From 728f5ed44d56c07d10d90da1edf931d4e84af1a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Manuel=20Dom=C3=ADnguez?= Date: Wed, 15 Nov 2023 11:24:14 +0100 Subject: [PATCH] Unify remap user tasks from os_setup role Remove remap user tasks for CentOS 8 (roles/os_setup/tasks/remap_user/centos8.yml) and use the RHEL 9 tasks file for all RHEL versions. The tasks for CentOS 8 do not work with other operating system releases, while the tasks for RHEL 9 are more general and should work across operating system versions. --- roles/os_setup/tasks/main.yml | 10 ++-- .../{remap_user/rhel9.yml => remap_user.yml} | 11 ++-- roles/os_setup/tasks/remap_user/centos8.yml | 54 ------------------- 3 files changed, 8 insertions(+), 67 deletions(-) rename roles/os_setup/tasks/{remap_user/rhel9.yml => remap_user.yml} (87%) delete mode 100644 roles/os_setup/tasks/remap_user/centos8.yml diff --git a/roles/os_setup/tasks/main.yml b/roles/os_setup/tasks/main.yml index 43e29f5..4012077 100644 --- a/roles/os_setup/tasks/main.yml +++ b/roles/os_setup/tasks/main.yml @@ -7,13 +7,9 @@ include_tasks: powertools.yml when: enable_powertools -- name: Include remap_user task for RHEL8 - include_tasks: remap_user/centos8.yml - when: enable_remap_user and ansible_os_family == "RedHat" and ansible_distribution_major_version == '8' - -- name: Include remap_user task for RHEL9 - include_tasks: remap_user/rhel9.yml - when: enable_remap_user and ansible_os_family == "RedHat" and ansible_distribution_major_version == '9' +- name: Include remap_user task + include_tasks: remap_user.yml + when: enable_remap_user and ansible_os_family == "RedHat" - name: Create user task include_tasks: create_user.yml diff --git a/roles/os_setup/tasks/remap_user/rhel9.yml b/roles/os_setup/tasks/remap_user.yml similarity index 87% rename from roles/os_setup/tasks/remap_user/rhel9.yml rename to roles/os_setup/tasks/remap_user.yml index 583d3e4..c6da072 100644 --- a/roles/os_setup/tasks/remap_user/rhel9.yml +++ b/roles/os_setup/tasks/remap_user.yml @@ -1,7 +1,6 @@ --- -# Rocky9 uses GID 999 and UID 999 -# both of which we need to map to the galaxy user and group. - +# RHEL uses GID 999 and UID 999, both of which need to be +# mapped to the galaxy user and group. - name: Get all groups getent: @@ -18,9 +17,9 @@ - name: Check for GID 999 group ansible.builtin.shell: cmd: grep 999 /etc/group - ignore_errors: true register: check_group changed_when: false + failed_when: check_group.rc not in (0, 1) - name: Print return information from the previous task ansible.builtin.debug: @@ -48,11 +47,11 @@ - name: Check for UID 999 in user file ansible.builtin.shell: cmd: grep 999 /etc/passwd - ignore_errors: true register: check_user changed_when: false + failed_when: check_user.rc not in (0, 1) - - name: Print return information from the previous task2 + - name: Print return information from the previous task ansible.builtin.debug: var: check_user when: debug diff --git a/roles/os_setup/tasks/remap_user/centos8.yml b/roles/os_setup/tasks/remap_user/centos8.yml deleted file mode 100644 index 43fd4b2..0000000 --- a/roles/os_setup/tasks/remap_user/centos8.yml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Centos8 uses systemd-coredump:input for (999:999) which we need to map to -# the galaxy user/group. -# - -- name: Check for input group - ansible.builtin.command: grep -Fxq "input:x:999:" /etc/group - ignore_errors: true - register: check_input - changed_when: false - -- name: Print return information from the previous task - ansible.builtin.debug: - var: check_input - when: debug - -- name: Replace in group file - ansible.builtin.lineinfile: - path: /etc/group - regexp: 'input:x:999:' - line: 'input:x:500:' - when: 'not ansible_check_mode and check_input.rc == 0' - -- name: Search and replace 999 group files - ansible.builtin.command: "find / -mount -gid 999 -exec chgrp 500 '{}' +" - ignore_errors: true - when: check_input.rc == 0 - tags: - - ignore_errors - -- name: Check for coredump - ansible.builtin.command: grep -Fxq "systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin" /etc/passwd - ignore_errors: true - register: check_coredump - changed_when: false - -- name: Print return information from the previous task2 - ansible.builtin.debug: - var: check_coredump - when: debug - -- name: Replace in passwd file - ansible.builtin.lineinfile: - path: /etc/passwd - regexp: 'systemd-coredump:x:999:997:systemd Core Dumper:/:/sbin/nologin' - line: 'systemd-coredump:x:500:997:systemd Core Dumper:/:/sbin/nologin' - when: 'not ansible_check_mode and check_coredump.rc == 0' - -- name: Search and replace 999 user files - ansible.builtin.command: "find / -mount -uid 999 -exec chown 500 '{}' +" - ignore_errors: true - when: check_coredump.rc == 0 - tags: - - ignore_errors