Deleting a user; still being used
1,443 views
Skip to first unread message
Andrew Langhorn
Nov 27, 2015, 11:06:30 AM11/27/15
to ansible...@googlegroups.com
Hello,
I am instantiating an EC2 instance from a community AMI in the Marketplace. The AMI comes pre-baked with a default user (ec2-user).
I have a role in my Ansible repository which is applied to all machines, called common. Inside this role, I have a few tasks which create a new user (`ansible`), configure an SSH key for it, and sort out an entry in /etc/sudoers. These tasks are tagged as 'firstrun'.
The first time I run Ansible, I connect with the ec2-user account remotely using:
This means that I only run those tasks tagged as firstrun, which makes the initial run quick. After this has completed successfully, I run:ansible-playbook -i hosts site.yml --tags firstrun
This time, I'm skipping the tasks I've already run, and am also running Ansible as the `ansible` user on the instance. This adds a load of other plays to the machine, which works fine.ansible-playbook -u ansible -i hosts site.yml --skip-tags firstrun
I have a slight problem, however. When I invoke `ansible-playbook` for the second time, I expect it to run a task using the user module to delete the ec2-user account:
name: remove ec2-user
become: yes
become_user: root
user: name=ec2-user state=absent remove=yes force=yes
Instead of this working correctly, I get this message:
I don't see why (maybe I'm snowblind from having looked at this a bit too long!) the ec2-user still being used, given that by the time Ansible gets to this task, the connection for the first run should have timed out, or the socket should have closed.msg: userdel: user ec2-user is currently used by process 1918userdel: cannot open /etc/subuid
Does anyone have any ideas? It may just be that I can't see the wood from the trees!
Thanks,
Andrew
Bruno Vernay
Feb 1, 2016, 8:19:13 AM2/1/16
to Ansible Project, andrew....@thoughtworks.com, lang...@thoughtworks.com
I add this problem, I did this:
- name: Remove old "pi" account
hosts: qemu
become: yes
become_method: sudo
gather_facts: false
tasks:
- name : Kill all "pi" user's processes and remove the account
shell : "killall -KILL -u pi ; userdel -fr pi"
# Didn't work, "...cannot open /etc/subuid"
# - name: Remove pi account
# user: name=pi state=absent force=yes remove=yes
not very clean, but works
Bruno
Bruno Vernay
Feb 1, 2016, 9:02:50 AM2/1/16
to ansible...@googlegroups.com
I *had* not *add* !! sorry
Davide
Feb 9, 2018, 6:16:34 PM2/9/18
to Ansible Project
So I am not the only one that has this problem on the raspberry pi ;) [1].
I am still confused on why I have this problem only on the raspberry pi but
killing the process works great. Thanks!
I still would prefer to set ControlMaster=no just for the one playbook that
uses the default user. But unfortunately there is no ssh_args playbook attribute.
Regards
Davide
[1]: https://groups.google.com/forum/#!topic/ansible-project/pMMINWCyALE
I am still confused on why I have this problem only on the raspberry pi but
killing the process works great. Thanks!
I still would prefer to set ControlMaster=no just for the one playbook that
uses the default user. But unfortunately there is no ssh_args playbook attribute.
Regards
Davide
[1]: https://groups.google.com/forum/#!topic/ansible-project/pMMINWCyALE
Reply all
Reply to author
Forward
0 new messages