lineinfile tasks adds line when exists

95 views
Skip to first unread message

Robert Margeson

unread,
Jul 21, 2016, 2:39:16 PM7/21/16
to Ansible Project
I wrote a playbook to make a config edit in /etc/postgreql/95/main/pg_hba.conf.

Basically, it's to search for an existing string and replace it. 

Trouble is, when the playbook is ran for a second time, it adds the line as if it didn't exist.

Thoughts?

- name: postgres | Allow MD5 authentication
  lineinfile: >
    dest=/etc/postgresql/9.5/main/pg_hba.conf
    regexp="local\s+all\s+all\s+peer"
    line="local {{database.name}} {{database.user}} md5"
    backup=yes
    state=present
    insertafter=yes


----pg_hba.conf before running playbook
# Database administrative login by Unix domain socket
local   all             postgres                                peer

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local             all               all                   peer <---- to be changed
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            md5
#host    replication     postgres        ::1/128                 md5
--------------------------------------------------------------------------------------------

----pg_hba.conf after running playbook once
# Database administrative login by Unix domain socket

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local             sandbar               sandbar                   peer <----------Good
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            md5
#host    replication     postgres        ::1/128                 md5
--------------------------------------------------------------------------------------------

----pg_hba.conf after running playbook twice
# "local" is for Unix domain socket connections only
local             sandbar               sandbar                   peer <----------Good
# IPv4 local connections:
host    all             all             127.0.0.1/32            md5
# IPv6 local connections:
host    all             all             ::1/128                 md5
# Allow replication connections from localhost, by a user with the
# replication privilege.
#local   replication     postgres                                peer
#host    replication     postgres        127.0.0.1/32            md5
#host    replication     postgres        ::1/128                 md5
local             sandbar               sandbar                   peer <----------Duplicate
--------------------------------------------------------------------------------------------




Kai Stian Olstad

unread,
Jul 21, 2016, 2:47:32 PM7/21/16
to ansible...@googlegroups.com
On 21. juli 2016 20:30, Robert Margeson wrote:
> I wrote a playbook to make a config edit in
> /etc/postgreql/95/main/pg_hba.conf.
>
> Basically, it's to search for an existing string and replace it.
>
> Trouble is, when the playbook is ran for a second time, it adds the line as
> if it didn't exist.
>
> Thoughts?

https://github.com/ansible/ansible-modules-core/issues/3975

--
Kai Stian Olstad

Joanna Delaporte

unread,
Jul 21, 2016, 3:12:14 PM7/21/16
to Ansible Project
Hi Robert, 

To replace an existing line, you will want to use backrefs. Otherwise, I believe the default behavior is to insert the line after EOF or the last match of a specified regexp. Insertafter and backrefs are exclusive of each other, since the line will be added after, or replace an existing line, depending which you use.


So, maybe this would work (add backrefs and remove insertafter):
- name: postgres | Allow MD5 authentication
  lineinfile: >
    dest=/etc/postgresql/9.5/main/pg_hba.conf
    regexp="local\s+all\s+all\s+peer"
    line="local {{database.name}} {{database.user}} md5"
    backup=yes
    backrefs=yes
    state=present

The trick now is that you have duplicates in your files, and I don't yet have a great way to clean those up. Maybe a task with state=absent and then a task to add it back. I'm not entirely sure whether state=absent removes all matches, or just the last match, since I don't use it much and it's not documented. 

Also, backrefs doesn't work with create=yes. I discovered that unfortunate fact recently.

Joanna
Reply all
Reply to author
Forward
0 new messages