[colug-432] Automatically Edit Configuration File

Jim Wildman jim at rossberry.com
Thu Nov 19 09:09:06 EST 2015 

You don't mention which distro you are using, but does it support /etc/httpd/conf.d structure?  If so, just drop your stanza
into an independent file.  Files in conf.d will supercede anything in httpd.conf

On Thu, 19 Nov 2015, Rick Hornsby wrote:

>
>       On Nov 19, 2015, at 03:38, Mike Plemmons <mikeplemmons at gmail.com> wrote:
> 
> We just replace the entire file in our roles instead of editing in place.  The reasoning is that if a user removes any text in
> the file before or after the desired lineinfile or replaced lines you still end up with a broken config but the task still
> succeeds.
> 
> This allows Ansible to provide a strong self healing capability.
> 
> I agree.  Manage the whole file httpd.conf if configuration management is your objective.  If you need to parameterize things in
> httpd.conf you can probably use .erb templates or similar (I don't know Ansible specifically.)
> 
> This prevents errors and problems from someone coming along later making changes by hand.  Otherwise you can drive yourself crazy
> trying to set up just the exact right only-match-this-block-and-this-line rule.  If httpd.conf needs to be modified later, use your
> configuration management.  Any future modifications by hand or external process to httpd.conf should be clobbered - that's what you
> want to happen.  It allows you to declare your configuration management - Ansible - as the authority for the contents of httpd.conf.
> 
> Second, try to keep httpd.conf as small as possible, delegating all but core/global configuration to conf.d files.  I'd still
> recommend using Ansible to manage the conf.d files - but you don't have to.
> 
> Lastly, you're right to set aside sed/awk for this task.  They're great and valuable tools, but they're also a poor substitute for
> more robust configuration management options like Chef, Puppet, Ansible, etc.
> 
>
>       On Nov 18, 2015 10:25 PM, <jep200404 at columbus.rr.com> wrote:
>             How would you automate the editing of a configuration file as
>             described below?
>
>             I am automating the configuration of a system with Ansible.
>             For /etc/httpd/conf/httpd.conf, I need to make sure that the
>             <Directory /> section has a "Require all granted" line instead
>             of a "Require all denied" line. "Require all" lines in other
>             sections need to be left alone.
>
>             original /etc/httpd/conf/httpd.conf
>
>                 ...
>                 <Directory />
>                     AllowOverride none
>                     Require all denied
>                 </Directory>
>                 ...
>                 <Files ".ht*">
>                     Require all denied
>                 </Files>
>                 ...
>
>             desired /etc/httpd/conf/httpd.conf
>
>                 ...
>                 <Directory />
>                     AllowOverride none
>                     Require all granted
>                 </Directory>
>                 ...
>                 <Files ".ht*">
>                     Require all denied
>                 </Files>
>                 ...
>
>             I can write an awk script or probably even a sed script to do it,
>             but it is desirable to edit with a Ansible module instead of an
>             external shell command, because of the way Ansible modules
>             understand when something has really changed or not.
>
>             I don't see how to use the lineinfile module in this situation,
>             because it will only change the last line to match a regex.
>             Matching "Require all" would change the line in the <Files ".ht*">,
>             section instead of in the <Directory /> section.
>
>             It would be easy to just replace the whole file with a new one from
>             Ansible, but that is also not preferred because when some new
>             version of httpd.conf arrives, the wholesale replacement would
>             clobber other changes in the configuration file.
>             _______________________________________________
>             colug-432 mailing list
>             colug-432 at colug.net
>             http://lists.colug.net/mailman/listinfo/colug-432
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
> 
> 
> 
>

----------------------------------------------------------------------
Jim Wildman, CISSP, RHCE       jim at rossberry.com http://www.rossberry.net
"Society in every state is a blessing, but Government, even in its best
state, is a necessary evil; in its worst state, an intolerable one."
Thomas Paine

More information about the colug-432 mailing list