在我用来管理用户的Ansible剧本中,我需要从特定组中删除用户(如果他们属于该组)。
我尝试添加以下任务:
- name: Remove non administrator users from the sudo group
shell: "/usr/sbin/delgroup {{ item.username }} {{ sudo_group }}"
with_items: '{{ users }}'
它可以工作,但对于不属于{{ sudo_group }}的用户将失败:
TASK [Remove non administrator users from the sudo group] ****************************************************************************************
failed: [staging3] (item={u'username': u'user', u'comment': u"User Name", u'group': u'users', u'groups': u'deployer'}) => {"changed": true, "cmd": "/usr/sbin/delgroup user sudo", "delta": "0:00:00.081264", "end": "2018-11-30 17:09:14.080878", "item": {"comment": "User Name", "group": "users", "groups": "deployer", "username": "user"}, "msg": "non-zero return code", "rc": 6, "start": "2018-11-30 17:09:13.999614", "stderr": "/usr/sbin/delgroup: The user `user' is not a member of group `sudo'.", "stderr_lines": ["/usr/sbin/delgroup: The user `user' is not a member of group `sudo'."], "stdout": "", "stdout_lines": []}
因此,我正在考虑添加一个新任务,该任务将检查{{ users }}中的用户是否属于{{ sudo_group }},并在列表变量中注册一个值为 yes 的新密钥。被删除任务检查为条件。
还有其他想法吗?