Alloy role - Add user to additional groups

[fkonradmain]

Some logs on linux machines are not readable by anyone. They are either owned by root or another group. For example, on debian based systems, they are owned by the 'adm' group.

It would be great, if we were able to assign the alloy user to those groups using the 'alloy' role of this collection.

I am looking forward to your responses to that topic. Thank you very much!

[ishanjainn]

You should be able to pass a custom service_group and service_user as role arguments. Have you tried that?

[fkonradmain]

Hi @ishanjainn and thank you for the quick response.

According to the ansible documentation, that would only set the primary group. -> ansible.builtin.user

When we want to add the user to additional groups, we would have to use the groups statement.

Currently, this parameter is not set:

install.yml, Line 13

- name: Create alloy user
  ansible.builtin.user:
    name: "{{ service_user }}"
    group: "{{ service_group }}"
    system: true
    create_home: false  # Appropriate for a system user, usually doesn't need a home directory
  become: true

[ishanjainn]

Gotcha, Yeah multiple groups might not be supported natively in the role, Ill have to check on what could be done

[cardasac]

I'm having issues also with this. No matter what I place on alloy_user_groups, it doesn't get respected. It always places alloy user onto just the alloy group. I want alloy to also belong to the Docker group so that it can do SD and read logs. @ishanjainn

[fkonradmain]

@cardasac at the current state of the repository, this is the intended functionality. There is no variable "alloy_user_groups" that could be picked up or assigned.