Hello, I am instantiating an EC2 instance from a community AMI in the Marketplace. The AMI comes pre-baked with a default user (ec2-user).
I have a role in my Ansible repository which is applied to all machines, called common. Inside this role, I have a few tasks which create a new user (`ansible`), configure an SSH key for it, and sort out an entry in /etc/sudoers. These tasks are tagged as 'firstrun'. The first time I run Ansible, I connect with the ec2-user account remotely using: ansible-playbook -i hosts site.yml --tags firstrun This means that I only run those tasks tagged as firstrun, which makes the initial run quick. After this has completed successfully, I run: ansible-playbook -u ansible -i hosts site.yml --skip-tags firstrun This time, I'm skipping the tasks I've already run, and am also running Ansible as the `ansible` user on the instance. This adds a load of other plays to the machine, which works fine. I have a slight problem, however. When I invoke `ansible-playbook` for the second time, I expect it to run a task using the user module to delete the ec2-user account: name: remove ec2-user become: yes become_user: root user: name=ec2-user state=absent remove=yes force=yes Instead of this working correctly, I get this message: msg: userdel: user ec2-user is currently used by process 1918 userdel: cannot open /etc/subuid I don't see why (maybe I'm snowblind from having looked at this a bit too long!) the ec2-user still being used, given that by the time Ansible gets to this task, the connection for the first run should have timed out, or the socket should have closed. Does anyone have any ideas? It may just be that I can't see the wood from the trees! Thanks, Andrew -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEpa1DJrNCkVJS_L3D%2Bb5c4jUjcvpTpkuzmMEsEgxwzE4FE%2B3w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
