I have several lineinfile statements to insert iptables rules into /etc/sysconfig/iptables I’m using positional like insertbefore to get them in the order I want, and it works just fine on the first run. But subsequent runs are not idempotent… if I insert B before Y, and then C before Y, and then D before Y; then run the playbook over, it seems to see that the line before Y is D, and adds B again, then C, then D.
Is there a way to use positional but tell ansible that if it sees a line matching a regexp anywhere in the file to not execute?
Or is there another module that might be more appropriate for this? I mean, I could use a shell directive to check the config file or output of iptables for a line matching a regexp, and if no match then insert my line, and then iptables-save, but that just isn’t as neat as using the lineinfile module
Problem with that is uncertainty over what the file might initially contain. And because different roles might be assigned to different hosts, therefore the files might be similar, but not the same, on all… rules inserted in the ‘common’ role would be there for all, but only the http server would allow 80 and 443, the postgres module would allow access to 5432, etc.
Erm, how? It seems to me that template is the exact opposite of what I want to do. A template is for when the vast majority of a file is known beforehand and you want to insert variables into boilerplate.
If all parts of the file come from Ansible, you can make roles store facts on the target, and then use template to render those facts.
If you can’t do that, maybe that config supports some kind of conf.d include? Then you’d only manage the include line with lineinfile.
