Thanks, Dan!
I've managed to do what I wanted with you help.
I ended up with:
setting hash_behaviour = merge in ansible.cfg
group_vars/all
users:
user1:
comment: "user1"
state: "present"
groups:
- "wheel"
- "dvp"
authorized:
- "ssh-rsa 111"
- "ssh-rsa 222"
user2:
comment: "user2"
state: 'absent'
groups:
- "wheel"
- "dvp"
authorized:
- "ssh-rsa 333"
user3:
comment: "user3"
state: 'absent'
groups:
- "wheel"
- "dvp"
authorized:
- "ssh-rsa 123"
user4:
comment: "user4"
state: 'absent'
groups:
- "dvp"
authorized:
- "ssh-rsa 555"
group_vars/office
---
users:
user2:
state: 'present'
host_vars/office-host1
---
users:
user4:
state: 'present'
Now I can have all my users enumerated in one file, and then can enable
them on group of hosts- or host-based level
On Saturday, 21 March 2015 19:21:30 UTC+3, Dan Vaida wrote:
>
> There are various ways you could go about doing this. Here's one of them.
> users.yml
> ---
> - hosts: all
> sudo: yes
> tasks:
> - name: add users
> user: name="{{ item.key }}" comment="{{ item.value.comment }}"
> when: inventory_hostname in groups.{{ item.value.hosts|join(',') }}
> with_dict: users
> tags: user
>
> - name: add sshkey for users
> authorized_key: user="{{ item.key }}" key="{{
> item.value.authorized|join() }}"
> when: inventory_hostname in groups.{{ item.value.hosts|join(',') }}
> with_dict: users
> tags: user
>
>
> vars.yml
> users:
> user1:
> comment: "user2"
> authorized:
> - "ssh-rsa aaa"
> - "ssh-rsa bbb"
> hosts: [ "all", "office" ]
> user2:
> comment: "user3"
> authorized:
> - "ssh-rsa ccc"
> hosts: [ "office" ]
>
> hosts:
> [something]
> hostX
>
> [office]
> hostY
>
> [all:children]
> something
> office
>
> $ ansible-playbook -i hosts users.yml --tags user --extra-vars @vars.yml
>
> I accept this is not the most elegant way to do it, but it's just
> something I came up with on the spot.
> Hope it helps,
>
> Dan.
>
> On Thursday, 19 March 2015 21:27:24 UTC+1, Александр Костырев wrote:
>>
>> yet another question about loops
>>
>> I want to be able to merge users across servers.
>> For example,
>> I want user1 to be on all of my hosts
>> and I want user_special_at_office to be only at my office's servers
>>
>> So I made inventory file, where I specified all of the groups.
>> I made group_vars for *all* and for *office*
>>
>> As I've read I can merge only dictionaries.
>>
>> file group_vars/all
>> ---
>> users:
>> user1:
>> comment: 'user1'
>> authorized:
>> - 'ssh-rsa 123'
>> - 'ssh-rsa 999'
>> - 'ssh-rsa 345'
>>
>> file group_vars/office
>> ---
>> users:
>> user_special_at_office:
>> comment: 'user_special_at_office'
>> authorized:
>> - 'ssh-rsa 555'
>> - 'ssh-rsa 444'
>>
>> with this play
>> ---
>> - hosts: all
>> tasks:
>> - name: add users
>> user: name={{ item.key }} comment="{{ item.value.comment }}"
>> with_dict: users
>> tags: user
>>
>> - name: add sshkey for users
>> authorized_key: user={{ item.0.key }} key="{{ item.1 }}"
>> with_subelements:
>> - users
>> - authorized
>> tags: user_key
>>
>> When I run this play with *--tags user* I get two users - so the
>> merging is working.
>> But I'm completely hopeless to get the task "add sshkey for users"
>> working.
>> *One or more undefined variables: 'dict object' has no attribute 'key'*
>>
>> Please advise me how can I accoplish what I want
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/7d8fada4-046e-4727-bab0-f6d6c86ecd58%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
