group module fails when trying to delete non local group

Hi list,

Sorry for the probably confusing subject, but I don’t really know how to say that better, I’ll try to explain better:

In my environment I have a requirement to remove certain local groups ( that have now been moved to remote groups ) and found out the behaviour of the module is quite strange.

So what happens is:

I try to remove the “support” group, which as said was a local group, and is now a remote group managed by LDAP:

  • group: name=support state=absent
    What I get back from this is an error from groupdel:
    groupdel: cannot remove entry ‘support’ from /etc/group

Which I believe to be wrong as if the group does not exist in /etc/group the module should just return OK.

Digging into the module code I found why this is happening ( I’m using ansible v1.9 ):

group calls group_exists: https://github.com/ansible/ansible-modules-core/blob/stable-1.9/system/group.py#L413

defined here: https://github.com/ansible/ansible-modules-core/blob/stable-1.9/system/group.py#L128

grp.getgrnam(’support’) will return the remote group data, so group_exists returns True, hence the module runs groupdel which in turn fails as it doesn’t find the group in /etc/groups.

I have found out that grp.getgrall() only returns with local groups, so I worked around that problem this way:
http://fpaste.org/268435/97803144/

I don’t know if that can be considered a good way of handling that error, and I really don’t know if it makes sense to have that added to the upstream module. It worked for me so I thought it would be good to share :wink:

Thanks,

Andrea

Won't that cause the opposite problem when creating groups? Also I
believe the return is correct, it failed to delete the group as it is
not a local group and will still be present on the machine. We might
want to add a 'local_only' flag to both this and user to be more
specific on what you want as a user.

Yes,
That would indeed cause the opposite problem when creating groups! Didn’t really think about that, was focusing on the deletion
Yes, probably adding a ‘local_only’ to both the modules makes more sense, and should keep the return correct in both cases.

Thanks,
Andrea