一、简述
这几天在看了ansible官网,收获蛮多。截取一个lineinfile模块作一个总结。如果批量修改配置文件某一行时,在写playbook时lineinfile避免不了的。
根据官网说法:lineinfile – Ensure a particular line is in a file, or replace an existing line using a back-referenced regular expression.大意是说,针对文件特殊行,使用后端引用的正则表达式来替换
二、实践
playbook,我先定义前面common部分。
----hosts:"`host`"remote_user:"`user`"gather_facts:falsetasks:
由于我已经定义标签tags,执行playbook中某个特定任务时,只需执行到对应TAGNAME便可
ansible-playbook line1.yml –extra-vars “host=gitlab user=root” –tags “TAGNAME” -v
1、正则匹配,更改某个关键参数值
-name:selinemodifyenforcinglineinfile:dest:/etc/selinux/configregexp:'^SELINUX='line:'SELINUX=enforcing'
验证
[root@mastertest]#cat/etc/selinux/config#ThisfilecontrolsthestateofSELinuxonthesystem.#SELINUX=cantakeoneofthesethreevalues:#enforcing-SELinuxsecuritypolicyisenforced.#permissive-SELinuxprintswarningsinsteadofenforcing.#disabled-NoSELinuxpolicyisloaded.SELINUX=enforcing#SELINUXTYPE=cantakeoneofthesetwovalues:#targeted-Targetedprocessesareprotected,#mls-MultiLevelSecurityprotection.SELINUXTYPE=targeted
2、在匹配的内容前或后增加一行
2.1 http.conf
[root@mastertest]#cathttp.conf#Listen12.34.56.78:80#Listen80#Port
2.2 insertbefore匹配内容在前面添加
-name:httpd.confmodify8080lineinfile:dest:/opt/playbook/test/http.confregexp:'^Listen'insertbefore:'^#Port'line:'Listen8080'tags:-http8080
验证
[root@mastertest]#cathttp.conf#Listen12.34.56.78:80#Listen80Listen8080#Port
2.3insertafter匹配内容在后面添加
-name:httpd.confmodify8080lineinfile:dest:/opt/playbook/test/http.confregexp:'^Listen'insertafter:'^#Port'line:'Listen8080'tags:-http8080
验证
[root@mastertest]#cathttp.conf#Listen12.34.56.78:80#Listen80#PortListen8080
3.修改文件内容和权限
3.1 原文件内容及权限
[root@mastertest]#cathosts127.0.0.1 localhost.localdomainlocalhost::1 localhost6.localdomain6localhost6192.168.1.2foo.lab.netfoo
[root@mastertest]#ls-lhosts-rwxrwxr-x1rootqingyun11112月1318:07hosts
3.2 剧本
-name:modifyhostslineinfile:dest:/opt/playbook/test/hostsregexp:'^127\.0\.0\.1'line:'127.0.0.1localhosts'owner:rootgroup:rootmode:0644tags:-hosts
3.3 执行验证
[root@mastertest]#cathosts127.0.0.1localhosts192.168.1.2foo.lab.netfoo[root@mastertest]#ls-lhosts-rw-r--r--1rootroot4912月1318:16hosts
4、删除某一行内容
4.1 原文件
[root@mastertest]#cathosts127.0.0.1localhosts192.168.1.2foo.lab.netfoo
4.2 absent剧本
-name:delete192.168.1.1lineinfile:dest:/opt/playbook/test/hostsstate:absentregexp:'^192\.'tags:-delete192
4.3 验证
[root@master test]# cat hosts
127.0.0.1 localhosts
5、文件存在就添加一行
5.1原文件
[root@mastertest]#cathosts127.0.0.1localhosts
5.2 剧本
-name:addalinelineinfile:dest:/opt/playbook/test/hostsline:'192.168.1.2foo.lab.netfoo'tags:-add_a_line
5.3 验证
[root@mastertest]#cathosts127.0.0.1localhosts192.168.1.2foo.lab.netfoo
6、如果匹配到,引用line这一行作为替换。如果没有匹配到,则完全引用line这一行作为添加
6.1 原文件
[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL
6.2 剧本
-name:Fullyquotedalinelineinfile:dest:/opt/playbook/test/testfilestate:presentregexp:'^%wheel'line:'%wheelALL=(ALL)NOPASSWD:ALL'tags:-testfile
6.3 验证
[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL%wheelALL=(ALL)NOPASSWD:ALL
6.4 原文件
[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL%wheel1234ALL=(all)NOPASSWD
6.5 验证
Using/etc/ansible/ansible.cfgasconfigfilePLAY[gitlab]******************************************************************TASK[Fullyquotedaline]*****************************************************changed:[master]= {"backup":"","changed":true,"msg":"linereplaced"}PLAYRECAP*********************************************************************master:ok=1changed=1unreachable=0failed=0[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL%wheelALL=(ALL)NOPASSWD:ALL
7、关于参数backrefs,backup使用。
backrefs为no时,如果没有匹配,则添加一行line。如果匹配了,则把匹配内容替被换为line内容。
backrefs为yes时,如果没有匹配,则文件保持不变。如果匹配了,把匹配内容替被换为line内容。
backup为no时,没有匹配,则添加。如果匹配了,则替换
backup为yes时,没有匹配,添加,如果匹配了,则替换
7.1 需要关心的,backrefs为yes时情景
7.1.1 原文件
[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL%wheelALL=(ALL)NOPASSWD:ALL#?bar
7.1.2 剧本
-name:testbackrefslineinfile:#backup:yesstate:presentdest:/opt/playbook/test/testfileregexp:'^#\?bar'backrefs:yesline:'bar'tags:-test_backrefs
7.1.3 验证
[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL%wheelALL=(ALL)NOPASSWD:ALLbar
7.1.3 没有匹配
[root@mastertest]#cattestfile#%wheel ALL=(ALL) ALL%wheelALL=(ALL)NOPASSWD:ALL
7.1.4 验证
Using/etc/ansible/ansible.cfgasconfigfilePLAY[gitlab]******************************************************************TASK[testbackrefs]***********************************************************ok:[master]= {"backup":"","changed":false,"msg":""}PLAYRECAP*********************************************************************master:ok=1changed=0unreachable=0failed=0
文件保持不变
8、使用valiate参数,在保存sudoers文件前,验证语法,如果有错,执行时,会报出来,重新编辑playbook
8.1 剧本
-name:testvalidatelineinfile:dest:/etc/sudoersstate:presentregexp:'^%ADMINALL='line:'%ADMINALL=(ALL)'validate:'visudo-cf%s'tags:-testsudo
8.2 执行验证就说语法不过关
Using/etc/ansible/ansible.cfgasconfigfilePLAY[gitlab]******************************************************************TASK[testvalidate]***********************************************************fatal:[master]:FAILED!= {"changed":false,"failed":true,"msg":"failedtovalidate:rc:1error:visudo: /tmp/tmpgQjHYM:syntaxerror在行114附近 \n"} toretry,use:--limit@/opt/playbook/test/line1.retryPLAYRECAP*********************************************************************master:ok=0changed=0unreachable=0failed=1
三、总结
具体模块使用,ansible-doc可以查看详细用法。
拥有一颗比九万五千公里还辽阔的心,
