我想向可用的特定文件添加空格。
- name: Remove vulnerabilities
lineinfile:
dest: /etc/ssh/sshd_config
insertafter: 'ForceCommand cvs server'
line: "{{ item.line }}"
state: present
backup: yes
loop:
- { line: ' ' }
- { line: 'MACs hmac-sha2-256,hmac-sha2-512' }
- { line: 'KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256' }
- { line: 'Ciphers aes128-ctr,aes192-ctr,aes256-ctr' }
- { line: ' ' }
- { line: '### Remove vulnerabilities' }
- { line: ' ' }
我想要的结果如下
...
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
### Remove vulnerabilities
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512
...
实际结果如下。没有空格。 “Forcecommand cvs server”和“##Remove验证”之间没有空格。
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
## Remove vulnerabilities
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512
有更好的方法吗?
有更好的方法吗?
我想说任何其他方式都会更好,因为要求在开头添加一个空行并添加几行使得很难(如果可能的话)使用
lineinfile
维持幂等性:一旦之后有一个空行ForceCommand cvs server
的最后一个条目,Ansible 将在 playbook 的每次执行中插入指定的行。您可以尝试使用 backrefs: true
、regexp
代替 insertafter
,并使用多行字符串作为 line
来简化操作并避免循环 - 但您最终会遇到同样的问题。
blockinfile
模块:
---
- name: Add a block to sshd_config
hosts: localhost # could be your own choice
connection: local # could be your own choice
gather_facts: false # could be your own choice
tasks:
- name: Remove vulnerabilities
blockinfile:
dest: sshd_config
insertafter: 'ForceCommand cvs server'
state: present
backup: yes
create: true
block: |
### Remove vulnerabilities
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512
这会产生:
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
# BEGIN ANSIBLE MANAGED BLOCK
### Remove vulnerabilities
Ciphers aes128-ctr,aes192-ctr,aes256-ctr
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
MACs hmac-sha2-256,hmac-sha2-512
# END ANSIBLE MANAGED BLOCK
如您所见,它带有
# BEGIN ANSIBLE MANAGED BLOCK
和 # END ANSIBLE MANAGED BLOCK
标记。但它比将线路一条一条地添加起来更可靠、更快。此外,可以使用 marker
、marker_end
和 marker_begin
更改标记文本。
如果您不想在文件中包含开头和结尾标记,您可以按照U880D的建议使用
template
模块并控制整个文件的状态。