Hi Robert, To replace an existing line, you will want to use backrefs. Otherwise, I believe the default behavior is to insert the line after EOF or the last match of a specified regexp. Insertafter and backrefs are exclusive of each other, since the line will be added after, or replace an existing line, depending which you use.
So, maybe this would work (add backrefs and remove insertafter): - name: postgres | Allow MD5 authentication lineinfile: > dest=/etc/postgresql/9.5/main/pg_hba.conf regexp="local\s+all\s+all\s+peer" line="local {{database.name}} {{database.user}} md5" backup=yes backrefs=yes state=present The trick now is that you have duplicates in your files, and I don't yet have a great way to clean those up. Maybe a task with state=absent and then a task to add it back. I'm not entirely sure whether state=absent removes all matches, or just the last match, since I don't use it much and it's not documented. Also, backrefs doesn't work with create=yes. I discovered that unfortunate fact recently. Joanna On Thursday, July 21, 2016 at 1:39:16 PM UTC-5, Robert Margeson wrote: > > I wrote a playbook to make a config edit in > /etc/postgreql/95/main/pg_hba.conf. > > Basically, it's to search for an existing string and replace it. > > Trouble is, when the playbook is ran for a second time, it adds the line > as if it didn't exist. > > Thoughts? > > - name: postgres | Allow MD5 authentication > lineinfile: > > dest=/etc/postgresql/9.5/main/pg_hba.conf > regexp="local\s+all\s+all\s+peer" > line="local {{database.name}} {{database.user}} md5" > backup=yes > state=present > insertafter=yes > > > ----pg_hba.conf before running playbook > # Database administrative login by Unix domain socket > local all postgres peer > > # TYPE DATABASE USER ADDRESS METHOD > > # "local" is for Unix domain socket connections only > local all all peer <---- to be > changed > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > host all all ::1/128 md5 > # Allow replication connections from localhost, by a user with the > # replication privilege. > #local replication postgres peer > #host replication postgres 127.0.0.1/32 md5 > #host replication postgres ::1/128 md5 > > -------------------------------------------------------------------------------------------- > > ----pg_hba.conf after running playbook once > # Database administrative login by Unix domain socket > > # TYPE DATABASE USER ADDRESS METHOD > > # "local" is for Unix domain socket connections only > local sandbar sandbar peer > <----------Good > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > host all all ::1/128 md5 > # Allow replication connections from localhost, by a user with the > # replication privilege. > #local replication postgres peer > #host replication postgres 127.0.0.1/32 md5 > #host replication postgres ::1/128 md5 > > -------------------------------------------------------------------------------------------- > > ----pg_hba.conf after running playbook twice > # "local" is for Unix domain socket connections only > local sandbar sandbar peer > <----------Good > # IPv4 local connections: > host all all 127.0.0.1/32 md5 > # IPv6 local connections: > host all all ::1/128 md5 > # Allow replication connections from localhost, by a user with the > # replication privilege. > #local replication postgres peer > #host replication postgres 127.0.0.1/32 md5 > #host replication postgres ::1/128 md5 > local sandbar sandbar peer > <----------Duplicate > > -------------------------------------------------------------------------------------------- > > > > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/72aada1f-8d45-4a9e-a627-d1e20fdfd7f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.