-
Notifications
You must be signed in to change notification settings - Fork 1.9k
user groups option always triggers changed #1118
Comments
Hitting this bug RHEL6.6 as well |
I believe the issue is in User.user_group_membership(). If the user is only a member of its own group then user_group_membership() method returns a empty list so the code thinks it needs update the group file. Current Method
The current method:
The check for the GID I think is the problem. If the purpose of the method is to get a list of all the groups that a user belongs to ( and I think it is ), then all we should care about is Proposed Method
I would just have dropped a pull request, but someone put the GID check in there and I want to make sure I'm not missing some subtle nuance. If I'm not I'm happy to submit my pull request. |
I'm not sure but it sounds like an optimization for group appending and/or when the user utility is setup to automatically create a group with the same name and gid as the user and its uid. |
If the point of the method is to get the list of groups the user is a member of then that should include all of the groups including the one that matches your GID ( since you are automatically associated with that group even if you're not explicitly listed in the members list ) Since the next thing the code does is remove duplicates between what was asked for with the groups argument and what exists in the /etc/group file. It isn't really much of an optimization.
User creation follows a different path and never calls these methods. Tests without the GID check ( I added some prints to make it easier to see what is happening )If I have three existing users ( monkeys, chicken, turkey ), each with a corresponding group.
If I run a play with MODULE_ARGS = 'name=monkeys groups=monkeys,turkey append=yes' it does what I'd expect and append monkeys to the two groups and changed: true
if I run the same play again, changing nothing, you can see that the current groups matched my requested groups, my group diff list is empty and changed: false This is where @raffomania's error comes in. With the GID check in place monkeys would have been missing from the Current Groups list and when the set() is run would have shown up in the group diff and required processing.
|
I also ran into this and @blackreed9's change worked for me (on an Ubuntu 14.04 host), so 👍 from me. |
and here's the results of adding my own This is a case where I am trying to add the - name: "create application user"
user: name=profilesvcuser
state=present
group=vagrant
groups=vagrant
|
+1 for getting this fixed |
I'm also observing this when I use the
|
This also happens for me when the
|
@mkollaro @asmartin i think this happen 'cause the generated hash is different every time (even if the string to hash remain the same). That's how the 'sha' algorithm works! |
@angystardust I don't remember much from my crypto class, but I'm pretty sure that a basic property of any hash function is to generate the same result given the same input. Different inputs can result in the same hash, but not the other way around. https://en.wikipedia.org/wiki/Hash_function |
Sorry to contraddict you, @mkollaro but what you said is wrong. for n in seq 1 3 ; do echo password | mkpasswd -m sha-512 --stdin ; done You'll have 3 different hashes from the same (not so much creative) password. |
mkpasswd adds a random salt which is what is modifying the hash, the hash should be reproducible when the salt used is the same. |
+1, still seeing this with v2.0.1.0. |
+1, same here. |
Hi! A change has been applied for this ticket, which should resolve this item for you. If you believe this ticket is not resolved, or have further questions, please let us know by stopping by one of the two mailing lists, as appropriate:
Because this project is very active, we're unlikely to see comments on closed tickets, though the mailing list is a great way to get involved or discuss this one further. Thanks! |
My ansible version is 1.8.2 and I'm managing an Arch Linux box from an Arch Linux box.
Summary:
For the user module, if the groups option is specified, it always triggers "changed" even if the group list doesn't change.
Steps To Reproduce:
Expected Results:
Actual Results:
The text was updated successfully, but these errors were encountered: