Can you let us know why the user module won't work for you in this case? It should not be needed to edit those files directly, and if there's a missing feature I'd like to see it exposed in the user module.
Thanks! On Wed, Aug 13, 2014 at 5:28 PM, Willard Dennis <willard.den...@gmail.com> wrote: > Sorry, other work took me away from pursuing this issue until now... > Thanks for your attention, Michael & James! > > In any case, it seems the entry I need is actually "+::::::" in > /etc/passwd, per this webpage: > http://www.linux-nis.org/nis-howto/HOWTO/settingup_client.html (and not > "::::::+" as I've been using, which is weird, because NIS logins are > working with that... but I digress...) > > I can't really template the /etc/passwd and /etc/shadow files, as the > users can install software that enters new users that my Ansible playbooks > wouldn't know about... And I'm pretty sure I can't use the "user" module; I > don't want to create an actual local user (and homedir etc.), just add the > literal line "+::::::" at the bottom of /etc/passwd to create the needed > entry to incorporate the NIS users... > > I also had an instance today where my playbook worked perfectly (i.e., > lineinfile did NOT overwrite the then-last entry for the 'ntp' user...) so > looks like it's also an intermittent problem. > > Just wanted to report a seeming problem, and see if there was a solution... > > Thanks, > Will > > > > On Friday, August 8, 2014 7:59:20 PM UTC-4, James Cammarata wrote: > >> Also, is there any reason you're not using the user module to manage >> entries in your passwd/shadow files? >> >> >> On Fri, Aug 8, 2014 at 6:30 PM, Michael DeHaan <mic...@ansible.com> >> wrote: >> >>> lineinfile is tricky and I don't have bandwidth to debug this one right >>> now, but maybe some other folks would like to help? >>> >>> Most of the time, I *strongly* recommend just templating the file, that >>> way you are centrally very sure of the state of everything that's in there. >>> >>> >>> >>> >>> On Fri, Aug 8, 2014 at 2:22 PM, Willard Dennis <willard...@gmail.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> I have a playbook used for setting up new servers here, that among >>>> other things, ensures both NTP and NIS (yes, we still use NIS here...) are >>>> installed and are running. The problem I am seeing is that when the >>>> playbook executes the notify action for restarting the ntpd service, it is >>>> failing because the 'ntp' user is no longer in /etc/passwd. I believe the >>>> problem is occurring when I run tasks in the playbook that call the >>>> 'lineinfile' module to ensure I have a certain entry needed for NIS logins >>>> at the bottom of /etc/passwd, which seems to be overwriting the >>>> then-last-line which is the 'ntp' user one. >>>> >>>> Here is the tasks that make sure NTPD is installed and running... >>>> >>>> [...] >>>> >>>> - name: DEBFAM | Ensure NTP package is installed >>>> apt: pkg=ntp state=present >>>> tags: ntp >>>> >>>> - name: DEBFAM | Ensure NTP configured correctly >>>> template: src=ntp.conf.j2 dest=/etc/ntp.conf >>>> notify: >>>> - restart deb-ntpd >>>> tags: ntp >>>> >>>> - name: DEBFAM | Ensure NTP is running and enabled >>>> service: name=ntp state=running enabled=yes >>>> tags: ntp >>>> >>>> [...] >>>> >>>> Right after these steps are run, I can cat /etc/password and notice >>>> that the 'ntp' user entry is there, and happens to be the last entry... >>>> >>>> [...] >>>> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >>>> saned:x:117:125::/home/saned:/bin/false >>>> whoopsie:x:118:126::/nonexistent:/bin/false >>>> speech-dispatcher:x:119:29:Speech Dispatcher,,,:/var/run/speech- >>>> dispatcher:/bin/sh >>>> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >>>> ntp:x:121:127::/home/ntp:/bin/false >>>> >>>> Then the playbook runs the tasks I have set up to ensure NIS is >>>> installed and running... >>>> >>>> [...] >>>> >>>> - name: DEBFAM | Ensure NIS package is installed >>>> apt: pkg=nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/yp.conf configured correctly for NIS >>>> template: src=yp.conf.j2 dest=/etc/yp.conf >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/defaultdomain configured correctly for NIS >>>> template: src=etc-defaultdomain.j2 dest=/etc/defaultdomain >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/nsswitch.conf configured correctly for NIS >>>> template: src=nsswitch.conf.j2 dest=/etc/nsswitch.conf >>>> tags: nis >>>> >>>> - name: DEBFAM | Erase old /etc/passwd entry for NIS users >>>> lineinfile: dest=/etc/passwd >>>> regexp='::::::+' >>>> state=absent >>>> tags: nis >>>> >>>> - name: DEBFAM | Erase old /etc/shadow entry for NIS users >>>> lineinfile: dest=/etc/shadow >>>> regexp='::::::::+' >>>> state=absent >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure NIS is running and enabled >>>> service: name=ypbind state=restarted enabled=yes >>>> notify: >>>> - restart autofs >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/passwd has correct entry for NIS users >>>> lineinfile: dest=/etc/passwd >>>> regexp='' >>>> insertafter=EOF >>>> line='::::::+' >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> - name: DEBFAM | Ensure /etc/shadow has correct entry for NIS users >>>> lineinfile: dest=/etc/shadow >>>> regexp='' >>>> insertafter=EOF >>>> line='::::::::+' >>>> notify: >>>> - restart nis >>>> tags: nis >>>> >>>> [...] >>>> >>>> (I'm running the lineinfile module once on /etc/passwd and /etc/shadow >>>> to remove any old existing entries for the '+::::...' patterns, and then >>>> running them again on those files to ensure they are present and at the end >>>> of those respective files.) >>>> >>>> However, when the playbook is ending and running the accumulated >>>> notifies, when it hits the 'restart deb-ntpd' action, this fails, >>>> complaining that the 'ntp' user is not there -- >>>> >>>> NOTIFIED: [common | restart deb-ntpd] >>>> ***************************************** >>>> >>>> failed: [dhcp-207-150] => {"failed": true} >>>> msg: * Stopping NTP server ntpd >>>> ...done. >>>> * Starting NTP server ntpd >>>> * user "ntp" does not exist >>>> >>>> >>>> FATAL: all hosts have already failed -- aborting >>>> >>>> If I then cat /etc/passwd, I notice that the entry for the 'ntp' user >>>> is gone, and seemingly overwritten by the NIS entry: >>>> >>>> [...] >>>> rtkit:x:116:124:RealtimeKit,,,:/proc:/bin/false >>>> saned:x:117:125::/home/saned:/bin/false >>>> whoopsie:x:118:126::/nonexistent:/bin/false >>>> speech-dispatcher:x:119:29:Speech Dispatcher,,,:/var/run/speech- >>>> dispatcher:/bin/sh >>>> hplip:x:120:7:HPLIP system user,,,:/var/run/hplip:/bin/false >>>> ::::::+ >>>> >>>> This has happened a number of times to me, enough that I believe I'm >>>> hitting a bug (or am using the 'lineinfile' module incorrectly somehow??) >>>> so I thought I'd post it to this list and ask for help with debugging >>>> this.... >>>> >>>> Thanks, >>>> Will >>>> >>>> >>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Ansible Project" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to ansible-proje...@googlegroups.com. >>>> To post to this group, send email to ansible...@googlegroups.com. >>>> >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/ansible-project/e5eada51-a098-4e46-b277- >>>> c1144ce74829%40googlegroups.com >>>> <https://groups.google.com/d/msgid/ansible-project/e5eada51-a098-4e46-b277-c1144ce74829%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ansible Project" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to ansible-proje...@googlegroups.com. >>> To post to this group, send email to ansible...@googlegroups.com. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2% >>> 2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com >>> <https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgx6zEP42Cw00k%2BwTQ2%2BNCBfi_q%3DaVa3Asi2sK1w-svwKA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to ansible-project+unsubscr...@googlegroups.com. > To post to this group, send email to ansible-project@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/77a14bc6-6509-4e40-9e52-724ed6a706ae%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/77a14bc6-6509-4e40-9e52-724ed6a706ae%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy2%3DcNKjwZoPwvL-NSb-%3DCZj4Uou6yLdmfr%2Bc5GKPjyxw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
