/ansible-role-blockinfile

Ansible role which contains blockinfile module

Primary LanguagePython

Ansible Role: blockinfile

This role contains no tasks, but provides blockinfile module which might be useful when you want to apply multi-line snippets in config files in /etc.

Ansible Galaxy Page: https://galaxy.ansible.com/list#/roles/1475

blockinfile Module

Options

If this section doesn't show nicely in Ansible Galaxy Page, please refer to equeivalent in GitHub Page.

parameter required default choices comments
backup no no
  • yes
  • no
Create a backup file including the timestamp information so you can get the original file back if you somehow clobbered it incorrectly.
content no
    The text to insert inside the marker lines. If it's empty string, marker lines will also be removed.
    create no no
    • yes
    • no
    Create a new file if it doesn't exist.
    dest yes
      The file to modify.
      follow no no
      • yes
      • no
      This flag indicates that filesystem links, if they exist, should be followed. (added in Ansible 1.8)
      group no
        name of the group that should own the file/directory, as would be fed to chown
        marker no # {mark} ANSIBLE MANAGED BLOCK
          The marker line template. "{mark}" will be replaced with "BEGIN" or "END".
          mode no
            mode the file or directory should be, such as 0644 as would be fed to chmod. As of version 1.8, the mode may be specified as a symbolic mode (for example, u+rwx or u=rw,g=r,o=r).
            owner no
              name of the user that should own the file/directory, as would be fed to chown
              selevel no s0
                level part of the SELinux file context. This is the MLS/MCS attribute, sometimes known as the range. _default feature works as for seuser.
                serole no
                  role part of SELinux file context, _default feature works as for seuser.
                  setype no
                    type part of SELinux file context, _default feature works as for seuser.
                    seuser no
                      user part of SELinux file context. Will default to system policy, if applicable. If set to _default, it will use the user portion of the policy if available
                      validate no None
                        validation to run before copying into place

                        Examples

                        Simple task with YAML block literal:

                        - blockinfile: |
                            dest=/etc/network/interfaces backup=yes
                            content="iface eth0 inet static
                                address 192.168.0.1
                                netmask 255.255.255.0"

                        It will insert/update the following text block in /etc/network/interfaces:

                        # BEGIN ANSIBLE MANAGED BLOCK
                        iface eth0 inet static
                            address 192.168.0.1
                            netmask 255.255.255.0
                        # END ANSIBLE MANAGED BLOCK
                        

                        Another task with alternative marker lines and variable substitution:

                        - blockinfile: |
                            dest=/var/www/html/index.html backup=yes
                            marker="<!-- {mark} ANSIBLE MANAGED BLOCK -->"
                            content="<h1>Welcome to {{ansible_hostname}}</h1>"

                        TODO

                        • Add insertafter/insertbefore options to insert a block at an arbitrary position.

                        Requirements

                        None.

                        Role Variables

                        None.

                        Dependencies

                        None.

                        Example Playbook

                        Complete playbook that makes SSH password authentication for specific user prohibited, then restarts sshd if needed.

                        ---
                        - hosts: all
                          remote_user: ansible-agent
                          sudo: yes
                          roles:
                            - yaegashi.blockinfile
                          tasks:
                            - name: Prohibit SSH password authentication for $SUDO_USER
                              blockinfile: |
                                dest=/etc/ssh/sshd_config backup=yes
                                content='Match User {{ansible_env.SUDO_USER}}\nPasswordAuthentication no'
                              notify: Restart sshd
                          handlers:
                            - name: Restart sshd
                              service: name=ssh state=restarted

                        License

                        GPLv3+

                        Author Information

                        YAEGASHI Takeshi