Hi all,
I have a playbook used for setting up new servers here, that among other
things, ensures both NTP and NIS (yes, we still use NIS here...) are
installed and are running. The problem I am seeing is that when the
playbook executes the notify action for restarting the ntpd service, it is
failing because the 'ntp' user is no longer in /etc/passwd. I believe the
problem is occurring when I run tasks in the playbook that call the
'lineinfile' module to ensure I have a certain entry needed for NIS logins
at the bottom of /etc/passwd, which seems to be overwriting the
then-last-line which is the 'ntp' user one.
Here is the tasks that make sure NTPD is installed and running...
[...]
- name: DEBFAM | Ensure NTP package is installed
apt: pkg=ntp state=present
tags: ntp
- name: DEBFAM | Ensure NTP configured correctly
template: src=ntp.conf.j2 dest=/etc/ntp.conf
notify:
- restart deb-ntpd
tags: ntp
- name: DEBFAM | Ensure NTP is running and enabled
service: name=ntp state=running enabled=yes
tags: ntp
[...]
Right after these steps are run, I can cat /etc/password and notice that
the 'ntp' user entry is there, and happens to be the last entry...
[...]
rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false
saned:x:117:125::/home/saned:/bin/false
whoopsie:x:118:126::/nonexistent:/bin/false
speech-dispatcher:x:119:29:Speech
Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false
ntp:x:121:127::/home/ntp:/bin/false
Then the playbook runs the tasks I have set up to ensure NIS is installed
and running...
[...]
- name: DEBFAM | Ensure NIS package is installed
apt: pkg=nis
tags: nis
- name: DEBFAM | Ensure /etc/yp.conf configured correctly for NIS
template: src=yp.conf.j2 dest=/etc/yp.conf
notify:
- restart nis
tags: nis
- name: DEBFAM | Ensure /etc/defaultdomain configured correctly for NIS
template: src=etc-defaultdomain.j2 dest=/etc/defaultdomain
notify:
- restart nis
tags: nis
- name: DEBFAM | Ensure /etc/nsswitch.conf configured correctly for NIS
template: src=nsswitch.conf.j2 dest=/etc/nsswitch.conf
tags: nis
- name: DEBFAM | Erase old /etc/passwd entry for NIS users
lineinfile: dest=/etc/passwd
regexp='::::::+'
state=absent
tags: nis
- name: DEBFAM | Erase old /etc/shadow entry for NIS users
lineinfile: dest=/etc/shadow
regexp='::::::::+'
state=absent
tags: nis
- name: DEBFAM | Ensure NIS is running and enabled
service: name=ypbind state=restarted enabled=yes
notify:
- restart autofs
tags: nis
- name: DEBFAM | Ensure /etc/passwd has correct entry for NIS users
lineinfile: dest=/etc/passwd
regexp=''
insertafter=EOF
line='::::::+'
notify:
- restart nis
tags: nis
- name: DEBFAM | Ensure /etc/shadow has correct entry for NIS users
lineinfile: dest=/etc/shadow
regexp=''
insertafter=EOF
line='::::::::+'
notify:
- restart nis
tags: nis
[...]
(I'm running the lineinfile module once on /etc/passwd and /etc/shadow to
remove any old existing entries for the '+::::...' patterns, and then
running them again on those files to ensure they are present and at the end
of those respective files.)
However, when the playbook is ending and running the accumulated notifies,
when it hits the 'restart deb-ntpd' action, this fails, complaining that
the 'ntp' user is not there --
NOTIFIED: [common | restart deb-ntpd]
*****************************************
failed: [dhcp-207-150] => {"failed": true}
msg: * Stopping NTP server ntpd
...done.
* Starting NTP server ntpd
* user "ntp" does not exist
FATAL: all hosts have already failed -- aborting
If I then cat /etc/passwd, I notice that the entry for the 'ntp' user is
gone, and seemingly overwritten by the NIS entry:
[...]
rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false
saned:x:117:125::/home/saned:/bin/false
whoopsie:x:118:126::/nonexistent:/bin/false
speech-dispatcher:x:119:29:Speech
Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false
::::::+
This has happened a number of times to me, enough that I believe I'm
hitting a bug (or am using the 'lineinfile' module incorrectly somehow??)
so I thought I'd post it to this list and ask for help with debugging
this....
Thanks,
Will
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
