Hi folks,
let me start by thanking the great people on the ansible IRC channel, notably jtanner, for pointing me into the right direction.
A quick word about the system I’m dealing with:
I’ve recently inherited a compute cluster at an academic institution that also has central IT services. IT manages all central user accounts and services, but I manage the compute cluster. In order to not go completely crazy, I’m trying to keep the handful of users the cluster has in sync with the central user database. We’re hopefully migrating to LDAP in a while, but for the time being I’m grabbing passwd/group information from NIS and am providing the shadow database myself.
That means I need to locally create users that already exist on NIS, which in turn doesn’t allow me to use “useradd” or the ansible “user” module. Fortunately my RHEL boxes ship a “luseradd” binary that happily ignores NIS, apparently.
The following setup works for me:
- name: add user jdoe
shell: grep jdoe /etc/passwd || (luseradd -u 1234 -g 2342 -c “Jane Doe” -p ‘hashed password here’ -M --nocreategroup jdoe && echo ‘user added’)
register: luseradd_result
changed_when: “‘user added’ in luseradd_result.stdout”
tags: users
Let’s take apart the shell command, which accomplishes three things:
- If the user already exists, it will just pass and not report a change (grep jdoe /etc/passwd)
- if the user doesn’t exist, it will attempt to create the user ( luseradd … && echo ‘user added’ ), reporting a change
- if luseradd fails for whatever reason, it will report an error (error return from luseradd)
This sure isn’t the prettiest way to add users, but it works for my weird setup. I’m posting this here in the hope that it might save some time to the next person having to resort to luseradd, and also because jtanner asked me to.
Cheers,
Kai