Hi Michael,
Thank you for your feedback.
On 14-09-14 15:38, Michael DeHaan wrote:
The stdout in one case is "0" and another is "1" so this seems to be
working as designed.
As such, I think this would be the way your system is setup (aka it
works correctly) or your grep needs modification.
Ansible *appears* to be doing what you want.
Tried more stuff and got a useful error. It appears that Ansible does
not pass in the *name* from the 'allowuser' list as item in the sed
command but instead throws in *all* the 'results' text:
"cmd": "sed -i 's|^AllowUsers |AllowUsers {u'changed': True, ...
Obviously that will make sed fail. So what do I need to change to make
it use just the name from the 'allowuser' list?
Full error:
TASK: [builder | builder | Add user to AllowUsers]
****************************
failed: [test.nl] => (item={u'stdout': u'0', u'changed': True, u'end':
u'2014-09-14 16:07:04.437150', 'item': u'testuser', u'cmd': u'grep -i -c
testuser /etc/ssh/sshd_config', u'rc': 1, u'start': u'2014-09-14
16:07:04.433035', u'stderr': u'', u'delta': u'0:00:00.004115',
'invocation': {'module_name': u'shell', 'module_args': u'grep -i -c
testuser /etc/ssh/sshd_config'}}) => {"changed": true, "cmd": "sed -i
's|^AllowUsers |AllowUsers {u'changed': True, u'end': u'2014-09-14
16:07:04.437150', u'stdout': u'0', u'cmd': u'grep -i -c testuser
/etc/ssh/sshd_config', 'item': u'testuser', u'delta': u'0:00:00.004115',
u'stderr': u'', u'rc': 1, 'invocation': {'module_name': u'shell',
'module_args': u'grep -i -c testuser /etc/ssh/sshd_config'}, u'start':
u'2014-09-14 16:07:04.433035'} |' /etc/ssh/sshd_config", "delta":
"0:00:00.005010", "end": "2014-09-14 16:07:04.567878", "item":
{"changed": true, "cmd": "grep -i -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.004115", "end": "2014-09-14 16:07:04.437150",
"invocation": {"module_args": "grep -i -c testuser
/etc/ssh/sshd_config", "module_name": "shell"}, "item": "testuser",
"rc": 1, "start": "2014-09-14 16:07:04.433035", "stderr": "", "stdout":
"0"}, "rc": 1, "start": "2014-09-14 16:07:04.562868"}
stderr: sed: -e expression #1, char 60: unterminated `s' command
FATAL: all hosts have already failed -- aborting
Thanks,
Patrick
On Sat, Sep 13, 2014 at 6:19 PM, Patrick Ansible-ML
<[email protected] <mailto:[email protected]>> wrote:
Hi,
I'm trying to do two simple things:
- check if a user is present in sshd_config AllowUsers
- if not, add the user to the AllowUsers line
Sounds simple enough yet my Ansible foo is still lacking severly.
The problem is that the last task is always skipped.
vars:
allowusers:
- testuser
- patrick
tasks:
- name: Check if build user is in ssh AllowUsers
shell: grep -i -m1 -c {{ item }} /etc/ssh/sshd_config
with_items: allowusers
ignore_errors: True
register: check_allowusers
- debug: var=check_allowusers
- name: Add user to AllowUsers
shell: "sed -i 's|^AllowUsers |AllowUsers {{ item }} |'
/etc/ssh/sshd_config"
with_items: check_allowusers.results
when: item.stdout == 0
Here is the output from debug: var=check_allowusers:
TASK: [builder | debug var=check_allowusers] ****
ok: [test.local] => {
"check_allowusers": {
"changed": true,
"failed": true,
"msg": "One or more items failed.",
"results": [
{
"changed": true,
"cmd": "grep -i -m1 -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.005375",
"end": "2014-09-13 20:03:37.564863",
"invocation": {
"module_args": "grep -i -m1 -c testuser
/etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "testuser",
"rc": 1,
"start": "2014-09-13 20:03:37.559488",
"stderr": "",
"stdout": "0"
},
{
"changed": true,
"cmd": "grep -i -m1 -c patrick /etc/ssh/sshd_config",
"delta": "0:00:01.005767",
"end": "2014-09-13 20:03:38.671370",
"invocation": {
"module_args": "grep -i -m1 -c patrick
/etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "patrick",
"rc": 0,
"start": "2014-09-13 20:03:37.665603",
"stderr": "",
"stdout": "1"
}
]
}
}
If there isn't a better best practice way to do this then how do I
make this work?
Thanks,
Patrick
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to ansible-project+unsubscribe@__googlegroups.com
<mailto:ansible-project%[email protected]>.
To post to this group, send email to
ansible-project@googlegroups.__com
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/__msgid/ansible-project/__5414C302.8030703%40puzzled.__xs4all.nl
<https://groups.google.com/d/msgid/ansible-project/5414C302.8030703%40puzzled.xs4all.nl>.
For more options, visit https://groups.google.com/d/__optout
<https://groups.google.com/d/optout>.
--
You received this message because you are subscribed to the Google
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To post to this group, send email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com
<https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgyjuP0Nr5vy2%2B7iZ0EdYsYJ1rGR1g2xHES9nZaXNUCDMw%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/5415A66B.20305%40puzzled.xs4all.nl.
For more options, visit https://groups.google.com/d/optout.
