I am attempting to add a group to the sudoers file after the line
%wheel ALL=(ALL) ALL
example
Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
doman\vm_admins ALL-(ALL) ALL
- name: add vm_admins to sudoers
lineinfile:
path: /etc/sudoers
regexp: “^%wheel”
insertafter: “^%wheel”
line: ‘{{realm_name.realm}}\vm_admins ALL=(ALL) ALL’
backup: yes
The result is that ansible is replacing the line with the new line instead of adding it after.
example
Allows people in group wheel to run all commands
doman\vm_admins ALL-(ALL) ALL
Any help would be appreciated.
Thanks,
Dave
Hi:
I am attempting to add a group to the sudoers file after the line
%wheel ALL=(ALL) ALL
example
Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
doman\vm_admins ALL-(ALL) ALL
- name: add vm_admins to sudoers
lineinfile:
path: /etc/sudoers
regexp: “^%wheel”
insertafter: “^%wheel”
line: ‘{{realm_name.realm}}\vm_admins ALL=(ALL) ALL’
backup: yes
I haven’t used “inserafter” option before, but according to documentation:
https://docs.ansible.com/ansible/latest/modules/lineinfile_module.html
“… If regular expressions are passed to both regexp and insertafter, insertafter is only honored if no match for regexp is found.”
It seems that when regexp and inserafter use regular expressions, inserafter will work only if regexp didn’t match:
What if you try to comment the regexp option and use only inserafter?
I commented out the regex line but got the same result. the line was added to the end of the file.
Dave
sivel
(sivel)
4
In my opinion, lineinfile should rarely be used, except in special cases where it is the only option.
At the point in time, most linux distros support an /etc/sudoers.d directory, which can contain individual files for all added sudoers rules.
Use the copy or template module to drop a file in that directory.
Barring that, I’d recommend, templating out the whole /etc/sudoers file, instead of trying to manipulate individual lines within it.
In my opinion, lineinfile should rarely be used, except in special cases where it is the only option.
I agree
At the point in time, most linux distros support an /etc/sudoers.d directory, which can contain individual files for all added sudoers rules.
Use the copy or template module to drop a file in that directory.
Barring that, I’d recommend, templating out the whole /etc/sudoers file, instead of trying to manipulate individual lines within it.
Here’s a good post about sudo configuration with ansible and jinja2:
https://www.reddit.com/r/ansible/comments/5xzj8b/how_to_modify_sudoers_file_with_ansible/
Hope it helps