Puppet/Augeas – ins 命令在 RH6 上工作，在 RH7 上失敗

我在我的 puppet 模組中有這個構造，可以在/etc/sudoers最後一個“預設”行之後添加一行：

 augeas { "sudoers.ssh_auth_sock" :
   lens => "Sudoers.lns",
   incl => "/etc/sudoers",
   onlyif  => "match Defaults/env_keep/var[. = 'SSH_AUTH_SOCK'] size==0",
   changes => [
      # Create a new Defaults line for the two variables
      "ins Defaults after Defaults[last()]",
      # Make this Defaults line a += type
      "clear Defaults[last()]/env_keep/append",
      # assign values to the two variables
      "set Defaults[last()]/env_keep/var[1] SSH_AUTH_SOCK",
   ],
 }

它在我的 RedHat 6 機器上完美執行

Notice: Augeas[sudoers.ssh_auth_sock](provider=augeas):
--- /etc/sudoers        2021-10-12 13:30:52.880901115 +0000
+++ /etc/sudoers.augnew 2021-10-12 13:31:28.697931561 +0000
@@ -77,6 +77,7 @@
# Defaults   env_keep += "HOME"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+Defaults env_keep += SSH_AUTH_SOCK

## Next comes the main part: which users can run what software on

Notice: /Stage[main]/Sudoers/Augeas[sudoers.ssh_auth_sock]/returns: executed successfully

但它在我的 RedHat 7 機器上失敗了：

Warning: Augeas[sudoers.ssh_auth_sock](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Error: /Stage[main]/Sudoers/Augeas[sudoers.ssh_auth_sock]: Could not evaluate: Error sending command 'ins' with params ["Defaults", "after", "/files/etc/sudoers/Defaults[last()]"]/Error sending command 'ins' with params ["Defaults", "after", "/files/etc/sudoers/Defaults[last()]"]

有人可以幫助我了解發生了什麼變化，或者我做錯了什麼，以便我可以讓這個程式碼段在兩種環境中都可以工作嗎？

謝謝@raphink

augtool errors說過

Error in /etc/sudoers:96.12 (parse_failed)
 Iterated lens matched less than it should
 Lens: /usr/share/augeas/lenses/dist/sudoers.aug:530.10-.70:
   Last matched: /usr/share/augeas/lenses/dist/sep.aug:47.18-.40:
   Next (no match): /usr/share/augeas/lenses/dist/sudoers.aug:500.16-501.47:

所以我檢查了第 96 行/etc/sudoers，它說

@includedir /etc/sudoers.d

顯然，@includedir現在是除了舊式語法之外的有效語法#includedir……但是（我的）augeas lens 無法辨識新版本。

(* View: includedir *)
let includedir =
 [ key /#include(dir)?/ . Sep.space . store Rx.fspath . eol ]

我將其更改@為#in /etc/sudoers，這似乎解決了問題。

引用自：https://serverfault.com/questions/1080313