puppet-augeasproviders icon indicating copy to clipboard operation
puppet-augeasproviders copied to clipboard

Published 20 hours ago verified publisher icon voxpupuli

sysctl doesn't work for keys that contain slash, e.g. VLANs

Open jktjkt opened this issue 10 years ago • 14 comments

It is OK to have sysctl keys with slashes in them:

[root@potemkin02 ~]# sysctl net.ipv4.conf.bond0/122.rp_filter
net.ipv4.conf.bond0/122.rp_filter = 1

However, it seems that one cannot really apply them. The following Puppet manifest:

    sysctl { 'net.ipv4.conf.bond0/122.rp_filter':
        ensure  => present,
        value   => 2,
        require => Service['network'],
    }

...results in this:

Error: Could not set 'present' on ensure: /augeas/files/etc/sysctl.conf/error/path = /files/etc/sysctl.conf
/augeas/files/etc/sysctl.conf/error/lens = /usr/share/augeas/lenses/dist/sysctl.aug:36.10-.52:
/augeas/files/etc/sysctl.conf/error/message = Malformed child node 'net.ipv4.conf.bond0' at 105:/etc/puppet/environments/test_vlans/modules/vesnicky/manifests/network.pp
Error: Could not set 'present' on ensure: /augeas/files/etc/sysctl.conf/error/path = /files/etc/sysctl.conf
/augeas/files/etc/sysctl.conf/error/lens = /usr/share/augeas/lenses/dist/sysctl.aug:36.10-.52:
/augeas/files/etc/sysctl.conf/error/message = Malformed child node 'net.ipv4.conf.bond0' at 105:/etc/puppet/environments/test_vlans/modules/vesnicky/manifests/network.pp
Wrapped exception:
/augeas/files/etc/sysctl.conf/error/path = /files/etc/sysctl.conf
/augeas/files/etc/sysctl.conf/error/lens = /usr/share/augeas/lenses/dist/sysctl.aug:36.10-.52:
/augeas/files/etc/sysctl.conf/error/message = Malformed child node 'net.ipv4.conf.bond0'
Error: /Stage[main]/Vesnicky::Network/Sysctl[net.ipv4.conf.bond0/122.rp_filter]/ensure: change from absent to present failed: Could not set 'present' on ensure: /augeas/files/etc/sysctl.conf/error/path = /files/etc/sysctl.conf
/augeas/files/etc/sysctl.conf/error/lens = /usr/share/augeas/lenses/dist/sysctl.aug:36.10-.52:
/augeas/files/etc/sysctl.conf/error/message = Malformed child node 'net.ipv4.conf.bond0' at 105:/etc/puppet/environments/test_vlans/modules/vesnicky/manifests/network.pp

jktjkt avatar May 14 '14 23:05 jktjkt

I don't think Augeas itself will support this, as it stores the sysctl name in the label of the node, so it can't contain slashes. We'll need to fix this in Augeas first, which is going to be very disruptive...

domcleal avatar May 15 '14 07:05 domcleal

Is there something I can do to help bring this forward?

jktjkt avatar Sep 29 '14 11:09 jktjkt

I remember hitting this issue before, and thinking that sysctl should be parsed as subnodes with [/\.] as the separator for levels.

However, this definitely means breaking compatibility for the lens.

I'm opening https://github.com/hercules-team/augeas/issues/176 for this.

raphink avatar Nov 17 '14 14:11 raphink

I don't have an easy way to test this but why not munge the name so that all slashes are escaped in the provider?

trevor-vaughan avatar Mar 03 '16 18:03 trevor-vaughan

@trevor-vaughan the problem though is down to the Augeas lens here. There is currently no way to set such keys in the lens.

raphink avatar Mar 15 '16 09:03 raphink

That makes sense and I certainly see the issue.

So, this would be a core patch to augeas to allow for the specification of an alternate key separator?

I would vote for a pipe since that tends to be the usual regex alternative that I've seen used.

trevor-vaughan avatar Mar 15 '16 11:03 trevor-vaughan

@trevor-vaughan ah, you would just remap "/" as "|" in the labels?

raphink avatar Mar 15 '16 13:03 raphink

Yeah, I would give the user the ability to either use '/' or '|' as they desire so long as it is consistent within a given reference.

Alternatively, you could support escapes in keys but that seems hideous and prone to insanity.

trevor-vaughan avatar Mar 15 '16 13:03 trevor-vaughan

As far as the Augeas lens is concerned, supporting / is not possible in labels, hence my suggestion to make a backward incompatible change.

raphink avatar Mar 15 '16 13:03 raphink

Would it be possible to support both? If '/' is the first character, that's the separator, if '|' is, then that is the separator.

Basically, either should be supported since that gives you a way to ensure that you cover all key cases (ok, except for keys that have both / and | but that's crazy and I don't want to live on those systems).

trevor-vaughan avatar Mar 15 '16 13:03 trevor-vaughan

It's not possible in tree, but it could be remapped in the provider as you suggested. However, I'm not a big fan of this. | currently means nothing in sysctl, but who knows if it couldn't mean something in future versions? So I'd rather fix the lens properly (which imo means splitting on \.|/)

raphink avatar Mar 15 '16 13:03 raphink

@trevor-vaughan when it comes to the lens itself, it would be better to discuss this in https://github.com/hercules-team/augeas/issues/176

raphink avatar Mar 15 '16 13:03 raphink

Has there been any fixes/workarounds for this issue?

isaiahfrantz avatar Apr 21 '20 18:04 isaiahfrantz

Please check https://github.com/voxpupuli/puppet-augeasproviders_sysctl/issues/17

johnwarburton avatar Jul 18 '23 05:07 johnwarburton