I’m trying to add a task to my security playbook to ensure that there are no members in the default Linux wheel group. This has turned out to be more difficult than I thought it would be.
Can someone out there help get me started? (ansible 2.7.9)
You can use the getent module to do this. Something like:
-
getent:
database: group -
assert:
that: -
getent_group.wheel|default([“”, “”, “”])[2] == “”
Thank you for your reply. I am getting what appears to be a formatting error. Here is the task from my playbook, and the error it is generating:
Your formatting doesn’t match mine. Notice the difference of that between mine and yours. that is ententes to be a list
You'll need () around the getent and default:
that: (getent_group.wheel|default(["", "", ""]))[2] == ""
The above should work.
Sebastian
That got it ! Thank you for your help.