Ansible-lineinfile行替换

今天做了一个SSH的禁止密码登录Linux。需要替换/etc/ssh/sshd_config 中 PasswordAuthentication no并且重启SSHD
，一共是500台clound Host,我使用Ansible-Playbook

剧本如下

- hosts: cloundHost #群组
  remote_user: root #执行ansible-playbook用户
  gather_facts: no #不响应setup 默认：yes
  tasks:
    - name: uncomment keyAuthentication #注释掉用密钥登录，系统默认可以使用密钥登录
        lineinfile:
          dest: /etc/ssh/sshd_config #更改的配置文件
          backrefs: yes #regexp:匹配则替换成line:  不匹配则添加
          regexp: '^PubkeyAuthentication' #寻找以PubkeyAuthentication开头
          line: '#PubkeyAuthentication' #将regexp：匹配到的行替换成这个
          state: present #状态是当前
    - name: no password login #修改禁止密码登录
        lineinfile:
          dest: /etc/ssh/sshd_config
          backrefs: no
          regexp: '^PasswordAuthentication'
          line: 'PasswordAuthentication no'
          state: present
    - name: Restart service sshd #重启sshd
        service:
          name: sshd
          state: restarted

附加：怎么用

ansible -i hosts chang_sshd_config.yml 
#-i 指定inventory 即存放主机ip的文件

异步多台主机统一执行

Ansible默认config文件/etc/ansible/ansible.cfg

#inventory      = /etc/ansible/hosts
#library        = /usr/share/my_modules/
#module_utils   = /usr/share/my_module_utils/
#remote_tmp     = ~/.ansible/tmp
#local_tmp      = ~/.ansible/tmp
#plugin_filters_cfg = /etc/ansible/plugin_filters.yml
forks          = 10 ##默认是 forks = 5
#poll_interval  = 15
#sudo_user      = root
#ask_sudo_pass = True
#ask_pass      = True
#transport      = smart
#remote_port    = 22
#module_lang    = C
#module_set_locale = False

将forks = 5替换成forks = 10目的是为了将同步运行速度提升1倍，即同一时间在10台主机上面执行playbook。缩短了一半的时间

文章使用的ansible版本

ansible 2.5.1
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.15+ (default, Nov 27 2018, 23:36:35) [GCC 7.3.0]