I decided to write a simple script, but something went wrong, I hope for your help.
---
- name: Reset root password, disable users
hosts: all
become: yes
become_user: root
vars:
vault_ansible_production_root_password: 123456
tasks:
- name: Reset root password
user:
name: root
password: "{{vault_ansible_production_root_password}}"
update_password: always
- name: Disable user accounts
user:
name: "*"
state: absent
uid: ">=1000"
remove: yes
ERROR! conflicting action statements: user, update_password
The error appears to be in '/etc/an_script/work.yml': line 8, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
- name: Reset root password
^ here
PS
I'm just starting, please don't throw too many tomatoes )))
Ran through debug
Indentation's wrong.
With your current code, "user" and "update_password" are at the same level: Ansible doesn't know which one is the plugin to call: conflicting statement
Try this instead:
tasks:
- name: Reset root password
user:
name: root
password: "{{vault_ansible_production_root_password}}"
update_password: always
See docs, params of that module should be one level down: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
Related
I am trying to create the user account using ansible on Ubuntu20.04. But getting error:
msg": "MODULE FAILURE\nSee stdout/stderr for the exact error",
"rc": 1
But same playbook is working fine for Ubuntu 18.04.
Below is my playbook:
- hosts: abc
remote_user: root
become: true
tasks:
- name: create user account admin with password xyz
user:
name: admin
group: admin
shell: /bin/bash
password: $6$pLkiHBvZOf9/zctp1SlLXC2PsTFfwwcwmE73wuwwXb2g8.
append: yes
- name: ceating .ssh directory for account admin
file:
path: /home/admin/.ssh
state: directory
group: admin
owner: admin
mode: 0755
- name: copy authorized_keys file from root
copy:
src: /root/.ssh/authorized_keys
dest: /home/admin/.ssh
remote_src: yes
group: admin
owner: admin
- name: change the ssh port
lineinfile:
path: /etc/ssh/sshd_config
state: present
insertafter: '#Port 22'
line: "Port 811"
backup: yes
- name: disable the root login
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin yes'
line: 'PermitRootLogin no'
- name: Restart ssh
service: name=ssh state=restarted
Can you please help me what is the error cause?
Thank you
You can usually get more information from ansible by capturing the error and emitting it:
- name: create user account admin with password xyz
user:
name: admin
group: admin
shell: /bin/bash
password: $6$pLkiHBvZOf9/zctp1SlLXC2PsTFfwwcwmE73wuwwXb2g8.
append: yes
ignore_errors: yes
register: kaboom
- debug: var=kaboom
- fail: msg=yup
and you will get the most information by also running ansible with env ANSIBLE_DEBUG=1 ansible-playbook -vvvv although often times the extra verbosity still isn't enough to get it to surface the actual exception text, so try that register: trick first
When I run my ansible file i get the following error:
conflicting action statements: user, uri
- name: Post Install watcher
hosts: director.0
gather_facts: no
tasks:
- name: Wait for Elastic Cluster to be ready
uri:
url: https://mlaascloudui.{{ lookup('env','ENV') }}.pre.mls.eu.gs.aws.cloud.vwgroup.com/api/v1/clusters/elasticsearch/{{elasticClusterDetails.elasticsea$
method: GET
user: admin
password: "{{rootpw.stdout}}"
force_basic_auth: yes
register: result
until: result['status']|default(0) == 412
retries: 60
delay: 10
- name: Install watcher
syntactically the code is correct. the user and password should be used for basic auth and I used similar code elsewhere and don't get any errors. What am I missing?
Remember your spacing. YAML is concern with the alignment of the spacing with the commands. Your "uri:" action should be aligned under "- name:". Ansible is thinking there are multiple actions associated with the "- name:" task.
Hope this helps.
I am starting to use Ansible to automate the creation of users. The following code creates the user and the /home/test_user_003/.ssh/id_rsa.pub file.
But the authorized_key step gives error "could not find file in lookup". Its there, I can see it.
---
- hosts: test
become: true
tasks:
- name: create user
user:
name: test_user_003
generate_ssh_key: yes
group: sudo
ssh_key_passphrase: xyz
- name: Set authorized key
authorized_key:
user: test_user_003
state: present
key: "{{ lookup('file', '/home/test_user_003/.ssh/id_rsa.pub') }}"
(I would be interested to know why "key" uses lookup, but thats for education only)
You create user on remote host but try to lookup generated key on local host (all lookups in ansible are executed locally).
You may want to capture (register) result of user task and use it's fields:
- name: create user
user:
name: test_user_003
generate_ssh_key: yes
group: sudo
ssh_key_passphrase: xyz
register: new_user
- name: Set authorized key
authorized_key:
user: test_user_003
state: present
key: "{{ new_user.ssh_public_key }}"
I just started experimenting with ansible and I am trying to write my first simple playbook.
But I am getting a syntax error with the task keywork,
---
name: add ansible user
hosts: all
become: true
become_method: sudo
become_user:root
tasks:
- user:
name: ansible
groups: ansible
When I run this get the following:
utility:~/scripts/ansible# ansible-playbook --check add-ansible-user.yml
ERROR! Syntax Error while loading YAML.
The error appears to have been in '/root/scripts/ansible/add-ansible-user.yml': line 8, column 7, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
tasks:
^ here
From searching I belive the best bet is that I have an indent problem, but nomatter how I have tried to change it up, I cant get it too work.
- name: add ansible user
hosts: all
become: true
become_method: sudo
become_user: root
tasks:
- user:
name: ansible
groups: ansible
It's indeed the indentation problem. Please try the code written above.
Facing same issue, by making correct Indent spacing able to resolve it
As ref below
---
- name: my ansible
hosts: webserver
remote_user: root
become: true
tasks:
- name: intall httpd
yum:
name: httpd
state: latest
- name: run httpd
service:
name: httpd
state: started
- name: create content
copy:
content: “Congratulation on installing ansible”
dest: /var/www/html/index.html
The problem is here:
become_user:root
You need a space between : and root
become_user: root
The following Ansible playbook for setting up a server for a Laravel app works fine:
---
- name: Set up a standard Laravel install
hosts: localhost
vars_prompt:
- name: "domain"
prompt: "Domain name"
private: no
- name: "dbname"
prompt: "Database name"
private: no
- name: "dbuser"
prompt: "Database username"
private: no
- name: "dbpassword"
prompt: "Database password"
private: yes
roles:
- create_droplet
- create_domain
- name: Install dependencies
hosts: launched
roles:
- upgrade
- utilities
- users
- nginx-php
- composer
- nginx_firewall
- redis
- postgres
- git
The following similar one for setting up a Wordpress install doesn't:
---
- name: Set up Wordpress with Apache, Memcached and Varnish
hosts: localhost
vars_prompt:
- name: "domain"
prompt: "Domain name"
private: no
- name: "title"
prompt: "Wordpress title"
private: no
- name: "email"
prompt: "Wordpress email"
private: no
- name: "user"
prompt: "Admin username"
private: no
- name: "pass"
prompt: "Admin password"
private: yes
roles:
- create_droplet
- create_domain
- name: Install dependencies
hosts: launched
roles:
- upgrade
- utilities
- users
- apache
- varnish
- memcached
- mysql
- wordpress
Both playbooks set up a new droplet on Digital Ocean using the create_droplet and create_domain roles, and add it to the launched group. However, the variables prompted for in the second playbook don't appear to be defined, as in this error message:
TASK [wordpress : Add user "wordpress", belonging to group "wordpress" and having a home dir of /var/www] ***
fatal: [<IP_ADDRESS_REDACTED>]: FAILED! => {"failed": true, "msg": "the field 'args' has an invalid value, which appears to include a variable that is undefined. The error was: 'pass' is undefined\n\nThe error appears to have been in '/home/matthew/Projects/ansible-setup/playbooks/roles/wordpress/tasks/main.yml': line 28, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Add user \"wordpress\", belonging to group \"wordpress\" and having a home dir of /var/www\n ^ here\nWe could be wrong, but this one looks like it might be an issue with\nunbalanced quotes. If starting a value with a quote, make sure the\nline ends with the same set of quotes. For instance this arbitrary\nexample:\n\n foo: \"bad\" \"wolf\"\n\nCould be written as:\n\n foo: '\"bad\" \"wolf\"'\n"}
Use of debug statements has confirmed that in none of the roles called in the second playbook does the domain variable appear to be defined. I'm not sure why that is. However, if I remove the part that creates the droplet and run it against an existing droplet, it seems to work OK.
Can anyone see why this is showing up as undefined? Is it something to do with the scope of these variables?
Is it something to do with the scope of these variables?
Yes, your variables are play-bound, so they are available for the first play (where you prompt them) and unavailable for the second one.
If you need variable to survive between plays, you need to convert it to host fact.
For example add post_tasks to your first play:
post_tasks:
- set_fact:
domain: '{{ domain }}'
delegate_to: '{{ item }}'
delegate_facts: true
with_inventory_hostnames: launched
This will add domain fact to every host in launched group.