I recently decided to upgrade my nodes from ubuntu 12.04 to 13.10
As I started testing the scripts, I've run into an interesting issue
The file /etc/ssh/sshd_config (in ubuntu 13.10) has no newline at the
end of the file
So when the lineinfile module decides to insert a newline given that
the regexp does not match, it does so at the end of file but not on a
separate line.
Since this is a syntax error in the ssh config (since now two
directives are present on the last line one after anothe), the ssh
daemon can no longer be started, and the VM has to be just destroyed
(it can no longer be connected to).
Any suggestions, how I could handle this ?
The lineinfile directive is as follows :
-
name: update ssh parameters
lineinfile:
dest=/etc/ssh/sshd_config
state=present
regexp=^{{ item.key }}
line=“{{ item.key }} {{ item.value }}”
insertafter=EOF
with_items:
-
{ key: ‘PermitRootLogin’, value: ‘no’ }
-
{ key: ‘LoginGraceTime’, value: ‘20’ }
-
{ key: ‘X11Forwarding’, value: ‘no’ }
-
{ key: ‘ClientAliveInterval’, value: ‘30’ }
-
{ key: ‘ClientAliveCountMax’, value: ‘1000’ }
notify:
-
restart ssh
I did try prefixing the line value with “\n”, but that inserted a literal “\n” ie. two characters one backslash and one n. Besides even if it works, it could be a little awkward since I imagine it would result in a new blank line getting created every time one reruns the playbook.
Any suggestions (or if there is no good way, workarounds) for dealing with this issue on 1.3 or 1.4 would be greatly appreciated.
Hi, have you considered templating config file? I think, it is easier approach, than lineinfile.
David
Dne 22.11.2013 11:25 “Dhananjay Nene” <dhananjay.nene@gmail.com> napsal(a):
Hi, have you considered templating config file? I think, it is easier approach, than lineinfile.
Yes I have. In fact thats exactly what I am doing at the moment in order to be able to test the remainder of my scripts with ubuntu 13.10.
The original reason I used lineinfile was that it is more likely to handle different versions with ease. eg. One of the reasons I am exploring to use ubuntu 13.10 is because it has OpenSSH 6.2 (as opposed to I think 5.9 in the earlier version) and the newer version has better support for multi factor authentication. The original ssh config on each of these platforms might’ve changed to leverage the newer features. Also my scripts will also start including lineinfile directives for such scenarios where the ssh version is >= 6.2
Storing entire config files may end up requiring more maintenance because of the variations as described above. Thats just how I viewed things so YMMV.
So if there is a way for me to continue using lineinfile, I would prefer to stick with it.
Sounds like you should probably file a bug that would make Ansible add an EOF to the end of the file if adding there and there was not one already.
Should be a reasonably easy fix.