Made an error (why aren't google group posts editable? who knows...).
Should read:
4. Create group_vars files for each group:
'group_vars/myhosts':
---
groups_users_sysadmins: no
groups_users_db: no
'group_vars/*sysadmins*':
---
groups_users_sysadmins: yes
'group_vars/db':
---
groups_users_db: yes
On Wednesday, 29 October 2014 11:07:00 UTC+13, mephage wrote:
>
> Paul,
>
> I recently encountered what I believe the be the same scenario. I googled
> around and couldn't seem to find anything to fit the scenario so I used the
> following approach (probably re-inventing the wheel). The key is to make
> use of roles, playbooks and vars separately. I've adapted your example and
> truncated it for simplicity:
>
> 1. Create a role 'groups_users' consisting of least
> 'roles/groups_users/tasks/main.yml':
> ---
> - name: Add groups
> groups: name={{ item.name }}
> with_items: groups
> - name: Add users
> user: name={{ item.name }}
> uid={{ item.uid }}
> with_items: users
>
> 2. Define these groups in your inventory file 'myhosts':
> [myhosts]
> host1
> host2
> host3
>
> [groups_users_sysadmins]
> host1
> host2
> host3
>
> [groups_users_db]
> host1
>
> 3. Create external vars files for each of your groups:
>
> 'external_vars/groups_users_sysadmins':
> ---
> groups:
> - name: sysadmins
> users:
> - name=username1
> uid=1234
> - name=username2
> uid=2345
>
> 'external_vars/groups_users_db':
> ---
> groups:
> - name: db
> users:
> - name=username3
> uid=3456
> - name=username4
> uid=4567
>
> 4. Create group_vars files for each group:
>
> 'group_vars/myhosts':
> ---
> groups_users_sysadmins: no
> groups_users_db: no
>
> 'group_vars/myhosts':
> ---
> groups_users_sysadmins: yes
>
> 'group_vars/db':
> ---
> groups_users_db: yes
>
> 5. Create a playbook that adds each group conditionally:
> 'groups_users.yml':
> ---
> - name: Add sysadmins group and users
> hosts: all
> vars_files:
> - external_vars/groups_users_sysadmins.yml
> roles:
> - { role: groups_users, when: groups_users_sysadmins == True }
>
> - name: Add db group and users
> hosts: all
> vars_files:
> - external_vars/groups_users_db.yml
> roles:
> - { role: groups_users, when: groups_users_db == True }
>
> It's quite a different approach and requires a few more files, but it
> allows for more scalability.
>
> On Tuesday, 28 October 2014 03:55:03 UTC+13, Paul Slootman wrote:
>>
>> Hi,
>> A new ansible user here... I've been perusing the mailing list archives
>> and have gathered a lot of useful tidbits.
>>
>> I've been fairly successful in figuring out how to create a set of users
>> on a list of hosts. However, what I'm not so clear about is how to create
>> different sets of users on different categories of hosts. We're a software
>> house that administrates the server farms at our customers. Let's say we
>> have 20 customers, and each customer can have 3-20 servers; these servers
>> fall into different categories as well: application servers, database
>> servers, test app. servers, test DB servers for example.
>>
>> One set of users should be created on all systems always, namely our
>> sysadmins.
>> Another set of users should only be created on the database servers;
>> likewise for the application servers.
>>
>> The approach I'd find logical would be to write a playbook such as:
>>
>> - hosts: all_hosts
>> tasks:
>> - name: Add sysadmin users
>> user: name={{ item.key }} password={{ item.value.password }} uid={{
>> item.value.uid }} group={{ item.value.group }} groups="" comment="{{
>> item.value.comment }}" state={{ item.value.state }} update_password=always
>> with_dict: sysadmin_user
>>
>> - hosts: db_hosts
>> tasks:
>> - name: Add DBA users
>> user: name={{ item.key }} password={{ item.value.password }} uid={{
>> item.value.uid }} group={{ item.value.group }} groups="" comment="{{
>> item.value.comment }}" state={{ item.value.state }} update_password=always
>> with_dict: dba_user
>>
>> - hosts: application_hosts
>> tasks:
>> - name: Add application users
>> user: name={{ item.key }} password={{ item.value.password }} uid={{
>> item.value.uid }} group={{ item.value.group }} groups="" comment="{{
>> item.value.comment }}" state={{ item.value.state }} update_password=always
>> with_dict:appl_user
>>
>> This would work, but would entail listing all hosts at least twice: once
>> for the "all_hosts" list, and once for the specific type of host. I'd like
>> to be able to compose the "all_hosts" list automatically out of the other
>> lists. I've tried a couple of ways after reading things in the mailing list
>> archive that might be applicable, but haven't had any success.
>>
>> So, in short, my question really boils down to: Is it possible to merge
>> existing host lists so that I don't have to repeat hosts in different
>> lists? The same question also applies to user lists, although I suspect
>> that if it's possible with host lists, the same method will work for user
>> lists as well.
>>
>> (Being able to merge host lists would mean it would be possible to define
>> hosts in lists according to customer + type, and then build different host
>> lists such as "all DB hosts" or "all hosts at customer XYZ".)
>>
>>
>> Thanks!
>>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/12eb1210-f2aa-4e34-af62-10848f6651b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
