Howto Trigger an action based on the result of a previous action and pull in data from a dictionary

[chris scott]

Ok the scenario is I want to reset a users password on a system, but only if the user already exists. I cant find anyway to do this with existing modules, so I have reverted to a playbook. I'm not sure if my approach is fundamentally wrong but i can't get it to work at the moment.  

I use this sample dictionary. The accounts dont exist on the remote test system, so the idea is the adduser task doesn't trigger. However if it did it would giving me the desired password reset.

# cat .userlist.yml

grps:

  crabtree: {}

  crabtree2: {}

  ut: {}

  uts: {}

  utsb: {}

users:

  crabtree:

    comment: ''

    group: crabtree

    groups: crabtree,ut,uts,utsb

    name: crabtree

    password: $6$XaPMGsKF$1PThCIJDfpCbnWn/AB1uCox06k9ircsFJ8LFrCl1510E3toGJNmCye88PoEKLpxTrnpibKiGHsh0ff11apUWJ/

  crabtree2:

    comment: ''

    group: crabtree2

    groups: crabtree2,ut,uts,utsb

    name: crabtree2

    password: $6$2CMAcCiX$v2sFL5VKJ/HTVoRsGPpOju1/gJXQxjiC55CLVcngspUyLs3X2hWpdIF1igMrBECDo9OdU.vnvtNdG/MJzD1tH0

The following doesnt work as the variable structure doesnt really help

# cat //usr/local/scripts/ansible/playbooks/reset_password2.yml

---

- hosts: all

  gather_facts: no

  vars_files:

  - ~/.userlist.yml

  tasks:

  - name: Is user on this system?

    action: shell grep ^{{ item.value.name }} /etc/passwd

    register: R_they

    with_dict: users

    changed_when: "R_they.rc == 0"

    failed_when: "R_they.rc > 255"

  - name: Reset Password

    action: user name={{ item.value.name }} state=present password={{item.value.password}} update_password=always comment="{{item.value.comment}}"

    with_dict: users

    when: R_they.{{ item.value.name }}.rc == 0

#

looking at it the other way around and cycling through the results is fine and I can match fine and I get the skips when the account doesnt exist. What I cant figure yet is how to pull the data from the dictionary in the action statement as I cant use the with_dict option at the same time as looping the results

  - name: Reset Password

# ???? 

       action: user name=users['item.item.key']['name'] state=present password=users['item.item.key']['password']  update_password=always comment=users['item.item.key']['comment']

# ????

    with_items: R_they.results

    when: item.rc == 0

Can anyone give me any pointers please?

[Brian Coca]

It might be easier to just run:

- getent: database=passwd

and then make the users conditional on:

- user: name=item.value.name state=present ...
when: item.value.name in getent_passwd


--
Brian Coca

[chris scott]

Finally got a chance to look at this again. Thanks for the pointer Brian you were spot on, and as a result its all far cleaner now.

---

- hosts: all

  gather_facts: no

  vars_files:

  - ~/.userlist.yml

  tasks:

  - name: Is user on this system?

    action: getent

      database=passwd

    no_log: True

  - name: Reset Password - skips if user not already created

    action: user name={{ item.value.name }} state=present password={{item.value.password}} update_password=always comment="{{item.value.comment}}"

    with_dict: users

    when: item.value.name in getent_passwd