09f025b7a0
The user module now returns the output, both stdout and stderr, from useradd, usermod, and userdel. This should help debug cases why one of those commands fail. In addition, the user module will now call fail_json() when the attempted command failed so as to properly communicate a failure in a playbook.
351 lines
11 KiB
Python
Executable file
351 lines
11 KiB
Python
Executable file
#!/usr/bin/python
|
|
|
|
# (c) 2012, Stephen Fromm <sfromm@gmail.com>
|
|
#
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
try:
|
|
import json
|
|
except ImportError:
|
|
import simplejson as json
|
|
import os
|
|
import pwd
|
|
import grp
|
|
import shlex
|
|
import subprocess
|
|
import sys
|
|
import syslog
|
|
try:
|
|
import spwd
|
|
HAVE_SPWD=True
|
|
except:
|
|
HAVE_SPWD=False
|
|
|
|
USERADD = "/usr/sbin/useradd"
|
|
USERMOD = "/usr/sbin/usermod"
|
|
USERDEL = "/usr/sbin/userdel"
|
|
|
|
def exit_json(rc=0, **kwargs):
|
|
if 'name' in kwargs:
|
|
add_user_info(kwargs)
|
|
print json.dumps(kwargs)
|
|
sys.exit(rc)
|
|
|
|
def fail_json(**kwargs):
|
|
kwargs['failed'] = True
|
|
exit_json(rc=1, **kwargs)
|
|
|
|
def add_user_info(kwargs):
|
|
name = kwargs['name']
|
|
if user_exists(name):
|
|
kwargs['state'] = 'present'
|
|
info = user_info(name)
|
|
kwargs['uid'] = info[2]
|
|
kwargs['group'] = info[3]
|
|
kwargs['comment'] = info[4]
|
|
kwargs['home'] = info[5]
|
|
kwargs['shell'] = info[6]
|
|
kwargs['createhome'] = os.path.exists(info[5])
|
|
groups = user_group_membership(name)
|
|
if len(groups) > 0:
|
|
kwargs['groups'] = groups
|
|
else:
|
|
kwargs['state'] = 'absent'
|
|
return kwargs
|
|
|
|
def user_del(user, **kwargs):
|
|
cmd = [USERDEL]
|
|
for key in kwargs:
|
|
if key == 'force' and kwargs[key]:
|
|
cmd.append('-f')
|
|
elif key == 'remove' and kwargs[key]:
|
|
cmd.append('-r')
|
|
cmd.append(user)
|
|
p = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
(out, err) = p.communicate()
|
|
rc = p.returncode
|
|
return (rc, out, err)
|
|
|
|
def user_add(user, **kwargs):
|
|
cmd = [USERADD]
|
|
for key in kwargs:
|
|
if key == 'uid' and kwargs[key] is not None:
|
|
cmd.append('-u')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'group' and kwargs[key] is not None:
|
|
if not group_exists(kwargs[key]):
|
|
fail_json(msg="Group %s does not exist" % (kwargs[key]))
|
|
cmd.append('-g')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'groups' and kwargs[key] is not None:
|
|
for g in kwargs[key].split(','):
|
|
if not group_exists(g):
|
|
fail_json(msg="Group %s does not exist" % (g))
|
|
cmd.append('-G')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'comment' and kwargs[key] is not None:
|
|
cmd.append('-c')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'home' and kwargs[key] is not None:
|
|
cmd.append('-d')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'shell' and kwargs[key] is not None:
|
|
cmd.append('-s')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'password' and kwargs[key] is not None:
|
|
cmd.append('-p')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'createhome':
|
|
if kwargs[key] is not None:
|
|
if kwargs[key] == 'yes':
|
|
cmd.append('-m')
|
|
else:
|
|
cmd.append('-M')
|
|
elif key == 'system' and kwargs[key] == 'yes':
|
|
cmd.append('-r')
|
|
cmd.append(user)
|
|
p = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
(out, err) = p.communicate()
|
|
rc = p.returncode
|
|
return (rc, out, err)
|
|
|
|
"""
|
|
Without spwd, we would have to resort to reading /etc/shadow
|
|
to get the encrypted string. For now, punt on idempotent password changes.
|
|
"""
|
|
def user_mod(user, **kwargs):
|
|
cmd = [USERMOD]
|
|
info = user_info(user)
|
|
for key in kwargs:
|
|
if key == 'uid':
|
|
if kwargs[key] is not None and info[2] != int(kwargs[key]):
|
|
cmd.append('-u')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'group' and kwargs[key] is not None:
|
|
if not group_exists(kwargs[key]):
|
|
fail_json(msg="Group %s does not exist" % (kwargs[key]))
|
|
ginfo = group_info(group)
|
|
if info[3] != ginfo[2]:
|
|
cmd.append('-g')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'groups' and kwargs[key] is not None:
|
|
current_groups = user_group_membership(user)
|
|
groups = kwargs[key].split(',')
|
|
for g in groups:
|
|
if not group_exists(g):
|
|
fail_json(msg="Group %s does not exist" % (g))
|
|
group_diff = set(sorted(current_groups)).symmetric_difference(set(sorted(groups)))
|
|
groups_need_mod = False
|
|
|
|
if group_diff:
|
|
if kwargs['append'] is not None and kwargs['append'] == 'yes':
|
|
for g in groups:
|
|
if g in group_diff:
|
|
cmd.append('-a')
|
|
groups_need_mod = True
|
|
else:
|
|
groups_need_mod = True
|
|
|
|
if groups_need_mod:
|
|
cmd.append('-G')
|
|
cmd.append(','.join(groups))
|
|
|
|
elif key == 'comment':
|
|
if kwargs[key] is not None and info[4] != kwargs[key]:
|
|
cmd.append('-c')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'home':
|
|
if kwargs[key] is not None and info[5] != kwargs[key]:
|
|
cmd.append('-d')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'shell':
|
|
if kwargs[key] is not None and info[6] != kwargs[key]:
|
|
cmd.append('-s')
|
|
cmd.append(kwargs[key])
|
|
elif key == 'password':
|
|
if kwargs[key] is not None and info[1] != kwargs[key]:
|
|
cmd.append('-p')
|
|
cmd.append(kwargs[key])
|
|
# skip if no changes to be made
|
|
if len(cmd) == 1:
|
|
return (None, '', '')
|
|
cmd.append(user)
|
|
p = subprocess.Popen(cmd, shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
|
|
(out, err) = p.communicate()
|
|
rc = p.returncode
|
|
return (rc, out, err)
|
|
|
|
def group_exists(group):
|
|
try:
|
|
if group.isdigit():
|
|
if grp.getgrgid(group):
|
|
return True
|
|
else:
|
|
if grp.getgrnam(group):
|
|
return True
|
|
except KeyError:
|
|
return False
|
|
|
|
def group_info(group):
|
|
if not group_exists(group):
|
|
return False
|
|
if group.isdigit():
|
|
return list(grp.getgrgid(group))
|
|
else:
|
|
return list(grp.getgrnam(group))
|
|
|
|
def user_group_membership(user):
|
|
groups = []
|
|
info = get_pwd_info(user)
|
|
for group in grp.getgrall():
|
|
if user in group[3] and info[3] != group[2]:
|
|
groups.append(group[0])
|
|
return groups
|
|
|
|
def user_exists(user):
|
|
try:
|
|
if pwd.getpwnam(user):
|
|
return True
|
|
except KeyError:
|
|
return False
|
|
|
|
def get_pwd_info(user):
|
|
if not user_exists(user):
|
|
return False
|
|
return list(pwd.getpwnam(user))
|
|
|
|
def user_info(user):
|
|
if not user_exists(user):
|
|
return False
|
|
try:
|
|
info = get_pwd_info(user)
|
|
if HAVE_SPWD:
|
|
sinfo = spwd.getspnam(user)
|
|
except KeyError:
|
|
return False
|
|
if HAVE_SPWD:
|
|
info[1] = sinfo[1]
|
|
return info
|
|
|
|
# ===========================================
|
|
|
|
if not os.path.exists(USERADD):
|
|
if os.path.exists("/sbin/useradd"):
|
|
USERADD = "/sbin/useradd"
|
|
else:
|
|
fail_json(msg="Cannot find useradd")
|
|
if not os.path.exists(USERMOD):
|
|
if os.path.exists("/sbin/usermod"):
|
|
USERMOD = "/sbin/usermod"
|
|
else:
|
|
fail_json(msg="Cannot find usermod")
|
|
if not os.path.exists(USERDEL):
|
|
if os.path.exists("/sbin/userdel"):
|
|
USERDEL = "/sbin/userdel"
|
|
else:
|
|
fail_json(msg="Cannot find userdel")
|
|
|
|
argfile = sys.argv[1]
|
|
args = open(argfile, 'r').read()
|
|
items = shlex.split(args)
|
|
syslog.openlog('ansible-%s' % os.path.basename(__file__))
|
|
syslog.syslog(syslog.LOG_NOTICE, 'Invoked with %s' % args)
|
|
|
|
if not len(items):
|
|
fail_json(msg='the module requires arguments -a')
|
|
sys.exit(1)
|
|
|
|
params = {}
|
|
for x in items:
|
|
(k, v) = x.split("=")
|
|
params[k] = v
|
|
|
|
state = params.get('state','present')
|
|
name = params.get('name', None)
|
|
uid = params.get('uid', None)
|
|
group = params.get('group', None)
|
|
groups = params.get('groups', None)
|
|
comment = params.get('comment', None)
|
|
home = params.get('home', None)
|
|
shell = params.get('shell', None)
|
|
password = params.get('password', None)
|
|
|
|
# ===========================================
|
|
# following options are specific to userdel
|
|
force = params.get('force', False)
|
|
remove = params.get('remove', False)
|
|
|
|
# ===========================================
|
|
# following options are specific to useradd
|
|
createhome = params.get('createhome', 'yes')
|
|
system = params.get('system', 'no')
|
|
|
|
# ===========================================
|
|
# following options are specific to usermod
|
|
append = params.get('append', 'no')
|
|
|
|
if state not in [ 'present', 'absent' ]:
|
|
fail_json(msg='invalid state')
|
|
if createhome not in [ 'yes', 'no' ]:
|
|
fail_json(msg='invalid createhome')
|
|
if system not in ['yes', 'no']:
|
|
fail_json(msg='invalid system')
|
|
if append not in [ 'yes', 'no' ]:
|
|
fail_json(msg='invalid append')
|
|
if name is None:
|
|
fail_json(msg='name is required')
|
|
|
|
result = {}
|
|
rc = 0
|
|
out = ''
|
|
err = ''
|
|
result['name'] = name
|
|
if state == 'absent':
|
|
if not user_exists(name):
|
|
result['changed'] = False
|
|
else:
|
|
(rc, out, err) = user_del(name, force=force, remove=remove)
|
|
if rc != 0:
|
|
fail_json(name=name, msg=err)
|
|
else:
|
|
result['changed'] = True
|
|
result['force'] = force
|
|
result['remove'] = remove
|
|
elif state == 'present':
|
|
if not user_exists(name):
|
|
(rc, out, err) = user_add(name, uid=uid, group=group, groups=groups,
|
|
comment=comment, home=home, shell=shell,
|
|
password=password, createhome=createhome,
|
|
system=system)
|
|
else:
|
|
(rc, out, err) = user_mod(name, uid=uid, group=group, groups=groups,
|
|
comment=comment, home=home, shell=shell,
|
|
password=password, append=append)
|
|
if rc is not None and rc != 0:
|
|
fail_json(name=name, msg=err)
|
|
if rc is None:
|
|
result['changed'] = False
|
|
else:
|
|
result['changed'] = True
|
|
if password is not None:
|
|
result['password'] = 'NOTLOGGINGPASSWORD'
|
|
|
|
if out:
|
|
result['stdout'] = out
|
|
if err:
|
|
result['stderr'] = err
|
|
exit_json(**result)
|
|
sys.exit(0)
|