Error with playbook, which should create user accounts and set authorized public keys

[Dimitar Hristov]

Hi Guys,

I get an error when I run a playbook, which aims to create new users and set authorized keys for them. The error:

TASK: [create new users] ******************************************************
fatal: [testvm1] => with_items expects a list or a set
fatal: [testvm2] => with_items expects a list or a set


Here's a part of the playbook (the first task fails):

    - name: create new users
      user: name={{ item.name }} group=wheel append=yes password={{user_password}}
      with_items: "{{users}}"

    - name: set pub keys
      authorized_key: "user={{ item.0.name }} key='{{ lookup('file', item.1) }}'"
      with_subelements:
        - users
        - authorized

    - name: set pass expiration
      command: /usr/bin/chage -d 0 {{ item.name }}
      with_items: "{{users}}"

Here's the var file:

---
wheelsregex: # *%wheel *ALL=\(ALL\) *ALL
user_password: 12345678
users:
  - name: test
    authorized:
     - /etc/ansible/add_users/files/test.pub
  - name: test1
    authorized:
     - /etc/ansible/add_users/files/test1.pub
  - name: test2
    authorized:
     - /etc/ansible/add_users/files/test2.pub

Any idea where's my mistake? I saw that it might be related to ansible version, so mine is 1.9.2.


Regards,
Dimitar

[Brian Coca]

that looks correct, very similar to what i was doing.

can you run with -vvvv and also - debug: var=users ?



--
Brian Coca

[Dimitar Hristov]

Hi Brian,

here's the info you asked for:

TASK: [debug var=users] *******************************************************
<testvm1> ESTABLISH CONNECTION FOR USER: dimitar
<testvm2> ESTABLISH CONNECTION FOR USER: dimitar
ok: [testvm1] => {
    "var": {
        "users": "users"
    }
}
ok: [testvm2] => {
    "var": {
        "users": "users"

    }
}


TASK: [create new users] ******************************************************

fatal: [testvm2] => with_items expects a list or a set
fatal: [testvm1] => with_items expects a list or a set

FATAL: all hosts have already failed -- aborting

Hope it helps :)

Regards,
Dimitar

[Shawn Mulford]

You loop needs something to iterate over. Since ansible treats variables as strings, you need to make is a list. Try something like below:

# cat ./split_users.yml
---
- hosts: localhost
  connection: local
  gather_facts: no

  vars:
    userList: "{{ users }}"

  tasks:
  - name: split the user list
    debug: var=item
    with_items: userList.split(',')


# ansible-playbook -vvvv split_users.yml -e 'users=moe,larry,curly'

PLAY [localhost] **************************************************************

TASK: [split the user list] ***************************************************
ok: [localhost] => (item=moe) => {
    "item": "moe",
    "var": {
        "item": "moe"
    }
}
ok: [localhost] => (item=larry) => {
    "item": "larry",
    "var": {
        "item": "larry"
    }
}
ok: [localhost] => (item=curly) => {
    "item": "curly",
    "var": {
        "item": "curly"
    }
}

PLAY RECAP ********************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0

[Brian Coca]

your debug is indicative that 'users' is undefined, that is why it is
failing (we made the message much clearer in 2.0)


--
Brian Coca

[Dimitar Hristov]

Ok, I managed to fixed with what you and Shawn said, but why the following happens:

When I define this in my playbook:
vars:
    include: /etc/ansible/add_users/global_vars/main.yml

And then I have the following in my vars file:


---
 #wheelsregex: # *%wheel *ALL=\(ALL\) *ALL
 #user_password: 12345678

 users:
  - name: test
    authorized:
     - /etc/ansible/add_users/files/test.pub
  - name: test1
    authorized:
     - /etc/ansible/add_users/files/test1.pub
  - name: test2
    authorized:
     - /etc/ansible/add_users/files/test2.pub

  user_password: 12345678

The playbook fails (the debug for vars is like my previous post).


But when I use the following in my playbook (I don't use vars in external file), it works:
   vars:
    #include: /etc/ansible/add_users/global_vars/main.yml

    users:
     - name: test
       authorized:
        - /etc/ansible/add_users/files/test.pub

     - name: dhristov
       authorized:
        - /etc/ansible/add_users/files/dhristov.pub
     - name: martini
       authorized:
        - /etc/ansible/add_users/files/martin.pub
    user_password: 12345678


Regards,
Dimitar

[Dimitar Hristov]

Please ignore the differences in user names and public keys, they're the same (I used to change the names in this thread only).

[Brian Coca]

vars:
include: /etc/ansible/add_users/global_vars/main.yml

^ that does not work, you want:

vars_files:
- /etc/ansible/add_users/global_vars/main.yml

https://docs.ansible.com/playbooks_variables.html#variable-file-separation

include is for plays or tasks, for vars you have vars_files or as a
task include_vars.




--
Brian Coca

[Dimitar Hristov]

Yes, it works like this:
vars_files:
  - /etc/ansible/add_users/global_vars/main.yml

Thanks,
Dimitar