ansible.builtin.file is using user from wrong host

Question

I have this playbook below to set user/group on the user's home directory.

jimbo and bobo here have different UID and GIDs on the different boxes.

Running this script will set the UID/GID ownership of the directories incorrectly.

For example, it will set /home/jimbo on operatorbox1 (1) to be owned by the UID of jimbo from operatorbox2 (2) - which is of course not the correct UID on operatorbox1 (1).

It does this seemingly randomly. If I run this playbook multiple times the ownership of the directories will flip back and forth.

Guessing I have something fundamental missing here. Why is this happening? Thanks!

ansible-playbook v2.9.23

./vars/operators.yml

---
  operators:
    jimbo: sshekeywhatever
    bobo: sshkeywhatever

playbook.yml

---
- name: Setup operators
  hosts:
    - bastionbox
    - operatorbox
  become: true
  vars_files:
    - "./vars/operators.yml"

  tasks:
    - name: Set home directory permissions
      file:
        path: "/home/{{ item.key }}"
        state: directory
        owner: "{{ item.key }}"
        group: "{{ item.key }}"
        recurse: true
      with_dict:
        - "{{ operators }}"

Answer 1

I can't reproduce the problem. Below is a playbook for testing

- hosts: bastionbox,operatorbox
  gather_facts: false
  become: true

  vars:

    operators: [jimbo, bobo]

  tasks:

    - name: Create users
      user:
        name: "{{ item }}"
        shell: /usr/sbin/nologin
        uid: "{{ range(2500, 2600)|random }}"
      loop: "{{ operators }}"
      when: create_users|d(false)|bool

    - name: List users uid
      block:
        - getent:
            database: passwd
        - debug:
            msg: "{{ inventory_hostname }} {{ item }} uid: {{ getent_passwd[item].1 }}"
          loop: "{{ operators }}"
      when: list_users|d(false)|bool

    - name: Set home directory owner and group
      file:
        state: directory
        path: "/home/{{ item }}"
        owner: "{{ item }}"
        group: "{{ item }}"
        recurse: true
      loop: "{{ operators }}"
      when: set_homes|d(false)|bool

    - name: List homes
      block:
        - find:
            paths: /home
            file_type: directory
            patterns: "{{ operators }}"
          register: out
        - debug:
            msg: "{{ inventory_hostname }} {{ item.path }} uid: {{ item.uid }}"
          loop: "{{ out.files }}"
          loop_control:
            label: "{{ inventory_hostname }}"
      when: list_homes|d(false)|bool

    - name: Delete users
      user:
        name: "{{ item }}"
        state: absent
        remove: true
      loop: "{{ operators }}"
      when: delete_users|d(false)|bool

---

• Create users

shell> ansible-playbook -e create_users=true pb.yml

• List users

shell> ansible-playbook -e list_users=true pb.yml

  msg: 'bastionbox jimbo uid: 2572'
  msg: 'operatorbox jimbo uid: 2537'
  msg: 'bastionbox bobo uid: 2505'
  msg: 'operatorbox bobo uid: 2557'

• List homes

shell> ansible-playbook -e list_homes=true pb.yml

  msg: 'bastionbox /home/bobo uid: 2505'
  msg: 'operatorbox /home/jimbo uid: 2537'
  msg: 'bastionbox /home/jimbo uid: 2572'
  msg: 'operatorbox /home/bobo uid: 2557'

• Set homes (task is idempotent)

shell> ansible-playbook -e set_homes=true pb.yml

TASK [Set home directory owner and group] *************************
ok: [operatorbox] => (item=jimbo)
ok: [bastionbox] => (item=jimbo)
ok: [operatorbox] => (item=bobo)
ok: [bastionbox] => (item=bobo)