tech:ansible_add_mount_option_for_hardening_-_loop_on_ansible_mounts
Ansible add mount option for hardening - loop on ansible mounts
- name: add nodev mount option for all LVM mounts exept root part mount: name: '{{ item.mount }}' src: '{{ item.device }}' # UUID not needed when LVM state: mounted fstype: '{{ item.fstype }}' opts: "{{ item.options |regex_replace(',nodev','') }},nodev" # Fix duplicate when: item.options.find("nodev") != -1 and item.device.find("mapper") != -1 and not item.mount in [ "/" ] with_items: '{{ ansible_mounts }}' - name: add nodev mount option for all non-LVM mounts exept root part mount: name: '{{ item.mount }}' src: 'UUID={{ item.uuid }}' state: mounted fstype: '{{ item.fstype }}' opts: "{{ item.options |regex_replace(',nodev','') }},nodev" # Fix duplicate when: item.options.find("nodev") != -1 and item.device.find("mapper") == -1 and not item.mount in [ "/" ] with_items: '{{ ansible_mounts }}'
ou encore mieux
- name: add nodev mount option for all except root part mount: name: '{{ item.mount }}' # Pour les partitions non LVM, on utilise UUID, sinon on prend le device src: "{{ 'UUID=%s' % item.uuid if item.device.find('mapper') == -1 else item.device }}" state: present fstype: '{{ item.fstype }}' opts: "{{ item.options |regex_replace(',nodev','') }},nodev" # Fix duplicate when: item.options is not search("nodev") and not item.mount in [ "/", "/var/tmp" ] with_items: '{{ ansible_mounts }}' register: nodev_mounts
tech/ansible_add_mount_option_for_hardening_-_loop_on_ansible_mounts.txt · Dernière modification : de 127.0.0.1