Error in play using 'lineinfile' module
142 views
Skip to first unread message
Willard Dennis
Nov 3, 2014, 1:55:37 PM11/3/14
to ansible...@googlegroups.com
Hi all,
Trying to add a line (or modify if existing) to "sshd_config" to lock down who can SSH to the target server. On RHEL, there is no "AllowGroups" (or "AllowUsers") line present in the as-shipped sshd_config file. In any case, here is the play I wrote:
- name: RHELFAM | Restrict SSH on Docker hosts to specific group members
lineinfile:
- dest=/etc/ssh/sshd_config
- state=present
- regexp='^AllowGroups '
- line='AllowGroups {{ ssh_allow_groups }}'
- validate='/usr/sbin/sshd -t %s'
when: ssh_allow_groups is defined
notify:
- reload sshd
tags: limitsshusers
Then in roles/<rolename>/vars/main.yml:
---
ssh_allow_groups:
- root
- wheel
But when I run the playbook containing the play above, I'm getting the error mssg:
ERROR: action specified for task RHELFAM | Restrict SSH on Docker hosts to specific group members has invalid type <type 'list'>
What am I doing wrong?
Thanks,
Will
Trying to add a line (or modify if existing) to "sshd_config" to lock down who can SSH to the target server. On RHEL, there is no "AllowGroups" (or "AllowUsers") line present in the as-shipped sshd_config file. In any case, here is the play I wrote:
- name: RHELFAM | Restrict SSH on Docker hosts to specific group members
lineinfile:
- dest=/etc/ssh/sshd_config
- state=present
- regexp='^AllowGroups '
- line='AllowGroups {{ ssh_allow_groups }}'
- validate='/usr/sbin/sshd -t %s'
when: ssh_allow_groups is defined
notify:
- reload sshd
tags: limitsshusers
Then in roles/<rolename>/vars/main.yml:
---
ssh_allow_groups:
- root
- wheel
But when I run the playbook containing the play above, I'm getting the error mssg:
ERROR: action specified for task RHELFAM | Restrict SSH on Docker hosts to specific group members has invalid type <type 'list'>
What am I doing wrong?
Thanks,
Will
Tomasz Kontusz
Nov 4, 2014, 2:54:07 AM11/4/14
to ansible...@googlegroups.com
You are passing a list to lineinfile, and you should either pass in a string or a dictionary:
lineinfile: arg1=val1 foo=bar
Or (IMHO better, as it has less problems with escaping):
lineinfile:
arg1: 'val1'
foo='bar'
Willard Dennis <willard...@gmail.com> napisał:
Wysłane za pomocą K-9 Mail.
Tomasz Kontusz
Nov 4, 2014, 2:57:13 AM11/4/14
to ansible...@googlegroups.com
Argh, the second example should say "foo: bar" instead of foo=bar :-)
Tomasz Kontusz <tomasz....@gmail.com> napisał:
Willard Dennis
Nov 4, 2014, 4:33:37 PM11/4/14
to ansible...@googlegroups.com
Thanks, Tomasz, for the explanation -- wasn't aware that the 'lineinfile' module couldn't accept list input.
Now, my question is: how to take a YAML list (such as the groups list in my vars file), form a string of the format of "group1 group2", and use that in lineinfile?
Now, my question is: how to take a YAML list (such as the groups list in my vars file), form a string of the format of "group1 group2", and use that in lineinfile?
Willard Dennis
Nov 4, 2014, 6:05:36 PM11/4/14
to ansible...@googlegroups.com
OK, I found the answer (yay RTFM!) in http://docs.ansible.com/playbooks_variables.html#other-useful-filters
Working play is:
Working play is:
- name: RHELFAM | Restrict SSH on Docker hosts to specific group members
lineinfile: dest=/etc/ssh/sshd_config
state=present
regexp='^AllowGroups'
line='AllowGroups {{ ssh_allowed_groups | join(" ") }}'
backup=yes
validate='sshd -t -f %s'
when: ssh_allowed_groups is defined
notify:
- restart sshd
tags: limitsshusers
Variable filters FTW!
Thanks all,
W.
Reply all
Reply to author
Forward
0 new messages