我正在创建一个 ansible rolke,用于按照文档在服务器上配置 ssh 安全性。这是我的 YAML 配置文件:
---
- name: Enable SSH security
hosts: webservers
tasks:
- name: Ensure SSH is installed
apt:
name: openssh-server
state: present
- name: Configure SSH to disable password authentication
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PasswordAuthentication'
line: 'PasswordAuthentication no'
notify: Restart SSH
- name: Ensure public key authentication is enabled
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PubkeyAuthentication'
line: 'PubkeyAuthentication yes'
notify: Restart SSH
- name: Disable root SSH access
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?PermitRootLogin'
line: 'PermitRootLogin no'
notify: Restart SSH
handlers:
- name: Restart SSH
service:
name: ssh
state: restarted
它看起来正确且格式良好,但是当我运行剧本时,出现此错误:
SSH password:
BECOME password[defaults to SSH password]:
ERROR! conflicting action statements: hosts, tasks
The error appears to be in '/<full path>/Hetzner/roles/ssh_security/tasks/main.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- name: Enable SSH security
^ here
Pycharm IDE yaml 解析器未提示此错误。此配置可能存在什么问题?
最佳答案
1
您混淆了剧本和角色语法。您在角色任务中使用了剧本结构。
使用此主要剧本:
---
- hosts: webservers
roles:
- ssh_security
就像/<full path>/Hetzner/roles/ssh_security/tasks/main.yml
这样:
- name: Ensure SSH is installed
apt:
name: openssh-server
state: present
[...]
将处理程序置于/<full path>/Hetzner/roles/ssh_security/handlers/main.yml
2
-
非常感谢@henrik!但我的处理程序代码中仍然出现错误:
ERROR! The handlers/main.yml file for role 'ssh_security' must contain a list of tasks. {'handlers': [{'name': 'Restart SSH', 'service': {'name': 'ssh', 'state': 'restarted'}}]} should be a list or None but is <class 'ansible.parsing.yaml.objects.AnsibleMapping'>
– -
发现错误。现在一切正常!
–
|
|