2

I need to validate that the PermitRootLogin parameter is equal to "no", for example:

PermitRootLogin no

But sometimes between these words there is more than one space. For this reason I use a regex, but apparently I do it wrong. This is the line that seems to be bad:

when: check_config.stdout.find('PermitRootLogin\s+no') != -1

Any idea how to fix this?

- hosts: redhat
 tasks:
 - name: check file
 shell: cat /etc/ssh/sshd_config
 register: check_config
 - name: compare string 
 when: check_config.stdout.find('PermitRootLogin\s+no') != -1
 debug: msg="this server is ok"
Laurenz Albe
256k22 gold badges310 silver badges386 bronze badges
asked Sep 27, 2019 at 18:17
0

1 Answer 1

3

Q: "Validate that the PermitRootLogin parameter is equal to no."

A: Put the below declaration into the vars

match_lines: "{{ check_config.stdout_lines|
 map('regex_search', '^\\s*PermitRootLogin\\s+no$')|
 select }}"

and test the length of the list

 - debug:
 msg: this server is OK
 when: match_lines|length > 0
  • Example of a complete playbook for testing
- hosts: localhost
 vars:
 match_lines: "{{ check_config.stdout_lines|
 map('regex_search', '^\\s*PermitRootLogin\\s+no$')|
 select }}"
 tasks:
 - command: cat /etc/ssh/sshd_config
 register: check_config
 - debug:
 var: match_lines
 - debug:
 msg: This server is OK
 when: match_lines|length > 0

gives, for example (abridged)

TASK [debug] *******************************************
ok: [localhost] => 
 match_lines:
 - PermitRootLogin no
TASK [debug] *******************************************
ok: [localhost] => 
 msg: This server is OK
  • Given the inventory below set hosts -hosts: rehat
shell> cat hosts
[redhat]
test_11
test_12
test_13

The playbook gives, for example (abridged)

TASK [debug] *******************************************
ok: [test_11] => 
 match_lines:
 - PermitRootLogin no
ok: [test_12] => 
 match_lines: []
ok: [test_13] => 
 match_lines: []
TASK [debug] *******************************************
skipping: [test_12]
ok: [test_11] => 
 msg: This server is OK
skipping: [test_13]
  • You can use lookup to simplify the task if the play is running at the localhost only. For example, the playbook below gives the same result
- hosts: localhost
 tasks:
 - debug:
 msg: This server is OK
 when: match_lines|length > 0
 vars:
 match_lines: "{{ lookup('file', '/etc/ssh/sshd_config').splitlines()|
 map('regex_search', '^\\s*PermitRootLogin\\s+no$')|
 select }}"
  • If you want to put/replace the line in the config use lineinfile. For example,
 - lineinfile:
 path: /etc/ssh/sshd_config
 regexp: '^PermitRootLogin(.*)$'
 line: 'PermitRootLogin no'
answered Sep 27, 2019 at 19:03
Sign up to request clarification or add additional context in comments.

2 Comments

what would that debug task look like with a delegation to the remote machine? I find delegate_to examples mostly to localhost.
You're right. Delegating to a remote host doesn't make sense here. I updated the examples. Thank you.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.