Hi,
I'm trying to do two simple things:
- check if a user is present in sshd_config AllowUsers
- if not, add the user to the AllowUsers line
Sounds simple enough yet my Ansible foo is still lacking severly. The problem is that the last task is always skipped.
vars:
allowusers:
- testuser
- patrick
tasks:
- name: Check if build user is in ssh AllowUsers
shell: grep -i -m1 -c {{ item }} /etc/ssh/sshd_config
with_items: allowusers
ignore_errors: True
register: check_allowusers
- debug: var=check_allowusers
- name: Add user to AllowUsers
shell: "sed -i 's|^AllowUsers |AllowUsers {{ item }} |' /etc/ssh/sshd_config"
with_items: check_allowusers.results
when: item.stdout == 0
Here is the output from debug: var=check_allowusers:
TASK: [builder | debug var=check_allowusers] ****
ok: [test.local] => {
"check_allowusers": {
"changed": true,
"failed": true,
"msg": "One or more items failed.",
"results": [
{
"changed": true,
"cmd": "grep -i -m1 -c testuser /etc/ssh/sshd_config",
"delta": "0:00:00.005375",
"end": "2014-09-13 20:03:37.564863",
"invocation": {
"module_args": "grep -i -m1 -c testuser /etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "testuser",
"rc": 1,
"start": "2014-09-13 20:03:37.559488",
"stderr": "",
"stdout": "0"
},
{
"changed": true,
"cmd": "grep -i -m1 -c patrick /etc/ssh/sshd_config",
"delta": "0:00:01.005767",
"end": "2014-09-13 20:03:38.671370",
"invocation": {
"module_args": "grep -i -m1 -c patrick /etc/ssh/sshd_config",
"module_name": "shell"
},
"item": "patrick",
"rc": 0,
"start": "2014-09-13 20:03:37.665603",
"stderr": "",
"stdout": "1"
}
]
}
}
If there isn't a better best practice way to do this then how do I make this work?
Thanks,
Patrick