adding an fstab option using Ansible

Asked 22/9, 2014 at 15:9 Answered 26/7, 2021 at 12:52

I am trying to add nodev to my /etc/fstab file. I am using the Ansible command below but with no luck. My issue lies with the regular expression, I'm not a pro at regex.

- name: Add nodev to /etc/fstab
  lineinfile:
    dest=/etc/fstab
    backup=yes
    backrefs=yes
    state=present
    regexp='(^/dev[\w/_-]+(\s+(?!nodev)[\w,]+)*)'
    line='\1,nodev'

One of the lines from /etc/fstab that I am trying to add nodev is:

/dev/mapper/ex_sys-ex_home /home /ext4 rw,exec,auto,nouser,sync 1 2

Kaufman answered 22/9, 2014 at 15:9 Comment(4)

Define "no luck". What was the actual result? I'm guessing that /etc/fstab was unchanged, instead of adding "nodev" to some lines? – Inappreciative 22/9, 2014 at 15:15

@Inappreciative will provide results here in a second, I modified the regexp to (^/dev[\w/_-]+\s+/[\w/_-]+\s+/[\w/_-]+\s+((?!nodev)[\w,]+)*) and I think that might work – Kaufman 22/9, 2014 at 15:18

Yeah, I think the fact that you had \s+ in your repeating group for the options was blocking the match. Let me know if it didn't work. – Inappreciative 22/9, 2014 at 15:22

The regexp before was adding nodev to a swap drive(one of the one's I didn't want it to be added to)....applying the new regex doesn't modify anything. Removing the \s+ only added it to one of the mapper drives(at the end of the string, not where it needed to go) – Kaufman 22/9, 2014 at 15:36

While this may not be the most elegant answer, it worked for me.

- name: Ensure fstab uses nodev
  mount:
    name: "{{ item.mount }}"
    src: "{{ item.device }}"
    fstype: "{{ item.fstype }}"
    opts: "{{ item.options }},nodev"
    state: present
  with_items: ansible_mounts
  when: item.options.find(",") >= 0 and item.options.find("nodev") == -1

Kaufman answered 22/9, 2014 at 17:11 Comment(6)

Actually I find it very nice and concise. – Eurydice 1/4, 2016 at 15:0

Thanks For this I needed to only edit some mount paths, so I added a list (mnt_paths) of the paths. and then added additional conditional to say when item.mount in mnt_paths to be more targeted. – Grand 27/2, 2019 at 18:32

Not sure if this depends on the version but in ansible 2.4.2.0 I have to use with_items: "{{ ansible_mounts }}" instead. – Helms 9/5, 2019 at 14:52

The problem with this approach is that it may incorporate temporary mounts into the static /etc/fstab, and also it will change some items for the less stable variants, like UUID references into dynamic /dev/mapper/* paths – Constitute 28/11, 2019 at 9:40

I made too changes. The first one is the same as comment from Bram above. with_items: "{{ ansible_mounts }}" and second is to add when: item.mount == "/" and item.options.find(",") >= 0 and item.options.find("nodev") == -1 – Newsworthy 16/1, 2023 at 19:37

To keep UUIDs in fstab, I changed to src: 'UUID={{ item.uuid }}'. – Pak 15/7 at 11:29

Inspired by Joe's answer I made this version which will add a single option to a specific line in /etc/fstab if it isn't there already. This will also keep any other options the line already had.

main.yml

- import_tasks: fstab-opt-present.yml point=/home opt=nodev

fstab-opt-present.yml

- name: '/etc/fstab: Set opt "{{ opt }}" for mount point {{ point }}'
  lineinfile:
    path: /etc/fstab
    backup: yes
    backrefs: yes
    regexp: '^(\S+\s+{{ point }}\s+\S+\s+)(?!(?:\S*,)?{{ opt }}(?:,\S*)?\s+)(\S+)(\s+.+)$'
    line: '\1{{ opt }},\2\3'
  register: fstab

- name: 'If {{ point }} changed, remount'
  command: 'mount {{ point }} -o remount'
  when: fstab.changed

https://regex101.com/ is a really helpful tool for building and testing these kind of regexps. Just enable the "multiline" option there and open the "Substitution" panel and you can even paste in your /etc/fstab and see which lines your regex will match and what it will do to them. Just remember to use real values instead of the Ansible variables {{ point }} etc. when testing there

Innards answered 15/1, 2018 at 9:0 Comment(1)

validate: "mount -fav -T%s" is a nice option to add. It basically does a dry run of mount -a for the new file. – Marienbad 10/9, 2021 at 13:57

I wanted to state that there seems to be a new ansible module which covers all this much more easily: https://docs.ansible.com/ansible/latest/modules/mount_module.html

Mycosis answered 5/4, 2019 at 8:26 Comment(1)

A link to a solution is welcome, but please ensure your answer is useful without it: add context around the link so your fellow users will have some idea what it is and why it’s there, then quote the most relevant part of the page you're linking to in case the target page is unavailable. Answers that are little more than a link may be deleted. – Izanami 5/4, 2019 at 8:46

We've developed a 3rd-party ansible module to add, set or remove mount options. Check it out!

  - mountopts:
      name: /
      option: nodev

https://github.com/Uberspace/ansible-mountopts

Schechinger answered 15/1, 2017 at 16:50 Comment(0)

Tested & works fine

- name: Set  nodev option
  replace:
    path: /etc/fstab
    backup: yes
    regexp: '^(\S+\s+)(\/\S+)(\s+)((?:ext4|xfs)\s+)(?!(?:\S*,)?nodev(?:,\S*)?\s+)(\S+)(\s+.+)$'
    replace: '\1\2 \4 \5,nodev \6'

It excludes adding nodev to /(root), sets only to ext4 and xfs filesystem. doesn't add to temp filesystems.

Note: while you test regexp101, make sure to select python

Tensible answered 19/2, 2019 at 21:31 Comment(0)

Landed here looking for an answer, wound up rolling my own for my use case:

main.yml

- include: fstab-opts.yml point=/tmp opts=noexec,nodev,nosuid,noatime
- include: fstab-opts.yml point=/backup opts=noatime

fstab-opts.yml

---

- name: 'Ensure {{ point }} flags'
  lineinfile:
    path: /etc/fstab
    # uses "(not-spaces spaces /tmp spaces )(not-spaces)(the rest)" pattern to match column content and capture args
    regexp: '^([^ ]+[ ]+\{{ point }}[ ]+[^ ]+[ ]+)([^ ]+)(.*)'
    line: '\1{{ opts }}\3'
    backrefs: yes
  register: fstab

- name: 'If {{ point }} changed, remount'
  command: mount -o remount {{ point }}
  when: fstab.changed

Linoel answered 8/8, 2017 at 18:28 Comment(0)

i have added the noexec,nodev,nosuid option in /etc/fstab for the /var/tmp mount point.

Requirement is:

Ensure noexec option set on /var/tmp partition
Ensure nodev option set on /var/tmp partition
Ensure nosuid option set on /var/tmp partition

if required install ansible.posix.mount module using below command .

# ansible-galaxy collection install ansible.posix

Playbook:

---
 - name: "STEP 1: Get /var/tmp mounted SRC device"
   shell: mount | grep -E '\s/var/tmp\s' | awk '{print $1}'
   register: "vartmpsrc"

 - debug:
     msg: "Validated the /var/tmp mount output: {{ vartmpsrc.stdout }}"

 - name: "Add mount noexec,nodev,nosuid options for /var/tmp"
   mount:
     path: "/var/tmp"
     src: "{{ vartmpsrc.stdout }}"
     fstype: "tmpfs"
     opts: "nosuid,nodev,noexec"
     state: "present"
   when: vartmpsrc.stdout == "/var/tmp"

 - name: Remount /var/tmp mounted volume with mount options noexec,nodev,nosuid
   ansible.posix.mount:
    path: /var/tmp
    state: remounted
   when: vartmpsrc.stdout == "/var/tmp"

 - name: 'STEP 2: Validate noexec,nodev,nosuid option set on /var/tmp partition'
   shell: mount | grep -E '\s/var/tmp\s' | grep -v {{ item }}
   loop:
    - noexec
    - nodev
    - nosuid
   register: vartmp_exists
   ignore_errors: yes
   when: vartmpsrc.stdout == "/var/tmp"

Cryobiology answered 26/7, 2021 at 12:52 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags