For starters,
ansible --version ?
On Mon, Aug 4, 2014 at 12:30 PM, Mike Ray <mike.joseph....@gmail.com> wrote:
> I can't say as I'm familiar with the nested construction, but at least
> part of the problem is given to you:
>
>
> *msg: this module requires key=value arguments*
> (['dest=/etc/pam.d/system-auth-ac',
> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\ unlock_time=604800\\
> fail_interval=900', 'insertafter=^auth.*pam_unix\\.so.*', 'line=auth',
> '[default=die]', 'pam_faillock.so', 'authfail', 'deny=3',
> 'unlock_time=604800', 'fail_interval=900'])
>
> The module is splitting your input on the spaces, which is what the
> information in the parenthesis state. So you end up with
> 'dest=/etc/pam.d/system-auth-ac' and then a whole bunch of other junk.
>
> I can't recall for sure, but using double-quotes may resolve this (e.g.
> "this is your input now").
>
>
> On Monday, August 4, 2014 11:18:28 AM UTC-5, John Oliver wrote:
>>
>> This task:
>>
>> - name: Lock accounts after 3 unsuccessful logon attempts
>> lineinfile: dest=/etc/pam.d/{{ item[0] }}-auth-ac
>> regexp='^auth.*pam_faillock\.so\ auth.*\ deny=3\
>> unlock_time=604800\ fail_interval=900'
>> insertafter='^auth.*pam_unix\.so.*'
>> line={{ item[1] }}
>> with_nested:
>> - [ 'system', 'password' ]
>> - [ 'auth [default=die] pam_faillock.so authfail deny=3
>> unlock_time=604800 fail_interval=900', 'auth required pam_faillock.so
>> authsucc deny=3 unlock_time=604800 fail_interval=900' ]
>>
>> gives me:
>>
>> TASK: [Lock accounts after 3 unsuccessful logon attempts]
>> *********************
>> failed: [jedisbuild] => (item=['system', 'auth [default=die]
>> pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900']) =>
>> {"failed": true, "item": ["system", "auth [default=die] pam_faillock.so
>> authfail deny=3 unlock_time=604800 fail_interval=900"]}
>> msg: this module requires key=value arguments
>> (['dest=/etc/pam.d/system-auth-ac',
>> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\
>> unlock_time=604800\\ fail_interval=900',
>> 'insertafter=^auth.*pam_unix\\.so.*',
>> 'line=auth', '[default=die]', 'pam_faillock.so', 'authfail', 'deny=3',
>> 'unlock_time=604800', 'fail_interval=900'])
>> failed: [jedisbuild] => (item=['system', 'auth required pam_faillock.so
>> authsucc deny=3 unlock_time=604800 fail_interval=900']) => {"failed": true,
>> "item": ["system", "auth required pam_faillock.so authsucc deny=3
>> unlock_time=604800 fail_interval=900"]}
>> msg: this module requires key=value arguments
>> (['dest=/etc/pam.d/system-auth-ac',
>> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\
>> unlock_time=604800\\ fail_interval=900',
>> 'insertafter=^auth.*pam_unix\\.so.*',
>> 'line=auth', 'required', 'pam_faillock.so', 'authsucc', 'deny=3',
>> 'unlock_time=604800', 'fail_interval=900'])
>> failed: [jedisbuild] => (item=['password', 'auth [default=die]
>> pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900']) =>
>> {"failed": true, "item": ["password", "auth [default=die] pam_faillock.so
>> authfail deny=3 unlock_time=604800 fail_interval=900"]}
>> msg: this module requires key=value arguments
>> (['dest=/etc/pam.d/password-auth-ac',
>> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\
>> unlock_time=604800\\ fail_interval=900',
>> 'insertafter=^auth.*pam_unix\\.so.*',
>> 'line=auth', '[default=die]', 'pam_faillock.so', 'authfail', 'deny=3',
>> 'unlock_time=604800', 'fail_interval=900'])
>> failed: [jedisbuild] => (item=['password', 'auth required pam_faillock.so
>> authsucc deny=3 unlock_time=604800 fail_interval=900']) => {"failed": true,
>> "item": ["password", "auth required pam_faillock.so authsucc deny=3
>> unlock_time=604800 fail_interval=900"]}
>> msg: this module requires key=value arguments
>> (['dest=/etc/pam.d/password-auth-ac',
>> 'regexp=^auth.*pam_faillock\\.so\\ auth.*\\ deny=3\\
>> unlock_time=604800\\ fail_interval=900',
>> 'insertafter=^auth.*pam_unix\\.so.*',
>> 'line=auth', 'required', 'pam_faillock.so', 'authsucc', 'deny=3',
>> 'unlock_time=604800', 'fail_interval=900'])
>>
>>
>> Target files:
>>
>> [joliver@build ~]$ sudo cat /etc/pam.d/system-auth-ac
>> #%PAM-1.0
>> # This file is auto-generated.
>> # User changes will be destroyed the next time authconfig is run.
>> auth required pam_env.so
>> auth sufficient pam_fprintd.so
>> auth sufficient pam_unix.so try_first_pass
>> auth requisite pam_succeed_if.so uid >= 500 quiet
>> auth sufficient pam_krb5.so use_first_pass
>> auth required pam_deny.so
>>
>> account required pam_unix.so broken_shadow
>> account sufficient pam_localuser.so
>> account sufficient pam_succeed_if.so uid < 500 quiet
>> account [default=bad success=ok user_unknown=ignore] pam_krb5.so
>> account required pam_permit.so
>>
>> password requisite pam_cracklib.so try_first_pass retry=3 type=
>> password sufficient pam_unix.so sha512 shadow try_first_pass
>> use_authtok
>> password sufficient pam_krb5.so use_authtok
>> password required pam_deny.so
>>
>> session optional pam_keyinit.so revoke
>> session required pam_limits.so
>> session [success=1 default=ignore] pam_succeed_if.so service in crond
>> quiet use_uid
>> session required pam_unix.so
>> session optional pam_krb5.so
>> [joliver@build ~]$ sudo cat /etc/pam.d/password-auth-ac
>> #%PAM-1.0
>> # This file is auto-generated.
>> # User changes will be destroyed the next time authconfig is run.
>> auth required pam_env.so
>> auth sufficient pam_unix.so nullok try_first_pass
>> auth requisite pam_succeed_if.so uid >= 500 quiet
>> auth sufficient pam_krb5.so use_first_pass
>> auth required pam_deny.so
>>
>> account required pam_unix.so broken_shadow
>> account sufficient pam_localuser.so
>> account sufficient pam_succeed_if.so uid < 500 quiet
>> account [default=bad success=ok user_unknown=ignore] pam_krb5.so
>> account required pam_permit.so
>>
>> password requisite pam_cracklib.so try_first_pass retry=3 type=
>> password sufficient pam_unix.so sha512 shadow nullok try_first_pass
>> use_authtok
>> password sufficient pam_krb5.so use_authtok
>> password required pam_deny.so
>>
>> session optional pam_keyinit.so revoke
>> session required pam_limits.so
>> session [success=1 default=ignore] pam_succeed_if.so service in crond
>> quiet use_uid
>> session required pam_unix.so
>> session optional pam_krb5.so
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/834510e9-5862-43b8-91a1-2b7a0efadc52%40googlegroups.com
> <https://groups.google.com/d/msgid/ansible-project/834510e9-5862-43b8-91a1-2b7a0efadc52%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy7cdGacPK%2BdreGB4CnLHYb231HBYyo3uV2EDP4DyWN-w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
