# ERB string interpolation and file_line matching

I'm trying to (ab)use a file_line resource to ensure a block of text (my enterprise CA) always exists in my ca-certs bundle on CentOS hosts.

So far, what I've done is set a variable containing the newline-escaped version of my certificate's full info (what you'd get if you did openssl x509 -in (filename) -noout -text). I newline escaped it by opening up IRB, opening double quotes, pasting the line in, and closing the quotes.

This looks like this in my manifest:

$cacert = "Certificate:\n Data:\n Version: 3 (0x2)\n Serial Number:\n 10:d8 ... edit retag close merge delete ## 2 Answers Sort by » oldest newest most voted After looking at the file_line source, I verified that it cannot handle multiline text, primarily because it uses very simple regexp matching. In the end, I played around with using an exec to append the certificate text to the ca-bundle.crt file, but the trick is getting an onlyif condition to work correctly. I didn't have much luck there so far, but maybe an egrep regexp search command would do the trick. The other option that you might explore is whether your CA cert has to be included in the ca-bundle.crt or not. Perhaps there's a way ... more ## Comments Thanks for confirming this! I'll have to look around and see if there's another way to handle this. ( 2013-06-17 10:13:14 -0500 )edit For what it's worth, I ended up solving this with an exec: class em_cacerts::centos inherits em_cacerts{ exec { 'cent-ca-certificate': command => "/bin/echo '$centcacert' >> '$cabundlepath'", onlyif => "test ! grep (redacted CA name)$cabundlepath",
provider => 'shell',
}


Yeah, it's escaping out to the shell, but I'm using basic bash stuff, so this should be relatively portable.

more

## Stats

Seen: 1,587 times

Last updated: Jun 17 '13