0

我有一个定制的要求。

  1. 无论uid,gid是什么,检查用户是否tomuser属于组并且存在;tomuser然后什么也不做,即我们很好。

  2. 如果组tomuser不存在,则tomuser使用. 创建组gid 1900

  3. 如果用户tomuser不存在创建用户tomusergid 1900在组中分配tomuser

  4. 最后,如果uid, gid 1900在创建用户和组时已经在使用,那么更喜欢uid,gidas2020并且如果它也在使用中,那么任何随机唯一数字都适用于两者。

下面是我能想到的,我理解这不是理想的解决方案;但我也遇到了问题

剧本如下:

- name: Check tomuser user in passwd file
  tags: always
  ignore_errors: yes
  block:

    - group:
        name: tomuser
        gid: "{{ item }}"
      loop:
        - "1900"
        - "2020"
      register: groupcreated            
      when: "tomuser" in groups

    - debug:
        msg: "GROUP tomuser does not exists or is empty"
      when: 'tomuser' not in groups and not groups['tomuser']

    - debug:
        msg: "GROUP tomuser does not exists"
      when: 'tomuser' not in groups

    - debug:
        msg: "GROUP tomuser is empty"
      when: not groups['tomuser']


    - raw: "cat /etc/passwd |grep -i tomuser"
      register: tomusercheck

输出:

TASK [Check tomcat USER on server] *************************************************************************************************************************************
task path: /app/patch/patch.yml:81
fatal: [10.9.9.44]: FAILED! => {
    "reason": "Syntax Error while loading YAML.\n  did not find expected key\n\nThe error appears to be in '/app/patch/checktomuser.yml': line 11, column 30, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n            gid: '1900'\n          when: \"tomuser\" in groups\n                             ^ here\nThis one looks easy to fix. It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of quote. For instance:\n\n    when: \"ok\" in result.stdout\n\nCould be written as:\n\n   when: '\"ok\" in result.stdout'\n\nOr equivalently:\n\n   when: \"'ok' in result.stdout\"\n"

请建议。

4

2 回答 2

3

知道了。也应该是幂等的。

---
- hosts: my_host
  become: true
  tasks:
    - name: determine available groups
      getent:
        database: group

    - name: determine available users
      getent:
        database: passwd

    - name: set group with gid 1900 when not available
      group:
        name: tomuser
        gid: 1900
      when:
        - "'tomuser' not in ansible_facts.getent_group"
        - "'1900' not in item.value"
      loop: "{{ ansible_facts.getent_group | dict2items }}"

    - name: set group with gid 2020 when not available
      group:
        name: tomuser
        gid: 2020
      when:
        - "'tomuser' not in ansible_facts.getent_group"
        - "'2020' not in item.value"
      loop: "{{ ansible_facts.getent_group | dict2items }}"

    - name: create random number
      set_fact:
        random_num: "{{ range(1500, 2000) | random(seed=item) }}"
      run_once: yes
      with_items:
        - string

    - name: set group with random gid when 2020 already in use
      group:
        name: tomuser
        gid: "{{ random_num }}"
      when:
        - "'tomuser' not in ansible_facts.getent_group"
        - "'2020' in item.value"
      loop: "{{ ansible_facts.getent_group | dict2items }}"

    - name: set fact when tomuser exists
      set_fact:
        user_exists: true
      when: '"tomuser" in item.key'
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set fact when tomuser does not exists
      set_fact:
        user_exists: false
      when: '"tomuser" not in item.key'
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set user with uid 1900, and group tomuser when not available
      user:
        name: tomuser
        uid: 1900
        group: tomuser
      when:
        - not user_exists
        - "'1900' not in item.value[1]"
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set user with uid 2020, and group tomuser when not available
      user:
        name: tomuser
        uid: 2020
        group: tomuser
      when:
        - not user_exists
        - "'2020' not in item.value[1]"
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"

    - name: set user with random uid, and group tomuser when not available
      user:
        name: tomuser
        uid: "{{ random_num }}"
        group: tomuser
      when:
        - not user_exists
        - "'2020' in item.value[1]"
      loop: "{{ ansible_facts.getent_passwd | dict2items }}"
于 2020-09-03T08:29:53.087 回答
2

您的第一个问题是:when: "tomuser" in groups
groups变量包含清单中的主机组,而不是主机上的用户组。

其次,group模块将添加/修改组。因此,如果该组不存在,您的代码会将其添加gid1900,然后gid将该组的值更改为 2020。因此,在您的循环完成后,您的组将始终具有gid2020。

要更新用户的组,您可以使用该user模块。
要检查用户或组是否存在,您可以使用该getent模块。

检查组模块用户模块和获取模块的文档。

于 2020-09-03T07:29:55.297 回答