Update the denyhosts plugin to a newer syntax and bug fix it
This commit is contained in:
Pierre-Yves Chibon
parent
755e5e81ae
commit
f458aec69e
1 changed files with 23 additions and 17 deletions
|
|
@ -1,45 +1,51 @@
|
||||||
# requires --extra-vars="target=somevhost ip=10.0.0.1 test={True,False}"
|
# requires --extra-vars="target=somevhost ip=10.0.0.1 test={True,False}"
|
||||||
|
|
||||||
#General overview:
|
# General overview:
|
||||||
# host provided via ``target`` argument on the CLI
|
# host provided via ``target`` argument on the CLI
|
||||||
# IP provided via ``ip`` argument on the CLI
|
# IP provided via ``ip`` argument on the CLI
|
||||||
# test provided via ``test`` argument on the CLI
|
# test provided via ``test`` argument on the CLI
|
||||||
|
|
||||||
|
# Command:
|
||||||
|
# ansible-playbook .../playbook/denyhosts.yml --extra-vars="target=host ip=10.0.0.1 test=True"
|
||||||
|
|
||||||
# Log onto $target
|
# Log onto $target
|
||||||
# if test is True:
|
# if test is True:
|
||||||
# grep on /etc/hosts.deny for the provided $ip
|
# grep on /etc/hosts.deny for the provided {{ ip }}
|
||||||
# else:
|
# else:
|
||||||
# escape the '.' in the $ip
|
# escape the '.' in the {{ ip }}
|
||||||
# remove $ip from /var/lib/denyhosts/*
|
# remove {{ ip }} from /var/lib/denyhosts/*
|
||||||
# remove $ip from /etc/hosts.deny
|
# remove {{ ip }} from /etc/hosts.deny
|
||||||
# restart denyhosts
|
# restart denyhosts
|
||||||
|
|
||||||
# sop: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt
|
# sop: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt
|
||||||
|
|
||||||
- name: Unban an IP from denyhosts
|
- name: Unban an IP from denyhosts
|
||||||
hosts: $target
|
hosts: "{{ target }}"
|
||||||
user: root
|
user: root
|
||||||
gather_facts: False
|
gather_facts: False
|
||||||
|
|
||||||
|
vars:
|
||||||
|
- test: True
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Grep for the IP in the files
|
- name: Grep for the IP in the files
|
||||||
action: command grep $ip /etc/hosts.deny
|
action: command grep {{ ip }} /etc/hosts.deny
|
||||||
only_if: '$test or not is_set($test)'
|
when: not test
|
||||||
|
|
||||||
- name: Escape the '.' in the IP
|
- name: Escape the '.' in the IP
|
||||||
action: command ${$ip//\./\\.}
|
action: command "IP='{{ ip }}' && echo ${IP//\./\\.}"
|
||||||
register: ip
|
register: ip
|
||||||
only_if: '$test or not is_set($test)'
|
when: test
|
||||||
|
|
||||||
- name: Remove IP from /var/lib/denyhosts/*
|
- name: Remove IP from /var/lib/denyhosts/*
|
||||||
action: command sed -si "/^$ip$/d" /var/lib/denyhosts/*
|
action: command sed -si "/^{{ ip }}$/d" /var/lib/denyhosts/*
|
||||||
notify:
|
notify:
|
||||||
- restart denyhosts
|
- restart denyhosts
|
||||||
only_if: 'is_set($test) and $test == False'
|
when: test
|
||||||
|
|
||||||
- name: Remove IP from /etc/hosts.deny
|
- name: Remove IP from /etc/hosts.deny
|
||||||
action: command sed -si "/^$ip$/d" /etc/hosts.deny
|
action: command sed -si "/^{{ ip }}$/d" /etc/hosts.deny
|
||||||
notify:
|
notify:
|
||||||
- restart denyhosts
|
- restart denyhosts
|
||||||
only_if: 'is_set($test) and $test == False'
|
when: test
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue