Hello

With Chef 11.8.2 and FileEdit and the help of this list :), I’ve now
got a way to replace text in a file and use the captured text. As it
turned out, I’m not using the captured text at all… Oh, well

I am now replacing all old values in a config file (sshd_config, to be
exact). And when a certain config setting wasn’t there at all, I
insert a line with the new setting. But it will get appended to the
file; it will be at the end of the file.

That’s (maybe…) a problem, as a sshd_config file might have a “Match
…” block at the end.

Is there maybe an easy to way to add text to the BEGINNING of the file?

Here (or, for maybe better readability on
http://pastebin.com/1QWfsnFZ) is, what I’ve got now:

#############################################

SSH Parameter

{“Protocol” => “2”, “LogLevel” => “INFO”, “MaxAuthTries” => “4”,
“IgnoreRhosts” => “yes”, “HostbasedAuthentication” => “no”,
“PermitRootLogin” => “no”, “PermitEmptyPasswords” => “no”, “Banner” =>
"/etc/issue.net"}.each do |param, value|
cfg_file = “/etc/ssh/sshd_config”

replace_line_re = /^#{param}.*/
insert_line_text = replace_line_text = "#{param} #{value}"
insert_line_re = /^#{replace_line_text}/

ruby_block "CIS: SSHd Parameter modifizieren. " + param + " => " + value do
    block do
        fe = Chef::Util::FileEdit.new(cfg_file)

        # Alte Werte durch neue Werte ersetzen
        fe.search_file_replace_line(replace_line_re, replace_line_text)

        # Zeile mit neuem Wert am Ende der Datei einfügen - falls

nicht schon vorhanden
fe.insert_line_if_no_match(insert_line_re, insert_line_text)

        # Datei schreiben
        fe.write_file
    end # of block do
    notifies :reload, "service[ssh]", :delayed
end # of ruby_block "CIS: SSHd Parameter modifizieren. " + param +

" => " + value do
end # of {“Protocol” => “2”, “LogLevel” => “INFO”, “MaxAuthTries” =>
“4”, “IgnoreRhosts” => “yes”, “HostbasedAuthentication” => “no”,
“PermitRootLogin” => “no”, “PermitEmptyPasswords” => “no”, “Banner” =>
"/etc/issue.net"}.each do |param, value|

Thanks so much again,

Alexander

=> Google+ => http://plus.skwar.me <==
=> Chat (Jabber/Google Talk) => a.skwar@gmail.com <==

Hello Alexander,

The general advice I’ve seen about using Chef to edit configuration files
is that you should generally avoid doing so if you can. If you have the
option of having Chef be the only entity that manages the file in question,
it’s much easier to put Chef in charge of the entire file and use a file or
template resource instead.

In the case of ssshd_config, I’ve never had a complaint about the openssh
https://supermarket.chef.io/cookbooks/openssh cookbook which uses
attributes to build the whole config (nice for wrapper cookbooks,
environments, roles, etc.).

To answer your actual question though, it doesn’t look like FileEdit will
append to the beginning of a file, no. If that’s definitely what you want
to do, you’ll probably have to break out some ruby_blocks
https://docs.chef.io/resource_ruby_block.html and use the slightly
lower-level ::File http://ruby-doc.org/core-2.2.0/File.html methods.

Hope that helps.

Matt Moretti

On Thu, Aug 27, 2015 at 11:14 AM, Alexander Skwar
alexanders.mailinglists+nospam@gmail.com
http://mailto:alexanders.mailinglists+nospam@gmail.com wrote:

Hello

With Chef 11.8.2 and FileEdit and the help of this list :), I've now
got a way to replace text in a file and use the captured text. As it
turned out, I'm not using the captured text at all… Oh, well

I am now replacing all old values in a config file (sshd_config, to be
exact). And when a certain config setting wasn't there at all, I
insert a line with the new setting. But it will get appended to the
file; it will be at the end of the file.

That's (maybe…) a problem, as a sshd_config file might have a "Match
…" block at the end.

Is there maybe an easy to way to add text to the BEGINNING of the file?

Here (or, for maybe better readability on
Chef - adding text to BEGINNING of file - how? - Pastebin.com) is, what I've got now:

#############################################

SSH Parameter

{"Protocol" => "2", "LogLevel" => "INFO", "MaxAuthTries" => "4",
"IgnoreRhosts" => "yes", "HostbasedAuthentication" => "no",
"PermitRootLogin" => "no", "PermitEmptyPasswords" => "no", "Banner" =>
"/etc/issue.net"}.each do |param, value|
cfg_file = "/etc/ssh/sshd_config"

replace_line_re = /^#{param}.*/
insert_line_text = replace_line_text = "#{param} #{value}"
insert_line_re = /^#{replace_line_text}/

ruby_block "CIS: SSHd Parameter modifizieren. " + param + " => " +

value do
block do
fe = Chef::Util::FileEdit.new(cfg_file)

        # Alte Werte durch neue Werte ersetzen
        fe.search_file_replace_line(replace_line_re, replace_line_text)

        # Zeile mit neuem Wert am Ende der Datei einfügen - falls

nicht schon vorhanden
fe.insert_line_if_no_match(insert_line_re, insert_line_text)

        # Datei schreiben
        fe.write_file
    end # of block do
    notifies :reload, "service[ssh]", :delayed
end # of ruby_block "CIS: SSHd Parameter modifizieren. " + param +

" => " + value do
end # of {"Protocol" => "2", "LogLevel" => "INFO", "MaxAuthTries" =>
"4", "IgnoreRhosts" => "yes", "HostbasedAuthentication" => "no",
"PermitRootLogin" => "no", "PermitEmptyPasswords" => "no", "Banner" =>
"/etc/issue.net"}.each do |param, value|

Thanks so much again,

Alexander

=> Google+ => http://plus.skwar.me <==
=> Chat (Jabber/Google Talk) => a.skwar@gmail.com <==

​