如果使用 Ansible 不存在则创建用户和组

Create user & group if it does not exist using Ansible

我有一个定制需求。

  1. 检查用户tomuser是否属于组tomuser&无论uid,gid是什么都存在;然后什么都不做,即我们很好。

  2. 如果组 tomuser 不存在创建组 tomusergid 1900.

  3. 如果用户 tomuser 不存在,请使用 gid 1900 创建用户 tomuser 并分配到组 tomuser 中。

  4. 最后,如果在创建用户和组时 uid, gid 1900 已经在使用,那么更喜欢 uid,gid 作为 2020 如果它也在然后使用任何随机唯一数字都可以。

下面是我能想到的,但我认为这不是理想的解决方案;但我也遇到了问题

下面的剧本:

- name: Check tomuser user in passwd file
  tags: always
  ignore_errors: yes
  block:

    - group:
        name: tomuser
        gid: "{{ item }}"
      loop:
        - "1900"
        - "2020"
      register: groupcreated            
      when: "tomuser" in groups

    - debug:
        msg: "GROUP tomuser does not exists or is empty"
      when: 'tomuser' not in groups and not groups['tomuser']

    - debug:
        msg: "GROUP tomuser does not exists"
      when: 'tomuser' not in groups

    - debug:
        msg: "GROUP tomuser is empty"
      when: not groups['tomuser']


    - raw: "cat /etc/passwd |grep -i tomuser"
      register: tomusercheck

输出:

TASK [Check tomcat USER on server] *************************************************************************************************************************************
task path: /app/patch/patch.yml:81
fatal: [10.9.9.44]: FAILED! => {
    "reason": "Syntax Error while loading YAML.\n  did not find expected key\n\nThe error appears to be in '/app/patch/checktomuser.yml': line 11, column 30, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n            gid: '1900'\n          when: \"tomuser\" in groups\n                             ^ here\nThis one looks easy to fix. It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of quote. For instance:\n\n    when: \"ok\" in result.stdout\n\nCould be written as:\n\n   when: '\"ok\" in result.stdout'\n\nOr equivalently:\n\n   when: \"'ok' in result.stdout\"\n"

请多多指教。

你的第一个问题是:when: "tomuser" in groups
groups 变量包含清单中的主机组,而不是主机上的用户组。

其次 group 模块将 add/modify 分组。因此,如果该组不存在,您的代码将使用 gid 1900 添加它,然后将该组的 gid 更改为 2020。因此在您的循环完成后,您的组将始终具有 gid 2020.

要更新用户组,您可以使用 user 模块。
要检查用户或组是否存在,您可以使用 getent 模块。

查看 group module, user module and getent module 的文档。

知道了。也应该是幂等的。

---
- hosts: my_host
  become: true
  tasks:
    - name: determine available groups
      getent:
        database: group

    - name: determine available users
      getent:
        database: passwd

    - name: set group with gid 1900 when not available
      group:
        name: tomuser
        gid: 1900
      when:
        - "'tomuser' not in ansible_facts.getent_group"
        - "'1900' not in item.value"
      loop: "{{ ansible_facts.getent_group | dict2items }}"

    - name: set group with gid 2020 when not available
      group:
        name: tomuser
        gid: 2020
      when:
        - "'tomuser' not in ansible_facts.getent_group"
        - "'2020' not in item.value"
      loop: "{{ ansible_facts.getent_group | dict2items }}"

    - name: create random number
      set_fact:
        random_num: "{{ range(1500, 2000) | random(seed=item) }}"
      run_once: yes
      with_items:
        - string

    - name: set group with random gid when 2020 already in use
      group:
        name: tomuser
        gid: "{{ random_num }}"
      when:
        - "'tomuser' not in ansible_facts.getent_group"
        - "'2020' in item.value"
      loop: "{{ ansible_facts.getent_group | dict2items }}"

    - name: set fact when tomuser exists
      set_fact:
        user_exists: true
      when: '"tomuser" in item.key'
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set fact when tomuser does not exists
      set_fact:
        user_exists: false
      when: '"tomuser" not in item.key'
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set user with uid 1900, and group tomuser when not available
      user:
        name: tomuser
        uid: 1900
        group: tomuser
      when:
        - not user_exists
        - "'1900' not in item.value[1]"
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set user with uid 2020, and group tomuser when not available
      user:
        name: tomuser
        uid: 2020
        group: tomuser
      when:
        - not user_exists
        - "'2020' not in item.value[1]"
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set user with random uid, and group tomuser when not available
      user:
        name: tomuser
        uid: "{{ random_num }}"
        group: tomuser
      when:
        - not user_exists
        - "'2020' in item.value[1]"
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"