replace sed with replace-module

dev-sec · Jun 1, 2015 · e6f2253 · e6f2253
1 parent c9252b1
commit e6f2253
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/roles/ansible-os-hardening/tasks/yum.yml b/roles/ansible-os-hardening/tasks/yum.yml
@@ -7,14 +7,23 @@
     - 'CentOS-Vault'
   when: os_security_packages_clean
 
+- name: get yum-repository-files
+  shell: 'find /etc/yum.repos.d/ -type f -name *.repo'
+  register: yum_repos
+
+- name: check if rhnplugin.conf exists
+  stat: path='/etc/yum/pluginconf.d/rhnplugin.conf'
+  register: rhnplugin_file
+
 - name: activate gpg-check for yum-repos
-  shell: "sed -i 's/gpgcheck=0/gpgcheck=1/g' {{item}}"
+  replace: dest='{{item}}' regexp='^\s*gpgcheck=0' replace='gpgcheck=1'
   with_items:
+    - '{{ yum_repos.stdout_lines }}'
     - '/etc/yum.conf'
-    - '/etc/yum.repos.d/*.repo'
 
 - name: activate gpg-check for yum rhn if it exists
-  shell: sed -i 's/gpgcheck=0/gpgcheck=1/g' /etc/yum/pluginconf.d/rhnplugin.conf removes='/etc/yum/pluginconf.d/rhnplugin.conf'
+  replace: dest='/etc/yum/pluginconf.d/rhnplugin.conf' regexp='^\s*gpgcheck=0' replace='gpgcheck=1'
+  when: rhnplugin_file.stat.exists
 
 - name: remove packages
   yum: name='{{item}}' state=removed