How to run multiline shell script in Ansible?

Question

I have encountered an error while running this, I have checked the indentation but not sure why

- name: Ensure System accounts are non-login
    shell: >
             egrep -v '^\+' /etc/passwd |
             awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}' 
    register: system

- debug:
    msg: "{{ system.stdout }}"

This is the error, I don't understand it.

The offending line appears to be:

    - name: Ensure System accounts are non-login
        shell: >
             ^ here

From your question I wonder if you are trying to (re)implement what might be public available already. If you are interested in Ansible examples for Linux CIS you might take advantage from in example [Ansible RHEL-7 CIS Benchmark](https://github.com/HarryHarcourt/Ansible-RHEL7-CIS-Benchmarks/) or [RHEL-8 CIS](https://github.com/ansible-lockdown/RHEL8-CIS) or [Ansible Galaxy CIS Security](https://galaxy.ansible.com/dsglaser/cis_security). — U880D, Aug 31 '22 at 07:00
If you are interested in [How to do multiline shell script in Ansible](https://stackoverflow.com/questions/40230184/) you'll find the answer [there](https://stackoverflow.com/a/40230416/6771046). — U880D, Aug 31 '22 at 07:02
If you like to pipe together `egrep -v '^\+' /etc/passwd | awk ...` you may just use it one line like `cmd: egrep -v '^\+' /etc/passwd | awk ...`. — U880D, Aug 31 '22 at 07:09

score 0 · Answer 1 · answered Aug 31 '22 at 10:55

0

well, it seems that it is about:

- name: Ensure System accounts are non-login
  shell: >

instead of

- name: Ensure System accounts are non-login
    shell: >

answered Aug 31 '22 at 10:55

Konstantin Volenbovskyi

156
1
5

1

It is not only about the indention, but also the incorrect `>` versus correct `|`. – U880D Aug 31 '22 at 16:34

How to run multiline shell script in Ansible?

1 Answers1