I have the following Ansible code:
---
- name: skip fail2ban in iptables checkmk plugin
hosts: localhost
gather_facts: no
tasks:
- name: modify plugin
ansible.builtin.lineinfile:
path: /usr/lib/check_mk_agent/plugins/mk_iptables
backrefs: True
regexp: '^(iptables-save.*)'
line: '\1 | grep -v "f2b"'
What I want here is to append | grep -v "f2b" to the line that starts by iptables-save in a bash script. This works fine.
However, I would like to make it so that if the grep function was already added, don't add it again. So I try some sort of ^(iptables-save.*)(?[grep]) which I had no luck with, probably because I misunderstand
lineinfile will still append to EOF if no matches are found.How can I get around this?
Q: "How to correctly exclude a pattern within a regexp?"
For a test file mk_iptables with content of
START
iptables-save foo bar
END
a minimal example playbook
---
- hosts: localhost
become: False
gather_facts: False
tasks:
- name: modify plugin
ansible.builtin.lineinfile:
path: mk_iptables
backrefs: True
regexp: '^(iptables-save.*)(?<!"f2b")$'
line: '\1 | grep -v "f2b"'
diff: True
will result into an output of
TASK [modify plugin] *****************
--- before: mk_iptables (content)
+++ after: mk_iptables (content)
@@ -1,3 +1,3 @@
START
-iptables-save foo bar
+iptables-save foo bar | grep -v "f2b"
END
for the first run and for the second
TASK [modify plugin] *****************
ok: [localhost]
as well a test file content of
cat mk_iptables
START
iptables-save foo bar | grep -v "f2b"
END
Credits To
"You can also easily extend this with other characters, since this checking for the string and isn't a character class."
(?<!string)$