Example:
password sufficient pam_unix.so shadow nullok try_first_pass use_authtok
And I want to wind up with:
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
And let’s assume I don’t know what might come after pam_unix.so, and want to preserve whatever’s there, and so can’t just use line=“string of text”
Right now, I’d use ‘command’ or ‘shell’ to call sed or awk to accomplish this. But is there a way to massage ansible into doing this?
lineinfile replaces the entire line. But I think you can use regexp back references to copy text from the match into your line.
Right now, I’d use ‘command’ or ‘shell’ to call sed or awk to accomplish this. But is there a way to massage ansible into doing this?
Augeas could probably be used (http://augeas.net/docs/references/lenses/files/pam-aug.html), but I guess there’s no ansible module for augeas yet.
Cheers,
Paul
John,
John Oliver schrieb (29.07.2014 19:38 Uhr):
Example:
password sufficient pam_unix.so shadow nullok try_first_pass use_authtok
And I want to wind up with:
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
And let's assume I don't know what might come after pam_unix.so, and want to preserve whatever's there, and so can't just use line="string of text"
Right now, I'd use 'command' or 'shell' to call sed or awk to accomplish this. But is there a way to massage ansible into doing this?
The second last example for lineinfile does use regex with a backreference:
http://docs.ansible.com/lineinfile_module.html
"- lineinfile: dest=/opt/jboss-as/bin/standalone.conf regexp='^(.*)Xms(\d+)m(.*)$' line='\1Xms${xms}m\3' backrefs=yes"
For a start something like:
regex='^password sufficient pam_unix.so (.*)' line='password sufficient pam_unix.so sha512 \1' backrefs=yes
You may have to take care \1 does not contain "sha512", so .* may not be safe enough.
Marc
No, you don’t want this.
The error handling in aug is atrocious, as is writing lenses for it. Never going to happen in ansible 
lineinfile was designed to make it easier, and it’s also why we have things like the INI module.