lineinfile tasks adds line when exists

Robert_Margeson · July 21, 2016, 6:30pm

I wrote a playbook to make a config edit in /etc/postgreql/95/main/pg_hba.conf.

Basically, it’s to search for an existing string and replace it.

Trouble is, when the playbook is ran for a second time, it adds the line as if it didn’t exist.

Thoughts?

name: postgres | Allow MD5 authentication
lineinfile: >
dest=/etc/postgresql/9.5/main/pg_hba.conf
regexp=“local\s+all\s+all\s+peer”
line=“local {{database.name}} {{database.user}} md5”
backup=yes
state=present
insertafter=yes

----pg_hba.conf before running playbook

Database administrative login by Unix domain socket

local all postgres peer

TYPE DATABASE USER ADDRESS METHOD

“local” is for Unix domain socket connections only

local all all peer <---- to be changed

IPv4 local connections:

host all all 127.0.0.1/32 md5

IPv6 local connections:

host all all ::1/128 md5

Allow replication connections from localhost, by a user with the

replication privilege.

#local replication postgres peer
#host replication postgres 127.0.0.1/32 md5
#host replication postgres ::1/128 md5

Kai_Stian_Olstad · July 21, 2016, 6:47pm

https://github.com/ansible/ansible-modules-core/issues/3975

jdelaporte · July 21, 2016, 7:12pm

Hi Robert,

To replace an existing line, you will want to use backrefs. Otherwise, I believe the default behavior is to insert the line after EOF or the last match of a specified regexp. Insertafter and backrefs are exclusive of each other, since the line will be added after, or replace an existing line, depending which you use.

So, maybe this would work (add backrefs and remove insertafter):

name: postgres | Allow MD5 authentication
lineinfile: >
dest=/etc/postgresql/9.5/main/pg_hba.conf
regexp=“local\s+all\s+all\s+peer”
line=“local {{database.name}} {{database.user}} md5”
backup=yes
backrefs=yes
state=present

The trick now is that you have duplicates in your files, and I don’t yet have a great way to clean those up. Maybe a task with state=absent and then a task to add it back. I’m not entirely sure whether state=absent removes all matches, or just the last match, since I don’t use it much and it’s not documented.

Also, backrefs doesn’t work with create=yes. I discovered that unfortunate fact recently.

Joanna

Topic		Replies	Views
Found the 'lineinfile' module previously non-intuitive? It's better now. Ansible Project	0	0	September 8, 2012
question on lineinfile module Ansible Project	4	2	June 30, 2016
lineinfile module replace correctly for the first time run the playbook, but not the second time Ansible Project	1	0	October 21, 2016
add 2 lines with lineinfile but only if not already there Ansible Project	1	1	March 25, 2015
lineinfile Questions Ansible Project	1	0	February 16, 2015