Hello!
I try to make ssh users management via ansible and find some problem,
with blow up my brain.
My environment: some numbers of users, some numbers of hosts.
Production, test and demo projects.
I put all users in file group_vars/all and it looks like this:
user1:
- { user: 'user1', group: 'test1', comment: "Test_User_1", uid:
'10001', password: 'HaSH1' }
user2:
- { user: 'user2', group: 'test2', comment: 'Test_User_2', uid:
'10000', password: 'HaSh2' }
My role file for users looks like this:
- name: Add ssh user
user:
name={{ item.user }}
groups={{ item.group }}
comment={{ item.comment }} uid={{ item.uid }}
password={{ item.password }}
with_items: "ssh_users"
And ssh_users describes for each host group like
- hosts: app
vars:
ssh_users: "{{ssh_users_app}}"
vars_files:
- vars/production
roles:
- users
- hosts: db
vars:
ssh_users: "{{ssh_users_db}}"
vars_files:
- vars/production
roles:
- users
And last step is:
In vars/production i give list of users from group_vars/all file:
ssh_users_app:
- "{{user1}}"
- "{{user2}}"
ssh_users_db:
- "{{user2}}"
So, ansible take ssh_users_app variable from vars/production file,
put it in ssh_users variable and send to role. For each host group i can
specifies list of users and all going well... BUT!
When i need to remove user - i need to remove it from ssh_users_app
variable and then run something like this:
ansible -i hosts app -m user -a 'name=user1 state=absent'
It make me feel little uncomfortable and i try to improve my solution.
My idea was to specified special value in vars/production with will
be describe state value for user. Like this:
ssh_users_app:
- "{{user1}}" state: 'present'
- "{{user2}}" state: 'absent'
ssh_users_db:
- "{{user2}}" state: 'present'
End if i need to remove user from host group - i will changing his
state and apply role to hosts
Does any legal method to do this? Or ansible have more elegant
solution for user management case?
Thanks a lot for any help!
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/537F6C32.6010906%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
