irl
7792cac0c7
For SR2's usage, these users will exist because they have been created in FreeIPA along with their subids.
26 lines
909 B
YAML
26 lines
909 B
YAML
---
|
|
- name: Podman Host | AUDIT | Gather rootless user facts
|
|
ansible.builtin.getent:
|
|
database: passwd
|
|
key: "{{ _podman_host_rootless_user }}"
|
|
register: _podman_host_rootless_user_facts
|
|
|
|
- debug:
|
|
msg: "{{ _podman_host_rootless_user_facts }}"
|
|
|
|
- name: Podman Host | AUDIT | Ensure the rootless user exists
|
|
ansible.builtin.assert:
|
|
that:
|
|
- _podman_host_rootless_user in _podman_host_rootless_user_facts.ansible_facts.getent_passwd.keys()
|
|
fail_msg: "User '{{ _podman_host_rootless_user }}' does not exist on this host."
|
|
|
|
- name: Podman Host | AUDIT | Ensure the rootless user has subuids defined
|
|
ansible.builtin.command:
|
|
cmd: "getsubids {{ _podman_host_rootless_user }}"
|
|
changed_when: false
|
|
|
|
- name: Podman Host | AUDIT | Ensure the rootless user has subgids defined
|
|
ansible.builtin.command:
|
|
cmd: "getsubids -g {{ _podman_host_rootless_user }}"
|
|
changed_when: false
|
|
|