When managing users with Ansible's user module, properly specifying group memberships is crucial. The error message about "key=value arguments" typically occurs when the YAML syntax for the groups parameter is incorrect.
Here's the proper way to specify multiple groups in both YAML formats:
# Correct multi-line YAML syntax
- name: Create user with multiple group memberships
user:
name: testuser
state: present
groups: "group1,group2,group3"
append: yes
comment: "Test user account"# Correct inline syntax
- name: Create user with multiple groups (inline)
user: name=testuser state=present groups="group1,group2,group3" append=yes comment="Test user"The groups parameter expects a comma-separated string, not a YAML list. Common mistakes include:
# WRONG: Using YAML list syntax
groups: ["group1", "group2", "group3"]
# WRONG: Using multiple quoted strings
groups: "group1", "group2", "group3"
# CORRECT: Single string with commas
groups: "group1,group2,group3"Use the append parameter to control whether the user remains in existing groups:
- name: Add user to additional groups without removing current memberships
user:
name: testuser
groups: "newgroup1,newgroup2"
append: yes- name: Replace all group memberships (only keeping specified groups)
user:
name: testuser
groups: "onlygroup1,onlygroup2"
append: noHere's a complete playbook example for adding a user to multiple system groups:
- hosts: all
become: yes
tasks:
- name: Ensure webadmin user exists with proper group memberships
user:
name: webadmin
shell: /bin/bash
groups: "www-data,adm,sudo"
append: yes
comment: "Web Server Administrator"
createhome: yes
system: noAfter running your playbook, verify the group memberships:
- name: Verify group memberships
command: id webadmin
register: user_info
changed_when: false
- debug:
var: user_info.stdoutFor more complex scenarios, you can use variables or conditionals:
- hosts: all
vars:
user_groups: "{% if inventory_hostname in groups['web_servers'] %}www-data,nginx{% else %}staff{% endif %}"
tasks:
- name: Configure user with dynamic groups
user:
name: deployer
groups: "{{ user_groups }}"
append: yesWhen working with Ansible's user module, many administrators stumble when trying to add users to multiple secondary groups. The error message "this module requires key=value arguments" typically occurs due to incorrect YAML syntax rather than a functional limitation.
The proper way to specify multiple groups is as a comma-separated string without additional quotes around individual groups:
- name: Create user with multiple group memberships
ansible.builtin.user:
name: testuser
groups: "group1,group2,group3"
append: yes
state: present
groups: Accepts a comma-delimited string (not a list) of supplementary groups
append: When yes (default), preserves existing group memberships when adding new ones
For dynamic group assignments from variables:
- name: Add user to groups from variable
ansible.builtin.user:
name: "{{ username }}"
groups: "{{ user_groups | join(',') }}"
When you need to replace all existing group memberships:
- name: Set exact group membership (overwrite)
ansible.builtin.user:
name: service_account
groups: "adm,wheel,www-data"
append: no
If encountering persistent errors:
1. Verify YAML indentation (2 spaces recommended)
2. Check for hidden special characters in group names
3. Use ansible-playbook --syntax-check to validate playbooks
4. Test with simplest possible playbook to isolate the issue
This complete playbook demonstrates proper multi-group assignment:
- hosts: all
become: yes
tasks:
- name: Configure web admin user
ansible.builtin.user:
name: webadmin
comment: "Web Administrator"
groups: "sudo,www-data,backup"
shell: /bin/bash
create_home: yes
Remember that group names must exist prior to user assignment. Consider adding a preceding task to ensure group existence if needed.