我想在可用的特定文件中添加空格

问题描述 投票:0回答:1

我想向可用的特定文件添加空格。

  - name: Remove vulnerabilities
    lineinfile:
      dest: /etc/ssh/sshd_config
      insertafter: 'ForceCommand cvs server'
      line: "{{ item.line }}"
      state: present
      backup: yes
    loop:
      - { line: ' ' }
      - { line: 'MACs hmac-sha2-256,hmac-sha2-512' }
      - { line: 'KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256' }
      - { line: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr' }
      - { line: ' ' }
      - { line: '### Remove vulnerabilities' }
      - { line: ' ' }

我想要的结果如下

...
# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

### Remove vulnerabilities
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512
...

实际结果如下。没有空格。 “Forcecommand cvs server”和“##Remove验证”之间没有空格。


# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
## Remove vulnerabilities
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512

有更好的方法吗?

ansible
1个回答
0
投票

有更好的方法吗?

我想说任何其他方式都会更好,因为要求在开头添加一个空行并添加几行使得很难(如果可能的话)使用 

lineinfile
维持幂等性:一旦之后有一个空行
ForceCommand cvs server
的最后一个条目,Ansible 将在 playbook 的每次执行中插入指定的行。您可以尝试使用 
backrefs: true
regexp
代替 
insertafter
,并使用多行字符串作为 
line
来简化操作并避免循环 - 但您最终会遇到同样的问题。

相反,您可以使用 

blockinfile
模块:

---
- name: Add a block to sshd_config
  hosts: localhost  # could be your own choice
  connection: local # could be your own choice
  gather_facts: false # could be your own choice
  tasks:
    - name: Remove vulnerabilities
      blockinfile:
        dest: sshd_config
        insertafter: 'ForceCommand cvs server'
        state: present
        backup: yes
        create: true
        block: |
          
          ### Remove vulnerabilities

          Ciphers aes128-ctr,aes192-ctr,aes256-ctr
          KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
          MACs hmac-sha2-256,hmac-sha2-512

这会产生:

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
# BEGIN ANSIBLE MANAGED BLOCK

### Remove vulnerabilities

Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512
# END ANSIBLE MANAGED BLOCK

如您所见,它带有 

# BEGIN ANSIBLE MANAGED BLOCK
# END ANSIBLE MANAGED BLOCK
标记。但它比将线路一条一条地添加起来更可靠、更快。此外,可以使用 
marker
marker_end
marker_begin
更改标记文本。

如果您不想在文件中包含开头和结尾标记,您可以按照U880D的建议使用

template
模块并控制整个文件的状态。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.