# tasks file for user
---
- name: users | add / delete
user:
comment: "{{ item.comment | default('') }}"
group: "{{ item.group | default(
item.name) }}"
groups: "{{ item.groups | default([]) | join(',') }}"
append: "{{ item.append | default(false) }}"
password: "{{ item.password | default('*') }}"
update_password: "{{ item.update_password | default('always') }}"
shell: "{{ item.shell | default('/bin/bash') }}"
# default('~' +
item.name) also seems to work, but is not idempotent
system: "{{ item.system | default(false) }}"
state: "{{ item.state | default('present') }}"
remove: "{{ item.remove | default(false) }}"
when: item.uid is not defined
with_items: user_users
tags:
- user-users-no-gid
register: user_created
# Remove when minimal Ansible version >= 1.8
- name: users | add / delete (with UID)
user:
uid: "{{ item.uid }}"
comment: "{{ item.comment | default('') }}"
group: "{{ item.group | default(
item.name) }}"
groups: "{{ item.groups | default([]) | join(',') }}"
append: "{{ item.append | default(false) }}"
password: "{{ item.password | default('*') }}"
update_password: "{{ item.update_password | default('always') }}"
shell: "{{ item.shell | default('/bin/bash') }}"
system: "{{ item.system | default(false) }}"
state: "{{ item.state | default('present') }}"
remove: "{{ item.remove | default(false) }}"
when: item.uid is defined
with_items: user_users
tags:
- user-users-gid
register: user_created
# Extra step to set password age
- name: users set passwd age on add
when: "{{ item.state }}" == "present" and user_create.changed
with_items: user_users
ignore_errors: yes