How would you approach modifying the gid of a group on a server only if it exists? I know I can do this for 3 groups within 3 separate tasks (as an example), but I was hoping to combine them into a single task (see last task below…). The problem with my current setup is that it may create an unnecessary group (ie. server1 needs gomer, server2 needs pyle. As I search for a group gomer, or pyle, then both servers would get both groups, which isn’t desirable). Do I have to break this out in multiple tasks? or is there another way? I haven’t tested the following yet.
`
-
name: Gather User Information
getent:
database: passwd
-
name: Gather Group Information
getent:
database: group
-
name: Create common group when gomer or pyle user present
group:
name: army
gid: 2003
state: present
when: getent passwd | lower | search(“gomer|pyle)”
-
name: Modify Group GIDs if Group is Present
group:
name: “{{ item.name }}”
git: “{{ item.gid }}”
with_items:
-
{name: “gomer”, gid: “2000”}
- {name: "pyle", gid: "2001"}
when: getent group | lower | search("gomer|pyle)"
`
You may not need to use the getent module at all - the group module already uses groupmod if the group already exists.
If you want to use getent, then it looks like you are missing ‘_’ characters in the “when” conditions. They should be
when: getent_passwd …
and
when: getent_group …
respectively. And there’s a typo in your last call to the group module, “git” should be “gid”.
You could move the items list into host_vars and then iterate just the groups the host needs, you can have the items list in group_vars that need the groups on the systems, there are lots of ways to partition that up.
the missing underscores appear to have been whacked during copy/paste somehow. The gid/git typo was my fault. I didn’t want to use lists though, as I plan on applying this to about 60 different servers. I wanted it to be intuitive enough to make the proper changes for the proper server.
In short, can I combine these two tasks into one? Some servers have one group, some have another. None of the servers should have both:
`
-
name: Ensure GID is correct for gomer group
group:
name: gomer
gid: 2001
when: getent_group | lower | search(“gomer”)
-
name: Ensure GID is correct for pyle group
group:
name: pyle
gid: 2000
when: getent_group | lower | search(“pyle”)
`