Redhat
Puppet/Augeas – ins 命令在 RH6 上工作,在 RH7 上失敗
我在我的 puppet 模組中有這個構造,可以在
/etc/sudoers
最後一個“預設”行之後添加一行:augeas { "sudoers.ssh_auth_sock" : lens => "Sudoers.lns", incl => "/etc/sudoers", onlyif => "match Defaults/env_keep/var[. = 'SSH_AUTH_SOCK'] size==0", changes => [ # Create a new Defaults line for the two variables "ins Defaults after Defaults[last()]", # Make this Defaults line a += type "clear Defaults[last()]/env_keep/append", # assign values to the two variables "set Defaults[last()]/env_keep/var[1] SSH_AUTH_SOCK", ], }
它在我的 RedHat 6 機器上完美執行
Notice: Augeas[sudoers.ssh_auth_sock](provider=augeas): --- /etc/sudoers 2021-10-12 13:30:52.880901115 +0000 +++ /etc/sudoers.augnew 2021-10-12 13:31:28.697931561 +0000 @@ -77,6 +77,7 @@ # Defaults env_keep += "HOME" Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin +Defaults env_keep += SSH_AUTH_SOCK ## Next comes the main part: which users can run what software on Notice: /Stage[main]/Sudoers/Augeas[sudoers.ssh_auth_sock]/returns: executed successfully
但它在我的 RedHat 7 機器上失敗了:
Warning: Augeas[sudoers.ssh_auth_sock](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output Error: /Stage[main]/Sudoers/Augeas[sudoers.ssh_auth_sock]: Could not evaluate: Error sending command 'ins' with params ["Defaults", "after", "/files/etc/sudoers/Defaults[last()]"]/Error sending command 'ins' with params ["Defaults", "after", "/files/etc/sudoers/Defaults[last()]"]
有人可以幫助我了解發生了什麼變化,或者我做錯了什麼,以便我可以讓這個程式碼段在兩種環境中都可以工作嗎?
謝謝@raphink
augtool errors
說過Error in /etc/sudoers:96.12 (parse_failed) Iterated lens matched less than it should Lens: /usr/share/augeas/lenses/dist/sudoers.aug:530.10-.70: Last matched: /usr/share/augeas/lenses/dist/sep.aug:47.18-.40: Next (no match): /usr/share/augeas/lenses/dist/sudoers.aug:500.16-501.47:
所以我檢查了第 96 行
/etc/sudoers
,它說@includedir /etc/sudoers.d
顯然,
@includedir
現在是除了舊式語法之外的有效語法#includedir
……但是(我的)augeas lens 無法辨識新版本。(* View: includedir *) let includedir = [ key /#include(dir)?/ . Sep.space . store Rx.fspath . eol ]
我將其更改
@
為#
in/etc/sudoers
,這似乎解決了問題。