我正在努力正确使用 ansible 的用户模块。问题是每次我运行我的剧本时,我创建的用户always显示为已更改,即使我已经创建了它们。
我在这里发现其他人也有同样的问题 https://github.com/ansible/ansible/issues/6854,尽管我正在努力根据 github 线程实际修复它。可能是我不明白的最有帮助的评论????
我可以确认它看起来只是一个错误 - 添加附加
两个任务的选项使得它们不会总是撤消
另一个的工作,并修复了永久改变的触发器。我做到了
不需要添加“组:”
这就是我的剧本的样子:
- name: Generate all users for the environment
user:
createhome: yes
state: present # to delete
name: "{{ item.user }}"
groups: "{{ 'developers' if item.role == 'developer' else 'customers' }}"
password: "{{ generic_password | password_hash('sha512') }}"
append: yes
with_items:
- "{{ users }}"
我的意图是让每个用户都属于自己的私有组(用户私有组),但也让开发人员属于开发人员组。在当前配置下,它可以工作,问题是 ansible 总是将用户报告为“已更改”。然后我将添加developers
分组到 sudoers 文件;因此我想将用户添加到developers
group.
e.g.
vagrant@ubuntu-bionic:/home$ sudo su - nick
$ pwd
/home/nick
$ touch file.txt
$ ls -al
-rw-rw-r-- 1 nick nick 0 Jul 3 12:06 file.txt
vagrant@ubuntu-bionic:/home$ cat /etc/group | grep 'developers'
developers:x:1002:nick,ldnelson,greg,alex,scott,jupyter
以下是其中一位用户在本地针对 vagrant 运行的详细输出:
changed: [192.168.33.10] => (item={'user': 'nick', 'role': 'developer', 'with_ga': False}) => {
"append": true,
"changed": true,
"comment": "",
"group": 1004,
"groups": "developers",
"home": "/home/nick",
"invocation": {
"module_args": {
"append": true,
"comment": null,
"create_home": true,
"createhome": true,
"expires": null,
"force": false,
"generate_ssh_key": null,
"group": null,
"groups": [
"developers"
],
"hidden": null,
"home": null,
"local": null,
"login_class": null,
"move_home": false,
"name": "nick",
"non_unique": false,
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"password_lock": null,
"remove": false,
"seuser": null,
"shell": null,
"skeleton": null,
"ssh_key_bits": 0,
"ssh_key_comment": "ansible-generated on ubuntu-bionic",
"ssh_key_file": null,
"ssh_key_passphrase": null,
"ssh_key_type": "rsa",
"state": "present",
"system": false,
"uid": null,
"update_password": "always"
}
},
"item": {
"role": "developer",
"user": "nick",
"with_ga": false
},
"move_home": false,
"name": "nick",
"password": "NOT_LOGGING_PASSWORD",
"shell": "/bin/sh",
"state": "present",
"uid": 1002
}
应该是不相关的,但我将一些添加到开发人员组中,因为我打算授予某些命令的 sudo 访问权限。