Hi,
I'm another new ansible user. Over the last 2 months I've experimented
with all the other CM tools and this one seems the best fit by far -
thanks!
I'm cleaning up some infrastructure and need to use the following logic:
if group ubuntu doesn't yet exist, create it with a specific gid
set some group parameters in all cases
if user ubuntu doesn't yet exist, create it with a specific uid
set some user parameters in all cases
Is there a simple way to do this? Should user module be extended to
have a "create=yes" mode?
Then I could try:
- name: create ubuntu user if missing
user: name=ubuntu password=* state=present create=yes uid=999
user: name=ubuntu password=* createhome=yes create=no system=yes
state=present groups=admin,ubuntu
A+
Dave
If you need to check if a user or group exists to do some follow up action
you can do something like this:
- name: Check if user exists
action: shell /usr/bin/getent passwd $user | /usr/bin/wc -l | tr -d '
'
register: user_exist
- name: create $user account
action: user name=$user group=its shell=/bin/bash createhome=yes
home=/home/$user uid=12933 password="passwd"
only_if: ${user_exist.stdout} == 0
tags:
- users
Same goes for group, just check if it exists, storing the results in a
register.
The idea in ansible (and actually most CM systems) is that you describe the end state, no action is taken on systems that are already there, corrective actions are taken on the others.
There is no need fora create=yes for the user module, it is implied by default that the user will be created if it does not exist.
Exactly.
This is true, though it's also true that ansible will modify the user
id if not set right -- which I believe you didn't want to do.
That being said, this is pretty much what everyone wants.
It ensures the system is in exactly the state you want it to be, not
in two different states based on a pre-condition, and you are assured
your infrastructure is more-or-less homogenous.
I agree with that in principle, but in practice I have servers with
differing gid and uids, and changing file permissions everywhere to
match a standardised gid/uid is not a workable solution. Over time,
its possible to recommission clean boxes after shuffling the workload,
but not right now.
I think maybe I can use facts to retrieve that and run a special
playlist to only create the user if missing perhaps. Then I could
leave the gid/uid out of the main playlist. Thanks everybody for the
helpful ideas.
A+
Dave