You can parameterise roles, maybe that would help. (http://docs.ansible.com/playbooks_roles.html )
Define all the group memberships in your accounts role (accounts/defaults/main.yml) and then in your inventory, load the accounts role into specific hosts with a list of the groups you want defined. On 12 August 2014 10:25, P <[email protected]> wrote: > I would like to use ansible for our user management (I know there are > software for it like LDAP but not for now ...). > This is typical definition of users and their groups: > > Groups and users: > > group1 > > user1 > user2 > > group2 > > user1 > user2 > user3 > > group3 > > user1 > user2 > user3 > user4 > > The problem I have is that every server is going to have subset of all > groups, i.e: > > server1 > > group1 > group3 > > server2 > > group3 > > server3 > > group1 > > Then there is a request from business/developers/managers/whatever that > particular group of users should have access to particular servers so we > need to modify ansible config and add e.g. group3 to server3. > > Is it possible to create a role with a sort of "map" file where I could > specify which server will have particular user groups > so we could modify this one (!) file, run site.yml and done (the role and > its file knows where to create each group). > > I would like to avoid redundancy in terms of user definitions (error prone) > and have just one file with all users defined in it. > > That way I could include this role in every playbook and it would > automatically create (or not) particular group of users > on every host. > Is it possible to do that ? > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/b90ff83b-0e8a-487f-bc00-9132d71bea92%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK5eLPQGKG_Qf5ENEKz38qh8Tn65nkELwjB%2Bw6O%3D_q0P%2BuAu5A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
