Help with Idempotent lineinfile regex
798 views
Skip to first unread message
Antonio Marin
Apr 5, 2014, 10:02:59 AM4/5/14
to ansible...@googlegroups.com
Hello,
I'm trying to create a lineinfile task to append a word in a line, when it's not present, like the following:
# The line should start with AllowGroups
# Follows an unknown length sequence of "\s\w+"
# It's possible to find groupN within the previous sequence, in which case the task should return ok
# If groupN is not present, the result will be AllowGroups, followed by the existing sequence, followed by " groupN"
- name: Add group to ssh allowed
lineinfile: backrefs=yes
dest=/etc/ssh/sshd_config
regex='^AllowGroups(.*)(?! groupN)(.*)'
line='AllowGroups\\1\\3 groupN'
state=present
I have tried several approaches but none have been successful.
I would appreciate any light to achieve it.
BR,
Tony
Paul Durivage
Apr 6, 2014, 11:24:39 AM4/6/14
to ansible...@googlegroups.com
A better, more reliable approach would be to create a template sshd_config file (or just a regular, non-templated file) that is placed on nodes via the copy or template module.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/653946f2-5e63-48b7-9522-a28162241c97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/653946f2-5e63-48b7-9522-a28162241c97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Tony Marin
Apr 6, 2014, 2:33:58 PM4/6/14
to ansible...@googlegroups.com
It's not an option as the current file has previously templated with
some common configuration. It's a role who has to add the group to
the line if the host includes it.
Br
Br
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK6JQEGN8mrLPvYFqhNLKcx1rNx_rodrFXYoPNbe58O5nL7BJQ%40mail.gmail.com.
Magnus boden
Jan 20, 2015, 5:44:13 PM1/20/15
to ansible...@googlegroups.com, ama...@swissms.ch
Hello,
After a lot of fiddling around I found a way to do it, I was also after a way to handle AllowGroups in sshd_config also that it shouldn't remove other groups in the line just make sure to add the new ones.
The first one registers the current AllowGroups in a variable which is used by the later tasks.
The second one adds the AllowGroups line if it doesn't exist at all (the regexp line will never do that)
The last line adds all the groups in the with_items: [ 'root', 'admins' ] array.
Hope someone can save a few hours work figuring this out.
I only joined here to give you the answer, If you have any questions email me at magnus(at)boden.cx
Regards
Magnus
# Ansible complains if grep fails so match something that is always there too
- name: SSH groups
shell: 'cat /etc/ssh/sshd_config | egrep "(Port|AllowGroups)"'
register: ssh_groups
# Add line if it doesnt exists groups will be filled in below
- name: SSH configure AllowGroups
lineinfile: dest=/etc/ssh/sshd_config line="AllowGroups"
when: ssh_groups.stdout is defined and ssh_groups.stdout.find("AllowGroups") == -1
notify:
- restart ssh
- name: SSH configure AllowGroups
lineinfile: dest=/etc/ssh/sshd_config regexp="^\s*AllowGroups\s+(.*)$" line="AllowGroups {{ item }} \1" backrefs=yes
when: ssh_groups.stdout is defined and ssh_groups.stdout.find("{{ item }}") == -1
with_items: [ 'root', 'admins' ]
notify:
- restart ssh
After a lot of fiddling around I found a way to do it, I was also after a way to handle AllowGroups in sshd_config also that it shouldn't remove other groups in the line just make sure to add the new ones.
The first one registers the current AllowGroups in a variable which is used by the later tasks.
The second one adds the AllowGroups line if it doesn't exist at all (the regexp line will never do that)
The last line adds all the groups in the with_items: [ 'root', 'admins' ] array.
Hope someone can save a few hours work figuring this out.
I only joined here to give you the answer, If you have any questions email me at magnus(at)boden.cx
Regards
Magnus
# Ansible complains if grep fails so match something that is always there too
- name: SSH groups
shell: 'cat /etc/ssh/sshd_config | egrep "(Port|AllowGroups)"'
register: ssh_groups
# Add line if it doesnt exists groups will be filled in below
- name: SSH configure AllowGroups
lineinfile: dest=/etc/ssh/sshd_config line="AllowGroups"
when: ssh_groups.stdout is defined and ssh_groups.stdout.find("AllowGroups") == -1
notify:
- restart ssh
- name: SSH configure AllowGroups
lineinfile: dest=/etc/ssh/sshd_config regexp="^\s*AllowGroups\s+(.*)$" line="AllowGroups {{ item }} \1" backrefs=yes
when: ssh_groups.stdout is defined and ssh_groups.stdout.find("{{ item }}") == -1
with_items: [ 'root', 'admins' ]
notify:
- restart ssh
Mark Janssen
Jan 27, 2015, 4:51:19 AM1/27/15
to ansible...@googlegroups.com, ama...@swissms.ch
In this specific case, you can just add additional 'AllowGroups' lines in the ssh config. Just something I ran into last week as well...
All the different AllowGroups (and AllowUsers, DenyGroups, DenyUsers) lines are appended, so there is no need to add entries to an existing line.
I just have a template now, with some conditionals based on what roles/groups a server is in.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9605fd79-3f55-4870-9408-b9a8dd1566b2%40googlegroups.com.
Mark Janssen -- maniac(at)maniac.nl
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com
Unix / Linux Open-Source and Internet Consultant
Maniac.nl Sig-IO.nl Vps.Stoned-IT.com
Reply all
Reply to author
Forward
0 new messages