Hi all,

Trying to add a line (or modify if existing) to "sshd_config" to lock down
who can SSH to the target server. On RHEL, there is no "AllowGroups" (or
"AllowUsers") line present in the as-shipped sshd_config file. In any case,
here is the play I wrote:

- name: RHELFAM | Restrict SSH on Docker hosts to specific group members
   lineinfile:
     - dest=/etc/ssh/sshd_config
     - state=present
     - regexp='^AllowGroups '
     - line='AllowGroups {{ ssh_allow_groups }}'
     - validate='/usr/sbin/sshd -t %s'
   when: ssh_allow_groups is defined
   notify:
     - reload sshd
   tags: limitsshusers

Then in roles/<rolename>/vars/main.yml:

---
ssh_allow_groups:
   - root
   - wheel


But when I run the playbook containing the play above, I'm getting the
error mssg:
ERROR: action specified for task RHELFAM | Restrict SSH on Docker hosts to
specific group members has invalid type <type 'list'>

What am I doing wrong?

Thanks,
Will

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d21c040a-6349-4a0c-800a-0da2205fd3ba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

  • Tomasz Kontusz at Nov 4, 2014 at 7:54 am
    You are passing a list to lineinfile, and you should either pass in a string or a dictionary:

       lineinfile: arg1=val1 foo=bar

    Or (IMHO better, as it has less problems with escaping):

       lineinfile:
         arg1: 'val1'
         foo='bar'

    Willard Dennis <willard.dennis@gmail.com> napisał:
    Hi all,

    Trying to add a line (or modify if existing) to "sshd_config" to lock
    down
    who can SSH to the target server. On RHEL, there is no "AllowGroups"
    (or
    "AllowUsers") line present in the as-shipped sshd_config file. In any
    case,
    here is the play I wrote:

    - name: RHELFAM | Restrict SSH on Docker hosts to specific group
    members
    lineinfile:
    - dest=/etc/ssh/sshd_config
    - state=present
    - regexp='^AllowGroups '
    - line='AllowGroups {{ ssh_allow_groups }}'
    - validate='/usr/sbin/sshd -t %s'
    when: ssh_allow_groups is defined
    notify:
    - reload sshd
    tags: limitsshusers

    Then in roles/<rolename>/vars/main.yml:

    ---
    ssh_allow_groups:
    - root
    - wheel


    But when I run the playbook containing the play above, I'm getting the
    error mssg:
    ERROR: action specified for task RHELFAM | Restrict SSH on Docker hosts
    to
    specific group members has invalid type <type 'list'>

    What am I doing wrong?

    Thanks,
    Will
    --
    Wysłane za pomocą K-9 Mail.

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1c882bbd-be06-49d5-b978-3004bd42c005%40email.android.com.
    For more options, visit https://groups.google.com/d/optout.
  • Tomasz Kontusz at Nov 4, 2014 at 7:57 am
    Argh, the second example should say "foo: bar" instead of foo=bar :-)

    Tomasz Kontusz <tomasz.kontusz@gmail.com> napisał:
    You are passing a list to lineinfile, and you should either pass in a
    string or a dictionary:

    lineinfile: arg1=val1 foo=bar

    Or (IMHO better, as it has less problems with escaping):

    lineinfile:
    arg1: 'val1'
    foo='bar'

    Willard Dennis <willard.dennis@gmail.com> napisał:
    Hi all,

    Trying to add a line (or modify if existing) to "sshd_config" to lock
    down
    who can SSH to the target server. On RHEL, there is no "AllowGroups"
    (or
    "AllowUsers") line present in the as-shipped sshd_config file. In any
    case,
    here is the play I wrote:

    - name: RHELFAM | Restrict SSH on Docker hosts to specific group
    members
    lineinfile:
    - dest=/etc/ssh/sshd_config
    - state=present
    - regexp='^AllowGroups '
    - line='AllowGroups {{ ssh_allow_groups }}'
    - validate='/usr/sbin/sshd -t %s'
    when: ssh_allow_groups is defined
    notify:
    - reload sshd
    tags: limitsshusers

    Then in roles/<rolename>/vars/main.yml:

    ---
    ssh_allow_groups:
    - root
    - wheel


    But when I run the playbook containing the play above, I'm getting the
    error mssg:
    ERROR: action specified for task RHELFAM | Restrict SSH on Docker hosts
    to
    specific group members has invalid type <type 'list'>

    What am I doing wrong?

    Thanks,
    Will
    --
    Wysłane za pomocą K-9 Mail.
    --
    Wysłane za pomocą K-9 Mail.

    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d53d45dc-b785-4351-b122-ff46f9194fcf%40email.android.com.
    For more options, visit https://groups.google.com/d/optout.
  • Willard Dennis at Nov 4, 2014 at 9:33 pm
    Thanks, Tomasz, for the explanation -- wasn't aware that the 'lineinfile'
    module couldn't accept list input.

    Now, my question is: how to take a YAML list (such as the groups list in my
    vars file), form a string of the format of "group1 group2", and use that in
    lineinfile?


    On Tuesday, November 4, 2014 2:54:07 AM UTC-5, Tomasz Kontusz wrote:


    You are passing a list to lineinfile, and you should either pass in a
    string or a dictionary:

    lineinfile: arg1=val1 foo=bar

    Or (IMHO better, as it has less problems with escaping):

    lineinfile:
    arg1: 'val1'
    foo='bar'

    Willard Dennis <willard...@gmail.com <javascript:>> napisał:
    Hi all,

    Trying to add a line (or modify if existing) to "sshd_config" to lock
    down
    who can SSH to the target server. On RHEL, there is no "AllowGroups"
    (or
    "AllowUsers") line present in the as-shipped sshd_config file. In any
    case,
    here is the play I wrote:

    - name: RHELFAM | Restrict SSH on Docker hosts to specific group
    members
    lineinfile:
    - dest=/etc/ssh/sshd_config
    - state=present
    - regexp='^AllowGroups '
    - line='AllowGroups {{ ssh_allow_groups }}'
    - validate='/usr/sbin/sshd -t %s'
    when: ssh_allow_groups is defined
    notify:
    - reload sshd
    tags: limitsshusers

    Then in roles/<rolename>/vars/main.yml:

    ---
    ssh_allow_groups:
    - root
    - wheel


    But when I run the playbook containing the play above, I'm getting the
    error mssg:
    ERROR: action specified for task RHELFAM | Restrict SSH on Docker hosts
    to
    specific group members has invalid type <type 'list'>

    What am I doing wrong?

    Thanks,
    Will
    --
    Wysłane za pomocą K-9 Mail.
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/0323e429-3de9-42bc-98d7-13115b457e8c%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.
  • Willard Dennis at Nov 4, 2014 at 11:05 pm
    OK, I found the answer (yay RTFM!) in
    http://docs.ansible.com/playbooks_variables.html#other-useful-filters

    Working play is:

    - name: RHELFAM | Restrict SSH on Docker hosts to specific group members
       lineinfile: dest=/etc/ssh/sshd_config
         state=present
         regexp='^AllowGroups'
         line='AllowGroups {{ ssh_allowed_groups | join(" ") }}'
         backup=yes
         validate='sshd -t -f %s'
       when: ssh_allowed_groups is defined
       notify:
         - restart sshd
       tags: limitsshusers



    Variable filters FTW!

    Thanks all,
    W.

    On Tuesday, November 4, 2014 4:33:37 PM UTC-5, Willard Dennis wrote:

    Thanks, Tomasz, for the explanation -- wasn't aware that the 'lineinfile'
    module couldn't accept list input.

    Now, my question is: how to take a YAML list (such as the groups list in
    my vars file), form a string of the format of "group1 group2", and use that
    in lineinfile?
    --
    You received this message because you are subscribed to the Google Groups "Ansible Project" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
    To post to this group, send email to ansible-project@googlegroups.com.
    To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5590ccb3-46c4-4603-b3c9-44deede32276%40googlegroups.com.
    For more options, visit https://groups.google.com/d/optout.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupansible-project @
postedNov 3, '14 at 6:55p
activeNov 4, '14 at 11:05p
posts5
users2

2 users in discussion

Willard Dennis: 3 posts Tomasz Kontusz: 2 posts

People

Translate

site design / logo © 2022 Grokbase