Hi all, I'm trying to wrap my head around CF3 file editing, and I'm probably trying to do things the wrong way. I'd appreciate if you could point me in the right direction.
I have searched Google for advice (most is still on CF2), tried cfengine_stdlib.cf, read https://cfengine.org/pipermail/help-cfengine/2010-February/007611.html about "Multiple edit_lines in one promise" but I'm trying to achieve something different. Situation: - I have an /etc/ssh/sshd_config with "keyword value" pairs. - I wish to modify some of these settings, for example the setting "PermitRootLogin <whatever>" should be changed into "PermitRootLogin without-password". - My approach is a "Replace Line if Pattern Match"; a simple "Append if No Such Line" would not work as it would just leave the old keyword/value in place and append a new line. I've tried the promise bundle below with multiple edit_lines, and it turns out that only the last edit_line is performed: [r...@hal tmp]# diff sshd_config.cf-before-edit sshd_config 92c92 < #X11Forwarding no --- > X11Forwarding yes These are the promises I've used: bundle agent ssh { files: "/tmp/sshd_config" edit_line => AppendOrReplaceLineMatching("Protocol.*", "Protocol 2"), edit_line => AppendOrReplaceLineMatching("PermitRootLogin.*", "PermitRootLogin without-password"), edit_line => AppendOrReplaceLineMatching("UsePrivilegeSeparation.*", "UsePrivilegeSeparation yes"), edit_line => AppendOrReplaceLineMatching("PermitUserEnvironment.*", "PermitUserEnvironment yes"), edit_line => AppendOrReplaceLineMatching("X11Forwarding.*", "X11Forwarding yes"); } # Replace line matching pattern with line. If no match, append line instead. # bundle edit_line AppendOrReplaceLineMatching(pattern,line) { replace_patterns: "^${pattern}$" replace_with => value("${line}"), classes => if_ok("replace_done"); insert_lines: replace_done:: "${line}"; } I've read the February discussion. There, it is suggested to use a list of lines to append, but I'm trying to replace any existing lines matching a keyword with the new keyword/value pair. This means I'd have to pass lists of lists (pattern/replacement)? And this is the point where I feel there has to be a better way ;-) Am I using the wrong concepts (still rooted in CF2?) here? P.S. There's something strange about AppendOrReplaceLineMatching - I borrowed that implementation and to my surprise the "replace_done" class works opposite to what I expect. If I understand correctly, the "replace_done" class is set if the pattern was replaced (i.e. if there is NO need to append the line). So I initially put "!replace_done::" in insert_lines. That didn't work, it changed AND appended the new line... Perhaps I'm suffering a serious caffeine deficiency? -- Met vriendelijke groet / Kind regards, Ed Voncken. _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
