group module fails when trying to delete non local group
223 views
Skip to first unread message
Andrea Tartaglia
Sep 17, 2015, 9:52:27 AM9/17/15
to ansible...@googlegroups.com
Hi list,
Sorry for the probably confusing subject, but I don’t really know how to say that better, I’ll try to explain better:
In my environment I have a requirement to remove certain local groups ( that have now been moved to remote groups ) and found out the behaviour of the module is quite strange.
So what happens is:
I try to remove the “support” group, which as said was a local group, and is now a remote group managed by LDAP:
- group: name=support state=absent
What I get back from this is an error from groupdel:
groupdel: cannot remove entry 'support' from /etc/group
Which I believe to be wrong as if the group does not exist in /etc/group the module should just return OK.
Digging into the module code I found why this is happening ( I’m using ansible v1.9 ):
group calls group_exists: https://github.com/ansible/ansible-modules-core/blob/stable-1.9/system/group.py#L413
grp.getgrnam(’support') will return the remote group data, so group_exists returns True, hence the module runs groupdel which in turn fails as it doesn’t find the group in /etc/groups.
I have found out that grp.getgrall() only returns with local groups, so I worked around that problem this way:
I don’t know if that can be considered a good way of handling that error, and I really don’t know if it makes sense to have that added to the upstream module. It worked for me so I thought it would be good to share ;)
Thanks,
Andrea
Brian Coca
Sep 18, 2015, 2:24:36 PM9/18/15
to Ansible Project
Won't that cause the opposite problem when creating groups? Also I
believe the return is correct, it failed to delete the group as it is
not a local group and will still be present on the machine. We might
want to add a 'local_only' flag to both this and user to be more
specific on what you want as a user.
--
Brian Coca
believe the return is correct, it failed to delete the group as it is
not a local group and will still be present on the machine. We might
want to add a 'local_only' flag to both this and user to be more
specific on what you want as a user.
--
Brian Coca
Andrea Tartaglia
Sep 21, 2015, 8:00:57 AM9/21/15
to ansible...@googlegroups.com
Yes,
That would indeed cause the opposite problem when creating groups! Didn’t really think about that, was focusing on the deletion
Yes, probably adding a ‘local_only’ to both the modules makes more sense, and should keep the return correct in both cases.
Thanks,
Andrea
> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nTg86wyDHgj_aBLLsG6aLVNufAEM0mqbmkk2BoQMt1Yw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
That would indeed cause the opposite problem when creating groups! Didn’t really think about that, was focusing on the deletion
Yes, probably adding a ‘local_only’ to both the modules makes more sense, and should keep the return correct in both cases.
Thanks,
Andrea
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAJ5XC8nTg86wyDHgj_aBLLsG6aLVNufAEM0mqbmkk2BoQMt1Yw%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages