[Puppet Users] Converting augeas snippet to puppet augeas resource

[Patrick Spinler]

(apologies in advance for the line wrap)

I have the following tidbit of augeas code, which inserts a rule into
/etc/sysconfig/iptables as the first rule of a specifically named chain;

# augtool> insert append before
"/files/etc/sysconfig/iptables/table/append[. = 'Mayo-Firewall-INPUT'][1]"
# augtool> match /files/etc/sysconfig/iptables/table/append[. = '']
# /files/etc/sysconfig/iptables/table/append[8] = (none)
# augtool> set /files/etc/sysconfig/iptables/table/append[. = '']
'Mayo-Firewall-INPUT'
# augtool> set /files/etc/sysconfig/iptables/table/append[. =
'Mayo-Firewall-INPUT'][1]/protocol 'tcp'
# augtool> set /files/etc/sysconfig/iptables/table/append[. =
'Mayo-Firewall-INPUT'][1]/match 'tcp'
# augtool> set /files/etc/sysconfig/iptables/table/append[. =
'Mayo-Firewall-INPUT'][1]/dport '31111'
# augtool> set /files/etc/sysconfig/iptables/table/append[. =
'Mayo-Firewall-INPUT'][1]/jump 'ACCEPT'
# augtool> print /files/etc/sysconfig/iptables/table/append[. =
'Mayo-Firewall-INPUT'][1]
# /files/etc/sysconfig/iptables/table/append[8] = "Mayo-Firewall-INPUT"
# /files/etc/sysconfig/iptables/table/append[8]/dport = "31111"
# /files/etc/sysconfig/iptables/table/append[8]/match = "tcp"
# /files/etc/sysconfig/iptables/table/append[8]/protocol = "tcp"
# /files/etc/sysconfig/iptables/table/append[8]/jump = "ACCEPT"

I'd like to convert this to a puppet augeas define.  So far, I've got this:

  define mayo_firewall_insert ($dport, $proto) {

    augeas { "firewall_${title}":
      context => "/files/etc/sysconfig/iptables/table",
      # incl => "/etc/sysconfig/iptables",
      # lens => "iptables.aug",
      onlyif => "match append[dport='$dport'] size != 0",
      changes => [
                  "insert append before append[. =
'Mayo-Firewall-INPUT'][1]",
                  "set append[. = ''] 'Mayo-Firewall-INPUT'",
                  "set append[. = 'Mayo-Firewall-INPUT'][1]/protocol
'$proto'",
                  "set append[. = 'Mayo-Firewall-INPUT'][1]/match '$proto'",
                  "set append[. = 'Mayo-Firewall-INPUT'][1]/dport '$dport'",
                  "set append[. = 'Mayo-Firewall-INPUT'][1]/jump 'ACCEPT'",
                  ],
    }

However, when I declare a resource using the above define, I get augeas
syntax errors, and I'm not sure how to track down the problem:

(invoked as 'puppet apply  --verbose --debug --detailed-exitcodes
--execute "include omnibus_node"')

...
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Opening
augeas with root /, lens path , flags 32
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Augeas
version 1.1.0 is installed
Warning: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Loading
failed for one or more files, see debug for /augeas//error output
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.save/error/pos = 115
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.save/error/line = 3
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.save/error/char = 0
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.save/error/lens =
/shares/nfs/unixarch/share/augeas/lenses/dist/shellvars.aug:163.12-.99:
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.save/error/message = Syntax error
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.orig/error/pos = 64
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.orig/error/line = 2
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.orig/error/char = 0
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.orig/error/lens =
/shares/nfs/unixarch/share/augeas/lenses/dist/shellvars.aug:163.12-.99:
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas):
/augeas/files/etc/sysconfig/iptables.orig/error/message = Syntax error
Debug: Augeas[firewall_omnibus_tcp_4100](provider=augeas): Closed the
augeas connection
...


I'm guessing the augeas tree isn't what I think it is by the time it
goes to save, but there doesn't appear to be a way to invoke 'print' or
some other, similar augeas command, so I can't tell.

Can anyone please advise how I might debug this?

Thanks,
-- Pat

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.