure as code
Adventures in infrastructure as codeAdventures in infrastructure as code
Adventures in infrastructure as codeJulian Simpson
 
Puppet Troubleshooting
Puppet TroubleshootingPuppet Troubleshooting
Puppet TroubleshootingPuppet
 
How to mount and unmount filesystem
How to mount and unmount filesystemHow to mount and unmount filesystem
How to mount and unmount filesystemCOMSATS
 

Similar to A DECADE OF CONFIGURATION SURGERY (20)

A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service management
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with Augeas
 
Augeas @RMLL 2012
Augeas @RMLL 2012Augeas @RMLL 2012
Augeas @RMLL 2012
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguide
 
Tame your Infrastructure with Puppet
Tame your Infrastructure with PuppetTame your Infrastructure with Puppet
Tame your Infrastructure with Puppet
 
Rush, a shell that will yield to you
Rush, a shell that will yield to youRush, a shell that will yield to you
Rush, a shell that will yield to you
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?
 
Dev ops
Dev opsDev ops
Dev ops
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
 
Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)
 
EC2
EC2EC2
EC2
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from github
 
10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language
 
Adventures in infrastructure as code
Adventures in infrastructure as codeAdventures in infrastructure as code
Adventures in infrastructure as code
 
Docker practice
Docker practiceDocker practice
Docker practice
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting Workshop
 
Puppet Troubleshooting
Puppet TroubleshootingPuppet Troubleshooting
Puppet Troubleshooting
 
Troubleshooting Puppet
Troubleshooting PuppetTroubleshooting Puppet
Troubleshooting Puppet
 
How to mount and unmount filesystem
How to mount and unmount filesystemHow to mount and unmount filesystem
How to mount and unmount filesystem
 

More from lutter

Libral - a systems management API for Linux
Libral - a systems management API for LinuxLibral - a systems management API for Linux
Libral - a systems management API for Linuxlutter
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configurationlutter
 
Orchestration and the New York Subway
Orchestration and the New York SubwayOrchestration and the New York Subway
Orchestration and the New York Subwaylutter
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppetlutter
 
Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015lutter
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppetlutter
 
Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)lutter
 
Puppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a bossPuppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a bosslutter
 
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)lutter
 
Aeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in AssemblyAeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in Assemblylutter
 
Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)lutter
 

More from lutter (11)

Libral - a systems management API for Linux
Libral - a systems management API for LinuxLibral - a systems management API for Linux
Libral - a systems management API for Linux
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Orchestration and the New York Subway
Orchestration and the New York SubwayOrchestration and the New York Subway
Orchestration and the New York Subway
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppet
 
Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppet
 
Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)
 
Puppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a bossPuppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a boss
 
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
 
Aeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in AssemblyAeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in Assembly
 
Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)
 

Recently uploaded

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Mater
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 

Recently uploaded (20)

Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)Ahmed Motair CV April 2024 (Senior SW Developer)
Ahmed Motair CV April 2024 (Senior SW Developer)
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 

A DECADE OF CONFIGURATION SURGERY

  • 3. The problem: Edit configuration files programmatically
  • 4. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/'
  • 5. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/'
  • 6. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/'
  • 7. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/' $ grep PermitRootLogin /etc/ssh/sshd_config # PermitRootLogin no
  • 8. The real problem: Large number of config file formats
  • 9. Reading files is easy. Modifying them is hard.
  • 10. Whole-file management not always feasible
  • 12. Handle config files in place and in their native format
  • 13. Use the same data structure for all files
  • 15.
  • 16.
  • 17. How do you use Augeas?
  • 18. C library with lots of language bindings (Ruby, Python, Go, Rust, Lua, Node, Haskell, OCaml, …)
  • 19. Included in top-shelf config mgmt systems (Puppet type, augeasproviders, Salt, Mgmt, …)
  • 20. Getting started: augtool $ augtool augtool> help Admin commands: context - change how relative paths are interpreted load - (re)load files under /files save - save all pending changes ... Informational commands: errors - show all errors encountered in processing files ...
  • 21. Getting started: augtool $ augtool --help Usage: augtool [OPTIONS] [COMMAND] -b, --backup preserve originals of modified files with extension '.augsave' -r, --root ROOT use ROOT as the root of the filesystem -t, --transform XFM add a file transform -l, --load-file FILE load individual FILE in the tree -f, --file FILE read commands from FILE -L, --noload do not load any files into the tree on startup -A, --noautoload do not autoload modules from the search path
  • 22. Getting started: augmatch (new in 1.10.1) $ docker pull lutter/augmatch $ docker run -ti lutter/augmatch / # augmatch --help Usage: augmatch [OPTIONS] FILE Print the contents of a file as parsed by augeas. Options: -l, --lens LENS use LENS to transform the file -m, --match EXPR start printing where nodes match EXPR -e, --exact print only exact matches ...
  • 23. Example: /etc/exports $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 24. Getting started: augmatch (new in 1.10.1) $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync dir[2]/client[2] = 192.168.50.2/32 dir[2]/client[2]/option[1] = rw dir[2]/client[2]/option[2] = root_squash ...
  • 25. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 26. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export a directory $ augmatch --only-value --exact --match dir/client /etc/exports 207.46.0.0/16 207.46.0.0/16 192.168.50.2/32 207.46.0.0/16 *
  • 27. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 28. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export the /home directory $ augmatch -eom 'dir["/home"]/client ' /etc/exports 207.46.0.0/16 192.168.50.2/32
  • 29. Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 30. Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) $ augmatch -eom 'dir[client[not(option = "root_squash")]]' /etc/exports /local /home /pub
  • 31. Getting started: augmatch (new in 1.10.1) # How match dir[client[not(option = "root_squash")]] works $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync ...
  • 32. Example: Idempotent change Ensure options of a particular client for a particular directory
  • 33. Strategy 1. Initialize Augeas and load file(s) 2. Create entry in /scratch 3. Move or append entry
  • 34. Idempotent change $ augtool print /files/etc/exports/dir["/home"]/client[1] /files/etc/exports/dir[2]/client[1] = "207.46.0.0/16" /files/etc/exports/dir[2]/client[1]/option[1] = "rw" /files/etc/exports/dir[2]/client[1]/option[2] = "root_squash" /files/etc/exports/dir[2]/client[1]/option[3] = "sync"
  • 35. Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
  • 36. Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
  • 37. Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
  • 38. /files file contents /augeas metadata /context current 'directory' /load file/lens mappings /root file system root /save how to save files /version current version
  • 39. /augeas/files/<path> file metadata /path path under /files /mtime file's mtime /lens lens used to process /error error detail
  • 40. How can I get involved?
  • 41. Need to reorganize and expand docs (Want to move to gitbook)
  • 42. Other ideas - Many language bindings could use some love - Write moar lenses - Make Augeas work on Windows
  • 43. Learn more and get in touch https://augeas.net/