puppetaugeas

Translate Augeas into Puppet speak Augeas

Using puppet's augeas capability I want to modify the config file:

/etc/ssh/sshd_config

Without puppet I've experimented using Augeas's "augtool" and found a couple of lines which seem to work: 

augtool> set /files/etc/ssh/sshd_config/Match[1]/Condition/User "bill","ben"   
augtool> set /files/etc/ssh/sshd_config/Match/Settings/PasswordAuthentication "no" 
augtool> save

Although it seems to work OK, I don't really understand what purpose the [1] serves here.

I've tried without success to put those lines into Puppet:

augeas { "sshd_config":
  context => "/files/etc/ssh/sshd_config",
  changes => [
  'set Match[1]/Condition/User "bill","ben"',
  'set Settings/PasswordAuthentication "no"',
  ],     
}

It gives the error: Error: /Stage[main]/Samipermissions/Augeas[sshd_config]: Could not evaluate: Saving failed, see debug

Running Puppet in debug mode tells me the same thing.

Does anybody know how this is meant to work ?

THANK YOU m0dlx. Your answer has moved me past the error I was getting however I think I'm still a bit lost with the array of Matches. Using "augtool" I can do the following:

set /files/etc/ssh/sshd_config/Match[1]/Condition/User "neil","nigel"
set /files/etc/ssh/sshd_config/Match[1]/Settings/PasswordAuthentication "no" 
set /files/etc/ssh/sshd_config/Match[2]/Condition/User "yvonne","yvette"
set /files/etc/ssh/sshd_config/Match[2]/Settings/PasswordAuthentication "yes"

in the config file this appears as:

Match User neil,nigel
  PasswordAuthentication no
Match User yvonne,yvette
  PasswordAuthentication yes

Which is perfect. I translated this to Puppet as:

  augeas { "sshd_config":
    context => "/files/etc/ssh/sshd_config",
    changes => [
      'set Match[1]/Condition/User "neil","nigel"',
      'set Match[1]/Settings/PasswordAuthentication "no"',
      'set Match[2]/Condition/User "yvonne","yvette"',
      'set Match[2]/Settings/PasswordAuthentication "yes"',
    ],
  }

But the result in the config file is quite different:

Match User neil
  PasswordAuthentication no
Match User yvonne
  PasswordAuthentication yes
Solution

  • Although it seems to work OK, I don't really understand what purpose the [1] serves here.

    The [1] is like accessing an array element, it indicates you want to access the first Match entry if there are multiple.

    'set Settings/PasswordAuthentication "no"',

    You've missed off the leading Match/ that you had in the augtool test, this might cause the save failure from Puppet.

    If you still have a problem, please include the full debug output from Puppet in the question.