Multiple lines in subelements

Joachim Friberg

unread,

May 20, 2014, 6:05:46 AM5/20/14

to ansible...@googlegroups.com

Hi,

I'm trying to push the limits of "subelements" but I can't figure out how..
Part of my task/main.yml

- name: Prepare for Shinken|user
  user: name={{ item.0.name }}
        comment={{ item.0.comment }}
        group={{ item.0.group }}
        shell={{ item.0.shell }}
        password={{ item.0.password }}
        state=present
        update_password=on_create
  with_subelements:
   - users
   - group

my var/main.yml

---
users:
  - name: shinken
    comment:
     - "Shinken.user"
    group:
     - "shinken"
    shell:
     - "/bin/bash"
    password:
     - "$6$cGTFMo0u$DPyI81Yn/9lFbAVMtTRy0vSXfn00ZaeBPg754BzDx7Aj6B6WZGicfjOjkeY9upT8HPvKV2voQ1SNuWIF2hfEi/"

This is what I get:

< TASK: shinken | Prepare for Shinken|user >
 ------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||


failed: [192.168.7.200] => (item=({'comment': ['Shinken.user'], 'password': ['$6$cGTFMo0u$DPyI81Yn/9lFbAVMtTRy0vSXfn00ZaeBPg754BzDx7Aj6B6WZGicfjOjkeY9upT8HPvKV2voQ1SNuWIF2hfEi/'], 'shell': ['/bin/bash'], 'name': 'shinken'}, 'shinken')) => {"failed": true, "item": [{"comment": ["Shinken.user"], "name": "shinken", "password": ["$6$cGTFMo0u$DPyI81Yn/9lFbAVMtTRy0vSXfn00ZaeBPg754BzDx7Aj6B6WZGicfjOjkeY9upT8HPvKV2voQ1SNuWIF2hfEi/"], "shell": ["/bin/bash"]}, "shinken"], "name": "shinken", "rc": 3}
msg: useradd: invalid shell '[/bin/bash]'


FATAL: all hosts have already failed -- aborting

It looks like Ansible is not removing the "[]" from the list of elemets.
How would you do? Is it possible to do as I'm trying?

Serge van Ginderachter

unread,

May 20, 2014, 6:14:15 AM5/20/14

to ansible...@googlegroups.com

You are using lists for every key (comment, group, shell, ...) whereas with the subelements loop, you can only have a list for the group subkey (as per your task)

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/f811da11-3cc5-4670-ad5f-05ae0cab9ad5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Joachim Friberg

unread,

May 20, 2014, 6:17:32 AM5/20/14

to ansible...@googlegroups.com

So what I'm trying to achive is not possible?
How could I create a set of users using the variable's-file instead of "hardcoding" them into the task-file?

Serge van Ginderachter

unread,

May 20, 2014, 6:28:54 AM5/20/14

to ansible...@googlegroups.com

It doesn't make sense to have a list of passwords, comments, shell, as only one value can apply etc?

Here it reall only makes sense for groups, no?

Try this:

---

users:

- name: shinken

comment: "Shinken.user"

group:

- "shinken"

shell: "/bin/bash"

password: "$6$cGTFMo0u$DPyI81Yn/9lFbAVMtTRy0vSXfn00ZaeBPg754BzDx7Aj6B6WZGicfjOjkeY9upT8HPvKV2voQ1SNuWIF2hfEi/"

- name: Prepare for Shinken|user

user: name={{ item.0.name }}

comment={{ item.0.comment }}

group={{ item.1.group }}

shell={{ item.0.shell }}

password={{ item.0.password }}

state=present

update_password=on_create

append=yes

with_subelements:

- users

- group

On 20 May 2014 12:17, Joachim Friberg <fetal...@gmail.com> wrote:

So what I'm trying to achive is not possible?
How could I create a set of users using the variable's-file instead of "hardcoding" them into the task-file?

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e8aece25-b26c-4bab-a844-3d454c115c1d%40googlegroups.com.

Joachim Friberg

unread,

May 20, 2014, 8:05:21 AM5/20/14

to ansible...@googlegroups.com

You are the best! This should go in to the andible-docs.
I Just needed to modify it a small bit.
Here's the end result and code:

- name: Prepare for Shinken|user
  user: name={{ item.0.name }}
        comment={{ item.0.comment }}
        group={{ item.1 }}

        shell={{ item.0.shell }}
        password={{ item.0.password }}
        state=present
        update_password=on_create
        append=yes
  with_subelements:
   - users
   - group

---
users:
  - name: shinken
    comment: "Shinken.user"
    group:
     - "shinken"
    shell: "/bin/bash"
    password: "$6$cGTFMo0u$DPyI81Yn/9lFbAVMtTRy0vSXfn00ZaeBPg754BzDx7Aj6B6WZGicfjOjkeY9upT8HPvKV2voQ1SNuWIF2hfEi/"

Also tried it with multiple entries into the "user-list" in the var-file and this worked too.

Thank you!

Petros Moisiadis

unread,

May 20, 2014, 8:39:54 AM5/20/14

to ansible...@googlegroups.com

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/242d00c7-b03d-46b6-bda7-b26c8e22cef1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

I think the above loop is not correct for what you want to do. You are using the 'group' parameter of the user module, which sets the primary group. So, it will reset it on each loop iteration.

Also, you are using a key named 'group' with a list value, which seems not to be indicative of what you want to deploy. What is it meant for? Is it meant to be a list of the groups the user must be member of? Then rename it to 'groups'. Is it meant to be the primary group of the user? Then rename it to 'primary_group'. In either case, it seems that what you want can be done with a simple 'with_items' loop. No need for a 'with_subelements' loop.

For example:


            - name: Prepare for Shinken|user

  user: name={{ item.name }}
                    comment={{ item.comment
              }}
                    groups={{ item.groups|join(',')
              }}
                    shell={{ item.shell }}
                    password={{
              item.password }}
                    state=present
                   
              update_password=on_create
              with_items: users


            ---
            users:
              - name: shinken
                comment: "Shinken.user"

groups:

Joachim Friberg

unread,

May 20, 2014, 10:48:50 AM5/20/14

to ansible...@googlegroups.com

Another great way of doing it!
What I'm going to do is just a playbook to setup the basic Shinken system. And the Shinken user should only be member of the group shinken.

Reply all

Reply to author

Forward