一、簡述
這幾天在看了ansible官網,收穫蠻多。截取一個lineinfile模塊作一個總結。如果批量修改配置文件某一行時,在寫playbook時lineinfile避免不了的。
根據官網說法:lineinfile - Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression.大意是說,針對文件特殊行,使用後端引用的正則表達式來替換
二、實踐
playbook,我先定義前面common部分。
--- - hosts: "`host`" remote_user: "`user`" gather_facts: false tasks:
由於我已經定義標籤tags,執行playbook中某個特定任務時,只需執行到對應TAGNAME便可
ansible-playbook line1.yml --extra-vars "host=gitlab user=root" --tags "TAGNAME" -v
1、正則匹配,更改某個關鍵參數值
- name: seline modify enforcing lineinfile: dest: /etc/selinux/config regexp: '^SELINUX=' line: 'SELINUX=enforcing'
驗證
[root@master test]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
2、在匹配的內容前或後增加一行
2.1 http.conf
[root@master test]# cat http.conf #Listen 12.34.56.78:80 #Listen 80 #Port
2.2 insertbefore匹配內容在前面添加
- name: httpd.conf modify 8080 lineinfile: dest: /opt/playbook/test/http.conf regexp: '^Listen' insertbefore: '^#Port' line: 'Listen 8080' tags: - http8080
驗證
[root@master test]# cat http.conf #Listen 12.34.56.78:80 #Listen 80 Listen 8080 #Port
2.3 insertafter匹配內容在後面添加
- name: httpd.conf modify 8080 lineinfile: dest: /opt/playbook/test/http.conf regexp: '^Listen' insertafter: '^#Port' line: 'Listen 8080' tags: - http8080
驗證
[root@master test]# cat http.conf #Listen 12.34.56.78:80 #Listen 80 #Port Listen 8080
3.修改文件內容和權限
3.1 原文件內容及權限
[root@master test]# cat hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.1.2 foo.lab.net foo
[root@master test]# ls -l hosts -rwxrwxr-x 1 root qingyun 111 12月 13 18:07 hosts
3.2 劇本
- name: modify hosts lineinfile: dest: /opt/playbook/test/hosts regexp: '^127\.0\.0\.1' line: '127.0.0.1 localhosts' owner: root group: root mode: 0644 tags: - hosts
3.3 執行驗證
[root@master test]# cat hosts 127.0.0.1 localhosts 192.168.1.2 foo.lab.net foo [root@master test]# ls -l hosts -rw-r--r-- 1 root root 49 12月 13 18:16 hosts
4、刪除某一行內容
4.1 原文件
[root@master test]# cat hosts 127.0.0.1 localhosts 192.168.1.2 foo.lab.net foo
4.2 absent劇本
- name: delete 192.168.1.1 lineinfile: dest: /opt/playbook/test/hosts state: absent regexp: '^192\.' tags: - delete192
4.3 驗證
[root@master test]# cat hosts
127.0.0.1 localhosts
5、文件存在就添加一行
5.1原文件
[root@master test]# cat hosts 127.0.0.1 localhosts
5.2 劇本
- name: add a line lineinfile: dest: /opt/playbook/test/hosts line: '192.168.1.2 foo.lab.net foo' tags: - add_a_line
5.3 驗證
[root@master test]# cat hosts 127.0.0.1 localhosts 192.168.1.2 foo.lab.net foo
6、如果匹配到,引用line這一行作爲替換。如果沒有匹配到,則完全引用line這一行作爲添加
6.1 原文件
[root@master test]# cat testfile # %wheel ALL=(ALL) ALL
6.2 劇本
- name: Fully quoted a line lineinfile: dest: /opt/playbook/test/testfile state: present regexp: '^%wheel' line: '%wheel ALL=(ALL) NOPASSWD: ALL' tags: - testfile
6.3 驗證
[root@master test]# cat testfile # %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL
6.4 原文件
[root@master test]# cat testfile # %wheel ALL=(ALL) ALL %wheel 1234 ALL =(all) NOPASSWD
6.5 驗證
Using /etc/ansible/ansible.cfg as config file
PLAY [gitlab] ******************************************************************
TASK [Fully quoted a line] *****************************************************
changed: [master] => {"backup": "", "changed": true, "msg": "line replaced"}
PLAY RECAP *********************************************************************
master : ok=1 changed=1 unreachable=0 failed=0
[root@master test]# cat testfile
# %wheel ALL=(ALL) ALL
%wheel ALL=(ALL) NOPASSWD: ALL7、關於參數backrefs,backup使用。
backrefs爲no時,如果沒有匹配,則添加一行line。如果匹配了,則把匹配內容替被換爲line內容。
backrefs爲yes時,如果沒有匹配,則文件保持不變。如果匹配了,把匹配內容替被換爲line內容。
backup爲no時,沒有匹配,則添加。如果匹配了,則替換
backup爲yes時,沒有匹配,添加,如果匹配了,則替換
7.1 需要關心的,backrefs爲yes時情景
7.1.1 原文件
[root@master test]# cat testfile # %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL #?bar
7.1.2 劇本
- name: test backrefs lineinfile: # backup: yes state: present dest: /opt/playbook/test/testfile regexp: '^#\?bar' backrefs: yes line: 'bar' tags: - test_backrefs
7.1.3 驗證
[root@master test]# cat testfile # %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL bar
7.1.3 沒有匹配
[root@master test]# cat testfile # %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL
7.1.4 驗證
Using /etc/ansible/ansible.cfg as config file
PLAY [gitlab] ******************************************************************
TASK [test backrefs] ***********************************************************
ok: [master] => {"backup": "", "changed": false, "msg": ""}
PLAY RECAP *********************************************************************
master : ok=1 changed=0 unreachable=0 failed=0文件保持不變
8、使用valiate參數,在保存sudoers文件前,驗證語法,如果有錯,執行時,會報出來,重新編輯playbook
8.1 劇本
- name: test validate lineinfile: dest: /etc/sudoers state: present regexp: '^%ADMIN ALL=' line: '%ADMIN ALL=(ALL)' validate: 'visudo -cf %s' tags: - testsudo
8.2 執行驗證就說語法不過關
Using /etc/ansible/ansible.cfg as config file
PLAY [gitlab] ******************************************************************
TASK [test validate] ***********************************************************
fatal: [master]: FAILED! => {"changed": false, "failed": true, "msg": "failed to validate: rc:1 error:visudo:>>> /tmp/tmpgQjHYM:syntax error 在行 114 附近<<<\n"}
to retry, use: --limit @/opt/playbook/test/line1.retry
PLAY RECAP *********************************************************************
master : ok=0 changed=0 unreachable=0 failed=1三、總結
具體模塊使用,ansible-doc可以查看詳細用法。