Re: Need 'UncommentAndSetValue' or some such

[Brendan Strejcek]

Luke Kanies wrote:

> I think editfiles should be essentially replaced with a system
> that allows people to manage objects contained in files (hosts in
> /etc/hosts, services in /etc/services, filesystems in /etc/fstab, cron
> jobs in /var/spool/crontabs/*) as objects, not as lines in a file. The
> reason editfiles is so complicated is because it's the wrong approach
> for complete management.

It would certainly be nice to be able to manage objects representing
things like users, cron jobs, and packages. These are common concepts
shared by most operating systems. However, I am not sure it is worth
abstracting everything in that way. For example, earlier today I needed
to configure dvips's default paper size to letter rather than a4. This
was the editfiles stanza that I used:

    editfiles:
        { /etc/texmf/dvips/config.ps
            DeleteLinesMatching "^@\+ %%PaperSize: Letter$"
            DeleteLinesMatching "^@ letterSize 8.5in 11in$"
            # Since we are using prepend, the second one is listed first
            PrependIfNoSuchLine "@+ %%PaperSize: Letter"
            PrependIfNoSuchLine "@ letterSize 8.5in 11in"
        }

Sure, that would have been nicer if it was something like:

    tetex-bin.defaultpapersize = letter

(such as one might do with a system like lcfg) but that requires lots of
uninteresting and hard to maintain translation code.

I think there is probably a happy medium between low-level editfiles
operations and high-level constructs like what you are suggesting, at
least for managing Unix machines.

> I'm guessing that 90% of all cfengine code out there is devoted to
> host grouping, file actions (files, tidy, etc.), shellcommands, and
> triggering processes based on changes. Throw in modules, and you're
> asymptotic.

Well, I just whipped up a quick perl analysis (see below for the
possibly buggy code) of my cfengine policy files, based on line counts,
and this is what I get:

    editfiles       1133
    shellcommands    614
    control          436
    classes          417
    copy             335
    comment          333
    files            301
    import           285
    links            258
    disable          161
    alerts            93
    processes         91
    strategies        21
    tidy              17
    disks             15
    groups            14
    grant              6
    ignore             3

I rarely write long lines, so I think that is probably good data. I did
not actually expect to see that so much of it was editfiles, but it is
interesting to know. This manages various parts of about 200 machines,
maybe 10 different OSs.

Best,
Brendan

--
Senior System Administrator
The University of Chicago
Department of Computer Science
http://www.cs.uchicago.edu/people/brendan

########################################################################

#!/usr/bin/env perl

my %category;
my $cur;

my @sections = (
    "alerts", "classes", "control", "copy", "disable", "disks",
    "editfiles", "files", "grant", "groups", "ignore", "import",
    "links", "processes", "shellcommands", "strategies", "tidy",
);

FILE: while (<>) {
    open FH, $_ or die "open: $!";
    $cur = "";
    LINE: while (<FH>) {
        if (/^\s*$/) {
            next LINE;
        } elsif (/^#/) {
            $category{'comment'}++;
        } else {
            foreach my $section (@sections) {
                if (/^$section:/) {
                    $category{$section}++;
                    $cur = $section;
                    next LINE;
                }
            }

            $category{$cur}++;
        }
    }
}

foreach my $i (sort keys %category) {
    printf "%-14s %5s\n", $i, $category{$i};
}

########################################################################

Obviously your setup will be different, but this is how I ran it:

-bash-2.05b# pwd
/local/cfservd/cfengine/inputs
-bash-2.05b# find . -type f ! -name '*,v'|
> egrep -v '^./(opt_techstaff|singlecopy_nirvana|Repository)'|
> summarize_cfengine_policy|sort -r -n -k2