Ansible: insert a single word on an existing line in a file

Question

I have to use Ansible modules in order to edit the /etc/ssh/sshd_config file - every time I create a new user I want to append it at these two lines:

AllowUs         


        

Answer 1

The selected answer assumes that the complete list of users is available at runtime, while the most popular answer can fail when there is a dash in the username, because \b interprets it as a word boundary. The following solution assumes that the playbook cannot regenerate the complete list of usernames from scratch, and tries and handle the corner case of dashes:

name: add a user to the list of AllowUsers if not present
lineinfile:
  path: /etc/ssh/sshd_config
  backrefs: yes
  backup: yes
  regexp: "^AllowUsers((?:(?:\s+\S+(?!\S))(?

As a bonus, I threw in sshd_config backup and verification.

How the (interesting part of the) regular expression works:

--------------------------+----------------------------------------------------
(                         |
--------------------------+----------------------------------------------------
  (?:                     | This group is not captured
--------------------------+----------------------------------------------------
    (?:\s+\S+(?!\S))      | Matches any sequence of whitespace characters fol-
                          | lowed by any sequence of non-whitespace characters,
                          | that is to say a leading space and a username. The
                          | negative look-ahead at the end prevents a "catast-
                          | rophic backtracking". Also, this group is not cap-
                          | tured.
--------------------------+----------------------------------------------------
    (?

If the regular expression matches, it means that the line exists and that it does not contain {{ username }}, so we append it.

If the regular expression does not match, it means that either the line does not exist or that it contains {{ username }}, and we do nothing.