As a system administrator to a DEV/OPS specialist, configuration management is a key component to your automation. A small misconfiguration in some important file, and your whole app can crash or become a security threat. And that is exactly where the Ansible lineinfile module comes into play.
The lineinfile Ansible module is used to insert/change/remove one line in a file on a remote system. It is a key tool if you want to enforce idempotence (your settings will always be the way you intended them to be, no matter how many times your playbooks run).
In this article, we’re going to explain, also with practical examples, when the Ansible module lineinfile is used and how to use it, what the syntax is, and we’ll also show you some caveats and a way to avoid some common pitfalls. If you need to add an SSH setting to /etc/ssh/sshd_config or need to make sure that some cron job exists, this is the module for you.
Let’s learn together!
What Exactly Is the Ansible Lineinfile Module?
The Ansible lineinfile module is used to ensure that a particular line is in a file or to remove a line from a file. It makes text files like config files, bashrc, and crontabs easily configurable. You can safely do matching, replacing, or inserting lines across systems with idempotence, and best practice gives a try to the simple module.
It supports options like:
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
- path: path to the file
- line: the precise line to make certain that it
- regexp: regex pattern to look for
- insertafter / insertbefore = position control
- state: present or absent
How to Use Ansible Lineinfile Module?
Here’s a quick and easy example to ensure the line in /etc/ssh/sshd_config exists:
- name: Ensure root login is disabled
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: 'PermitRootLogin no'
state: present
create: yes
This checks for the PermitRootLogin line and replaces or adds it as needed. It creates the file if missing.
Can The Module Remove Lines Too?
Yes, the state: absent option removes a line matching a regex. It’s ideal for cleaning up old or insecure configurations.
Example:
- name: Remove outdated cron job
ansible.builtin.lineinfile:
path: /etc/crontab
regexp: 'backup.sh'
state: absent
This ensures any line containing backup.sh is removed from the cron file.
How To Insert Lines Before or After a Specific Pattern?
To add a line conditionally near another, use insertbefore or insertafter.
- name: Insert line after the [defaults] section
ansible.builtin.lineinfile:
path: /etc/ansible/ansible.cfg
insertafter: '^\[defaults\]'
line: 'remote_tmp = $HOME/.ansible/tmp'
This ensures better control over placement in structured config files.
Can You Use Variables with Ansible Lineinfile?
Yes, all values like line, path, and regexp can use Ansible variables. This allows dynamic path or value insertion across multiple hosts or environments.
Example:
- name: Add custom banner
vars:
banner_line: 'Authorized access only'
ansible.builtin.lineinfile:
path: /etc/issue
line: "{{ banner_line }}"
Use Cases of the Lineinfile Ansible Module
Here are practical scenarios:
- Enforcing SSH hardening
- Adding environment variables
- Configuring cron jobs
- Managing service settings
- Creating firewall rule(s) or DNS entry
Optimal Way to Use Ansible Module Lineinfile
- Use regexp wisely to avoid matching the wrong lines.
- Prevent duplicate lines by defining the state: present.
- file any files that may not exist.
- Only use validate if your making changes to sensitive files such as NGINX/Apache configs.
Common Errors and Their Solutions
| Error | Cause | Solution |
|---|---|---|
| File not found | Path is incorrect | Use create: yes or verify the path |
| Duplicate lines added repeatedly | Missing or incorrect regexp | Use proper regexp to match lines |
| Permissions denied | Insufficient privileges on the file | Use become: true in the playbook |
CyberPanel and Configuration Automation
While working with web applications on CyberPanel, i.e., web hosting control panel, configuration files such as nginx.conf, .bashrc, or .htaccess should not be updated during deployments. Using Ansible lineinfile, you can automate these changes on all your servers that are being managed by CyberPanel, for example:
- Inserting firewall rules
- Updating PHP settings in php.ini
- Implement WordPress HTTP Security Headers in .htaccess
It saves users from doing things manually and ensures a unified look and feel across multiple nodes being controlled by CyberPanel.
FAQs
Q1. Can I insert a list of several regex patterns?
No, only one regexp per task. For multiple patterns, use several tasks.
Q2. Can it modify binary files?
No, lineinfile operates on plain text files only.
Q3. Can it be used in loops?
Yes, loop over items and use them inside the line or regexp.
Final Thoughts!
The Ansible lineinfile module is a robust and secure way to manage configuration files throughout your infrastructure. Through everything from SSH settings to web server setup, it brings transparency and consistency to everything you do. Whether you have a single node or an entire fleet of servers you manage as you do with CyberPanel, you need to add this module to your Ansible arsenal.
Ready to simplify config management? Use Ansible lineinfile today and automate with precision!
