lineinfile: replacing line instead of appending the line

[David McPherson]

I am attempting to add a group to the sudoers file after the line 

%wheel ALL=(ALL) ALL

example

## Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

doman\\vm_admins  ALL-(ALL) ALL

-     name: add vm_admins to sudoers

      lineinfile:

        path: /etc/sudoers

        regexp: "^%wheel"

        insertafter: "^%wheel"

        line: '{{realm_name.realm}}\\vm_admins ALL=(ALL) ALL'

        backup: yes

The result is that ansible is replacing the line with the new line instead of adding it after.

example

## Allows people in group wheel to run all commands

doman\\vm_admins  ALL-(ALL) ALL

Any help would be appreciated.

Thanks,

Dave

[Angel Rengifo Cancino]

Hi:

On Thu, Jun 20, 2019 at 1:37 PM David McPherson <dave...@gmail.com> wrote:

I am attempting to add a group to the sudoers file after the line 

%wheel ALL=(ALL) ALL

example

## Allows people in group wheel to run all commands

%wheel ALL=(ALL) ALL

doman\\vm_admins  ALL-(ALL) ALL

-     name: add vm_admins to sudoers

      lineinfile:

        path: /etc/sudoers

        regexp: "^%wheel"

        insertafter: "^%wheel"

        line: '{{realm_name.realm}}\\vm_admins ALL=(ALL) ALL'

        backup: yes

I haven't used "inserafter" option before, but according to documentation:

https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html

"... If regular expressions are passed to both regexp and insertafter, insertafter is only honored if no match for regexp is found."

It seems that when regexp and inserafter use regular expressions, inserafter will work only if regexp didn't match:

What if you try to comment the regexp option and use only inserafter?

The result is that ansible is replacing the line with the new line instead of adding it after.

example

## Allows people in group wheel to run all commands

doman\\vm_admins  ALL-(ALL) ALL

Any help would be appreciated.

Thanks,

Dave

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/9839c2a2-9bcb-456f-9e9f-20532bac0c6a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David McPherson]

I commented out the regex line but got the same result.  the line was added to the end of the file.

Dave

[Matt Martz]

In my opinion, lineinfile should rarely be used, except in special cases where it is the only option.

At the point in time, most linux distros support an /etc/sudoers.d directory, which can contain individual files for all added sudoers rules.

Use the copy or template module to drop a file in that directory.

Barring that, I'd recommend, templating out the whole /etc/sudoers file, instead of trying to manipulate individual lines within it.

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/68b7f7e6-3bb4-4bf8-b81a-0070ae7c7d96%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Matt Martz
@sivel
sivel.net

[Angel Rengifo Cancino]

On Thu, Jun 20, 2019 at 2:41 PM Matt Martz <ma...@sivel.net> wrote:

In my opinion, lineinfile should rarely be used, except in special cases where it is the only option.

I agree

At the point in time, most linux distros support an /etc/sudoers.d directory, which can contain individual files for all added sudoers rules.

Use the copy or template module to drop a file in that directory.

Barring that, I'd recommend, templating out the whole /etc/sudoers file, instead of trying to manipulate individual lines within it.

Here's a good post about sudo configuration with ansible and jinja2:

https://www.reddit.com/r/ansible/comments/5xzj8b/how_to_modify_sudoers_file_with_ansible/

Hope it helps

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v_4mq3kBBNnsjbABN%3Di79eeJeMVDt9ss%2BzE1KhHbCSZZA%40mail.gmail.com.