Hi folks, I have a presumably typical setup - see end for the yaml files.
- a generic role to create users - a vars file with all the users across my environment Which works fine if I want all users on every box. However I need to apply only a subset of these users to various systems - for example, all boxes should have the ansible user created, but only webservers should have the additional ops user created. I couldn't find a way from within the playbook only to require the ansible user from `vars/users.yml`. So I tried instead splitting the vars up into 2 separate files in the playbook: ```bootstrap.yml --- - name: deploy and configure site hosts: all become: yes gather_facts: yes vars_files: - vars/ansible.yml - vars/ops.yml roles: - users ... ``` however as expected, only the 2nd user is created/defined, as the users dict is replaced, and not merged. What's the best way to selectively apply users to various servers, without needing to duplicate the user details in different vars files? I feel like I'm missing something *really* obvious here. Thanks! exact role & vars follow. ```roles/users/tasks/main.yml --- - name: create user groups group: name: "{{ item.key }}" gid: "{{ item.value.gid | default(omit) }}" with_dict: "{{ users }}" tags: - users - groups - name: create user accounts user: name: "{{ item.key }}" state: "{{ item.value.state | default(omit) }}" uid: "{{ item.value.uid }}" group: "{{ item.key }}" groups: "{{ item.value.groups | default(omit) }}" shell: "{{ item.value.shell | default(omit) }}" comment: "{{ item.value.email | default('root@localhost') | regex_replace('@', '%')}}" with_dict: "{{ users }}" tags: - users - accounts - name: manage ssh keys authorized_key: user: "{{ item.key }}" manage_dir: yes exclusive: yes key: "{{ item.value.ssh_options }} {{ item.value.ssh_key }}" with_dict: "{{ users }}" tags: - users - sshkeys ``` ``` # vars/users.yml --- users: # users defaults # state: present (or absent to delete entirely) # uid: optional, numeric # gid: optional, numeric # groups:optional # shell: optional, string path to installed valid shell # email: optional, applied to GeCOS and similar fields # ssh_options: optional, ssh-ed25519 | ssh-rsa ... # ssh_key: required # pgp_key: optional, for http://pgp.mit.edu/pks/lookup?op=get&search= ansible: uid: 333 gid: 333 groups: ansible,wheel shell: /bin/sh email: f...@bar.com ssh_key: AAAAC3N1234561273451276345216 ssh_options: ssh-ed25519 ops: groups: mail,www uid: 9000 gid: 9000 ssh_key: AAAAC3N1234561273451276345216 ssh_options: ssh-ed25519 ``` A+ Dave — Dave Cottlehuber -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/1465756675.3164282.635390425.15DBA4F9%40webmail.messagingengine.com. For more options, visit https://groups.google.com/d/optout.