[colug-432] Automatically Edit Configuration File

Mike Plemmons mikeplemmons at gmail.com
Thu Nov 19 04:38:05 EST 2015


We just replace the entire file in our roles instead of editing in place.
The reasoning is that if a user removes any text in the file before or
after the desired lineinfile or replaced lines you still end up with a
broken config but the task still succeeds.

This allows Ansible to provide a strong self healing capability.
On Nov 18, 2015 10:25 PM, <jep200404 at columbus.rr.com> wrote:

> How would you automate the editing of a configuration file as
> described below?
>
> I am automating the configuration of a system with Ansible.
> For /etc/httpd/conf/httpd.conf, I need to make sure that the
> <Directory /> section has a "Require all granted" line instead
> of a "Require all denied" line. "Require all" lines in other
> sections need to be left alone.
>
> original /etc/httpd/conf/httpd.conf
>
>     ...
>     <Directory />
>         AllowOverride none
>         Require all denied
>     </Directory>
>     ...
>     <Files ".ht*">
>         Require all denied
>     </Files>
>     ...
>
> desired /etc/httpd/conf/httpd.conf
>
>     ...
>     <Directory />
>         AllowOverride none
>         Require all granted
>     </Directory>
>     ...
>     <Files ".ht*">
>         Require all denied
>     </Files>
>     ...
>
> I can write an awk script or probably even a sed script to do it,
> but it is desirable to edit with a Ansible module instead of an
> external shell command, because of the way Ansible modules
> understand when something has really changed or not.
>
> I don't see how to use the lineinfile module in this situation,
> because it will only change the last line to match a regex.
> Matching "Require all" would change the line in the <Files ".ht*">,
> section instead of in the <Directory /> section.
>
> It would be easy to just replace the whole file with a new one from
> Ansible, but that is also not preferred because when some new
> version of httpd.conf arrives, the wholesale replacement would
> clobber other changes in the configuration file.
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20151119/c805af2d/attachment.html 


More information about the colug-432 mailing list