i am using a base role to configure several aspects of servers, one of them is the ssh_config.
For a special server I now need to listen with sshd to 2 ports.
However, the sshd_config defines to add multiple ports by adding a new Line Ports with the port number like this:
Port 22
Port 2022
Because the key is the same, I assume to have problems with the lineinfile module which I am currently using. Any ideas how to solve this?
UPDATE: I tried and it is not working. Instead Port 22 is set first and than removed and Port 2022 is set.
Here is my ansible task:
- name: server individuell SSH configuration if set
lineinfile:
dest: "/etc/ssh/sshd_config"
line: "{{ item.name }} {{ item.value }}"
regexp: "^{{ item.name }} "
with_items: "{{ ssh_config_advanced }}"
notify: restart SSHD
tags: ssh_config
and the dictionary:
ssh_config_advanced:
- { "name": "Port", "value": "22" }
- { "name": "Port", "value": "7122" }
The problem here is your regexp making lineinfile replace any line starting with "Port". Simply dropping the regexp: stanza in your above code would already achieve your requirement in most situations.
But if you want to make sure that only the required ports are left in the file (in case you change one of them for example) the following example will make the job in an idempotent fashion.
I'll give you the overall idea with a simple playbook. You can later put this back into your more complicated data structure for your config if you wish to.
Note: if you intend to describe many sshd setting in a complex data structure, this is usually a warning sign you should stop using lineinfile and switch to a template.
Given the following initial sshd_config test file
Setting a
Setting b
Port 67
Setting c
the following playbook:
---
- hosts: localhost
gather_facts: false
vars:
ssh_ports:
- 22
- 34
sshd_config_file: sshd_config
tasks:
- name: Make sur no line with unwanted ports are left
ansible.builtin.lineinfile:
regexp: ^Port (?!{{ ssh_ports | map('regex_escape') | join('|') }}).*$
state: absent
path: "{{ sshd_config_file }}"
- name: Add needed ports to config
ansible.builtin.lineinfile:
line: 'Port {{ item }}'
state: present
path: "{{ sshd_config_file }}"
loop: "{{ ssh_ports }}"
gives:
PLAY [localhost] ***************************************************************************************************************************************************
TASK [Make sur no line with unwanted ports are left] ***************************************************************************************************************
changed: [localhost]
TASK [Add needed ports to config] **********************************************************************************************************************************
changed: [localhost] => (item=22)
changed: [localhost] => (item=34)
PLAY RECAP *********************************************************************************************************************************************************
localhost : ok=2 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
and the new file content is:
Setting a
Setting b
Setting c
Port 22
Port 34