ansible 下lineinfile詳細使用

原文  http://zouqingyun.blog.51cto.com/782246/1882367

 

一、簡述

這幾天在看了ansible官網，收獲蠻多。截取一個lineinfile模塊作一個總結。如果批量修改配置文件某一行時，在寫playbook時lineinfile避免不了的。

根據官網說法：lineinfile - Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression.大意是說，針對文件特殊行，使用后端引用的正則表達式來替換

二、實踐

playbook，我先定義前面common部分。

---
 - hosts: "{{host}}"  remote_user: "{{user}}"  gather_facts: false  tasks:

由於我已經定義標簽tags，執行playbook中某個特定任務時，只需執行到對應TAGNAME便可

ansible-playbook line1.yml --extra-vars "host=gitlab user=root" --tags "TAGNAME" -v

1、正則匹配，更改某個關鍵參數值

   - name: seline modify enforcing
 lineinfile:  dest: /etc/selinux/config  regexp: '^SELINUX='  line: 'SELINUX=enforcing'

驗證

[root@master test]# cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted

2、在匹配的內容前或后增加一行

2.1 http.conf

[root@master test]# cat http.conf #Listen 12.34.56.78:80 #Listen 80 #Port

2.2 insertbefore匹配內容在前面添加

    - name: httpd.conf modify 8080 lineinfile: dest: /opt/playbook/test/http.conf regexp: '^Listen' insertbefore: '^#Port' line: 'Listen 8080' tags: - http8080

驗證

[root@master test]# cat http.conf #Listen 12.34.56.78:80 #Listen 80 Listen 8080 #Port

2.3 insertafter匹配內容在后面添加

- name: httpd.conf modify 8080 lineinfile: dest: /opt/playbook/test/http.conf regexp: '^Listen' insertafter: '^#Port' line: 'Listen 8080' tags: - http8080

驗證

[root@master test]# cat http.conf #Listen 12.34.56.78:80 #Listen 80 #Port Listen 8080

3.修改文件內容和權限

3.1 原文件內容及權限

[root@master test]# cat hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 192.168.1.2 foo.lab.net foo

[root@master test]# ls -l hosts -rwxrwxr-x 1 root qingyun 111 12月 13 18:07 hosts

3.2 劇本

    - name: modify hosts
 lineinfile:  dest: /opt/playbook/test/hosts  regexp: '^127\.0\.0\.1'  line: '127.0.0.1 localhosts'  owner: root  group: root  mode: 0644  tags:  - hosts

3.3 執行驗證

[root@master test]# cat hosts 127.0.0.1 localhosts 192.168.1.2 foo.lab.net foo [root@master test]# ls -l hosts -rw-r--r-- 1 root root 49 12月 13 18:16 hosts

4、刪除某一行內容

4.1 原文件

[root@master test]# cat hosts 127.0.0.1 localhosts 192.168.1.2 foo.lab.net foo

4.2 absent劇本

- name: delete 192.168.1.1  lineinfile:  dest: /opt/playbook/test/hosts  state: absent  regexp: '^192\.'  tags:  - delete192

4.3 驗證

[root@master test]# cat hosts

127.0.0.1 localhosts

5、文件存在就添加一行

5.1原文件

[root@master test]# cat hosts 127.0.0.1 localhosts

5.2 劇本

    - name: add a line lineinfile: dest: /opt/playbook/test/hosts line: '192.168.1.2 foo.lab.net foo' tags: - add_a_line

5.3 驗證

[root@master test]# cat hosts 127.0.0.1 localhosts 192.168.1.2 foo.lab.net foo

6、如果匹配到，引用line這一行作為替換。如果沒有匹配到，則完全引用line這一行作為添加

6.1 原文件

[root@master test]# cat testfile # %wheel ALL=(ALL) ALL

6.2 劇本

    - name: Fully quoted a line lineinfile: dest: /opt/playbook/test/testfile state: present regexp: '^%wheel' line: '%wheel ALL=(ALL) NOPASSWD: ALL' tags: - testfile

6.3 驗證

[root@master test]# cat testfile
# %wheel	ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL

6.4 原文件

[root@master test]# cat testfile
# %wheel	ALL=(ALL) ALL %wheel 1234 ALL =(all) NOPASSWD

6.5 驗證

Using /etc/ansible/ansible.cfg as config file

PLAY [gitlab] ****************************************************************** TASK [Fully quoted a line] ***************************************************** changed: [master] => {"backup": "", "changed": true, "msg": "line replaced"} PLAY RECAP ********************************************************************* master : ok=1 changed=1 unreachable=0 failed=0 [root@master test]# cat testfile # %wheel ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL

7、關於參數backrefs，backup使用。

• backrefs為no時，如果沒有匹配,則添加一行line。如果匹配了，則把匹配內容替被換為line內容。

• backrefs為yes時，如果沒有匹配，則文件保持不變。如果匹配了，把匹配內容替被換為line內容。

• backup為no時，沒有匹配，則添加。如果匹配了，則替換

• backup為yes時，沒有匹配，添加，如果匹配了，則替換

7.1 需要關心的,backrefs為yes時情景

7.1.1 原文件

[root@master test]# cat testfile
# %wheel	ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL #?bar

7.1.2 劇本

    - name: test backrefs
 lineinfile: # backup: yes  state: present  dest: /opt/playbook/test/testfile  regexp: '^#\?bar'  backrefs: yes  line: 'bar'  tags:  - test_backrefs

7.1.3 驗證

[root@master test]# cat testfile
# %wheel	ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL bar

7.1.3 沒有匹配

[root@master test]# cat testfile
# %wheel	ALL=(ALL) ALL %wheel ALL=(ALL) NOPASSWD: ALL

7.1.4 驗證

Using /etc/ansible/ansible.cfg as config file

PLAY [gitlab] ****************************************************************** TASK [test backrefs] *********************************************************** ok: [master] => {"backup": "", "changed": false, "msg": ""} PLAY RECAP ********************************************************************* master : ok=1 changed=0 unreachable=0 failed=0

文件保持不變

8、使用valiate參數，在保存sudoers文件前，驗證語法，如果有錯，執行時，會報出來，重新編輯playbook

8.1 劇本

- name: test validate
 lineinfile:  dest: /etc/sudoers  state: present  regexp: '^%ADMIN ALL='  line: '%ADMIN ALL=(ALL)'  validate: 'visudo -cf %s'  tags:  - testsudo

8.2 執行驗證就說語法不過關

Using /etc/ansible/ansible.cfg as config file

PLAY [gitlab] ****************************************************************** TASK [test validate] *********************************************************** fatal: [master]: FAILED! => {"changed": false, "failed": true, "msg": "failed to validate: rc:1 error:visudo：>>> /tmp/tmpgQjHYM：syntax error 在行 114 附近<<<\n"} to retry, use: --limit @/opt/playbook/test/line1.retry PLAY RECAP ********************************************************************* master : ok=0 changed=0 unreachable=0 failed=1

三、總結

具體模塊使用，ansible-doc可以查看詳細用法。