[ansible-project] Re: with_nested failing, not sure why

[Mike Ray]

I can't say as I'm familiar with the nested construction, but at least part 
of the problem is given to you:

*msg: this module requires key=value arguments* 
(['dest=/etc/pam.d/system-auth-ac', 'regexp=^auth.*pam_faillock\\.so\\ 
auth.*\\ deny=3\\ unlock_time=604800\\ fail_interval=900', 
'insertafter=^auth.*pam_unix\\.so.*', 'line=auth', '[default=die]', 
'pam_faillock.so', 'authfail', 'deny=3', 'unlock_time=604800', 
'fail_interval=900'])

The module is splitting your input on the spaces, which is what the 
information in the parenthesis state. So you end up with 
'dest=/etc/pam.d/system-auth-ac' and then a whole bunch of other junk.

I can't recall for sure, but using double-quotes may resolve this (e.g. 
"this is your input now").

On Monday, August 4, 2014 11:18:28 AM UTC-5, John Oliver wrote:
>
> This task:
>
>   - name: Lock accounts after 3 unsuccessful logon attempts
>     lineinfile: dest=/etc/pam.d/{{ item[0] }}-auth-ac
>                 regexp='^auth.*pam_faillock\.so\ auth.*\ deny=3\ 
> unlock_time=604800\ fail_interval=900'
>                 insertafter='^auth.*pam_unix\.so.*'
>                 line={{ item[1] }}
>     with_nested:
>       - [ 'system', 'password' ]
>       - [ 'auth [default=die] pam_faillock.so authfail deny=3 
> unlock_time=604800 fail_interval=900', 'auth required pam_faillock.so 
> authsucc deny=3 unlock_time=604800 fail_interval=900' ]
>
> gives me:
>
> TASK: [Lock accounts after 3 unsuccessful logon attempts] 
> ********************* 
> failed: [jedisbuild] => (item=['system', 'auth [default=die] 
> pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900']) => 
> {"failed": true, "item": ["system", "auth [default=die] pam_faillock.so 
> authfail deny=3 unlock_time=604800 fail_interval=900"]}
> msg: this module requires key=value arguments 
> (['dest=/etc/pam.d/system-auth-ac', 'regexp=^auth.*pam_faillock\\.so\\ 
> auth.*\\ deny=3\\ unlock_time=604800\\ fail_interval=900', 
> 'insertafter=^auth.*pam_unix\\.so.*', 'line=auth', '[default=die]', 
> 'pam_faillock.so', 'authfail', 'deny=3', 'unlock_time=604800', 
> 'fail_interval=900'])
> failed: [jedisbuild] => (item=['system', 'auth required pam_faillock.so 
> authsucc deny=3 unlock_time=604800 fail_interval=900']) => {"failed": true, 
> "item": ["system", "auth required pam_faillock.so authsucc deny=3 
> unlock_time=604800 fail_interval=900"]}
> msg: this module requires key=value arguments 
> (['dest=/etc/pam.d/system-auth-ac', 'regexp=^auth.*pam_faillock\\.so\\ 
> auth.*\\ deny=3\\ unlock_time=604800\\ fail_interval=900', 
> 'insertafter=^auth.*pam_unix\\.so.*', 'line=auth', 'required', 
> 'pam_faillock.so', 'authsucc', 'deny=3', 'unlock_time=604800', 
> 'fail_interval=900'])
> failed: [jedisbuild] => (item=['password', 'auth [default=die] 
> pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900']) => 
> {"failed": true, "item": ["password", "auth [default=die] pam_faillock.so 
> authfail deny=3 unlock_time=604800 fail_interval=900"]}
> msg: this module requires key=value arguments 
> (['dest=/etc/pam.d/password-auth-ac', 'regexp=^auth.*pam_faillock\\.so\\ 
> auth.*\\ deny=3\\ unlock_time=604800\\ fail_interval=900', 
> 'insertafter=^auth.*pam_unix\\.so.*', 'line=auth', '[default=die]', 
> 'pam_faillock.so', 'authfail', 'deny=3', 'unlock_time=604800', 
> 'fail_interval=900'])
> failed: [jedisbuild] => (item=['password', 'auth required pam_faillock.so 
> authsucc deny=3 unlock_time=604800 fail_interval=900']) => {"failed": true, 
> "item": ["password", "auth required pam_faillock.so authsucc deny=3 
> unlock_time=604800 fail_interval=900"]}
> msg: this module requires key=value arguments 
> (['dest=/etc/pam.d/password-auth-ac', 'regexp=^auth.*pam_faillock\\.so\\ 
> auth.*\\ deny=3\\ unlock_time=604800\\ fail_interval=900', 
> 'insertafter=^auth.*pam_unix\\.so.*', 'line=auth', 'required', 
> 'pam_faillock.so', 'authsucc', 'deny=3', 'unlock_time=604800', 
> 'fail_interval=900'])
>
>
> Target files:
>
> [joliver@build ~]$ sudo cat /etc/pam.d/system-auth-ac 
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_fprintd.so
> auth        sufficient    pam_unix.so  try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        sufficient    pam_krb5.so use_first_pass
> auth        required      pam_deny.so
>
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
> account     required      pam_permit.so
>
> password    requisite     pam_cracklib.so try_first_pass retry=3 type=
> password    sufficient    pam_unix.so sha512 shadow  try_first_pass 
> use_authtok
> password    sufficient    pam_krb5.so use_authtok
> password    required      pam_deny.so
>
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond 
> quiet use_uid
> session     required      pam_unix.so
> session     optional      pam_krb5.so
> [joliver@build ~]$ sudo cat /etc/pam.d/password-auth-ac 
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth        required      pam_env.so
> auth        sufficient    pam_unix.so nullok try_first_pass
> auth        requisite     pam_succeed_if.so uid >= 500 quiet
> auth        sufficient    pam_krb5.so use_first_pass
> auth        required      pam_deny.so
>
> account     required      pam_unix.so broken_shadow
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
> account     required      pam_permit.so
>
> password    requisite     pam_cracklib.so try_first_pass retry=3 type=
> password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass 
> use_authtok
> password    sufficient    pam_krb5.so use_authtok
> password    required      pam_deny.so
>
> session     optional      pam_keyinit.so revoke
> session     required      pam_limits.so
> session     [success=1 default=ignore] pam_succeed_if.so service in crond 
> quiet use_uid
> session     required      pam_unix.so
> session     optional      pam_krb5.so
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/834510e9-5862-43b8-91a1-2b7a0efadc52%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.