Re: [ansible-project] Simple lineinfile, but make it idempotent

Mon, 13 Nov 2023 11:01:49 -0800 

Hey Chad,

What makes you think the regex and replacement aren't idempotent?
I just ran your task twice. The first time it changes the line as expected. The second time it makes no change. 

I think it's right, but feel free to persuade me otherwise.
--
Todd

On 11/13/23 1:45 PM, Schrock, Chad - 0336 - MITLL wrote:


Hi everyone,


I am really having a very Monday Monday today and am just having a fit 
with my regex. I’m working on implementing part of the DISA STIG for 
RHEL 9 and need to edit /etc/bashrc, specifically:


    # Set default umask for non-login shell only if it is set to 0

    [ `umask` -eq 0 ] && umask 022


I need to change that “umask 022” to “umask 077” and I’ve gotten as 
far as this:



- name: RHEL-09-412055 | RHEL 9 must define default permissions for 
the bash shell


  ansible.builtin.lineinfile:

    path: /etc/bashrc

    regexp: \sumask\s\d{3}

    line: "[ `umask` -eq 0 ] && umask 077"


But then realized that the regexp and replacement isn’t idempotent and 
since then my brain has just decided to go on a little vacation by itself.



I was thinking about some sort of capture group and then something 
saying “if <capture group> != ‘077’,” but I think I completely lost 
the plot at that point.


Thank you for any help on this Mondayest of Mondays.

--

Chad Schrock, he/him

Supporting MIT Lincoln Laboratory, Lexington, MA

--

You received this message because you are subscribed to the Google 
Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/PH1P110MB14443DB4A6FBB2E6DD135DA8B3B3A%40PH1P110MB1444.NAMP110.PROD.OUTLOOK.COM 
<https://groups.google.com/d/msgid/ansible-project/PH1P110MB14443DB4A6FBB2E6DD135DA8B3B3A%40PH1P110MB1444.NAMP110.PROD.OUTLOOK.COM?utm_medium=email&utm_source=footer>.


--
Todd

--
You received this message because you are subscribed to the Google Groups "Ansible 
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/596f6d8d-cb50-43af-b14d-311a4a3050e2%40gmail.com.






















					Reply via email to