[root#thamizh thamizh]# groupadd -g examples example1
groupadd: invalid group ID 'examples'
created group named examples and tired to add user example1 to it, but its giving error "invalid group ID examples", but examples group created by groupadd command
First, create a group:
groupadd example
Or, with specific GID:
groupadd -g 101 group1
After, add users to group:
usermod -g group1 user1
Or, add several groups for user using -G option:
usermod -G group1 group2 user1
Then check groups:
group user1
Related
I'm trying to achieve the following with ansible
create a user without a password
adduser test <-- ok and works on linux machine and works with ansible
change to user test
su test <-- works on linux machine, but fails with ansible. I get
incorrect password message
copy a file from location1 to location2 as a test user and change a file content.
cp loc1/testfile.txt loc2/testfile.txt && echo "hello" > testfile.txt
---
- name: This is a hello-world example
hosts: all
tasks:
- name: create a passwordless test user
action: user name=test state=present
become: yes
become_user: root
- name: Create a file called '/tmp/testfile.txt' with the content 'hello' using test user.
copy:
content: hello
dest: /tmp/testfile.txt
owner: test
group: test
become_user: test
primary conditions:
at a moment of execution the file testfile.txt is already created on linux machine and has a group root and user root. I want to override the file and assign different user and group.
I've tried various combination, including
copy:
content: hello
dest: /tmp/testfile.txt
owner: test
group: test
become: yes
become_user: test
copy:
content: hello
dest: /tmp/testfile.txt
owner: test
group: test
become: yes
become_user: test
become_method: su
copy:
content: hello
dest: /tmp/testfile.txt
owner: test
group: test
become: yes
copy:
content: hello
dest: /tmp/testfile.txt
owner: test
group: test
become_user: test
become_method: su
always getting a message about the password being incorrect. The awkward moment is that test user has no password
What am I doing wrong?
Updates:
Tried this
How to achieve sudo su - <user> and run all command in ansible <-- does not work
Found an answer - it is not possible
https://devops.stackexchange.com/questions/3588/how-do-you-simulate-sudo-su-user-in-ansible
What is the point?
to cite from Quora (source: https://www.quora.com/What-is-advantage-of-creating-passwordless-user-in-Linux)
I presume you mean processes such as a webserver, running as the
"apache" user with a locked password (shadow entry of '!!').
This is for security, in case a vulnerability is discovered in the
server code. Prior to the year 2000 or so, it was common for servers
to run as the root user, particularly as this privilege is required to
open network sockets on privileged ports (below 1024), such as 53
(DNS) or 80 (HTTP). As I recall, high-profile breaches of the bind and
sendmail servers caused developers to re-think this strategy. Since
then, services are started with root privilege, the socket opened, and
then privilege is dropped to a non-privileged user ID such as "apache"
or "named". This needs no password, since it is never intended that
anyone login. Rather, a process running as root executes a setuid()
system call to change effective user ID to this user. In the event of
a security breach, an attacker will be limited to the access lists of
this user; for instance, a vulnerable CGI script on a webserver would
be able to access the /tmp directory as the "apache" user, but be
unable to read /etc/shadow for instance, or to write an extra user
into /etc/passwd or modify system binaries in /sbin.
To avoid what is described in "password not being accepted for sudo user with ansible":
fatal: [testserver]: FAILED! => {"failed": true, "msg": "Incorrect su password"}
You might try using sudo, assuming you have given test user sudo rights:
# Debian systems (Ubuntu / Linux Mint / ElementryOS), add users to the sudo group
sudo usermod -aG sudo username
# On RHEL based systems (Fedora / CentOS), add users to the wheel group
sudo usermod -aG wheel username
Then:
become_user: test
become_method: sudo
Laucnhed with:
ansible-playbook -i inventory simple_playbook.yml --ask-become-pass
And enter the root password
I have inventory:
[machine]
192.168.1.2
[group1:children]
machine
[group2:children]
machine
[group3:children]
machine
[group1:vars]
my_var="DOG"
[group2:vars]
my_var="CAT"
[group3:vars]
my_var="FISH"
When I run ansible -m debug -a "var=my_var" {group1 or group2 or group3 or machine} I always get my_var="FISH" because machine host inherits variable from the last group in file. How can I pass my_var value depending on the calling a specific parent group (group1, group2, group3)?
I have several sequentially named groups that I want to run my playbook on. I can specify an exact name or use the asterisk wildcard, but I can't specify a range of numbers.
Group Names
group1
group2
group3
in playbook
- hosts: "{{ var_hosts }}"
Examples:
ansible-playbook -i inventory tasks/myplaybook.yml -e 'var_hosts=group1' ==> works
ansible-playbook -i inventory tasks/myplaybook.yml -e 'var_hosts=group*' ==> works by selecting all groups named 'groups*'
ansible-playbook -i inventory tasks/myplaybook.yml -e 'var_hosts=group[1:3]' ==> does not work . I get the error:
'[WARNING]: Could not match supplied host pattern, ignoring: group'
My google searches haven't found any documentation the details which patters are legal in group names. Is there a way to use numeric ranges in group names?
Patterns are not regex.
You can refer to hosts within the group by adding a subscript to the group name:
webservers[0:2] # == webservers[0],webservers[1]
...
I need to add group and user without password (nologin user) using Ansible script.
I execute the following command:
$ansible-playbook deploy_nagios_client.yml -i hosts -e hosts=qa1-jetty -v
Below is main.yml
---
# Create Nagios User and Group
- name: Add group "nagios"
group: name=nagios
become: true
- name: Add user "nagios"
user: name=nagios groups=nagios password="" shell=/bin/bash append=yes comment="Nagios nologin User" state=present
become: true
Result
If you want to create a nologin user, you should specify that to the shell argument like this:
- name: Add user "nagios"
user:
name: nagios
groups: nagios
shell: /sbin/nologin
create_home: no
append: yes
comment: "Nagios nologin User"
state: present
become: true
As far as I can tell, adding a user with the user module does what you want if you leave off the password attribute entirely.
I am new to using Ansible and am looking to understand how to write an Ansible Playbook that will run a query on a postgres SQL db instance as a particular user and display the output in the terminal.
For example:
SELECT * FROM example_db;
Could someone provide a simple example?
Based on #Christofides' example. I made some modifications and tested. this works:
- hosts: all
sudo: yes
sudo_user: postgres
tasks:
- name: Select all from example table
command: psql -c "SELECT * FROM example_table" example_db
register: select_all_from_example
- name : Display example table contents
debug: msg="{{ select_all_from_example.stdout }}"
Result:
This is an untested example which shows the essentials. It may require tweaking depending on your setup.
- name: Select all from example table
sudo: yes
sudo_user: postgres
command: psql -c "SELECT * FROM example_table" example_db
register: select_all_from_example
- name: Display example table contents
debug: msg="{{ select_all_from_example.stdout }}"
You can use a new role that provides four new modules:
postgresql_table: ensure that a table is present (or absent) in
database
postgresql_row: ensure that a row is present (or absent) in a table
postgresql_query: execute an arbitrary query in database and
return results
postgresql_command: execute an arbitrary query in
database
Look here for docs: https://github.com/rtshome/ansible_pgsql
Using Ansible Shell Module
To create Database and User
Here I am creating : airflow db, user airflow_user and password airflow_password
Set postgres_user(the main user) password in PGPASSWORD variable
- name: Created Airflow Database and User in Postgres
shell: /usr/bin/psql --host=10.0.0.39 --dbname=postgres --username=postgres -c "CREATE DATABASE airflow" ; /usr/bin/psql --host=10.0.0.39 --dbname=postgres --username=postgres -c "CREATE USER airflow_user WITH PASSWORD 'airflow_password'" ; /usr/bin/psql --host=10.0.0.39 --dbname=postgres --username=postgres -c "GRANT ALL PRIVILEGES ON DATABASE airflow TO airflow_user " ;
environment:
PGPASSWORD: postgres_password
register: postgres_query_status
failed_when: "'already exists' not in postgres_query_status.stderr and 'CREATE' not in postgres_query_status.stdout"
tags:
- postgres