Ansible-lineinfile行替換

今天作了一個SSH的禁止密碼登陸Linux。須要替換/etc/ssh/sshd_config 中 PasswordAuthentication no而且重啓SSHD
，一共是500臺clound Host,我使用Ansible-Playbook

劇本以下

- hosts: cloundHost #羣組
  remote_user: root #執行ansible-playbook用戶
  gather_facts: no #不響應setup 默認：yes
  tasks:
    - name: uncomment keyAuthentication #註釋掉用密鑰登陸，系統默承認以使用密鑰登陸
        lineinfile:
          dest: /etc/ssh/sshd_config #更改的配置文件
          backrefs: yes #regexp:匹配則替換成line:  不匹配則添加
          regexp: '^PubkeyAuthentication' #尋找以PubkeyAuthentication開頭
          line: '#PubkeyAuthentication' #將regexp：匹配到的行替換成這個
          state: present #狀態是當前
    - name: no password login #修改禁止密碼登陸
        lineinfile:
          dest: /etc/ssh/sshd_config
          backrefs: no
          regexp: '^PasswordAuthentication'
          line: 'PasswordAuthentication no'
          state: present
    - name: Restart service sshd #重啓sshd
        service:
          name: sshd
          state: restarted

附加：怎麼用

ansible -i hosts chang_sshd_config.yml 
#-i 指定inventory 即存放主機ip的文件

異步多臺主機統一執行

Ansible默認config文件/etc/ansible/ansible.cfg

#inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
forks          = 10 ##默認是 forks = 5
#poll_interval  = 15
#sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
#transport      = smart
#remote_port    = 22
#module_lang    = C
#module_set_locale = False

將forks = 5替換成forks = 10目的是爲了將同步運行速度提高1倍，即同一時間在10臺主機上面執行playbook。縮短了一半的時間

文章使用的ansible版本

ansible 2.5.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Nov 27 2018, 23:36:35) [GCC 7.3.0]