Re: [ansible-project] How to append the new group to the existing AllowGroups line in /etc/ssh/sshd_config

2021-11-09 Thread Suresh Karpurapu 
thank you so much Vladimir and Jorge

Regards,
Suresh

On Fri, Oct 29, 2021 at 3:11 AM Vladimir Botka  wrote:

> On Fri, 29 Oct 2021 01:57:17 +0530
> Suresh Karpurapu  wrote:
>
> > > > # grep AllowGroups /etc/ssh/sshd_config
> > > > AllowGroups x y z
> > > >
> > > > # grep AllowGroups /etc/ssh/sshd_config
> > > > AllowGroups x y z a <-group "a" needs to be
> added at
> > > > the end of the line
>
> > > Enable *backrefs* and create non-greedy capture group in front of the
> > > potentially existent "a" group
> > >
> > > - lineinfile:
> > > path: /etc/ssh/sshd_config
> > > backrefs: true
> > > regexp: '^\s*AllowGroups\s+(.*?)(\s+a)*$'
> > > line: 'AllowGroups \1 a'
> > >
> > > The task is idempotent. Quoting from *regexp*
> > >
> > >
> https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#parameter-regexp
> > >
> > >   "When modifying a line the regexp should typically match both the
> > >   initial state of the line as well as its state after replacement by
> > >   line to ensure idempotence."
>
> > How can we loop if we need to append multiple groups.
>
> Put them into a variable, e.g.
>
> - lineinfile:
> path: /etc/ssh/sshd_config
> backrefs: true
> regexp: '^\s*AllowGroups\s+(.*?)(\s+{{ add_groups }})*$'
> line: 'AllowGroups \1 {{ add_groups }}'
>
> --
> Vladimir Botka
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAHedzhLP%3DKRUe26pTFNFgNJmQcvYk%3DfM_6TxJdjtMcXRioN4WQ%40mail.gmail.com.

Re: [ansible-project] How to append the new group to the existing AllowGroups line in /etc/ssh/sshd_config

2021-10-28 Thread Vladimir Botka 
On Fri, 29 Oct 2021 01:57:17 +0530
Suresh Karpurapu  wrote:

> > > # grep AllowGroups /etc/ssh/sshd_config
> > > AllowGroups x y z
> > >
> > > # grep AllowGroups /etc/ssh/sshd_config
> > > AllowGroups x y z a <-group "a" needs to be added at
> > > the end of the line  

> > Enable *backrefs* and create non-greedy capture group in front of the
> > potentially existent "a" group
> >
> > - lineinfile:
> > path: /etc/ssh/sshd_config
> > backrefs: true
> > regexp: '^\s*AllowGroups\s+(.*?)(\s+a)*$'
> > line: 'AllowGroups \1 a'
> >
> > The task is idempotent. Quoting from *regexp*
> >
> > https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#parameter-regexp
> >
> >   "When modifying a line the regexp should typically match both the
> >   initial state of the line as well as its state after replacement by
> >   line to ensure idempotence."

> How can we loop if we need to append multiple groups.

Put them into a variable, e.g.

- lineinfile:
path: /etc/ssh/sshd_config
backrefs: true
regexp: '^\s*AllowGroups\s+(.*?)(\s+{{ add_groups }})*$'
line: 'AllowGroups \1 {{ add_groups }}'

-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20211028234149.14a96a22%40gmail.com.


pgpwF5OqHYUZ1.pgp
Description: OpenPGP digital signature

Re: [ansible-project] How to append the new group to the existing AllowGroups line in /etc/ssh/sshd_config

2021-10-28 Thread Jorge Rúa 
Try this:
https://dpaste.com/5ENHWDV7Q

Remember to update the sshd_config to the proper path ie.
/etc/ssh/sshd_config

➜  ~ grep '^AllowGroups' sshd_config
AllowGroups a b c
➜  ~ ansible-playbook -i localhost, allow.yml

PLAY [Configure sshd groups]
**

Playbook run took 0 days, 0 hours, 0 minutes, 1 seconds
➜  ~ grep '^AllowGroups' sshd_config
AllowGroups a b c x y z

HTH

El jue, 28 oct 2021 a las 21:27, Suresh Karpurapu (<
karpurapu.sur...@gmail.com>) escribió:

> Thank you so much Vladimir,
>
> How can we loop if we need to append multiple groups.
>
> Regards,
> Suresh
>
>
> On Thu, 28 Oct 2021, 6:21 pm Vladimir Botka,  wrote:
>
>> On Thu, 28 Oct 2021 05:28:27 -0700 (PDT)
>> Suresh Karpurapu  wrote:
>>
>> > # grep AllowGroups /etc/ssh/sshd_config
>> > AllowGroups x y z
>> >
>> > # grep AllowGroups /etc/ssh/sshd_config
>> > AllowGroups x y z a <-group "a" needs to be added
>> at
>> > the end of the line
>>
>> Enable *backrefs* and create non-greedy capture group in front of the
>> potentially existent "a" group
>>
>> - lineinfile:
>> path: /etc/ssh/sshd_config
>> backrefs: true
>> regexp: '^\s*AllowGroups\s+(.*?)(\s+a)*$'
>> line: 'AllowGroups \1 a'
>>
>> The task is idempotent. Quoting from *regexp*
>>
>> https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#parameter-regexp
>>
>>   "When modifying a line the regexp should typically match both the
>>   initial state of the line as well as its state after replacement by
>>   line to ensure idempotence."
>>
>> --
>> Vladimir Botka
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/CAHedzhJ2WgKYtRyPb3GMEAKRRimCJEsMpSwm9D8O5GXUxvwzuQ%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAFtje5NJBUC2wyXU%3D%2B7Z9pk1i-c-nf-xR9_UVuRfp1RY5QkYow%40mail.gmail.com.

Re: [ansible-project] How to append the new group to the existing AllowGroups line in /etc/ssh/sshd_config

2021-10-28 Thread Suresh Karpurapu 
Thank you so much Vladimir,

How can we loop if we need to append multiple groups.

Regards,
Suresh


On Thu, 28 Oct 2021, 6:21 pm Vladimir Botka,  wrote:

> On Thu, 28 Oct 2021 05:28:27 -0700 (PDT)
> Suresh Karpurapu  wrote:
>
> > # grep AllowGroups /etc/ssh/sshd_config
> > AllowGroups x y z
> >
> > # grep AllowGroups /etc/ssh/sshd_config
> > AllowGroups x y z a <-group "a" needs to be added at
> > the end of the line
>
> Enable *backrefs* and create non-greedy capture group in front of the
> potentially existent "a" group
>
> - lineinfile:
> path: /etc/ssh/sshd_config
> backrefs: true
> regexp: '^\s*AllowGroups\s+(.*?)(\s+a)*$'
> line: 'AllowGroups \1 a'
>
> The task is idempotent. Quoting from *regexp*
>
> https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#parameter-regexp
>
>   "When modifying a line the regexp should typically match both the
>   initial state of the line as well as its state after replacement by
>   line to ensure idempotence."
>
> --
> Vladimir Botka
>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAHedzhJ2WgKYtRyPb3GMEAKRRimCJEsMpSwm9D8O5GXUxvwzuQ%40mail.gmail.com.

Re: [ansible-project] How to append the new group to the existing AllowGroups line in /etc/ssh/sshd_config

2021-10-28 Thread Vladimir Botka 
On Thu, 28 Oct 2021 05:28:27 -0700 (PDT)
Suresh Karpurapu  wrote:

> # grep AllowGroups /etc/ssh/sshd_config   
> AllowGroups x y z
> 
> # grep AllowGroups /etc/ssh/sshd_config   
> AllowGroups x y z a <-group "a" needs to be added at 
> the end of the line

Enable *backrefs* and create non-greedy capture group in front of the
potentially existent "a" group

- lineinfile:
path: /etc/ssh/sshd_config
backrefs: true
regexp: '^\s*AllowGroups\s+(.*?)(\s+a)*$'
line: 'AllowGroups \1 a'

The task is idempotent. Quoting from *regexp*
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#parameter-regexp

  "When modifying a line the regexp should typically match both the
  initial state of the line as well as its state after replacement by
  line to ensure idempotence."

-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20211028145056.604ca80b%40gmail.com.


pgpvgZGgkryjP.pgp
Description: OpenPGP digital signature

[ansible-project] How to append the new group to the existing AllowGroups line in /etc/ssh/sshd_config

2021-10-28 Thread Suresh Karpurapu 
Hi Experts,

I would like to append the new group to the existing AllowGroups in 
/etc/ssh/sshd_config file without disturbing the existing group. I tried 
with lineinfile module but unfortunately its failing or overwriting 
existing groups. Can anyone please provide the clue on logic?

existing setup:
# grep AllowGroups /etc/ssh/sshd_config   
AllowGroups x y z

required setup:  let's assume "a" is new group, then i am looking as below
# grep AllowGroups /etc/ssh/sshd_config   
AllowGroups x y z a <-group "a" needs to be added at 
the end of the line

Once again thanks for your help

Regards,
Suresh

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/5d596003-6bfc-46a6-be9c-875d669cf0cen%40googlegroups.com.