user module bug?

Archives Ansible Project
1

I think there are two different bugs in the user module.

1.) If I leave the “authorized_key” action in the tasks, the user will not be deleted even when the state=absent for the user module.

2.) When I comment out the “authorized_key” action for that user, the user module returns this error:
“failed: [benelec.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}”

And the action: “action: user force=yes remove=yes name=harm state=absent”

A second run is then ok, as the user is gone.

2

As for number 1.)
I had this:

  • name: Users beheren
    action: user comment=Harm groups=sudo append=yes password=XXXXXforce=yes remove=yes name=harm state=absent
    action: authorized_key user=harm key=‘’

Which does not work, but this does work:

  • name: Users beheren
    action: user comment=Harm groups=sudo append=yes password=beQCZAKpGdV0w force=yes remove=yes name=harm state=absent
  • name: Add key
    action: authorized_key user=harm key=‘’

At least then the user get’s deleted and you get a reminder you still have an action for a authorized_key in your playbook for that user :wink:

3

Please show me a full example

– Michael

4

Ok please define what doesn’t work means

– Michael

5

The full original version:

6

There’s a couple issues here. See inline below.

The full original version:

  • hosts: all
    vars:
    user: mark
    sudo: true
    gather_facts: false
    tasks:
  • name: Users beheren
    action: user comment=Harm groups=sudo append=yes password=XXXXXX force=yes remove=yes name=harm state=absent
    action: authorized_key user=harm key=‘’

The above play has a problem. You have two actions defined in one task. It should be one action per task.

This did not delete the user. But this one:

  • hosts: all
    vars:
    user: mark
    sudo: true
    gather_facts: false
    tasks:
  • name: Users beheren
    action: user comment=Harm groups=sudo append=yes password=XXXX force=yes remove=yes name=harm state=absent
  • name: Key toevoegen
    action: authorized_key user=harm key=‘’

Does, but just gives two warnings, one that the /var/mail/harm file could not be found and the other that the user could not be found anymore (As I just deleted it)

Is this on debian or ubuntu? I recall an issue with userdel on a version of one of those distributions where userdel would successfully delete the user but exit with rc != 0 because /var/mail/user didn’t exist. Please let us know the distribution and version.

sf

7

There’s a couple issues here. See inline below.

The full original version:
tasks:

  • name: Users beheren
    action: user comment=Harm groups=sudo append=yes password=XXXXXX force=yes remove=yes name=harm state=absent
    action: authorized_key user=harm key=‘’

The above play has a problem. You have two actions defined in one task. It should be one action per task.

Noted. Wont’ do it again.

two warnings, one that the /var/mail/harm file could not be found and the other that the user could not be found anymore (As I just deleted it)

Is this on debian or ubuntu? I recall an issue with userdel on a version of one of those distributions where userdel would successfully delete the user but exit with rc != 0 because /var/mail/user didn’t exist. Please let us know the distribution and version.

Versions:
data.xxxx.net | success | rc=0 >>
Debian GNU/Linux 6.0 \n \l

zimbra.xxxx.net | success | rc=0 >>
Ubuntu 12.04.1 LTS \n \l

And the uname:

data.xxxx.net | success | rc=0 >>
Linux data 2.6.32-14-pve #1 SMP Tue Aug 21 08:24:37 CEST 2012 i686 GNU/Linux

zimbra.xxxx.net | success | rc=0 >>
Linux zimbra 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Mark

8

See https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1023509. You may want to test the behavior of userdel on those platforms and evaluate whether the fix is applied and working.

Also, I didn’t see the output from ansible-playbook in this thread. You said it works, but gives warnings. Please provide specific output.

sf

9

See https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1023509. You may want to test the behavior of userdel on those platforms and evaluate whether the fix is applied and working.

Strange, as it happens on both a Debian 6.0.6 and a Ubuntu 12.04 platform

Also, I didn’t see the output from ansible-playbook in this thread. You said it works, but gives warnings. Please provide specific output.

The first post has it:

2.) When I comment out the “authorized_key” action for that user, the user module returns this error:
“failed: [benelec.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}”

But the full thing looks like this:

mark@xxxx:~/ansible/xxxx$ ansible-playbook -c ssh -K ./harm.yml
sudo password:

PLAY [xxxx] *********************

TASK: [Users beheren] *********************
failed: [xxxx.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}
failed: [data.xxxx.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}
failed: [tools.xxxx.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}
failed: [www.xxxx.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}
failed: [zimbra.xxxx.net] => {“failed”: true, “msg”: “userdel: warning: can’t remove /var/mail/harm: No such file or directory\n”, “name”: “harm”, “rc”: 12}

FATAL: all hosts have already failed – aborting

PLAY RECAP *********************
xxxx.net : ok=0 changed=0 unreachable=0 failed=1
data.xxxx.net : ok=0 changed=0 unreachable=0 failed=1
tools.xxxx.net : ok=0 changed=0 unreachable=0 failed=1
www.xxxx.net : ok=0 changed=0 unreachable=0 failed=1
zimbra.xxxx.net : ok=0 changed=0 unreachable=0 failed=1

And the yaml file:

mark@xxxxxx:~/ansible/xxxxxx$ cat ./harm.yml

  • hosts: xxxxxx

vars:

user: mark

sudo: true

gather_facts: false

tasks:

  • name: Users beheren

action: user comment=Harm groups=sudo append=yes password=xxxxxx force=yes remove=yes name=harm state=absent

And finally the hosts in question:

mark@xxxxxx:~/ansible/xxxxxx$ ansible xxxxxx -c ssh -m command -a “cat /etc/issue”

xxxxxx.net | success | rc=0 >>

Debian GNU/Linux 6.0 \n \l

data.xxxxxx.net | success | rc=0 >>

Debian GNU/Linux 6.0 \n \l

tools.xxxxxx.net | success | rc=0 >>

Debian GNU/Linux 6.0 \n \l

www.xxxxxx.net | success | rc=0 >>

Debian GNU/Linux 6.0 \n \l

zimbra.xxxxxx.net | success | rc=0 >>

Ubuntu 12.04.1 LTS \n \l

Thanks,
Mark

10

Disclaimer: i’m not a Debian/Ubuntu user.

Ubuntu gets the package from Debian. The launchpad bug page has a link to Debian’s bug tracker for the same issue. Debian’s bug tracker reports the issue is fixed in 1:4.1.5-1. For Debian, this version is available in testing. It appears to not yet be available in stable. As I understand, Ubuntu bases their passwd package on Debian’s. I poked at Ubuntu’s package database and it isn’t clear to me when they plan to land 1:4.1.5-1. Since this is acknowledged by upstream as a bug, I encourage you to apply the fix available from them.

sf