如何使用Puppet动态更新sshd配置文件中各个匹配部分的值 [英] How to update values dynamically for the individual match sections within sshd config file using puppet
问题描述
我能够将值更新为"User foo"部分.和主机* .example.net"通过传递索引.如果我通过索引1或2,则相应的值将被更新.
i am able to update the value to the sections "User foo" and "Host *.example.net" by passing the index. If i pass index 1 or 2 the respective value is getting updated.
我的代码:
$sections = ['Host *.example.net', 'User foo']
$sections.each |String $section| {
sshd_config_match { "${section}":
ensure => present,
}
}
$settings = [['User foo', 'X11Forwarding yes', 'banner none'],['Host *.example.net', 'X11Forwarding no', 'banner none']]
$settings.each |Array $setting| {
$setting_array = split($setting[1],/ /)
sshd_config { "${setting_array[0]} ${setting[0]}":
ensure => present,
key => "${setting_array[0]}",
condition => "${setting[0]}",
value => "${setting_array[1]}",
}
}
当前结果:
Match Host *.example.net
# Created by Puppet
X11Forwarding no
Match User foo
# Created by Puppet
X11Forwarding yes
预期结果:
Match Host *.example.net
# Created by Puppet
X11Forwarding no
Banner none
Match User foo
# Created by Puppet
X11Forwarding yes
Banner none
我只能更新索引中提到的一个值,但正在寻找一种方法来更新列表中提到的更多或所有值.
i am able to update only one value mentioned in the index but am looking a way to update more or all the values mentioned in the list.
推荐答案
目前尚不清楚哪个模块在提供您的 sshd_config_match 和 sshd_config 资源类型,因此也不是他们做什么.不过,如果我们考虑这段代码...
It's not clear what module is providing your sshd_config_match and sshd_config resource types, nor, therefore, exactly what they do. Nevertheless, if we consider this code ...
$settings = [['User foo', 'X11Forwarding yes', 'banner none'],['Host *.example.net', 'X11Forwarding no', 'banner none']]
$settings.each |Array $setting| {
$setting_array = split($setting[1],/ /)
sshd_config { "${setting_array[0]} ${setting[0]}":
ensure => present,
key => "${setting_array[0]}",
condition => "${setting[0]}",
value => "${setting_array[1]}",
}
}
...我们可以看到 $ settings 的每个元素都是一个三元素数组,其中 each 调用仅访问索引0和1的元素.这似乎与您看到的结果相匹配,该结果不包含与索引2的元素中的数据相对应的任何内容.
... we can see that each element of $settings is a three-element array, of which the each call accesses only those at indexes 0 and 1. That seems to match up with the result you see, which does not contain anything corresponding to the data from the elements at index 2.
您可以从索引1开始遍历内部的 $ setting 元素,而不是仅考虑该元素,但我建议改为更自然地重组数据,并编写适合于重组数据的代码.您在数组中具有混合重要性数据,并且不必要地将键和值混杂在一起,以致需要花很多精力才能将它们分开.将数据构造为哈希散列而不是数组数组可能是一个不错的开始:
You could iterate over the inner $setting elements, starting at index 1, instead of considering that element only, but I would suggest instead restructuring the data more naturally, and writing code suited to the restructured data. You have data of mixed significance in your arrays, and you are needlessly jamming keys and values together such that you need to spend effort to break them back apart. Structuring the data as a hash of hashes instead of an array of arrays could be a good start:
$settings = {
'User foo' => { 'X11Forwarding' => 'yes', 'banner' => 'none'},
'Host *.example.net' => { 'X11Forwarding' => 'no', 'banner' => 'none'},
}
这不仅使您大大增强了可读性(主要是来自格式设置),而且还提供了更大的可用性.智慧地说,尽管我在这里有点猜测,但是您应该能够执行以下操作:
Not only does that give you much enhanced readability (mostly from formatting), but it also affords much greater usability. To wit, although I'm guessing a bit here, you should be able to do something similar to the following:
$settings.each |String $condition, Hash $properties| {
$properties.each |String $key, String $value| {
sshd_config { "${condition} ${key}":
ensure => 'present',
condition => $condition,
key => $key,
value => $value,
}
}
}
再次,提高了可读性,这一次主要是通过对名称的有用选择,以及随之而来的更大的清晰度,即这样的东西实际上是代码的正确结构(假设我已经正确地推断出您所使用的类型使用).
Again, greater readability, this time largely from a helpful choice of names, and along with it greater clarity that something like this is in fact the right structure for the code (supposing that I have correctly inferred enough about the types you are using).
这篇关于如何使用Puppet动态更新sshd配置文件中各个匹配部分的值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
