Hi folks,
I have a presumably typical setup - see end for the yaml files.
- a generic role to create users
- a vars file with all the users across my environment
Which works fine if I want all users on every box.
However I need to apply only a subset of these users to various systems
- for example, all boxes should have the ansible user created, but only
webservers should have the additional ops user created.
I couldn't find a way from within the playbook only to require the
ansible user from `vars/users.yml`. So I tried instead splitting the
vars up into 2 separate files in the playbook:
```bootstrap.yml
---
- name: deploy and configure site
hosts: all
become: yes
gather_facts: yes
vars_files:
- vars/ansible.yml
- vars/ops.yml
roles:
- users
...
```
however as expected, only the 2nd user is created/defined, as the users
dict is replaced, and not merged.
What's the best way to selectively apply users to various servers,
without needing to duplicate the user details in different vars files? I
feel like I'm missing something *really* obvious here.
Thanks!
exact role & vars follow.
```roles/users/tasks/main.yml
---
- name: create user groups
group:
name: "{{ item.key }}"
gid: "{{ item.value.gid | default(omit) }}"
with_dict: "{{ users }}"
tags:
- users
- groups
- name: create user accounts
user:
name: "{{ item.key }}"
state: "{{ item.value.state | default(omit) }}"
uid: "{{ item.value.uid }}"
group: "{{ item.key }}"
groups: "{{ item.value.groups | default(omit) }}"
shell: "{{ item.value.shell | default(omit) }}"
comment: "{{ item.value.email | default('root@localhost') |
regex_replace('@', '%')}}"
with_dict: "{{ users }}"
tags:
- users
- accounts
- name: manage ssh keys
authorized_key:
user: "{{ item.key }}"
manage_dir: yes
exclusive: yes
key: "{{ item.value.ssh_options }} {{ item.value.ssh_key }}"
with_dict: "{{ users }}"
tags:
- users
- sshkeys
```
```
# vars/users.yml
---
users:
# users defaults
# state: present (or absent to delete entirely)
# uid: optional, numeric
# gid: optional, numeric
# groups:optional
# shell: optional, string path to installed valid shell
# email: optional, applied to GeCOS and similar fields
# ssh_options: optional, ssh-ed25519 | ssh-rsa ...
# ssh_key: required
# pgp_key: optional, for http://pgp.mit.edu/pks/lookup?op=get&search=
ansible:
uid: 333
gid: 333
groups: ansible,wheel
shell: /bin/sh
email: f...@bar.com
ssh_key: AAAAC3N1234561273451276345216
ssh_options: ssh-ed25519
ops:
groups: mail,www
uid: 9000
gid: 9000
ssh_key: AAAAC3N1234561273451276345216
ssh_options: ssh-ed25519
```
A+ Dave
—
Dave Cottlehuber
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1465756675.3164282.635390425.15DBA4F9%40webmail.messagingengine.com.
For more options, visit https://groups.google.com/d/optout.
