maintaining database users
21 views
Skip to first unread message
Ronald Rood
Oct 14, 2014, 2:12:17 AM10/14/14
to ansible...@googlegroups.com
Hi,
I wrote a simple little oracle_user module in bash that accepts a username and a state (present|absent) that creates or deletes a user depending on the requested state. No action when user exists and state is present, create user when state is present and user does not exist. When user exists and state is absent, drop user and no action when state is absent and user does not exist.
Quite simple.
In a playbook it looks like:
---
- hosts: orardbms
sudo: True
sudo_user: oracle
vars:
ORACLE_SID: "ORCL"
tasks:
- name: create or remove oracle users
action: oracle_user ORACLE_SID="{{ ORACLE_SID }}" ORACLE_USER="{{ item.username }}" ORACLE_STATE="{{ item.state }}"
with_items:
- { username : "ronra", state : "present" }
- { username : "ronrb", state : "absent" }
- { username : "ronrc", state : "present" }
- { username : "ronrd", state : "present" }
now my question: what about the users that are in the database and not in my list?
How can I detect the fact that users do exist in the database that are not in my list of managed users because they have been manually created by some backdoor procedure? I would like to get rid of them on the first run. The way it works now is that every user causes the invocation of the oracle_user script, that returns a simple answer for every user. Simple but not sufficient to catch aliens. How can I catch those aliens without making this much harder or creating extra data structures? A pointer to a simple example is very welcome.
Thanks,
Ronald.
I wrote a simple little oracle_user module in bash that accepts a username and a state (present|absent) that creates or deletes a user depending on the requested state. No action when user exists and state is present, create user when state is present and user does not exist. When user exists and state is absent, drop user and no action when state is absent and user does not exist.
Quite simple.
In a playbook it looks like:
---
- hosts: orardbms
sudo: True
sudo_user: oracle
vars:
ORACLE_SID: "ORCL"
tasks:
- name: create or remove oracle users
action: oracle_user ORACLE_SID="{{ ORACLE_SID }}" ORACLE_USER="{{ item.username }}" ORACLE_STATE="{{ item.state }}"
with_items:
- { username : "ronra", state : "present" }
- { username : "ronrb", state : "absent" }
- { username : "ronrc", state : "present" }
- { username : "ronrd", state : "present" }
now my question: what about the users that are in the database and not in my list?
How can I detect the fact that users do exist in the database that are not in my list of managed users because they have been manually created by some backdoor procedure? I would like to get rid of them on the first run. The way it works now is that every user causes the invocation of the oracle_user script, that returns a simple answer for every user. Simple but not sufficient to catch aliens. How can I catch those aliens without making this much harder or creating extra data structures? A pointer to a simple example is very welcome.
Thanks,
Ronald.
Reply all
Reply to author
Forward
0 new messages