Ansible lineinfile - modify a line

Question

I'm new to Ansible and trying to modify a line in /etc/default/grub to enable auditing.

I need to add audit=1 within the quotes somewhere on a line that looks like:

GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap biosdevname=0 net.ifnames=0 rhgb quiet net.ifnames=0"

So far I've managed to delete the line and am only left with

net.ifnames=0, audit=1

when I use something like

lineinfile:
  state: present
  dest: /etc/default/grub
  backrefs: yes
  regexp: "net.ifnames=0"
  line: "\1 audit=1"

Can this be done?

Answer 1

I wanted to make sure the parameter is also set to the correct value, so I used this replace invocation:

replace:
  path: /etc/default/grub
  regexp: '^(GRUB_CMDLINE_LINUX=(?:(?![" ]{{ option | regex_escape }}=).)*"?)\s*(?:{{ option | regex_escape }}=\S+\s*)?(.*")$'
  replace: '\1 {{ option }}={{ value }}\2'
vars:
  option: audit
  value: 1

This works if the option wasn't present previously, if it was but had the wrong option (only changes the value then) and if the whole string was empty (but adds a space before the option then). Also, it uses regex_escape to correctly work with option names that contain dots and the likes, and you only have to specify them once.

Answer 2

You may try this:

- lineinfile:
    state: present
    dest: /etc/default/grub
    backrefs: yes
    regexp: '^(GRUB_CMDLINE_LINUX=(?!.* audit)\"[^\"]+)(\".*)'
    line: '\1 audit=1\2'

This will add audit=1 (with a leading space) just before closing double quote. It will not match without double quotes. And it tries to be idempotent: doesn't match lines that already have audit (with a leading space) after GRUB_CMDLINE_LINUX=.

I'd recommend to use sites like regex101 to test your regular expressions first (there's also a substitution mode there).
When you're satisfied with the result, proceed with the Ansible task.