Also, is there any reason you're not using the user module to manage entries in your passwd/shadow files?
On Fri, Aug 8, 2014 at 6:30 PM, Michael DeHaan <[email protected]> wrote: > lineinfile is tricky and I don't have bandwidth to debug this one right > now, but maybe some other folks would like to help? > > Most of the time, I *strongly* recommend just templating the file, that > way you are centrally very sure of the state of everything that's in there. > > > > > On Fri, Aug 8, 2014 at 2:22 PM, Willard Dennis <[email protected]> > wrote: > >> Hi all, >> >> I have a playbook used for setting up new servers here, that among other >> things, ensures both NTP and NIS (yes, we still use NIS here...) are >> installed and are running. The problem I am seeing is that when the >> playbook executes the notify action for restarting the ntpd service, it is >> failing because the 'ntp' user is no longer in /etc/passwd. I believe the >> problem is occurring when I run tasks in the playbook that call the >> 'lineinfile' module to ensure I have a certain entry needed for NIS logins >> at the bottom of /etc/passwd, which seems to be overwriting the >> then-last-line which is the 'ntp' user one. >> >> Here is the tasks that make sure NTPD is installed and running... >> >> [...] >> >> - name: DEBFAM | Ensure NTP package is installed >> apt: pkg=ntp state=present >> tags: ntp >> >> - name: DEBFAM | Ensure NTP configured correctly >> template: src=ntp.conf.j2 dest=/etc/ntp.conf >> notify: >> - restart deb-ntpd >> tags: ntp >> >> - name: DEBFAM | Ensure NTP is running and enabled >> service: name=ntp state=running enabled=yes >> tags: ntp >> >> [...] >> >> Right after these steps are run, I can cat /etc/password and notice that >> the 'ntp' user entry is there, and happens to be the last entry... >> >> [...] >> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >> saned:x:117:125::/home/saned:/bin/false >> whoopsie:x:118:126::/nonexistent:/bin/false >> speech-dispatcher:x:119:29:Speech >> Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh >> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >> ntp:x:121:127::/home/ntp:/bin/false >> >> Then the playbook runs the tasks I have set up to ensure NIS is installed >> and running... >> >> [...] >> >> - name: DEBFAM | Ensure NIS package is installed >> apt: pkg=nis >> tags: nis >> >> - name: DEBFAM | Ensure /etc/yp.conf configured correctly for NIS >> template: src=yp.conf.j2 dest=/etc/yp.conf >> notify: >> - restart nis >> tags: nis >> >> - name: DEBFAM | Ensure /etc/defaultdomain configured correctly for NIS >> template: src=etc-defaultdomain.j2 dest=/etc/defaultdomain >> notify: >> - restart nis >> tags: nis >> >> - name: DEBFAM | Ensure /etc/nsswitch.conf configured correctly for NIS >> template: src=nsswitch.conf.j2 dest=/etc/nsswitch.conf >> tags: nis >> >> - name: DEBFAM | Erase old /etc/passwd entry for NIS users >> lineinfile: dest=/etc/passwd >> regexp='::::::+' >> state=absent >> tags: nis >> >> - name: DEBFAM | Erase old /etc/shadow entry for NIS users >> lineinfile: dest=/etc/shadow >> regexp='::::::::+' >> state=absent >> tags: nis >> >> - name: DEBFAM | Ensure NIS is running and enabled >> service: name=ypbind state=restarted enabled=yes >> notify: >> - restart autofs >> tags: nis >> >> - name: DEBFAM | Ensure /etc/passwd has correct entry for NIS users >> lineinfile: dest=/etc/passwd >> regexp='' >> insertafter=EOF >> line='::::::+' >> notify: >> - restart nis >> tags: nis >> >> - name: DEBFAM | Ensure /etc/shadow has correct entry for NIS users >> lineinfile: dest=/etc/shadow >> regexp='' >> insertafter=EOF >> line='::::::::+' >> notify: >> - restart nis >> tags: nis >> >> [...] >> >> (I'm running the lineinfile module once on /etc/passwd and /etc/shadow to >> remove any old existing entries for the '+::::...' patterns, and then >> running them again on those files to ensure they are present and at the end >> of those respective files.) >> >> However, when the playbook is ending and running the accumulated >> notifies, when it hits the 'restart deb-ntpd' action, this fails, >> complaining that the 'ntp' user is not there -- >> >> NOTIFIED: [common | restart deb-ntpd] >> ***************************************** >> failed: [dhcp-207-150] => {"failed": true} >> msg: * Stopping NTP server ntpd >> ...done. >> * Starting NTP server ntpd >> * user "ntp" does not exist >> >> >> FATAL: all hosts have already failed -- aborting >> >> If I then cat /etc/passwd, I notice that the entry for the 'ntp' user is >> gone, and seemingly overwritten by the NIS entry: >> >> [...] >> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >> saned:x:117:125::/home/saned:/bin/false >> whoopsie:x:118:126::/nonexistent:/bin/false >> speech-dispatcher:x:119:29:Speech >> Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh >> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >> ::::::+ >> >> This has happened a number of times to me, enough that I believe I'm >> hitting a bug (or am using the 'lineinfile' module incorrectly somehow??) >> so I thought I'd post it to this list and ask for help with debugging >> this.... >> >> Thanks, >> Will >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2%2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2%2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAMFyvFjeZtHx9LoWkNiFprs_Yd7i31euX_ssAMA2AtdFRtbdxg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
