General idiom most people use is like: ssh_users: - # list of users
ssh_users_removed: - # list of users And add to _removed when people leave your company, etc. This list can gradually be pruned over time when you are sure no traces of them are around. On Fri, May 23, 2014 at 11:41 AM, Sukharev Petr <[email protected]> wrote: > Hello! > I try to make ssh users management via ansible and find some problem, with > blow up my brain. > My environment: some numbers of users, some numbers of hosts. Production, > test and demo projects. > I put all users in file group_vars/all and it looks like this: > > user1: > - { user: 'user1', group: 'test1', comment: "Test_User_1", uid: > '10001', password: 'HaSH1' } > user2: > - { user: 'user2', group: 'test2', comment: 'Test_User_2', uid: > '10000', password: 'HaSh2' } > > My role file for users looks like this: > > - name: Add ssh user > user: > name={{ item.user }} > groups={{ item.group }} > comment={{ item.comment }} uid={{ item.uid }} > password={{ item.password }} > with_items: "ssh_users" > > And ssh_users describes for each host group like > > - hosts: app > vars: > ssh_users: "{{ssh_users_app}}" > vars_files: > - vars/production > roles: > - users > > - hosts: db > vars: > ssh_users: "{{ssh_users_db}}" > vars_files: > - vars/production > roles: > - users > > > And last step is: > In vars/production i give list of users from group_vars/all file: > > ssh_users_app: > - "{{user1}}" > - "{{user2}}" > ssh_users_db: > - "{{user2}}" > > So, ansible take ssh_users_app variable from vars/production file, put > it in ssh_users variable and send to role. For each host group i can > specifies list of users and all going well... BUT! > When i need to remove user - i need to remove it from ssh_users_app > variable and then run something like this: > ansible -i hosts app -m user -a 'name=user1 state=absent' > > It make me feel little uncomfortable and i try to improve my solution. > > My idea was to specified special value in vars/production with will be > describe state value for user. Like this: > > ssh_users_app: > - "{{user1}}" state: 'present' > - "{{user2}}" state: 'absent' > ssh_users_db: > - "{{user2}}" state: 'present' > > End if i need to remove user from host group - i will changing his > state and apply role to hosts > Does any legal method to do this? Or ansible have more elegant solution > for user management case? > > Thanks a lot for any help! > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/ansible-project/537F6C32.6010906%40gmail.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgy%2BTOJE%2Bkp0UXXu8UwT1Kf3gLpeTW5GNRST%2B6aKaD7%3Dqg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
