When Conditionals not skipping certain tasks for UBUNTU remote machines

[John Ross Tasipit]

# The default shell for a user if none is specified
users_default_shell: /bin/bash
# Create home dirs for new users? Set this to false if you manage home
# directories in some other way.
users_create_homedirs: true

# Lists of users to create and delete
users:
  - username: username
    name: full_name_of_user
    groups: ['sudo']
    when: ansible_os_family == "Debian"
    groups: ['wheel']
    when: ansible_os_family == "RedHat"
    uid: 2001
    ssh_key:
      - "ssh-dss AAAAB3N...Enter code here...

When conditionals not skipping "RedHat" tasks using the above roles/users/default/main.yml syntax, which is for an ubuntu system

I also tried doing this:

  - username: same_as_above_username
    name: full_name_of_user
    groups: ['wheel']
    uid: 1001

... but still not skipping "redhat" tasks

Hope someone can help. TIA

[John Ross Tasipit]

Sorry for the mistype, on 2nd highlighted code syntax, below is the correct one:


    uid: 1001
    when: ansible_os_family == "Debian"
    ssh_key:


      - "ssh-dss AAAAB3N...Enter code here...



  - username: same_as_above_username
    name: full_name_of_user
    groups: ['wheel']
    uid: 1001


    when: ansible_os_family == "RedHat"
    ssh_key:
      - "ssh-dss AAAAB3N...

[Michael DeHaan]

In your first example, you can't stick a "when:" twice in a single task.

You can feed it a list of multiple conditionals, but I think your problem is you are missing a "-" to seperate two different tasks.

However, in the text below, there are other questions and problems, such as "username" vs "user", which I suspect selects a module, and other duplicated fields, like "groups".   

Another problem is the when is indented and not at "task" level, though the module should yell to you about being sent a parameter it doesn't know about.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/076420b3-8abc-40e7-9d1e-0c5c186cd650%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Michael DeHaan]

In your second example, is this a task, or is this a data definition?   I can't tell because there is not a module named "username" and once again your indentation is all messed up :)

If this is your first ansible task, let me know and I can point you to the proper documentation sections, if not, please take a critical eye to how it looks relative to your other tasks and it should be easy to spot.

Again, in failure scenarios, it's helpful to post the error message.  I suspect it's not only "not skipping", but the module is telling you what's wrong.

[John Ross Tasipit]

Wow! that was a lightning fast reply :D

On Wednesday, September 3, 2014 7:35:09 PM UTC+8, Michael DeHaan wrote:

In your first example, you can't stick a "when:" twice in a single task.

Thanks for telling that, now I know :)
 

You can feed it a list of multiple conditionals, but I think your problem is you are missing a "-" to seperate two different tasks.

Sorry I'm pretty confused with this. What I really wanted to do is to automate creating users (which were sysad dudes) for every new server we build. But the problem is, the DEFAULT user included on /etc/sudoers file were different on Ubuntu (%sudo) and CentOS (%wheel).

So I stick a "when:" twice in a single task.
 

However, in the text below, there are other questions and problems, such as "username" vs "user", which I suspect selects a module, and other duplicated fields, like "groups".   

If you mean text below was this:

- username: same_as_above_username
    name: full_name_of_user
    groups: ['wheel']
    uid: 1001


Sorry I paste it wrong.

 

Another problem is the when is indented and not at "task" level, though the module should yell to you about being sent a parameter it doesn't know about.

I thought "when" must be indented? Which was sampled here: http://docs.ansible.com/playbooks_conditionals.html#the-when-statement

[John Ross Tasipit]

On Wednesday, September 3, 2014 7:36:40 PM UTC+8, Michael DeHaan wrote:

In your second example, is this a task, or is this a data definition?   I can't tell because there is not a module named "username" and once again your indentation is all messed up :)

Sorry I pasted it wrong (for unknown cause), here is the correct one:

---
# Create a group for every user and make that their primary group
users_create_per_user_group: true
# If we're not creating a per-user group, then this is the group all users
# belong to
users_group: users

# The default shell for a user if none is specified
users_default_shell: /bin/bash
# Create home dirs for new users? Set this to false if you manage home
# directories in some other way.
users_create_homedirs: true

users:
  - username: John
    name: John Ross
    groups: ['sudo']

    uid: 1001
    when: ansible_os_family == "Debian"
    ssh_key:

      - "ssh-dss AAAAB3N...Enter code here...

  - username: John
    name: John Ross
    groups: ['wheel']
    uid: 1001

    when: ansible_os_family == "RedHat"
    ssh_key:
      - "ssh-dss AAAAB3N...

This is a task, revision of my first example.

If this is your first ansible task, let me know and I can point you to the proper documentation sections, if not, please take a critical eye to how it looks relative to your other tasks and it should be easy to spot.

Yes its my first ansible task (could you teach me what maGIC DID YOU USED TO KNOW THAT!!!)

Again, in failure scenarios, it's helpful to post the error message.  I suspect it's not only "not skipping", but the module is telling you what's wrong.

Yes I will post error message next time

[David Karban]

Hi John,

it does not seem like a task, more like variable definition. For example, user module does not have username param, name is used for user name, where you are defining real name.

For examples how to use user module look here: http://docs.ansible.com/user_module.html#examples

David

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/74633885-9860-45cc-b848-134d30ea8d61%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

David Karban
Specialista na správu linuxových serverů
www.karban.eu

[John Ross Tasipit]

Yes I forgot to mention, I'm aware that it is a variable definition. The task was located in roles/users/tasks/main.yml which contains:

---
- name: Per-user group creation
  group: name="{{item.username}}" gid="{{item.uid}}"
  with_items: users
  when: users_create_per_user_group
  tags: ['users','configuration']

- name: User creation
  user: name="{{item.username}}"
        group="{{item.username if users_create_per_user_group
            else users_group}}"
        groups="{{item.groups | join(',')}}"
        shell={{item.shell if item.shell is defined else users_default_shell}}
        comment="{{item.name}}"
        uid="{{item.uid}}"
        createhome="{{'yes' if users_create_homedirs else 'no'}}"
  with_items: users
  tags: ['users','configuration']

- name: SSH keys
  authorized_key: user="{{item.0.username}}" key="{{item.1}}"
  with_subelements:
    - users
    - ssh_key
  tags: ['users','configuration']

- name: Deleted user removal
  user: name="{{item.username}}" state=absent
  with_items: users_deleted
  tags: ['users','configuration']

- name: Deleted per-user group removal
  group: name="{{item.username}}" state=absent
  with_items: users_deleted
  when: users_create_per_user_group
  tags: ['users','configuration']

[David Karban]

Hi,

that explains it. When is part of task, it cannot be used i variables (i guess).

In this specific case you do not need at all, just define something like:

sudo_group: "{% if ansible_family == 'RedHat' %}wheel{% else %}sudo{% endif %}"

in your host_vars, or main.yml in role vars/defaults.

Than just user sudo_group in task.

David

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/95636bc8-c98e-4730-91a2-64c9a66261fe%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[John Ross Tasipit]

Thanks David I will try that