Hi folks,
let me start by thanking the great people on the #ansible IRC channel,
notably jtanner, for pointing me into the right direction.
A quick word about the system I'm dealing with:
I've recently inherited a compute cluster at an academic institution that
also has central IT services. IT manages all central user accounts and
services, but I manage the compute cluster. In order to not go completely
crazy, I'm trying to keep the handful of users the cluster has in sync with
the central user database. We're hopefully migrating to LDAP in a while,
but for the time being I'm grabbing passwd/group information from NIS and
am providing the shadow database myself.
That means I need to locally create users that already exist on NIS, which
in turn doesn't allow me to use "useradd" or the ansible "user" module.
Fortunately my RHEL boxes ship a "luseradd" binary that happily ignores
NIS, apparently.
The following setup works for me:
- name: add user jdoe
shell: grep jdoe /etc/passwd || (luseradd -u 1234 -g 2342 -c "Jane Doe"
-p 'hashed password here' -M --nocreategroup jdoe && echo 'user added')
register: luseradd_result
changed_when: "'user added' in luseradd_result.stdout"
tags: users
Let's take apart the shell command, which accomplishes three things:
1. If the user already exists, it will just pass and not report a change
(grep jdoe /etc/passwd)
2. if the user doesn't exist, it will attempt to create the user ( luseradd
... && echo 'user added' ), reporting a change
3. if luseradd fails for whatever reason, it will report an error (error
return from luseradd)
This sure isn't the prettiest way to add users, but it works for my weird
setup. I'm posting this here in the hope that it might save some time to
the next person having to resort to luseradd, and also because jtanner
asked me to.
Cheers,
Kai
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
