Fixes https://github.com/ansible/ansible/issues/11768
Test plan:
- (in a Vagrant VM) created a user 'bob' with no ssh key
- ran the following playbook in check mode:
---
- hosts: trusty
tasks:
- user: name=bob state=present generate_ssh_key=yes
- saw that ansible-playbook reported "changes=1"
- saw that /home/bob/.ssh was still absent
- ran the playbook for real
- saw that /home/bob/.ssh was created
- ran the playbook in check mode again
- saw that ansible-playbook reported no changes
- tried a variation with a different username for a user that didn't
exist: ansible-playbook --check worked correctly (no errors, reported
"changed")
If `password` is defined as `*` `useradd` or `usermod` returns an error:
msg: usermod: Invalid password: `*'
This works very well on Linux host to not define any password for a
user (mainly useful if your setup is only based on SSH keys for
auth). On OpenBSD this does not work, so we have to ignore the encrypted
password parameter if it defined as `*`.
Includes commits for:
* Don't return change if the password is not set
* Set the group to nogroup if none is specified
* Set an uid if none is specified
* Test if SHADOWFILE is set (for Darwin)
* remove unused uid
The default is not very useful to sort between different
keys and user. Adding the hostname in the comment permit to later
sort them if you start to reuse the key and set them in different
servers. See https://github.com/ansible/ansible/pull/7420
for the rational.
the AIX class uses a unsafe shell for setting the user password (containing a pipe in the command). This patch adopts to the new behavior of module_utils/basic.py (since somewhere around 1.7).
besides it changes the qoutes for the echo command from double to single, because password-hashes contain $-signs and one would not have this variables expanded.
