Modify various groups if present

30 views
Skip to first unread message

John Harmon

unread,
May 16, 2018, 1:38:17 PM5/16/18
to Ansible Project
How would you approach modifying the gid of a group on a server only if it exists?  I know I can do this for 3 groups within 3 separate tasks (as an example), but I was hoping to combine them into a single task (see last task below.....).  The problem with my current setup is that it may create an unnecessary group (ie.  server1 needs gomer, server2 needs pyle.  As I search for a group gomer, or pyle, then both servers would get both groups, which isn't desirable).  Do I have to break this out in multiple tasks? or is there another way?  I haven't tested the following yet.

- name: Gather User Information
  getent:
    database: passwd

- name: Gather Group Information
  getent:
    database: group

- name: Create common group when gomer or pyle user present
  group:
    name: army
    gid: 2003
    state: present
  when: getent passwd | lower | search("gomer|pyle)"

- name: Modify Group GIDs if Group is Present
  group:
    name: "{{ item.name }}"
    git: "{{ item.gid }}"
  with_items:
    - {name: "gomer", gid: "2000"}
    - {name: "pyle", gid: "2001"}
  when: getent group | lower | search("gomer|pyle)"


Nick Rogers

unread,
May 16, 2018, 2:54:59 PM5/16/18
to Ansible Project
You may not need to use the getent module at all - the group module already uses groupmod if the group already exists.

If you want to use getent, then it looks like you are missing '_' characters in the "when" conditions. They should be 
    when: getent_passwd ...
and
    when: getent_group ...
respectively. And there's a typo in your last call to the group module, "git" should be "gid".

You could move the items list into host_vars and then iterate just the groups the host needs, you can have the items list in group_vars that need the groups on the systems, there are lots of ways to partition that up.

John Harmon

unread,
May 16, 2018, 2:59:21 PM5/16/18
to Ansible Project
the missing underscores appear to have been whacked during copy/paste somehow.  The gid/git typo was my fault.  I didn't want to use lists though, as I plan on applying this to about 60 different servers.  I wanted it to be intuitive enough to make the proper changes for the proper server.

John Harmon

unread,
May 16, 2018, 3:08:10 PM5/16/18
to Ansible Project
In short, can I combine these two tasks into one?  Some servers have one group, some have another.  None of the servers should have both:
- name: Ensure GID is correct for gomer group
  group:
    name: gomer
    gid: 2001
  when: getent_group | lower | search("gomer")

- name: Ensure GID is correct for pyle group
  group:
    name: pyle
    gid: 2000
  when: getent_group | lower | search("pyle")


Reply all
Reply to author
Forward
0 new messages