For starters, ansible --version ?
On Mon, Aug 4, 2014 at 12:30 PM, Mike Ray <[email protected]> wrote: > I can't say as I'm familiar with the nested construction, but at least > part of the problem is given to you: > > > *msg: this module requires key=value arguments* > (['dest=/etc/pam.d/system-auth-ac', > 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\ unlock_time=604800\\ > fail_interval=900', 'insertafter=^auth.*pam_unix\\.so.*', 'line=auth', > '[default=die]', 'pam_faillock.so', 'authfail', 'deny=3', > 'unlock_time=604800', 'fail_interval=900']) > > The module is splitting your input on the spaces, which is what the > information in the parenthesis state. So you end up with > 'dest=/etc/pam.d/system-auth-ac' and then a whole bunch of other junk. > > I can't recall for sure, but using double-quotes may resolve this (e.g. > "this is your input now"). > > > On Monday, August 4, 2014 11:18:28 AM UTC-5, John Oliver wrote: >> >> This task: >> >> - name: Lock accounts after 3 unsuccessful logon attempts >> lineinfile: dest=/etc/pam.d/{{ item[0] }}-auth-ac >> regexp='^auth.*pam_faillock\.so\ auth.*\ deny=3\ >> unlock_time=604800\ fail_interval=900' >> insertafter='^auth.*pam_unix\.so.*' >> line={{ item[1] }} >> with_nested: >> - [ 'system', 'password' ] >> - [ 'auth [default=die] pam_faillock.so authfail deny=3 >> unlock_time=604800 fail_interval=900', 'auth required pam_faillock.so >> authsucc deny=3 unlock_time=604800 fail_interval=900' ] >> >> gives me: >> >> TASK: [Lock accounts after 3 unsuccessful logon attempts] >> ********************* >> failed: [jedisbuild] => (item=['system', 'auth [default=die] >> pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900']) => >> {"failed": true, "item": ["system", "auth [default=die] pam_faillock.so >> authfail deny=3 unlock_time=604800 fail_interval=900"]} >> msg: this module requires key=value arguments >> (['dest=/etc/pam.d/system-auth-ac', >> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\ >> unlock_time=604800\\ fail_interval=900', >> 'insertafter=^auth.*pam_unix\\.so.*', >> 'line=auth', '[default=die]', 'pam_faillock.so', 'authfail', 'deny=3', >> 'unlock_time=604800', 'fail_interval=900']) >> failed: [jedisbuild] => (item=['system', 'auth required pam_faillock.so >> authsucc deny=3 unlock_time=604800 fail_interval=900']) => {"failed": true, >> "item": ["system", "auth required pam_faillock.so authsucc deny=3 >> unlock_time=604800 fail_interval=900"]} >> msg: this module requires key=value arguments >> (['dest=/etc/pam.d/system-auth-ac', >> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\ >> unlock_time=604800\\ fail_interval=900', >> 'insertafter=^auth.*pam_unix\\.so.*', >> 'line=auth', 'required', 'pam_faillock.so', 'authsucc', 'deny=3', >> 'unlock_time=604800', 'fail_interval=900']) >> failed: [jedisbuild] => (item=['password', 'auth [default=die] >> pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900']) => >> {"failed": true, "item": ["password", "auth [default=die] pam_faillock.so >> authfail deny=3 unlock_time=604800 fail_interval=900"]} >> msg: this module requires key=value arguments >> (['dest=/etc/pam.d/password-auth-ac', >> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\ >> unlock_time=604800\\ fail_interval=900', >> 'insertafter=^auth.*pam_unix\\.so.*', >> 'line=auth', '[default=die]', 'pam_faillock.so', 'authfail', 'deny=3', >> 'unlock_time=604800', 'fail_interval=900']) >> failed: [jedisbuild] => (item=['password', 'auth required pam_faillock.so >> authsucc deny=3 unlock_time=604800 fail_interval=900']) => {"failed": true, >> "item": ["password", "auth required pam_faillock.so authsucc deny=3 >> unlock_time=604800 fail_interval=900"]} >> msg: this module requires key=value arguments >> (['dest=/etc/pam.d/password-auth-ac', >> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\ >> unlock_time=604800\\ fail_interval=900', >> 'insertafter=^auth.*pam_unix\\.so.*', >> 'line=auth', 'required', 'pam_faillock.so', 'authsucc', 'deny=3', >> 'unlock_time=604800', 'fail_interval=900']) >> >> >> Target files: >> >> [joliver@build ~]$ sudo cat /etc/pam.d/system-auth-ac >> #%PAM-1.0 >> # This file is auto-generated. >> # User changes will be destroyed the next time authconfig is run. >> auth required pam_env.so >> auth sufficient pam_fprintd.so >> auth sufficient pam_unix.so try_first_pass >> auth requisite pam_succeed_if.so uid >= 500 quiet >> auth sufficient pam_krb5.so use_first_pass >> auth required pam_deny.so >> >> account required pam_unix.so broken_shadow >> account sufficient pam_localuser.so >> account sufficient pam_succeed_if.so uid < 500 quiet >> account [default=bad success=ok user_unknown=ignore] pam_krb5.so >> account required pam_permit.so >> >> password requisite pam_cracklib.so try_first_pass retry=3 type= >> password sufficient pam_unix.so sha512 shadow try_first_pass >> use_authtok >> password sufficient pam_krb5.so use_authtok >> password required pam_deny.so >> >> session optional pam_keyinit.so revoke >> session required pam_limits.so >> session [success=1 default=ignore] pam_succeed_if.so service in crond >> quiet use_uid >> session required pam_unix.so >> session optional pam_krb5.so >> [joliver@build ~]$ sudo cat /etc/pam.d/password-auth-ac >> #%PAM-1.0 >> # This file is auto-generated. >> # User changes will be destroyed the next time authconfig is run. >> auth required pam_env.so >> auth sufficient pam_unix.so nullok try_first_pass >> auth requisite pam_succeed_if.so uid >= 500 quiet >> auth sufficient pam_krb5.so use_first_pass >> auth required pam_deny.so >> >> account required pam_unix.so broken_shadow >> account sufficient pam_localuser.so >> account sufficient pam_succeed_if.so uid < 500 quiet >> account [default=bad success=ok user_unknown=ignore] pam_krb5.so >> account required pam_permit.so >> >> password requisite pam_cracklib.so try_first_pass retry=3 type= >> password sufficient pam_unix.so sha512 shadow nullok try_first_pass >> use_authtok >> password sufficient pam_krb5.so use_authtok >> password required pam_deny.so >> >> session optional pam_keyinit.so revoke >> session required pam_limits.so >> session [success=1 default=ignore] pam_succeed_if.so service in crond >> quiet use_uid >> session required pam_unix.so >> session optional pam_krb5.so >> > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/834510e9-5862-43b8-91a1-2b7a0efadc52%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/834510e9-5862-43b8-91a1-2b7a0efadc52%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy7cdGacPK%2BdreGB4CnLHYb231HBYyo3uV2EDP4DyWN-w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
