Menu
Let's assume user01 has two groups defined: groupA and groupB (in addition to the primary group).
I can add the account to groupC (ensure user01 belongs to groupC) using:
- user: name=user01 groups=groupC append=yes
How can I remove user01 from groupB (ensure user01 does not belong to groupB) without specifying all the groups the account should belong to?
786
As far as I can tell, you can't with just the normal user module.
However, with some fairly crazy gyrations, you can do it in a playbook. I'm not sure I recommend this though; it was just an interesting exercise. (I did test this and it worked.)
The interesting part is the task "build the new groups list", which removes a list entry. If calling .remove() on a python list returned the new list, that would all be uneccessary.
---
- hosts: target
gather_facts: no
vars:
group_to_remove: admins
new_groups_list: []
user_to_check: user1
tasks:
- user: name="{{ user_to_check }}" groups=testers,developers,admins
- name: get the current groups list
command: groups "{{ user_to_check }}"
register: current_groups
- debug: var=current_groups
# parse the output of the groups command into a python list
# of the current groups
- set_fact:
current_group_list: "{{ current_groups.stdout.replace( user_to_check+' : ','').split(' ') }}"
- name: show user_group_list
debug: var=current_group_list
- name: build the new groups list
set_fact:
new_groups_list: "{{ new_groups_list + [ item ] }}"
no_log: False
when: "not '{{ group_to_remove }}' == '{{ item }}'"
with_items: "{{ current_group_list }}"
# turn the list, into a comma-delimited string
- set_fact:
new_groups: "{{ ','.join(new_groups_list) }}"
- name: show new_groups_list
debug: var=new_groups
- name: set new user groups
user: name="{{ user_to_check }}" groups="{{ new_groups }}"
- name: get the new groups list
command: groups "{{ user_to_check }}"
register: new_groups
- debug: var=new_groups
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
