本文详细描述ansible文件模块中的lineinfile
文章目录
作用
此模块确保文件中有特定的行,或使用反向引用的正则表达式替换现有行。这个
当您只想更改一个文件中的一行时,它非常有用。如果要多样化更改,请参阅[replace]模块;如果要在文件中插入/更新/删除行块,请选择多行、类似行或选中[blockinfile]模块。其他情况下,请参阅[copy]或[template]模块。
常用作添加一个用户的sudo权限;增删改文件某一行等
使用
话不多说,第一步查看帮助文档。
[haiyang@ssh-server ansible]$ ansible-doc lineinfile
> LINEINFILE (/usr/lib/python3.6/site-packages/ansible/modules/files/lineinfile.py)
This module ensures a particular line is in a file, or replace an existing line using a back-referenced regular expression. This
is primarily useful when you want to change a single line in a file only. See the [replace] module if you want to change
multiple, similar lines or check [blockinfile] if you want to insert/update/remove a block of lines in a file. For other cases,
see the [copy] or [template] modules.
* This module is maintained by The Ansible Core Team
OPTIONS (= is mandatory):
由于下面详细的参数太多,这里就不列出来了。本想按照帮助文档的顺序来讲解,但是有些必用的参数直接使用在示例中可能不清楚,下面提前讲下。
- line
变量类型:str
默认值:null
别名:value
功能:插入或者替换到文件中的内容。
- path
变量类型:path 例:path=/etc/ansible/testfile.txt
别名:dest, destfile, name
功能:待修改的文件
- regexp
变量类型:str
默认值:null
别名:regex
功能:使用python的正则表达式规则,如果state=present则替换匹配到的最后一个值;
如果state=absent,则删除所有匹配到的值;如果不匹配,则line的内容将添加的’insertbefore’ or `insertafter’参数设置的地方。
- state
变量类型:str
默认值:present
可选择值: absent, present
功能:添加或删除line行的内容。
cat > /etc/ansible/testfile.txt << EOF
aaa
bbb
ccc
EOF
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a 'path=/etc/ansible/testfile.txt line="bbb" state=absent'
localhost | CHANGED => {
"backup": "",
"changed": true,
"found": 1,
"msg": "1 line(s) removed"
}
[haiyang@ssh-server ansible]$ cat /etc/ansible/testfile.txt
aaa
ccc
- attributes
变量类型:str
默认值:null
功能:同Linux系统中的chattr命令,用于改变文件属性。
[haiyang@ssh-server ansible]$cat > /etc/ansible/testfile.txt << EOF
This is a testfile!
EOF
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile.txt
-rw-rw-r--. 1 haiyang haiyang 20 Jul 16 10:47 /etc/ansible/testfile.txt
[haiyang@ssh-server ansible]$ lsattr /etc/ansible/testfile.txt
------------------ /etc/ansible/testfile.txt
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a "path=/etc/ansible/testfile.txt attr=+i line='This is test for attributes'" -b
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "ownership, perms or SE linux context changed"
}
[haiyang@ssh-server ansible]$ lsattr /etc/ansible/testfile.txt
----i------------- /etc/ansible/testfile.txt
[haiyang@ssh-server ansible]$ cat testfile.txt
This is a testfile!
This is test for attributes
#此时不得任意更动文件或目录,具体使用参数详见chattr
- backrefs
变量类型:bool
默认值:False
可选择值:False、True、yes、no ;bool类型值参数下同
功能:常和正在表达一起使用,如果正则表达不匹配,不做任何改变,如果匹配则替换匹配的内容;该参数也no/False时,如果正则表达不匹配,则添加一行line;如果匹配则替换匹配的内容。
[haiyang@ssh-server ansible]$ cat testfile.txt
This is a testfile!
This is test for attributes
[haiyang@ssh-server ansible]$
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a "path=/etc/ansible/testfile.txt regexp=backreferences line='This is test for backreferences' backrefs=yes"
localhost | SUCCESS => {
"backup": "",
"changed": false,
"msg": ""
}
[haiyang@ssh-server ansible]$ cat testfile.txt
This is a testfile!
This is test for attributes
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a "path=/etc/ansible/testfile.txt regexp=backreferences line='This is test for backreferences' backrefs=no"
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[haiyang@ssh-server ansible]$ cat testfile.txt
This is a testfile!
This is test for attributes
This is test for backreferences
- backup
变量类型:bool
默认值:False
功能:生成一个带时间戳的备份文件。不做赘述,特别重要。
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a "path=/etc/ansible/testfile.txt line='This is test for backup' backup=yes"
localhost | CHANGED => {
"backup": "/etc/ansible/testfile.txt.5233.2020-07-16@15:21:17~",
"changed": true,
"msg": "line added"
}
[haiyang@ssh-server ansible]$ ll /etc/ansible/testfile.txt*
-rw-rw-r--. 1 haiyang haiyang 104 Jul 16 15:21 /etc/ansible/testfile.txt
-rw-rw-r--. 1 haiyang haiyang 80 Jul 16 15:14 /etc/ansible/testfile.txt.5233.2020-07-16@15:21:17~
- create
变量类型:bool
默认值:False
功能:指定改参数后,如果path文件不存在,则创建。反之不存在则会报错。
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile_create.txt
ls: cannot access '/etc/ansible/testfile_create.txt': No such file or directory
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a "path=/etc/ansible/testfile_create.txt line='This is test for create' create=yes"
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile_create.txt
-rw-rw-r--. 1 haiyang haiyang 24 Jul 16 15:25 /etc/ansible/testfile_create.txt
- firstmatch
变量类型:bool
默认值:False
功能:匹配第一个正则表达式匹配的值。
- group
变量类型:str
默认值:null
功能:改变文件或目录的所属组,作用同chown。注意,该功能一般要使用管理员权限。
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile.txt
-rw-rw-r--. 1 haiyang haiyang 8 Jul 16 17:34 /etc/ansible/testfile.txt
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a 'path=/etc/ansible/testfile.txt group=root line="I will change the group!"' -b
BECOME password:
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added and ownership, perms or SE linux context changed"
}
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile.txt
-rw-rw-r--. 1 haiyang root 33 Jul 17 09:13 /etc/ansible/testfile.txt
- insertafter
可选择值:EOF, regex
默认值: EOF
- insertbefore
可选择值:BOF, regex
功能:上面两个参数类似,insertafter是匹配到的行之前插入,insertbefore是匹配到的行之后插入。和regexp参数比,只有在“regexp”不匹配的情况下才使用“insertafter”或“insertbefore”;如果insertafter和insertbefore都未能在文件匹配到行,则line的内容都会添加到最后一行。
insertafter、insertbefore和backrefs这三个参数是互斥的,查看功能即可知道。
[haiyang@ssh-server ansible]$ cat /etc/ansible/testfile.txt
aaa
ccc
I will change the group!
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a 'path=/etc/ansible/testfile.txt insertbefore="not exist" line="I will insert!"'
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[haiyang@ssh-server ansible]$ cat /etc/ansible/testfile.txt
aaa
ccc
I will change the group!
I will insert!
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a 'path=/etc/ansible/testfile.txt insertafter="aaa" line="I will insertafter aaa!"'
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[haiyang@ssh-server ansible]$ cat /etc/ansible/testfile.txt
aaa
I will insertafter aaa!
ccc
I will change the group!
I will insert!
- mode
变量类型:str
默认值:null
功能:改变文件或目录所拥有的权限,用法通chmod
例如:mode=0644、mode=‘644’、mode=u+rwx、mode=‘u=rw,g=r,o=r’,其中数字前面加0是为了让ansible yaml的解析器识别该数字是八进制,也可以使用引号引起来,或者像后面一样。
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile.txt
-rw-rw-r--. 1 haiyang yunwei 33 Jul 17 09:13 /etc/ansible/testfile.txt
[haiyang@ssh-server ansible]$ ansible localhost -m lineinfile -a 'path=/etc/ansible/testfile.txt line="I will change the permissions!" mode="u=rwx,g=rx,o=rx"'
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added and ownership, perms or SE linux context changed"
}
[haiyang@ssh-server ansible]$ ls -l /etc/ansible/testfile.txt
-rwxr-xr-x. 1 haiyang haiyang 103 Jul 17 09:52 /etc/ansible/testfile.txt
- other
此处说明[file]模块的所有参数都支持,并不是说明可以使用other这个参数。
- owner
变量类型:str
默认值:null
功能:改变文件或目录的所属用户,作用同chown。
- seuser
- serole
- setype
- selevel
上面四个参数都是SELinux里面的设置,ls -Z 可查看文件的默认属性;如下
[root@ssh-server ansible]# ls -Z /etc/ansible/testfile.txt
unconfined_u:object_r:etc_t:s0 /etc/ansible/testfile.txt
seuser修改的是unconfined_u;
serole修改的是object_r;
setype修改的是etc_t;
selevel修改的是s0。
[root@ssh-server ansible]# ansible localhost -m lineinfile -a 'path=/etc/ansible/testfile.txt line="Test for selinux!" seuser=system_u setype=httpd_sys_content_t '
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added and ownership, perms or SE linux context changed"
}
[root@ssh-server ansible]# ls -Z /etc/ansible/testfile.txt
system_u:object_r:httpd_sys_content_t:s0 /etc/ansible/testfile.txt
其他两个参数修改会报错:Invalid argument。由于这些参数很少使用,所以此处暂不演示,想了解更多参考SELinux知识点。
- unsafe_writes
看翻译不太理解,有了解的兄弟可以评论区告知下,感谢!
- validate
功能:添加之前的验证命令,如果失败,不会修改文件内容。
[root@ssh-server ansible]# ansible localhost -m lineinfile -a 'path=/etc/sudoers line="Test x " validate="/usr/sbin/visudo -cf %s" '
localhost | FAILED! => {
"changed": false,
"msg": "failed to validate: rc:1 error:>>> /tmp/tmp4miz9z3e: syntax error near line 121 <<<\n"
}
[root@ssh-server ansible]#
[root@ssh-server ansible]# ansible localhost -m lineinfile -a 'path=/etc/sudoers line="xxx ALL=(ALL) ALL " validate="/usr/sbin/visudo -cf %s" '
localhost | CHANGED => {
"backup": "",
"changed": true,
"msg": "line added"
}
[root@ssh-server ansible]# tail -2 /etc/sudoers
#includedir /etc/sudoers.d
xxx ALL=(ALL) ALL
[root@ssh-server ansible]#
Example
这里讲解下文档中所给的例子
- name: Ensure SELinux is set to enforcing mode
lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
line: SELINUX=enforcing
- 匹配文件/etc/selinux/config已"SELINUX="开头的行,将其匹配到的行修改为“SELINUX=enforcing”,不存在则在文本最后一行添加。
- name: Make sure group wheel is not in the sudoers configuration
lineinfile:
path: /etc/sudoers
state: absent
regexp: '^%wheel'
- 删除sudoers文件中以%wheel开头的行,目的是取消默认wheel组的sudo权限。
- name: Replace a localhost entry with our own
lineinfile:
path: /etc/hosts
regexp: '^127\.0\.0\.1'
line: 127.0.0.1 localhost
owner: root
group: root
mode: '0644'
- 匹配到127.0.0.1开头的行,将其内容修改为"127.0.0.1 localhost",并修改/etc/hosts文件的拥有人root和所属组root以及文件的权限644。
- name: Ensure the default Apache port is 8080
lineinfile:
path: /etc/httpd/conf/httpd.conf
regexp: '^Listen '
insertafter: '^#Listen '
line: Listen 8080
- 匹配/etc/httpd/conf/httpd.conf中以’^Listen '开头的行,匹配到直接用 ‘Listen 8080’替换;如果匹配不到则匹配’#Listen '开头的行,匹配到则在改行之下新增;如果都匹配不到,则添加到该文件末尾。
- name: Ensure we have our own comment added to /etc/services
lineinfile:
path: /etc/services
regexp: '^# port for http'
insertbefore: '^www.*80/tcp'
line: '# port for http by default'
- 功能如上,目标文件为/etc/services,先匹配以’# port for http’开头的行,匹配到则用’# port for http by default’替换;在匹配以’www.*80/tcp’开头的行,匹配到则在匹配到的行上面插入’# port for http by default’;否则在文件的最后一行插入’# port for http by default’。
- name: Add a line to a file if the file does not exist, without passing regexp
lineinfile:
path: /tmp/testfile
line: 192.168.1.99 foo.lab.net foo
create: yes
- 在文件 /tmp/testfile 的末尾插入192.168.1.99 foo.lab.net foo ;该文件不存在则新建。
- name: Ensure the JBoss memory settings are exactly as needed
lineinfile:
path: /opt/jboss-as/bin/standalone.conf
regexp: '^(.*)Xms(\\d+)m(.*)$'
line: '\1Xms${xms}m\3'
backrefs: yes
- 目标文件/opt/jboss-as/bin/standalone.conf,如果匹配到所给的正则表达式则替换,否则不作任何操作。
- name: Validate the sudoers file before saving
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%ADMIN ALL='
line: '%ADMIN ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s
- 目标文件/etc/sudoers,匹配到以’%ADMIN ALL=‘开头的行,匹配到则用’%ADMIN ALL=(ALL) NOPASSWD: ALL’替换,反之则文件末尾新增。新增后验证该文件,通过即可成功。
上面的例子都是以yaml格式书写,如果写成一条条的adhoc语句,将“:”改成“=”即可。
204
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
