I create a playbook that will harden my linux servers. Part of the process is to replace the umask in the default profiles. So, I have created this task:
- name: Change the umask for default profiles
replace:
path: "{{ profile_file }}"
regexp: "(\s+)umask"
replace: "\1 027"
loop:
- /etc/profile
- /etc/bashrc
loop_control:
loop_var: profile_file
The problem with it is that it's idempotence is not maintained. Everytime I run the task it will replace the umask even if it's the correct one. If I remove the (\s+), then the umask is written at the start of the line, not in the correct place, which is not an functional issue of course, but it breaks the readability of the file.
So, what I want to do is this:
regexp: "(\s+)umask 002"
replace: "<something> 027"
where will give me only the umask with the whitespaces and then add the 027. I am really weak in RegExps and I know nothing about regex in Python, so any help would be appreciated.