Paul,
I recently encountered what I believe the be the same scenario. I googled
around and couldn't seem to find anything to fit the scenario so I used the
following approach (probably re-inventing the wheel). The key is to make
use of roles, playbooks and vars separately. I've adapted your example and
truncated it for simplicity:
1. Create a role 'groups_users' consisting of least
'roles/groups_users/tasks/main.yml':
---
- name: Add groups
groups: name={{ item.name }}
with_items: groups
- name: Add users
user: name={{ item.name }}
uid={{ item.uid }}
with_items: users
2. Define these groups in your inventory file 'myhosts':
[myhosts]
host1
host2
host3
[groups_users_sysadmins]
host1
host2
host3
[groups_users_db]
host1
3. Create external vars files for each of your groups:
'external_vars/groups_users_sysadmins':
---
groups:
- name: sysadmins
users:
- name=username1
uid=1234
- name=username2
uid=2345
'external_vars/groups_users_db':
---
groups:
- name: db
users:
- name=username3
uid=3456
- name=username4
uid=4567
4. Create group_vars files for each group:
'group_vars/myhosts':
---
groups_users_sysadmins: no
groups_users_db: no
'group_vars/myhosts':
---
groups_users_sysadmins: yes
'group_vars/db':
---
groups_users_db: yes
5. Create a playbook that adds each group conditionally:
'groups_users.yml':
---
- name: Add sysadmins group and users
hosts: all
vars_files:
- external_vars/groups_users_sysadmins.yml
roles:
- { role: groups_users, when: groups_users_sysadmins == True }
- name: Add db group and users
hosts: all
vars_files:
- external_vars/groups_users_db.yml
roles:
- { role: groups_users, when: groups_users_db == True }
It's quite a different approach and requires a few more files, but it
allows for more scalability.
On Tuesday, 28 October 2014 03:55:03 UTC+13, Paul Slootman wrote:
>
> Hi,
> A new ansible user here... I've been perusing the mailing list archives
> and have gathered a lot of useful tidbits.
>
> I've been fairly successful in figuring out how to create a set of users
> on a list of hosts. However, what I'm not so clear about is how to create
> different sets of users on different categories of hosts. We're a software
> house that administrates the server farms at our customers. Let's say we
> have 20 customers, and each customer can have 3-20 servers; these servers
> fall into different categories as well: application servers, database
> servers, test app. servers, test DB servers for example.
>
> One set of users should be created on all systems always, namely our
> sysadmins.
> Another set of users should only be created on the database servers;
> likewise for the application servers.
>
> The approach I'd find logical would be to write a playbook such as:
>
> - hosts: all_hosts
> tasks:
> - name: Add sysadmin users
> user: name={{ item.key }} password={{ item.value.password }} uid={{
> item.value.uid }} group={{ item.value.group }} groups="" comment="{{
> item.value.comment }}" state={{ item.value.state }} update_password=always
> with_dict: sysadmin_user
>
> - hosts: db_hosts
> tasks:
> - name: Add DBA users
> user: name={{ item.key }} password={{ item.value.password }} uid={{
> item.value.uid }} group={{ item.value.group }} groups="" comment="{{
> item.value.comment }}" state={{ item.value.state }} update_password=always
> with_dict: dba_user
>
> - hosts: application_hosts
> tasks:
> - name: Add application users
> user: name={{ item.key }} password={{ item.value.password }} uid={{
> item.value.uid }} group={{ item.value.group }} groups="" comment="{{
> item.value.comment }}" state={{ item.value.state }} update_password=always
> with_dict:appl_user
>
> This would work, but would entail listing all hosts at least twice: once
> for the "all_hosts" list, and once for the specific type of host. I'd like
> to be able to compose the "all_hosts" list automatically out of the other
> lists. I've tried a couple of ways after reading things in the mailing list
> archive that might be applicable, but haven't had any success.
>
> So, in short, my question really boils down to: Is it possible to merge
> existing host lists so that I don't have to repeat hosts in different
> lists? The same question also applies to user lists, although I suspect
> that if it's possible with host lists, the same method will work for user
> lists as well.
>
> (Being able to merge host lists would mean it would be possible to define
> hosts in lists according to customer + type, and then build different host
> lists such as "all DB hosts" or "all hosts at customer XYZ".)
>
>
> Thanks!
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/9a150c00-d76d-4d43-ac0f-25dd2ad7ae99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
