0

I am currently working on a host where i have installed ansible. I have created 2 application accounts with groups with nologin and within that groups i want to add users, so that every department has their own ansible directory.

My vars look like below:

---
- hosts: localhost
  become: yes

  vars:
    ansible_groupuser:
    - name: "ansible-dictators"
      ansible_groupuser_uid: "3000" 
      ansible_users:
      - idia
      - josefs
      - donaldt
      - kimjongu

    - name: "ansible-druglords"
      ansible_groupuser_uid: "3001"
      ansible_users:
      - pabloe
      - javierg
      - frankl
      - rossu

Now i have 2 plays. 1 to create the Groupuser: 

# This creates the groupuser 
- name: Play 1 Create central ansible user and group per department
  user:
    name: "{{ item.name }}"
    shell: "/sbin/nologin"
    home: "/home/{{ item.name }}"
    comment: "{{ item.name }} Group Account"
    uid: "{{ item.ansible_groupuser_uid }}"
    append: "yes"
  with_items:
    - "{{ansible_groupuser}}"

And 1 to create the "normal" users:

- name: Play 2 Create users
  user:
    name: "{{ item.1 }}"
    shell: "/bin/bash"
    home: "/home/{{ item.1 }}"
    comment: "{{ item.1 }}"
    groups: "{{ item.0.name }}"
    append: "yes"
  with_subelements:
    - "{{ ansible_groupuser }}" 
    - ansible_users

If i run this play it creates the groupuser ansible-dictators on 3000 and ansible-druglords on 3001. idia gets 3002, josefs gets 3003 etc. It gets kinda messy, when i want to add a 3th groupuser like ansible-rockstars, it starts counting at the first available uid, 3010. What i want is to place the groupusers and the common users in 2 different ranges (2000 and 3000 for example)

When i do a with_together on the first play, like below, it works:

- name: Play1 Create central ansible user and group per department
  user:
    name: "{{ item.0.name }}"
    shell: "/sbin/nologin"
    home: "/home/{{ item.0.name }}"
    comment: "{{ item.0.name }} Group Account"
    uid: "{{ item.1 }}"
    append: "yes"
  with_together:
    - "{{ansible_groupuser}}"
    - "{{ range(3000,3020)|list }}"
  when: item.0 != None

But when i do a with_together on the second play, it doesnt work: 

- name: Create users
  user:
    name: "{{ item.1 }}"
    shell: "/bin/bash"
    home: "/home/{{ item.1 }}"
    comment: "{{ item.1 }}"
    groups: "{{ item.0.name }}"
    append: "yes"
    uid: "{{ item.2 }}"
  with_together:
    - "{{ ansible_groupuser }}" 
    - ansible_users
    - "{{ range(2000,2020)|list }}"

Anyone got a suggestion how to make the second play work with a uid in a certain range? Or another suggestion how to get the uid's in different groups? To give the groupusers an uid in the vars is no problem. But i am expecting a lot of "common" users to add (+50) and i dont want to specify a uid for all of those users.

Hope it makes sense. Thanks in advance.

icedwater
  • 4,701
  • 3
  • 35
  • 50
Tigerblood
  • 1
  • 2

1 Answers1

0

I think range(...) approach has a flaw: if you delete some user from your list in the future, IDs for subsequent entries will change and you can end up with messed file permissions on your system.

You can patch user module to support --firstuid/--lastuid arguments of the underlying adduser command, so you can set different range for uid generation.

But I'd suggest you to define "static" uids for top-level users in your vars file (from some predefined range, say: 3000..30xx) – this way you can safely add/remove top-level user/groups in the future.

And leave "common" users to get their ids automatically, so adding/deleting them will not mess your ids. If you like them to be from some specific range, you can modify system-wide /etc/adduser.conf with FIRST_UID=5000/LAST_UID=6000.

Konstantin Suvorov
  • 65,183
  • 9
  • 162
  • 193
  • Thanks Konstantin, i solved it little different by adding the top users as system users. And added the common users(without specifying uid) in the 1000 range. Now it works perfect, also when using a play to delete users. Thanks for your reaction! – Tigerblood Feb 17 '18 at 12:05