I have a playbook to lock a user this works as expected but fails when any
of the server in the inventory is unreachable
lock_user.yml
-----------------
---
- name: Lock Users
hosts: "{{ target }}"
gather_facts: no
ignore_unreachable: yes
any_errors_fatal: false
vars:
- ansible_python_interpreter: /usr/bin/python
- myusers: ['sapadm', 'root', 'oracle']
tasks:
- name: Warn about generic accounts
debug:
msg: "{{ user }} is a generic account. DO NOT ATTEMPT TO LOCK THIS
ACCOUNT!"
when: user in myusers
- name: Check if the user exists {{ user }}
shell: id -u {{ user }}
register: user_exists
ignore_errors: true
- name: Locking {{ user }} Linux
shell: "passwd -l {{ user }}"
when: "user_exists.rc == 0 and inventory_hostname in groups['linux']
and user not in myusers"
- name: Locking {{ user }} AIX
shell: "chuser account_locked=true {{ user }}"
when: "user_exists.rc == 0 and inventory_hostname in groups['aix']
and user not in myusers"
- name: User does not exist
debug:
msg: "{{ user }} doesnot exist"
when: user_exists.rc != 0
Failure messages at
check_users task
fatal: [server1]: FAILED! => {"msg": "Timeout (12s) waiting for privilege
escalation prompt: /etc/profile.d/lang.sh: line 19: warning: setlocale:
LC_CTYPE: cannot change locale (C.UTF-8)\\r\\n"}
...ignoring
fatal: [server2]: UNREACHABLE! => {"changed": false, "msg": "Failed to
connect to the host via ssh: ssh: connect to host 10.65.112.84 port 22:
Connection timed out", "skip_reason": "Host server2 is unreachable",
"unreachable": true}
...ignoring
lock_user task
fatal: [server1]: FAILED! => {"msg": "The conditional check 'user_exists.rc
== 0 and inventory_hostname in groups['linux'] and user not in myusers'
failed. The error was: error while evaluating conditional (user_exists.rc
== 0 and inventory_hostname in groups['linux'] and user not in myusers):
'dict object' has no attribute 'rc'\\n\\nThe error appears to be in
'/runner/project/lock_user.yml': line 20, column 7, but may\\nbe elsewhere
in the file depending on the exact syntax problem.\\n\\nThe offending line
appears to be:\\n\\n\\n - name: Locking {{ user }} Linux\\n ^
here\\nWe could be wrong, but this one looks like it might be an issue
with\\nmissing quotes. Always quote template expression brackets when
they\\nstart a value. For instance:\\n\\n with_items:\\n - {{ foo
}}\\n\\nShould be written as:\\n\\n with_items:\\n - \\"{{ foo
}}\\"\\n"}
fatal: [server2]: FAILED! => {"msg": "The conditional check 'user_exists.rc
== 0 and inventory_hostname in groups['linux'] and user not in myusers'
failed. The error was: error while evaluating conditional (user_exists.rc
== 0 and inventory_hostname in groups['linux'] and user not in myusers):
'dict object' has no attribute 'rc'\\n\\nThe error appears to be in
'/runner/project/lock_user.yml': line 20, column 7, but may\\nbe elsewhere
in the file depending on the exact syntax problem.\\n\\nThe offending line
appears to be:\\n\\n\\n - name: Locking {{ user }} Linux\\n ^
here\\nWe could be wrong, but this one looks like it might be an issue
with\\nmissing quotes. Always quote template expression brackets when
they\\nstart a value. For instance:\\n\\n with_items:\\n - {{ foo
}}\\n\\nShould be written as:\\n\\n with_items:\\n - \\"{{ foo
}}\\"\\n"}
how can i fix this?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/b1a9573a-7eb1-4735-b24e-cfb6fa1b8b83n%40googlegroups.com.
