From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 441E82750F3 for ; Wed, 27 Aug 2025 09:32:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.137.202.133 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756287138; cv=none; b=GryEBCMDP7BBrwNJTujsRccL9Nmjzy2zmuWrWuCuRcaXEHWzI743NioTjPyKc5YAtGTirKGhyfuItwa+PP3ykxlYnZe6+uvPGcowUeCwZjTTzGVfJINSpUaNvYJeKcRk+pZNP1aHl4GbXd1LBaES8G8p7OYLhqtjBLgxlHXFfKs= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1756287138; c=relaxed/simple; bh=MJuLvy7c0W1l+O98QZdksKqGRTRw+QFHQkE6J8Z6rpA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=FlnvQU6VsjBxinBE2837SPgyvqO+TFPY/H62mrTTDR795JjyaDn0Tl3MaVE+CMijcjlXS8qD6YjEzm455meYzaf2xISEgIwybtPCQZ1t4GN/N4fHBf2KwdgitnwAZbBl6dcw0uWyU4bwdeEwdTL8Nqm2+JaZseT2Gi1LMC9f3iQ= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=pyVxcXMu; arc=none smtp.client-ip=198.137.202.133 Authentication-Results: smtp.subspace.kernel.org; dmarc=fail (p=quarantine dis=none) header.from=kernel.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="pyVxcXMu" DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Sender:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Reply-To:Content-Type:Content-ID:Content-Description; bh=AtjCBsHdqJ1JtRiXqMKB9iwFzvebmMusfT0uxWDiDHM=; b=pyVxcXMu/Q4i3XB5b2XgCjmyde KQUasWRixEprCKaLl/WLKvedNlMUfB5r5eSBEgs25RMtF/thHhm/heuiJUgzjawJ4Gow3Y3/Z632w g0aQ6xKt68JNy96e/cyxfQ0eBJTaV6ddQ6LjarCa3JnoYDvDS7yjuLuUF7pAglZoUzqfdmVtCS2t6 2ZFmKQ6Cp/5ujm7G+i3x3APc1MdimF32AHbk4wz8HG0a0ikvDgVG4serVIaeR+OnXV2DQR+2Pv3R2 6s7pM7MKv9sBnaHf+vnEAAFXfnDrgBZmL0gOm4MJOcy7hzQyo62d3TlyO8VJ9rjEjPX97ESqBNTMy oERttQmA==; Received: from mcgrof by bombadil.infradead.org with local (Exim 4.98.2 #2 (Red Hat Linux)) id 1urCVs-0000000Eqvv-3KoR; Wed, 27 Aug 2025 09:32:16 +0000 From: Luis Chamberlain To: Chuck Lever , Daniel Gomez , kdevops@lists.linux.dev Cc: Luis Chamberlain Subject: [PATCH 1/3] common: use fallback for group inference on remote systems Date: Wed, 27 Aug 2025 02:32:12 -0700 Message-ID: <20250827093215.3540056-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.49.0 In-Reply-To: <20250827093215.3540056-1-mcgrof@kernel.org> References: <20250827093215.3540056-1-mcgrof@kernel.org> Precedence: bulk X-Mailing-List: kdevops@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: Luis Chamberlain When provisioning remote bare metal systems or VMs with different user configurations, getent group may fail if the user's primary group has a different name. This is common in: - Enterprise environments with LDAP/AD integration - Bare metal systems with pre-existing user configurations - Systems like NixOS with different group naming conventions - Cloud/managed hosting with auto-generated group names Add fallback to extract the primary GID from the passwd entry and look up the group by GID, which is more reliable across diverse system configurations. Signed-off-by: Luis Chamberlain --- playbooks/roles/common/tasks/main.yml | 29 +++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml index 3ee08018..bb92fea8 100644 --- a/playbooks/roles/common/tasks/main.yml +++ b/playbooks/roles/common/tasks/main.yml @@ -55,9 +55,34 @@ when: - infer_uid_and_group|bool -- name: Override user and group with inferred settings if feature is enabled - ansible.builtin.set_fact: +- name: Get primary group ID from user entry + set_fact: + user_primary_gid: "{{ getent_running_user.ansible_facts.getent_passwd[target_user][2] }}" + when: + - infer_uid_and_group|bool + - getent_on_group.rc | default(1) != 0 + +- name: Run getent against the primary group ID + getent: + database: group + key: "{{ user_primary_gid }}" + register: getent_primary_group + when: + - infer_uid_and_group|bool + - getent_on_group.rc | default(1) != 0 + +- name: Override user and group with inferred settings if feature is enabled (group found by name) + set_fact: data_user: "{{ target_user }}" data_group: "{{ ((getent_on_group.values() | first).values() | first).keys() | first }}" when: - infer_uid_and_group|bool + - getent_on_group.rc | default(1) == 0 + +- name: Override user and group with inferred settings if feature is enabled (group found by GID) + set_fact: + data_user: "{{ target_user }}" + data_group: "{{ getent_primary_group.ansible_facts.getent_group.keys() | first }}" + when: + - infer_uid_and_group|bool + - getent_on_group.rc | default(1) != 0 -- 2.50.1