However, managing the configuration files across multiple systems can be daunting and repetitive. One of the best ways to manage and automate this process is using the Ansible blockinfile module.
The Ansible blockinfile module allows us to insert, update, or move the blocks of lines within a given file. Whether you want to add a new configuration line or ensure that a configuration line is available in the target file, the blockinfile is an excellent tool.
In this tutorial, we will explore this module, its syntax and available parameters, and finally cover some basic examples on how to use them.
By the end of this post, you will gain a deeper appreciation of Ansible and the blockinfile module. You will also have a very efficient way of managing the system configuration files.
Requirements:
This post assumes that you have the following requirements:
- An Ansible controller with the inventory to your target host already configured
- A basic understanding of Ansible and YAML files
- Appropriate permissions to edit the configuration files on the target machines
Ansible Blockinfile Module
The following demonstrates the basic syntax of the blockinfile module in Ansible:
ansible.builtin.blockinfile:
path: /path/to/file
block: |
line1
line2
...
The following are some of the most important parameters when working with the blockinfile module:
Path – It specifies the path to the file that you wish to modify.
Block – This defines the text that you wish to insert; check if present or remove from the file.
Marker – The marker parameter is a line template that is used to mark the beginning and ending of the block. The default is # {mark} ANSIBLE MANAGED BLOCK.
insertBefore and insertAfter – These parameter defines where the blocks should be inserted relative to a particular line. This is very useful when the order of the operation matters.
Create – If set to true, Ansible creates the file if it does not exist. By default, the value is set to no.
Backup – This parameter tells Ansible to back up the file before making any changes. The default value is set to no.
State – This can be present or absent. This determines if the block is inserted or removed from the file. The default value is set to present.
Validate – This parameter provides a validation command to run before saving changes to the file.
You need to know the provided essential parameters when working with the blockinfile module. You can check the other parameters in the official documentation.
Example 1: Ensuring a File Has a Specified Block
Suppose we wish to ensure that the /etc/network/interfaces file has a specific block for eth0:
We can create an Ansible playbook as follows:
- hosts: all
tasks:
- name: Ensure eth0 configuration is present
ansible.builtin.blockinfile:
path: /etc/network/interfaces
block: |
iface eth0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
become: yes
In this case, we use the blockinfile module to ensure that the /etc/network/interfaces file contains the entry for eth0 as specified in the previous example.
NOTE: Ensure that the target file exists on your remote hosts. Otherwise, the playbook will fail with a “file path does not exist” error.
Example 2: Inserting a Line Block Before a Specific Line
We can also use the blockinfile to insert a text block before a given line in the target file. Consider the playbook example that demonstrates how to do this:
- hosts: all
tasks:
- name: Insert SSH settings before Match Address line
ansible.builtin.blockinfile:
path: /etc/ssh/sshd_config
block: |
AllowUsers ansible
PasswordAuthentication yes
insertbefore: '^Match Address'
In this example, the playbook should insert the blocks before the “Match Address” line in the /etc/ssh/sshd_config file.
Example 3: Removing a Block
We can also remove a given block from a file using the “state: absent” parameter. An example demonstration is as follows:
- hosts: all
tasks:
- name: Remove Old Config
ansible.builtin.blockinfile:
path: /etc/ssh/sshd_config
block: |
PasswordAuthentication yes
state: absent
This ensures that Ansible removes the “PasswordAuthentication yes” line from the sshd_config file.
Example 4: Using Custom Markers
We can also use custom markers to demarcate a file as demonstrated in the following example configuration:
- hosts: all
tasks:
- name: Insert block with custom markers
ansible.builtin.blockinfile:
path: /opt/configs/sample_config
block: |
custom_config_line1
custom_config_line2
marker: "### {mark} CUSTOM MARKER ###"
In this case, the block contains two lines (custom_config_line1 and custom_config_line2).
Custom markers demarcate the start and end of the block: ### BEGIN CUSTOM MARKER ### and ### END CUSTOM MARKER ###.
Example 5: Create a File If It Is Absent
To insert a block into a file and create the file if it doesn’t exist, we can use the “create” parameter as follows:
- hosts: all
tasks:
- name: Insert block and create file if absent
ansible.builtin.blockinfile:
path: /etc/config_new
block: |
config
another_config
create: yes
This should insert the defined blocks into the /etc/config_new file. Ansible creates the file on the remote hosts before adding the defined configuration if the file does not exist.
Example 6: With Validation
We can also specify a command that allows us to validate a given configuration. An example is as follows:
- hosts: all
tasks:
- name: Insert block and validate changes
ansible.builtin.blockinfile:
path: /etc/sshd_config
block: |
AllowUsers ansible
validate: '/usr/sbin/sshd -t -f %s'
This should modify the /etc/sshd_config file and ensure that the configuration is valid using the sshd -t -f %s command.
Conclusion
As demonstrated in this post, the Ansible blockinfile module is a potent tool for managing the configuration files that require multi-editing. Using this module, you can automatically add, update, or remove the configuration blocks and validate the necessary changes.
