lineinfile, insert, and idempotency
147 views
Skip to first unread message
John Oliver
Nov 21, 2014, 12:10:27 PM11/21/14
to ansible...@googlegroups.com
I have several lineinfile statements to insert iptables rules into /etc/sysconfig/iptables I'm using positional like insertbefore to get them in the order I want, and it works just fine on the first run. But subsequent runs are not idempotent... if I insert B before Y, and then C before Y, and then D before Y; then run the playbook over, it seems to see that the line before Y is D, and adds B again, then C, then D.
Is there a way to use positional but tell ansible that if it sees a line matching a regexp anywhere in the file to not execute?
Or is there another module that might be more appropriate for this? I mean, I could use a shell directive to check the config file or output of iptables for a line matching a regexp, and if no match then insert my line, and then iptables-save, but that just isn't as neat as using the lineinfile module :-)
Brian Coca
Nov 21, 2014, 12:14:21 PM11/21/14
to ansible...@googlegroups.com
I would recommend switching to the the template module and managing
the whole file with it.
--
Brian Coca
the whole file with it.
--
Brian Coca
John Oliver
Nov 21, 2014, 12:46:59 PM11/21/14
to ansible...@googlegroups.com
Problem with that is uncertainty over what the file might initially contain. And because different roles might be assigned to different hosts, therefore the files might be similar, but not the same, on all... rules inserted in the 'common' role would be there for all, but only the http server would allow 80 and 443, the postgres module would allow access to 5432, etc.
Brian Coca
Nov 21, 2014, 1:04:24 PM11/21/14
to ansible...@googlegroups.com
you can manage all that with the template module
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9531a5d5-be40-4f3f-a510-83c43fc2ff2f%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/9531a5d5-be40-4f3f-a510-83c43fc2ff2f%40googlegroups.com.
>
> For more options, visit https://groups.google.com/d/optout.
--
Brian Coca
John Oliver
Nov 24, 2014, 5:55:18 PM11/24/14
to ansible...@googlegroups.com
Erm, how? It seems to me that template is the exact opposite of what I want to do. A template is for when the vast majority of a file is known beforehand and you want to insert variables into boilerplate.
Tomasz Kontusz
Nov 25, 2014, 2:02:36 AM11/25/14
to ansible...@googlegroups.com
If all parts of the file come from Ansible, you can make roles store facts on the target, and then use template to render those facts.
If you can't do that, maybe that config supports some kind of conf.d include? Then you'd only manage the include line with lineinfile.
If you can't do that, maybe that config supports some kind of conf.d include? Then you'd only manage the include line with lineinfile.
John Oliver <jno...@gmail.com> napisał:
Erm, how? It seems to me that template is the exact opposite of what I want to do. A template is for when the vast majority of a file is known beforehand and you want to insert variables into boilerplate.
On Friday, November 21, 2014 10:04:24 AM UTC-8, Brian Coca wrote:you can manage all that with the template module
--
Wysłane za pomocą K-9 Mail.
Reply all
Reply to author
Forward
0 new messages