Hello,
After a lot of fiddling around I found a way to do it, I was also after a
way to handle AllowGroups in sshd_config also that it shouldn't remove
other groups in the line just make sure to add the new ones.
The first one registers the current AllowGroups in a variable which is used
by the later tasks.
The second one adds the AllowGroups line if it doesn't exist at all (the
regexp line will never do that)
The last line adds all the groups in the with_items: [ 'root', 'admins' ]
array.
Hope someone can save a few hours work figuring this out.
I only joined here to give you the answer, If you have any questions email
me at magnus(at)boden.cx
Regards
Magnus
# Ansible complains if grep fails so match something that is always there
too
- name: SSH groups
shell: 'cat /etc/ssh/sshd_config | egrep "(Port|AllowGroups)"'
register: ssh_groups
# Add line if it doesnt exists groups will be filled in below
- name: SSH configure AllowGroups
lineinfile: dest=/etc/ssh/sshd_config line="AllowGroups"
when: ssh_groups.stdout is defined and
ssh_groups.stdout.find("AllowGroups") == -1
notify:
- restart ssh
- name: SSH configure AllowGroups
lineinfile: dest=/etc/ssh/sshd_config regexp="^\s*AllowGroups\s+(.*)$"
line="AllowGroups {{ item }} \1" backrefs=yes
when: ssh_groups.stdout is defined and ssh_groups.stdout.find("{{ item
}}") == -1
with_items: [ 'root', 'admins' ]
notify:
- restart ssh
On Saturday, April 5, 2014 at 4:02:59 PM UTC+2, Antonio Marin wrote:
>
> Hello,
>
> I'm trying to create a lineinfile task to append a word in a line, when
> it's not present, like the following:
>
> # The line should start with AllowGroups
> # Follows an unknown length sequence of "\s\w+"
> # It's possible to find groupN within the previous sequence, in which case
> the task should return ok
> # If groupN is not present, the result will be AllowGroups, followed by
> the existing sequence, followed by " groupN"
> - name: Add group to ssh allowed
> lineinfile: backrefs=yes
> dest=/etc/ssh/sshd_config
> regex='^AllowGroups(.*)(?! groupN)(.*)'
> line='AllowGroups\\1\\3 groupN'
> state=present
>
> I have tried several approaches but none have been successful.
>
> I would appreciate any light to achieve it.
>
> BR,
> Tony
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/9605fd79-3f55-4870-9408-b9a8dd1566b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
