Nesting multiple with_items?

[John Oliver]

So, I want to add two lines to each of two files.  Looking to see if lineinfile could add multiple lines, I found a post that seemed to indicate it could not.

1) Is it possible to make lineinfile add multiple lines?

2) If not, is there a way to do something like:

  - name: Lock accounts after 3 unsuccessful logon attempts

    lineinfile: dest=/etc/pam.d/{{item1}}-auth-ac

                regexp='^auth\ [default=die]\ pam_faillock\.so\ authfail\ deny=3\ unlock_time=604800\ fail_interval=900'

                insertafter='^auth.*pam_unix\.so.*'                line='$item2'

    with_items2:

    - 'auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900'

    - 'auth required pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900'

    with_items1:

      - system

      - password

[Michael DeHaan]

Look up "with_nested" for this one.

However ansible is not going to like you adding key=value arguments in recent versions that way.  I'd try passing a hash of values instead.

Also seems the $item2 might be from a very old ansible version and you mean "{{item2}}"

Any any case, with_nested should hook you up and let us know if you need more info!

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/55b1d9fd-a695-4333-af7f-55062d073d3f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[John Oliver]

Thanks.

I'm not quite sure what you mean by "pass a has of values"... I'm envisioning an md5 or aha checksum, and scratching my head :-)

And I think that '$item2' came from some example I dug up on the Internet.

I wound up with:

    lineinfile: dest=/etc/pam.d/{{ item[0] }}-auth-ac

                regexp='^auth\ [default=die]\ pam_faillock\.so\ authfail\ deny=3\ unlock_time=604800\ fail_interval=900'

                insertafter='^auth.*pam_unix\.so.*'

                line={{ line[1] }}

    with_nested:

      - [ 'system' 'password' ]

      - [ 'auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900' 'auth required pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900' ]

but have little confidence because of your remark :-)  I'll have to stand up another VM to test this set of recipes.

[Michael DeHaan]

Sorry I was wrong about the key=value stuff as that's all for your config file, ignore that part.

I would however, change this, which isn't valid syntax on the first term at least to:

with_nested:

      - [ 'system' 'password' ]

      - [ 'auth [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900' 'auth required pam_faillock.so authsucc deny=3 unlock_time=604800 

with_nested:

     - listone

     - listtwo

to make it a little cleaner, then up in vars, structure like so:

vars:

   listone:

       - system

       - password

   listtwo:

       - 'really long options string one'

       - 'really long options string two'

And in the task:

{{ item.1 }} and {{ item.2 }} are your variables.

It may also be cleaner to just have two tasks unless you want both settings in both files.  I'm not sure.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f2f6cdec-38a7-481a-9128-dc29a98cc8d9%40googlegroups.com.