SlideShare a Scribd company logo

Augeas

L
lutter

Introduction to Augeas and examples for how to use it to edit configuration files programmatically from cfgmgmtcamp

Software
1 of 43
Download to read offline
David Lutterkort lutter@puppet.com Augeas A decade of configuration surgery
What's the problem?
The problem: Edit configuration files programmatically
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/'
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/'
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/'
Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/' $ grep PermitRootLogin /etc/ssh/sshd_config # PermitRootLogin no
The real problem: Large number of config file formats
Reading files is easy. Modifying them is hard.
Whole-file management not always feasible
How does Augeas work?
Handle config files in place and in their native format
Use the same data structure for all files
Preserve 'unimportant' detail and minimize changes
How do you use Augeas?
C library with lots of language bindings (Ruby, Python, Go, Rust, Lua, Node, Haskell, OCaml, …)
Included in top-shelf config mgmt systems (Puppet type, augeasproviders, Salt, Mgmt, …)
Getting started: augtool $ augtool augtool> help Admin commands: context - change how relative paths are interpreted load - (re)load files under /files save - save all pending changes ... Informational commands: errors - show all errors encountered in processing files ...
Getting started: augtool $ augtool --help Usage: augtool [OPTIONS] [COMMAND] -b, --backup preserve originals of modified files with extension '.augsave' -r, --root ROOT use ROOT as the root of the filesystem -t, --transform XFM add a file transform -l, --load-file FILE load individual FILE in the tree -f, --file FILE read commands from FILE -L, --noload do not load any files into the tree on startup -A, --noautoload do not autoload modules from the search path
Getting started: augmatch (new in 1.10.1) $ docker pull lutter/augmatch $ docker run -ti lutter/augmatch / # augmatch --help Usage: augmatch [OPTIONS] FILE Print the contents of a file as parsed by augeas. Options: -l, --lens LENS use LENS to transform the file -m, --match EXPR start printing where nodes match EXPR -e, --exact print only exact matches ...
Example: /etc/exports $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync dir[2]/client[2] = 192.168.50.2/32 dir[2]/client[2]/option[1] = rw dir[2]/client[2]/option[2] = root_squash ...
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export a directory $ augmatch --only-value --exact --match dir/client /etc/exports 207.46.0.0/16 207.46.0.0/16 192.168.50.2/32 207.46.0.0/16 *
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export the /home directory $ augmatch -eom 'dir["/home"]/client ' /etc/exports 207.46.0.0/16 192.168.50.2/32
Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) $ augmatch -eom 'dir[client[not(option = "root_squash")]]' /etc/exports /local /home /pub
Getting started: augmatch (new in 1.10.1) # How match dir[client[not(option = "root_squash")]] works $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync ...
Example: Idempotent change Ensure options of a particular client for a particular directory
Strategy 1. Initialize Augeas and load file(s) 2. Create entry in /scratch 3. Move or append entry
Idempotent change $ augtool print /files/etc/exports/dir["/home"]/client[1] /files/etc/exports/dir[2]/client[1] = "207.46.0.0/16" /files/etc/exports/dir[2]/client[1]/option[1] = "rw" /files/etc/exports/dir[2]/client[1]/option[2] = "root_squash" /files/etc/exports/dir[2]/client[1]/option[3] = "sync"
Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
/files file contents /augeas metadata /context current 'directory' /load file/lens mappings /root file system root /save how to save files /version current version
/augeas/files/<path> file metadata /path path under /files /mtime file's mtime /lens lens used to process /error error detail
How can I get involved?
Need to reorganize and expand docs (Want to move to gitbook)
Other ideas - Many language bindings could use some love - Write moar lenses - Make Augeas work on Windows
Learn more and get in touch https://augeas.net/

Recommended

Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Vi Grey
 
Solaris_quickref.pdf
Solaris_quickref.pdfSolaris_quickref.pdf
Solaris_quickref.pdf
RobertoBravo58
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X Server
Yasuhiro Asaka
 
GDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしようGDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしよう
Satoshi Noda
 
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Zyxware Technologies
 
Linux Command Line
Linux Command LineLinux Command Line
Linux Command Line
Prima Yogi Loviniltra
 
NUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline TutorialNUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline Tutorial
Gagah Arifianto
 
Unix 5 en
Unix 5 enUnix 5 en
Unix 5 en
Simonas Kareiva
 

Recommended

Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Phishing for Root (How I Got Access to Root on Your Computer With 8 Seconds o...
Vi Grey
 
Solaris_quickref.pdf
Solaris_quickref.pdfSolaris_quickref.pdf
Solaris_quickref.pdf
RobertoBravo58
 
Gitosis on Mac OS X Server
Gitosis on Mac OS X ServerGitosis on Mac OS X Server
Gitosis on Mac OS X Server
Yasuhiro Asaka
 
GDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしようGDG DevFest Kyoto 2014 これからのGoの話をしよう
GDG DevFest Kyoto 2014 これからのGoの話をしよう
Satoshi Noda
 
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Introduction to Bash Scripting, Zyxware Technologies, CSI Students Convention...
Zyxware Technologies
 
Linux Command Line
Linux Command LineLinux Command Line
Linux Command Line
Prima Yogi Loviniltra
 
NUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline TutorialNUMOSS 4th Week - Commandline Tutorial
NUMOSS 4th Week - Commandline Tutorial
Gagah Arifianto
 
Unix 5 en
Unix 5 enUnix 5 en
Unix 5 en
Simonas Kareiva
 
What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
Meenu Chopra
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to Prove
Kazuho Oku
 
Goの標準的な開発の流れ
Goの標準的な開発の流れGoの標準的な開発の流れ
Goの標準的な開発の流れ
Ryuji Iwata
 
Unix shell scripting
Unix shell scriptingUnix shell scripting
Unix shell scripting
Pavan Devarakonda
 
Fun with processes - lightning talk
Fun with processes - lightning talkFun with processes - lightning talk
Fun with processes - lightning talk
Paweł Dawczak
 
clonehd01
clonehd01clonehd01
clonehd01
Luiz Francisco Bozo
 
Unix shell scripting basics
Unix shell scripting basicsUnix shell scripting basics
Unix shell scripting basics
Manav Prasad
 
Container Security
Container SecurityContainer Security
Container Security
amouat
 
PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12
Kazuki KOMORI
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
Hideo Amezawa
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with Perl
Kazuho Oku
 
Windows shutdown virus source code c++
Windows shutdown virus source code c++Windows shutdown virus source code c++
Windows shutdown virus source code c++
Andi Master Hiyperterminal
 
mapserver_install_linux
mapserver_install_linuxmapserver_install_linux
mapserver_install_linux
tutorialsruby
 
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
Puppet
 
Linux system admin
Linux system adminLinux system admin
Linux system admin
Mohammed Zainul Abiddin
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scripting
Corrado Santoro
 
Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本
Lingfei Kong
 
C99[2]
C99[2]C99[2]
C99[2]
guest8914af
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
Dan Morrill
 
A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service management
Lubomir Rintel
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with Augeas
Puppet
 
Augeas @RMLL 2012
Augeas @RMLL 2012Augeas @RMLL 2012
Augeas @RMLL 2012
Raphaël PINSON
 

More Related Content

What's hot

What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
Meenu Chopra
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to Prove
Kazuho Oku
 
Goの標準的な開発の流れ
Goの標準的な開発の流れGoの標準的な開発の流れ
Goの標準的な開発の流れ
Ryuji Iwata
 
Unix shell scripting
Unix shell scriptingUnix shell scripting
Unix shell scripting
Pavan Devarakonda
 
Fun with processes - lightning talk
Fun with processes - lightning talkFun with processes - lightning talk
Fun with processes - lightning talk
Paweł Dawczak
 
clonehd01
clonehd01clonehd01
clonehd01
Luiz Francisco Bozo
 
Unix shell scripting basics
Unix shell scripting basicsUnix shell scripting basics
Unix shell scripting basics
Manav Prasad
 
Container Security
Container SecurityContainer Security
Container Security
amouat
 
PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12
Kazuki KOMORI
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
Hideo Amezawa
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with Perl
Kazuho Oku
 
Windows shutdown virus source code c++
Windows shutdown virus source code c++Windows shutdown virus source code c++
Windows shutdown virus source code c++
Andi Master Hiyperterminal
 
mapserver_install_linux
mapserver_install_linuxmapserver_install_linux
mapserver_install_linux
tutorialsruby
 
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
Puppet
 
Linux system admin
Linux system adminLinux system admin
Linux system admin
Mohammed Zainul Abiddin
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scripting
Corrado Santoro
 
Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本
Lingfei Kong
 
C99[2]
C99[2]C99[2]
C99[2]
guest8914af
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
Dan Morrill
 

What's hot (19)

What is suid, sgid and sticky bit
What is suid, sgid and sticky bit What is suid, sgid and sticky bit
What is suid, sgid and sticky bit
 
Using the Power to Prove
Using the Power to ProveUsing the Power to Prove
Using the Power to Prove
 
Goの標準的な開発の流れ
Goの標準的な開発の流れGoの標準的な開発の流れ
Goの標準的な開発の流れ
 
Unix shell scripting
Unix shell scriptingUnix shell scripting
Unix shell scripting
 
Fun with processes - lightning talk
Fun with processes - lightning talkFun with processes - lightning talk
Fun with processes - lightning talk
 
clonehd01
clonehd01clonehd01
clonehd01
 
Unix shell scripting basics
Unix shell scripting basicsUnix shell scripting basics
Unix shell scripting basics
 
Container Security
Container SecurityContainer Security
Container Security
 
PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12PHPerのためのPerl入門@ Kansai.pm#12
PHPerのためのPerl入門@ Kansai.pm#12
 
Linux basic3
Linux basic3Linux basic3
Linux basic3
 
Unix Programming with Perl
Unix Programming with PerlUnix Programming with Perl
Unix Programming with Perl
 
Windows shutdown virus source code c++
Windows shutdown virus source code c++Windows shutdown virus source code c++
Windows shutdown virus source code c++
 
mapserver_install_linux
mapserver_install_linuxmapserver_install_linux
mapserver_install_linux
 
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
The Puppet Debugging Kit: Building Blocks for Exploration and Problem Solving...
 
Linux system admin
Linux system adminLinux system admin
Linux system admin
 
Introduction to shell scripting
Introduction to shell scriptingIntroduction to shell scripting
Introduction to shell scripting
 
Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本Shell实现的windows回收站功能的脚本
Shell实现的windows回收站功能的脚本
 
C99[2]
C99[2]C99[2]
C99[2]
 
Process monitoring in UNIX shell scripting
Process monitoring in UNIX shell scriptingProcess monitoring in UNIX shell scripting
Process monitoring in UNIX shell scripting
 

Similar to Augeas

A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service management
Lubomir Rintel
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with Augeas
Puppet
 
Augeas @RMLL 2012
Augeas @RMLL 2012Augeas @RMLL 2012
Augeas @RMLL 2012
Raphaël PINSON
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
bcoca
 
Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguide
Adarsh Patil
 
Tame your Infrastructure with Puppet
Tame your Infrastructure with PuppetTame your Infrastructure with Puppet
Tame your Infrastructure with Puppet
delimiter
 
Rush, a shell that will yield to you
Rush, a shell that will yield to youRush, a shell that will yield to you
Rush, a shell that will yield to you
guestdd9d06
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?
Ben Hall
 
Dev ops
Dev opsDev ops
Dev ops
Tom Hall
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
Leo Lorieri
 
Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)
Dominic Cleal
 
EC2
EC2EC2
EC2
Igor Kapkov
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from github
Antony Gitomeh
 
10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language
Yaroslav Tkachenko
 
Adventures in infrastructure as code
Adventures in infrastructure as codeAdventures in infrastructure as code
Adventures in infrastructure as code
Julian Simpson
 
Docker practice
Docker practiceDocker practice
Docker practice
wonyong hwang
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting Workshop
Ahmed Magdy Ezzeldin, MSc.
 
Puppet Troubleshooting
Puppet TroubleshootingPuppet Troubleshooting
Puppet Troubleshooting
Puppet
 
Troubleshooting Puppet
Troubleshooting PuppetTroubleshooting Puppet
Troubleshooting Puppet
Thomas Howard Uphill
 
How to mount and unmount filesystem
How to mount and unmount filesystemHow to mount and unmount filesystem
How to mount and unmount filesystem
COMSATS
 

Similar to Augeas (20)

A journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service managementA journey through the years of UNIX and Linux service management
A journey through the years of UNIX and Linux service management
 
Configuration Surgery with Augeas
Configuration Surgery with AugeasConfiguration Surgery with Augeas
Configuration Surgery with Augeas
 
Augeas @RMLL 2012
Augeas @RMLL 2012Augeas @RMLL 2012
Augeas @RMLL 2012
 
Hacking ansible
Hacking ansibleHacking ansible
Hacking ansible
 
Globus toolkit4installationguide
Globus toolkit4installationguideGlobus toolkit4installationguide
Globus toolkit4installationguide
 
Tame your Infrastructure with Puppet
Tame your Infrastructure with PuppetTame your Infrastructure with Puppet
Tame your Infrastructure with Puppet
 
Rush, a shell that will yield to you
Rush, a shell that will yield to youRush, a shell that will yield to you
Rush, a shell that will yield to you
 
How Secure Are Docker Containers?
How Secure Are Docker Containers?How Secure Are Docker Containers?
How Secure Are Docker Containers?
 
Dev ops
Dev opsDev ops
Dev ops
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
 
Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)Configuration surgery with Augeas (OggCamp 12)
Configuration surgery with Augeas (OggCamp 12)
 
EC2
EC2EC2
EC2
 
Installing odoo v8 from github
Installing odoo v8 from githubInstalling odoo v8 from github
Installing odoo v8 from github
 
10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language10 tips for making Bash a sane programming language
10 tips for making Bash a sane programming language
 
Adventures in infrastructure as code
Adventures in infrastructure as codeAdventures in infrastructure as code
Adventures in infrastructure as code
 
Docker practice
Docker practiceDocker practice
Docker practice
 
Bash Scripting Workshop
Bash Scripting WorkshopBash Scripting Workshop
Bash Scripting Workshop
 
Puppet Troubleshooting
Puppet TroubleshootingPuppet Troubleshooting
Puppet Troubleshooting
 
Troubleshooting Puppet
Troubleshooting PuppetTroubleshooting Puppet
Troubleshooting Puppet
 
How to mount and unmount filesystem
How to mount and unmount filesystemHow to mount and unmount filesystem
How to mount and unmount filesystem
 

More from lutter

Libral - a systems management API for Linux
Libral - a systems management API for LinuxLibral - a systems management API for Linux
Libral - a systems management API for Linux
lutter
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
lutter
 
Orchestration and the New York Subway
Orchestration and the New York SubwayOrchestration and the New York Subway
Orchestration and the New York Subway
lutter
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppet
lutter
 
Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015
lutter
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppet
lutter
 
Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)
lutter
 
Puppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a bossPuppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a boss
lutter
 
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
lutter
 
Aeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in AssemblyAeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in Assembly
lutter
 
Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)
lutter
 

More from lutter (11)

Libral - a systems management API for Linux
Libral - a systems management API for LinuxLibral - a systems management API for Linux
Libral - a systems management API for Linux
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Orchestration and the New York Subway
Orchestration and the New York SubwayOrchestration and the New York Subway
Orchestration and the New York Subway
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppet
 
Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015Appmgmt cfgmgmtcamp-2015
Appmgmt cfgmgmtcamp-2015
 
Beyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with PuppetBeyond Golden Containers: Complementing Docker with Puppet
Beyond Golden Containers: Complementing Docker with Puppet
 
Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)Razor: provision like a boss (Build-a-cloud edition)
Razor: provision like a boss (Build-a-cloud edition)
 
Puppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a bossPuppetconf 2013: Razor - provision like a boss
Puppetconf 2013: Razor - provision like a boss
 
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
Apache Deltacloud: Speaking EC2 and CIMI to Openstack (and others)
 
Aeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in AssemblyAeolus - Clouds Flying in Assembly
Aeolus - Clouds Flying in Assembly
 
Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)Apache Deltacloud (Linuxcon 2010)
Apache Deltacloud (Linuxcon 2010)
 

Recently uploaded

What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
aymanquadri279
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
brainerhub1
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Envertis Software Solutions
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
Gerardo Pardo-Castellote
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
Grant Fritchey
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
lorraineandreiamcidl
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
timtebeek1
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
Aftab Hussain
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
Hornet Dynamics
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
Hironori Washizaki
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 

Recently uploaded (20)

What is Master Data Management by PiLog Group
What is Master Data Management by PiLog GroupWhat is Master Data Management by PiLog Group
What is Master Data Management by PiLog Group
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
Unveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdfUnveiling the Advantages of Agile Software Development.pdf
Unveiling the Advantages of Agile Software Development.pdf
 
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise EditionWhy Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
Why Choose Odoo 17 Community & How it differs from Odoo 17 Enterprise Edition
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
DDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systemsDDS-Security 1.2 - What's New? Stronger security for long-running systems
DDS-Security 1.2 - What's New? Stronger security for long-running systems
 
Using Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query PerformanceUsing Query Store in Azure PostgreSQL to Understand Query Performance
Using Query Store in Azure PostgreSQL to Understand Query Performance
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOMLORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
LORRAINE ANDREI_LEQUIGAN_HOW TO USE ZOOM
 
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdfAutomated software refactoring with OpenRewrite and Generative AI.pptx.pdf
Automated software refactoring with OpenRewrite and Generative AI.pptx.pdf
 
Graspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code AnalysisGraspan: A Big Data System for Big Code Analysis
Graspan: A Big Data System for Big Code Analysis
 
E-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet DynamicsE-commerce Development Services- Hornet Dynamics
E-commerce Development Services- Hornet Dynamics
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024SWEBOK and Education at FUSE Okinawa 2024
SWEBOK and Education at FUSE Okinawa 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 

Augeas

  • 3. The problem: Edit configuration files programmatically
  • 4. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/'
  • 5. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/'
  • 6. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/'
  • 7. Disable PermitRootLogin in sshd_config $ sed -r 's/PermitRootLogin yes/PermitRootLogin no/' $ sed -r 's/(PermitRootLogin[ t]+)yes/1no/' $ sed -r 's/(PermitRootLogin[ t]+)[a-z]+/1no/' $ grep PermitRootLogin /etc/ssh/sshd_config # PermitRootLogin no
  • 8. The real problem: Large number of config file formats
  • 9. Reading files is easy. Modifying them is hard.
  • 10. Whole-file management not always feasible
  • 12. Handle config files in place and in their native format
  • 13. Use the same data structure for all files
  • 15.
  • 16.
  • 17. How do you use Augeas?
  • 18. C library with lots of language bindings (Ruby, Python, Go, Rust, Lua, Node, Haskell, OCaml, …)
  • 19. Included in top-shelf config mgmt systems (Puppet type, augeasproviders, Salt, Mgmt, …)
  • 20. Getting started: augtool $ augtool augtool> help Admin commands: context - change how relative paths are interpreted load - (re)load files under /files save - save all pending changes ... Informational commands: errors - show all errors encountered in processing files ...
  • 21. Getting started: augtool $ augtool --help Usage: augtool [OPTIONS] [COMMAND] -b, --backup preserve originals of modified files with extension '.augsave' -r, --root ROOT use ROOT as the root of the filesystem -t, --transform XFM add a file transform -l, --load-file FILE load individual FILE in the tree -f, --file FILE read commands from FILE -L, --noload do not load any files into the tree on startup -A, --noautoload do not autoload modules from the search path
  • 22. Getting started: augmatch (new in 1.10.1) $ docker pull lutter/augmatch $ docker run -ti lutter/augmatch / # augmatch --help Usage: augmatch [OPTIONS] FILE Print the contents of a file as parsed by augeas. Options: -l, --lens LENS use LENS to transform the file -m, --match EXPR start printing where nodes match EXPR -e, --exact print only exact matches ...
  • 23. Example: /etc/exports $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 24. Getting started: augmatch (new in 1.10.1) $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync dir[2]/client[2] = 192.168.50.2/32 dir[2]/client[2]/option[1] = rw dir[2]/client[2]/option[2] = root_squash ...
  • 25. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 26. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export a directory $ augmatch --only-value --exact --match dir/client /etc/exports 207.46.0.0/16 207.46.0.0/16 192.168.50.2/32 207.46.0.0/16 *
  • 27. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 28. Getting started: augmatch (new in 1.10.1) $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,root_squash,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) # List all clients to which we export the /home directory $ augmatch -eom 'dir["/home"]/client ' /etc/exports 207.46.0.0/16 192.168.50.2/32
  • 29. Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash)
  • 30. Getting started: augmatch (new in 1.10.1) # Find all directories that are exported to at least one client without having # the 'root_squash' option set $ cat /etc/exports /local 207.46.0.0/16(rw,sync) /home 207.46.0.0/16(rw,root_squash,sync) 192.168.50.2/32(rw,sync) /tmp 207.46.0.0/16(rw,root_squash,sync) /pub *(ro,insecure,all_squash) $ augmatch -eom 'dir[client[not(option = "root_squash")]]' /etc/exports /local /home /pub
  • 31. Getting started: augmatch (new in 1.10.1) # How match dir[client[not(option = "root_squash")]] works $ augmatch /etc/exports dir[1] = /local dir[1]/client = 207.46.0.0/16 dir[1]/client/option[1] = rw dir[1]/client/option[2] = sync dir[2] = /home dir[2]/client[1] = 207.46.0.0/16 dir[2]/client[1]/option[1] = rw dir[2]/client[1]/option[2] = root_squash dir[2]/client[1]/option[3] = sync ...
  • 32. Example: Idempotent change Ensure options of a particular client for a particular directory
  • 33. Strategy 1. Initialize Augeas and load file(s) 2. Create entry in /scratch 3. Move or append entry
  • 34. Idempotent change $ augtool print /files/etc/exports/dir["/home"]/client[1] /files/etc/exports/dir[2]/client[1] = "207.46.0.0/16" /files/etc/exports/dir[2]/client[1]/option[1] = "rw" /files/etc/exports/dir[2]/client[1]/option[2] = "root_squash" /files/etc/exports/dir[2]/client[1]/option[3] = "sync"
  • 35. Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
  • 36. Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
  • 37. Idempotent change def ensure_client(dir, client, opts) Augeas::open(nil, nil, Augeas::NO_MODL_AUTOLOAD) do |aug| aug.transform(lens: "Exports.lns", incl: "/etc/exports") aug.context("/files/etc/exports") aug.load aug.set("/scratch/client", client) options.each {|opt| aug.set("/scratch/client/option[last()+1]", opt)} if aug.match("dir['#{dir}']").empty? aug.set("dir[last()+1]", dir) end ... aug.mv("/scratch", "dir['#{dir}']/client['#{client}]") aug.save end end
  • 38. /files file contents /augeas metadata /context current 'directory' /load file/lens mappings /root file system root /save how to save files /version current version
  • 39. /augeas/files/<path> file metadata /path path under /files /mtime file's mtime /lens lens used to process /error error detail
  • 40. How can I get involved?
  • 41. Need to reorganize and expand docs (Want to move to gitbook)
  • 42. Other ideas - Many language bindings could use some love - Write moar lenses - Make Augeas work on Windows
  • 43. Learn more and get in touch https://augeas.net/