I have this construct in my puppet module to add a line in /etc/sudoers
after the last "Defaults" line:
augeas { "sudoers.ssh_auth_sock" :
lens => "Sudoers.lns",
incl => "/etc/sudoers",
onlyif => "match Defaults/env_keep/var[. = 'SSH_AUTH_SOCK'] size==0",
changes => [
# Create a new Defaults line for the two variables
"ins Defaults after Defaults[last()]",
# Make this Defaults line a += type
"clear Defaults[last()]/env_keep/append",
# assign values to the two variables
"set Defaults[last()]/env_keep/var[1] SSH_AUTH_SOCK",
],
}
It works perfectly on my RedHat 6 machines
Notice: Augeas[sudoers.ssh_auth_sock](provider=augeas):
--- /etc/sudoers 2021-10-12 13:30:52.880901115 +0000
+++ /etc/sudoers.augnew 2021-10-12 13:31:28.697931561 +0000
@@ -77,6 +77,7 @@
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
+Defaults env_keep += SSH_AUTH_SOCK
## Next comes the main part: which users can run what software on
Notice: /Stage[main]/Sudoers/Augeas[sudoers.ssh_auth_sock]/returns: executed successfully
But it fails on my RedHat 7 machines:
Warning: Augeas[sudoers.ssh_auth_sock](provider=augeas): Loading failed for one or more files, see debug for /augeas//error output
Error: /Stage[main]/Sudoers/Augeas[sudoers.ssh_auth_sock]: Could not evaluate: Error sending command 'ins' with params ["Defaults", "after", "/files/etc/sudoers/Defaults[last()]"]/Error sending command 'ins' with params ["Defaults", "after", "/files/etc/sudoers/Defaults[last()]"]
Can somebody help me understand what changed, or what I did wrong, so that I can get this snippet to work in both environments?
Thank you @raphink
augtool errors
saidSo I checked line 96 of
/etc/sudoers
and it saidApparently,
@includedir
is now a valid syntax in addition to the older-style syntax#includedir
... but (my) augeas lens does not recognize the new version.I changed the
@
to a#
in/etc/sudoers
and that seems to have resolved the problem.