Here is a repo with my current favorite role for managing users across different departments and environments:
https://github.com/AutoLogicTechnology/autologic-users On Monday, November 16, 2015 at 7:06:06 AM UTC-5, Ralph Bolton wrote: > > Oh my word... I've just cracked it: > > - name: Create Unix users from the users.yml file > action: user name={{ item.0.user }} state={{ item.0.state }} group={{ > item.0.group | default(None) }} uid={{ item.0.uid | default(None) }} shell > =/bin/bash expires=0 > when: "item.1 == 'all' or inventory_hostname in groups[item.1]" > with_subelements: > - unix_users > - access_to > > > I spent a lot of Friday looking for some patterns for this and found very > little. It seems it was in the doco all along: > http://docs.ansible.com/ansible/playbooks_loops.html#looping-over-subelements. > > This approach effectively checks the user against each group of hosts > separately, which has lots more screen output but not a great deal more > execution time. > > I'd love to use LDAP or some such for this - it would be way more > convenient and would mean I could do things like enforce password policies > and whatnot too. As it stands, I don't have scope to set up any sort of > 'auth server', so unfortunately, Ansible is the best I've got. For the > scale of what I've got to solve for, it's actually not as bad as that > sounds - I'm sure that once we've got lots of people in multiple different > roles and needing different levels of access then an LDAP solution would be > forthcoming. > > Thanks all for your help and suggestions - it gave me the 'shove' I needed > to get to the solution. > > Cheers, > > ...Ralph > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/19bbcd6d-02ad-46fd-afa3-e1a68af26ad5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
