Can you let us know why the user module won't work for you in this case? It should not be needed to edit those files directly, and if there's a missing feature I'd like to see it exposed in the user module.
Thanks! On Wed, Aug 13, 2014 at 5:28 PM, Willard Dennis <[email protected]> wrote: > Sorry, other work took me away from pursuing this issue until now... > Thanks for your attention, Michael & James! > > In any case, it seems the entry I need is actually "+::::::" in > /etc/passwd, per this webpage: > http://www.linux-nis.org/nis-howto/HOWTO/settingup_client.html (and not > "::::::+" as I've been using, which is weird, because NIS logins are > working with that... but I digress...) > > I can't really template the /etc/passwd and /etc/shadow files, as the > users can install software that enters new users that my Ansible playbooks > wouldn't know about... And I'm pretty sure I can't use the "user" module; I > don't want to create an actual local user (and homedir etc.), just add the > literal line "+::::::" at the bottom of /etc/passwd to create the needed > entry to incorporate the NIS users... > > I also had an instance today where my playbook worked perfectly (i.e., > lineinfile did NOT overwrite the then-last entry for the 'ntp' user...) so > looks like it's also an intermittent problem. > > Just wanted to report a seeming problem, and see if there was a solution... > > Thanks, > Will > > > > On Friday, August 8, 2014 7:59:20 PM UTC-4, James Cammarata wrote: > >> Also, is there any reason you're not using the user module to manage >> entries in your passwd/shadow files? >> >> >> On Fri, Aug 8, 2014 at 6:30 PM, Michael DeHaan <[email protected]> >> wrote: >> >>> lineinfile is tricky and I don't have bandwidth to debug this one right >>> now, but maybe some other folks would like to help? >>> >>> Most of the time, I *strongly* recommend just templating the file, that >>> way you are centrally very sure of the state of everything that's in there. >>> >>> >>> >>> >>> On Fri, Aug 8, 2014 at 2:22 PM, Willard Dennis <[email protected]> >>> wrote: >>> >>>> Hi all, >>>> >>>> I have a playbook used for setting up new servers here, that among >>>> other things, ensures both NTP and NIS (yes, we still use NIS here...) are >>>> installed and are running. The problem I am seeing is that when the >>>> playbook executes the notify action for restarting the ntpd service, it is >>>> failing because the 'ntp' user is no longer in /etc/passwd. I believe the >>>> problem is occurring when I run tasks in the playbook that call the >>>> 'lineinfile' module to ensure I have a certain entry needed for NIS logins >>>> at the bottom of /etc/passwd, which seems to be overwriting the >>>> then-last-line which is the 'ntp' user one. >>>> >>>> Here is the tasks that make sure NTPD is installed and running... >>>> >>>> [...] >>>> >>>> - name: DEBFAM | Ensure NTP package is installed >>>> apt: pkg=ntp state=present >>>> tags: ntp >>>> >>>> - name: DEBFAM | Ensure NTP configured correctly >>>> template: src=ntp.conf.j2 dest=/etc/ntp.conf >>>> notify: >>>> - restart deb-ntpd >>>> tags: ntp >>>> >>>> - name: DEBFAM | Ensure NTP is running and enabled >>>> service: name=ntp state=running enabled=yes >>>> tags: ntp >>>> >>>> [...] >>>> >>>> Right after these steps are run, I can cat /etc/password and notice >>>> that the 'ntp' user entry is there, and happens to be the last entry... >>>> >>>> [...] >>>> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >>>> saned:x:117:125::/home/saned:/bin/false >>>> whoopsie:x:118:126::/nonexistent:/bin/false >>>> speech-dispatcher:x:119:29:Speech Dispatcher,,,:/var/run/speech- >>>> dispatcher:/bin/sh >>>> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >>>> ntp:x:121:127::/home/ntp:/bin/false >>>> >>>> Then the playbook runs the tasks I have set up to ensure NIS is >>>> installed and running... >>>> >>>> [...] >>>> >>>> - name: DEBFAM | Ensure NIS package is installed >>>> apt: pkg=nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/yp.conf configured correctly for NIS >>>> template: src=yp.conf.j2 dest=/etc/yp.conf >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/defaultdomain configured correctly for NIS >>>> template: src=etc-defaultdomain.j2 dest=/etc/defaultdomain >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/nsswitch.conf configured correctly for NIS >>>> template: src=nsswitch.conf.j2 dest=/etc/nsswitch.conf >>>> tags: nis >>>> >>>> - name: DEBFAM | Erase old /etc/passwd entry for NIS users >>>> lineinfile: dest=/etc/passwd >>>> regexp='::::::+' >>>> state=absent >>>> tags: nis >>>> >>>> - name: DEBFAM | Erase old /etc/shadow entry for NIS users >>>> lineinfile: dest=/etc/shadow >>>> regexp='::::::::+' >>>> state=absent >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure NIS is running and enabled >>>> service: name=ypbind state=restarted enabled=yes >>>> notify: >>>> - restart autofs >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/passwd has correct entry for NIS users >>>> lineinfile: dest=/etc/passwd >>>> regexp='' >>>> insertafter=EOF >>>> line='::::::+' >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/shadow has correct entry for NIS users >>>> lineinfile: dest=/etc/shadow >>>> regexp='' >>>> insertafter=EOF >>>> line='::::::::+' >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> [...] >>>> >>>> (I'm running the lineinfile module once on /etc/passwd and /etc/shadow >>>> to remove any old existing entries for the '+::::...' patterns, and then >>>> running them again on those files to ensure they are present and at the end >>>> of those respective files.) >>>> >>>> However, when the playbook is ending and running the accumulated >>>> notifies, when it hits the 'restart deb-ntpd' action, this fails, >>>> complaining that the 'ntp' user is not there -- >>>> >>>> NOTIFIED: [common | restart deb-ntpd] >>>> ***************************************** >>>> >>>> failed: [dhcp-207-150] => {"failed": true} >>>> msg: * Stopping NTP server ntpd >>>> ...done. >>>> * Starting NTP server ntpd >>>> * user "ntp" does not exist >>>> >>>> >>>> FATAL: all hosts have already failed -- aborting >>>> >>>> If I then cat /etc/passwd, I notice that the entry for the 'ntp' user >>>> is gone, and seemingly overwritten by the NIS entry: >>>> >>>> [...] >>>> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >>>> saned:x:117:125::/home/saned:/bin/false >>>> whoopsie:x:118:126::/nonexistent:/bin/false >>>> speech-dispatcher:x:119:29:Speech Dispatcher,,,:/var/run/speech- >>>> dispatcher:/bin/sh >>>> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >>>> ::::::+ >>>> >>>> This has happened a number of times to me, enough that I believe I'm >>>> hitting a bug (or am using the 'lineinfile' module incorrectly somehow??) >>>> so I thought I'd post it to this list and ask for help with debugging >>>> this.... >>>> >>>> Thanks, >>>> Will >>>> >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected]. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/e5eada51-a098-4e46-b277- >>>> c1144ce74829%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2% >>> 2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2%2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/77a14bc6-6509-4e40-9e52-724ed6a706ae%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/77a14bc6-6509-4e40-9e52-724ed6a706ae%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy2%3DcNKjwZoPwvL-NSb-%3DCZj4Uou6yLdmfr%2Bc5GKPjyxw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
