Le lundi 22 juillet 2013 à 11:59 +0200, Pierre-Yves Chibon a écrit : > --- > playbooks/denyhosts.yml | 28 ++++++++++++++++++++++++++++ > 1 file changed, 28 insertions(+) > create mode 100644 playbooks/denyhosts.yml > > diff --git a/playbooks/denyhosts.yml b/playbooks/denyhosts.yml > new file mode 100644 > index 0000000..0aa44be > --- /dev/null > +++ b/playbooks/denyhosts.yml > @@ -0,0 +1,28 @@ > +# requires --extra-vars="target=somevhost ip=10.0.0.1" > + > +#General overview: > +# host provided via ``target`` argument on the CLI > +# IP provided via ``ip`` argument on the CLI > +# Log onto $target > +# remove $ip from /var/lib/denyhosts/* > +# remove $ip from /etc/hosts.deny > +# restart denyhosts > + > +# sop: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt > + > +- name: Unban an IP from denyhosts > + hosts: $target > + user: root > + serial: 1 > + > + tasks: > + - name: Remove IP from /var/lib/denyhosts/* > + action: command sed -si "/$ip/d" /var/lib/denyhosts/* > + notify: > + - restart denyhosts > + > + - name: Remove IP from /etc/hosts.deny > + action: command sed -si "/$ip/d" /etc/hosts.deny > + notify: > + - restart denyhosts > + I would suggest to be more stringent in the regexp/glob : sed -si "/^$ip$/d", or something like this. And since ip address use '.', that mean this should be escaped some way or have some rather unplanned consequence ( even if I cannot fina way that would bypass the ^$ proposition made earlier ) : $ cat e.txt 101.1.1.1 1.1.1.1 2.2.2.2 $ sed -s '/^1.1/d' e.txt 2.2.2.2 Even if this could be a feature to remove a whole range of ip in one go, but then I think this should be explicite in the documentation. ( and so, if the idea is to clean a ip range, then we would not be able to use $, and so we would have potential bug lurking due to usage of '.' ) On the other hand, that's just denyhosts, removing too much would not have much consequence. -- Michael Scherer _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
