Sorry, other work took me away from pursuing this issue until now... Thanks for your attention, Michael & James!
In any case, it seems the entry I need is actually "+::::::" in /etc/passwd, per this webpage: http://www.linux-nis.org/nis-howto/HOWTO/settingup_client.html (and not "::::::+" as I've been using, which is weird, because NIS logins are working with that... but I digress...) I can't really template the /etc/passwd and /etc/shadow files, as the users can install software that enters new users that my Ansible playbooks wouldn't know about... And I'm pretty sure I can't use the "user" module; I don't want to create an actual local user (and homedir etc.), just add the literal line "+::::::" at the bottom of /etc/passwd to create the needed entry to incorporate the NIS users... I also had an instance today where my playbook worked perfectly (i.e., lineinfile did NOT overwrite the then-last entry for the 'ntp' user...) so looks like it's also an intermittent problem. Just wanted to report a seeming problem, and see if there was a solution... Thanks, Will On Friday, August 8, 2014 7:59:20 PM UTC-4, James Cammarata wrote: > > Also, is there any reason you're not using the user module to manage > entries in your passwd/shadow files? > > > On Fri, Aug 8, 2014 at 6:30 PM, Michael DeHaan <[email protected] > <javascript:>> wrote: > >> lineinfile is tricky and I don't have bandwidth to debug this one right >> now, but maybe some other folks would like to help? >> >> Most of the time, I *strongly* recommend just templating the file, that >> way you are centrally very sure of the state of everything that's in there. >> >> >> >> >> On Fri, Aug 8, 2014 at 2:22 PM, Willard Dennis <[email protected] >> <javascript:>> wrote: >> >>> Hi all, >>> >>> I have a playbook used for setting up new servers here, that among other >>> things, ensures both NTP and NIS (yes, we still use NIS here...) are >>> installed and are running. The problem I am seeing is that when the >>> playbook executes the notify action for restarting the ntpd service, it is >>> failing because the 'ntp' user is no longer in /etc/passwd. I believe the >>> problem is occurring when I run tasks in the playbook that call the >>> 'lineinfile' module to ensure I have a certain entry needed for NIS logins >>> at the bottom of /etc/passwd, which seems to be overwriting the >>> then-last-line which is the 'ntp' user one. >>> >>> Here is the tasks that make sure NTPD is installed and running... >>> >>> [...] >>> >>> - name: DEBFAM | Ensure NTP package is installed >>> apt: pkg=ntp state=present >>> tags: ntp >>> >>> - name: DEBFAM | Ensure NTP configured correctly >>> template: src=ntp.conf.j2 dest=/etc/ntp.conf >>> notify: >>> - restart deb-ntpd >>> tags: ntp >>> >>> - name: DEBFAM | Ensure NTP is running and enabled >>> service: name=ntp state=running enabled=yes >>> tags: ntp >>> >>> [...] >>> >>> Right after these steps are run, I can cat /etc/password and notice that >>> the 'ntp' user entry is there, and happens to be the last entry... >>> >>> [...] >>> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >>> saned:x:117:125::/home/saned:/bin/false >>> whoopsie:x:118:126::/nonexistent:/bin/false >>> speech-dispatcher:x:119:29:Speech >>> Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh >>> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >>> ntp:x:121:127::/home/ntp:/bin/false >>> >>> Then the playbook runs the tasks I have set up to ensure NIS is >>> installed and running... >>> >>> [...] >>> >>> - name: DEBFAM | Ensure NIS package is installed >>> apt: pkg=nis >>> tags: nis >>> >>> - name: DEBFAM | Ensure /etc/yp.conf configured correctly for NIS >>> template: src=yp.conf.j2 dest=/etc/yp.conf >>> notify: >>> - restart nis >>> tags: nis >>> >>> - name: DEBFAM | Ensure /etc/defaultdomain configured correctly for NIS >>> template: src=etc-defaultdomain.j2 dest=/etc/defaultdomain >>> notify: >>> - restart nis >>> tags: nis >>> >>> - name: DEBFAM | Ensure /etc/nsswitch.conf configured correctly for NIS >>> template: src=nsswitch.conf.j2 dest=/etc/nsswitch.conf >>> tags: nis >>> >>> - name: DEBFAM | Erase old /etc/passwd entry for NIS users >>> lineinfile: dest=/etc/passwd >>> regexp='::::::+' >>> state=absent >>> tags: nis >>> >>> - name: DEBFAM | Erase old /etc/shadow entry for NIS users >>> lineinfile: dest=/etc/shadow >>> regexp='::::::::+' >>> state=absent >>> tags: nis >>> >>> - name: DEBFAM | Ensure NIS is running and enabled >>> service: name=ypbind state=restarted enabled=yes >>> notify: >>> - restart autofs >>> tags: nis >>> >>> - name: DEBFAM | Ensure /etc/passwd has correct entry for NIS users >>> lineinfile: dest=/etc/passwd >>> regexp='' >>> insertafter=EOF >>> line='::::::+' >>> notify: >>> - restart nis >>> tags: nis >>> >>> - name: DEBFAM | Ensure /etc/shadow has correct entry for NIS users >>> lineinfile: dest=/etc/shadow >>> regexp='' >>> insertafter=EOF >>> line='::::::::+' >>> notify: >>> - restart nis >>> tags: nis >>> >>> [...] >>> >>> (I'm running the lineinfile module once on /etc/passwd and /etc/shadow >>> to remove any old existing entries for the '+::::...' patterns, and then >>> running them again on those files to ensure they are present and at the end >>> of those respective files.) >>> >>> However, when the playbook is ending and running the accumulated >>> notifies, when it hits the 'restart deb-ntpd' action, this fails, >>> complaining that the 'ntp' user is not there -- >>> >>> NOTIFIED: [common | restart deb-ntpd] >>> ***************************************** >>> failed: [dhcp-207-150] => {"failed": true} >>> msg: * Stopping NTP server ntpd >>> ...done. >>> * Starting NTP server ntpd >>> * user "ntp" does not exist >>> >>> >>> FATAL: all hosts have already failed -- aborting >>> >>> If I then cat /etc/passwd, I notice that the entry for the 'ntp' user is >>> gone, and seemingly overwritten by the NIS entry: >>> >>> [...] >>> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >>> saned:x:117:125::/home/saned:/bin/false >>> whoopsie:x:118:126::/nonexistent:/bin/false >>> speech-dispatcher:x:119:29:Speech >>> Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh >>> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >>> ::::::+ >>> >>> This has happened a number of times to me, enough that I believe I'm >>> hitting a bug (or am using the 'lineinfile' module incorrectly somehow??) >>> so I thought I'd post it to this list and ask for help with debugging >>> this.... >>> >>> Thanks, >>> Will >>> >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected] <javascript:>. >>> To post to this group, send email to [email protected] >>> <javascript:>. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To post to this group, send email to [email protected] >> <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2%2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com >> >> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2%2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/77a14bc6-6509-4e40-9e52-724ed6a706ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
