I would like to know if there is a way using Ansible to append text to the end of a line in certain section of a file, an example is going to clarify what I want to do:
Think of a file like this:
[section01]
path = /home/section01
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = mexico,usa,canada
[section02]
path = /home/section02
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = mexico,usa,canada
[section03]
path = /home/section03
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = mexico,usa,canada
I would like to add "brazil" on host_allow in [section02] to get this "new file"
[section01]
path = /home/section01
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = mexico,usa,canada
[section02]
path = /home/section02
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = mexico,usa,canada,brazil
[section03]
path = /home/section03
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = mexico,usa,canada
As #Dan Farrell mentioned in the comments, you are better off generating the entire file as partial updates can be unreliable, and problematic.
You can however use ansible templates to accomplish this as well.
You create a template file(file.ini for example) with the contents below(removed other blocks for brevity). This file would contain the full INI file contents.
[section02]
path = /home/section02
read only = yes
list = yes
uid = apache
gid = apache
hosts deny = 0.0.0.0/0.0.0.0
hosts allow = {{allow_hosts}}
Then, in your playbook, add a task to template this file.
- name: Template INI file
template:
dest: "/path/to/some/file.ini"
src: file.ini
mode: 664
owner: root
group: root
When you instantiate the playbook, you can pass the full list of allowed hosts via extra-vars.
ansible-playbook -i hosts --extra-vars="allow_hosts=mexico,usa,canada,brazil" my-playbook.yml
This however will only work for you if you know all of the allowed hosts at the time the playbook is run.
Related
I have configured SSSD using Realm to login into the centOS VM using the AD Credentials. Please refer the setup here
I had to modify the /etc/resolv.conf file to point the namserver to the AD Domain
Original /etc/resolv.conf file:
# Generated by NetworkManager
search ap-south-1.compute.internal
nameserver 172.31.0.2
Updated /etc/resolv.conf file:
# Generated by NetworkManager
search test.com
nameserver 172.31.12.38
With the updated /etc/resolv.conf file the User is able to login using AD Credentials but the original domain is not resolved
I want a way to resolve both the domains that point to different nameservers
# Generated by NetworkManager
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
I have tried multiple ways to resolve the domains using the deprecated tags as well
# Generated by NetworkManager
domain ap-south-1.compute.internal
nameserver 172.31.0.2
domain test.com
nameserver 172.31.12.38
I have even tried the rotate option
# Generated by NetworkManager
options rotate
options timeout:1
nameserver 172.31.0.2
nameserver 172.31.12.38
search ap-south-1.compute.internal test.com
Is there a way to resolve multiple domains that point to different nameservers using the /etc/resolv.conf
To resolve the AD Forest Domain we can configure the ad_server parameter in the sssd.conf file
ref link: man_page_sssd [Refer the ad_server part]
/etc/sssd/sssd.conf file for reference:
Original File:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
Updated File:
[sssd]
domains = test.com
config_file_version = 2
services = nss, pam, sudo, ssh
[nss]
debug_level = 10
[domain/test.com]
ad_domain = test.com
ad_server = 172.31.12.38, 172.31.12.48
krb5_realm = TEST.COM
realmd_tags = manages-system joined-with-adcli
cache_credentials = True
id_provider = ad
krb5_store_password_if_offline = True
default_shell = /bin/bash
ldap_id_mapping = True
use_fully_qualified_names = False
fallback_homedir = /home/%u
access_provider = simple
ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities
ldap_user_ssh_public_key = altSecurityIdentities
ldap_use_tokengroups = True
This way we can avoid making any entries in the /etc/resolv.conf file
I can't connect to the Linux Samba share just created from Windows 10.
I get the "You do not have permission to access..." error message on Windows.
Any help will be appreciated. It looks like I am sooo close! FYI, I can ping, ssh into the linux box, etc. Network connectivity doesn't appear to be an issue.
Here's the smb.conf...
[global]
workgroup = SAMBA
security = user
passdb backend = tdbsam
printing = cups
log level = 2
printcap name = cups
load printers = yes
cups options = raw
hosts allow = 192.168.1.220 192.158.1.230 192.168.1.240 192.168.1.0/24
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = #printadmin root
force group = #printadmin
create mask = 0664
directory mask = 0775
[fshare]
browseable = yes
path = /home/fshare
public = yes
writeable = yes
read only = no
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
valid users = sambauser
In my case, I had to chmod the share folder. As root :
chmod -R 777 /home/shares/
Quite brutal, but enough for my home needs.
I created a different block in my kinto.ini file and i want to use those setting in my program.
#kinto.ini
[mysetting]
name = json
username = jsonmellow
password = *********
[app:main]
use = egg:kinto
kinto.storage_url = postgre//
if we use 'config.get_setting' function of kinto it gives me the setting of the default block "app:main" only. so how can i get the other setting from "mysetting" block.
you can use prefix for your settings like:
[app:main]
...
mysetting.name = json
mysetting.username = jsonmellow
But if you still need some extra section in ini: How can I access a custom section in a Pyramid .ini file?
The text in file looks like this:
[homes]
comment = Home Directories
path =
browseable =
writable = yes
valid users = %S
valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
I want output as:
[homes]
comment = Home Directories
path = /data
browseable = yes
writable = yes
valid users = %S
valid users = MYDOMAIN\%S
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
I am using this command:
sed -i "\#path# s#.*#& /data#" file
It makes changes to everywhere in file where path is located.
Can anyone help me with this?
sed '/path[ ]*=[ ]*$/s#$#/data#'
On lines that have path =before the endline with any amount of whitespace, replace the endline, $ with your replacement string.
I'm trying to set up global user / group access to all my svn repositories on Linux. Since I am very new to svn / linux stuff can someone take a look at what I have set up. I still get a "Invalid authz configuration". Here is how I proceed :
Svn installed / properly working. Serving path home/svn/repos/.
"my_project" created, works using simple auth. Path is home/svn/repos/my_project/.
My "global" user / password + groups file /home/svn/passwd
[groups]
team_a = tom, sim
team_b = jake, roy
prod = frank
[users]
tom = j9uems
sim = 90uifs
jake = fd9j8p
roy = 8ujwek
frank = 8jfjel
My configuration file home/svn/repos/my_project/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
password-db = /home/svn/passwd
authz-db = authz
My authorization file home/svn/repos/my_project/conf/authz
[/]
# this project is a team_a project. But jake can have a read acces to it
#team_a = rw
#team_b =
jake = r
#prod = r
Ok I Found out a better way to set up a global authentifications / access. If that info could help...
To remove or create a new user, I used a a global "passwd" file (no groups!) /home/svn/passwd
[users]
tom = j9uems
sim = 90uifs
jake = fd9j8p
roy = 8ujwek
frank = 8jfjel
To manage groups and global access to repositories on the server, I used a global "authz" file /home/svn/authz
[groups]
team_a = tom, sim
team_b = jake, roy
prod = frank
[my_project:/]
# access denied for everyone
* =
#team_a = rw
jake = r
#prod = r
All repositories must have the same svnserve.conf home/svn/repos/my_project/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
password-db = /home/svn/passwd
authz-db = /home/svn/authz
Note that access may be granted to any groups / users to any path of any repos. For example if "prod" group needs to have full access to "production" folder of that project, that is possible :
[my_project:/production]
#prod = rw