0

I am struggling below scenario:

In /etc/default/grub file, there is GRUB_CMDLINE_LINUX_DEFAULT stanza, I need to insert audit=1 at the end of the line if value is not there already (note that there is quote char at the end of line). If audit=0 is present change it to audit=1.

lineinfile ansible module does not work, especially with inserting before last quote (").

Original /etc/default/grub:

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="rootfstype=xfs quiet splash acpi_osi="

Optional /etc/default/grub:

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="rootfstype=xfs quiet splash acpi_osi= audit=0" # change audit=0 to audit=1
#OR:
#GRUB_CMDLINE_LINUX_DEFAULT="rootfstype=xfs quiet splash acpi_osi= audit=1" # audit=1 is already here, so no action needed

Desired /etc/default/grub:

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="rootfstype=xfs quiet splash acpi_osi= audit=1"
John Kugelman
  • 349,597
  • 67
  • 533
  • 578
8star
  • 3
  • 2

1 Answers1

1

I created a file where the text is audit=0 and tried to replace it with audit=1

my file was: grubfile:

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="rootfstype=xfs quiet splash acpi_osi= audit=0"

my playbook:

---
  - name: read grub file
    lineinfile:
      dest: /home/myhome/grubfile.txt
      regexp: '^(.*)audit=0(.*)$'
      line: '\1audit=1\2'
      backup: yes
      backrefs: yes

Basically we play with regexp taking the audit=1 as the regexp and storing the rest of the string with backrefs the resulting file is:

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="rootfstype=xfs quiet splash acpi_osi= audit=1"

Edit: This code will add it even if doesn't exist, It will first modify if the audit=0 is present, then will check if audit=1 exists and if it doesn't exist will append the audit=1 to the beginning of the quotes :

---
  - name:
    lineinfile:
      dest: /home/mypath/grubfile.txt
      regexp: '^(.*)audit=1(.*)$'
      state: absent
    check_mode: yes
    changed_when: false
    register: auditexist
  - name: if audit=0 write audit=1
    lineinfile:
      dest: /home/mypath/grubfile.txt
      regexp: '^(.*)audit=0(.*)$'
      line: '\1audit=1\2'
      backup: yes
      backrefs: yes
    register: auditmodified
  - name: appen
    lineinfile:
     dest: /home/ivan/grubfile.txt
     regexp: '^(.*)GRUB_CMDLINE_LINUX_DEFAULT="(.*)$'
     line: '\1GRUB_CMDLINE_LINUX_DEFAULT="audit=1 \2 '
     backup: yes
     backrefs: yes
    when: not auditexist.found and not auditmodified.changed

result:

GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="audit=1 rootfstype=xfs quiet splash acpi_osi="
ikora
  • 772
  • 3
  • 16
  • Thank you ikora! But what when audit= is not present in the file? – 8star Jan 12 '21 at 10:05
  • It won't do anything, maybe I misunderstood you, if you always want to force to have audit=1 even if audit is not present maybe you can just replace the entire line for an entire line containing the audit=1 – ikora Jan 12 '21 at 10:36
  • Yes, audit=1 needs to be in the file permanently. Cannot replace whole file as different systems has different grub config (Debian, Redhat, etc) – 8star Jan 12 '21 at 10:53
  • I will update the mu answer soon, I think I can do the trick, adding the audit=1 as the first parameter would work? something like w:GRUB_CMDLINE_LINUX_DEFAULT="audit=1 rootfstype=xfs quiet splash acpi_osi=" this will work? or is mandatory that the rootfstype goes first? I'm sorry I don't have knowledge about grubfiles :D – ikora Jan 12 '21 at 11:08
  • Modified the answer with the outcome i suppose you want, try it. – ikora Jan 12 '21 at 13:14