Maybe something like when: 'webservers' in group_names
Might help. On Jun 12, 2016 8:38 PM, "Dave Cottlehuber" <[email protected]> wrote: > Hi folks, > > I have a presumably typical setup - see end for the yaml files. > > - a generic role to create users > - a vars file with all the users across my environment > > Which works fine if I want all users on every box. > > However I need to apply only a subset of these users to various systems > - for example, all boxes should have the ansible user created, but only > webservers should have the additional ops user created. > > I couldn't find a way from within the playbook only to require the > ansible user from `vars/users.yml`. So I tried instead splitting the > vars up into 2 separate files in the playbook: > > ```bootstrap.yml > --- > - name: deploy and configure site > hosts: all > become: yes > gather_facts: yes > vars_files: > - vars/ansible.yml > - vars/ops.yml > roles: > - users > ... > ``` > > however as expected, only the 2nd user is created/defined, as the users > dict is replaced, and not merged. > > What's the best way to selectively apply users to various servers, > without needing to duplicate the user details in different vars files? I > feel like I'm missing something *really* obvious here. > > Thanks! > > exact role & vars follow. > > ```roles/users/tasks/main.yml > --- > - name: create user groups > group: > name: "{{ item.key }}" > gid: "{{ item.value.gid | default(omit) }}" > with_dict: "{{ users }}" > tags: > - users > - groups > > - name: create user accounts > user: > name: "{{ item.key }}" > state: "{{ item.value.state | default(omit) }}" > uid: "{{ item.value.uid }}" > group: "{{ item.key }}" > groups: "{{ item.value.groups | default(omit) }}" > shell: "{{ item.value.shell | default(omit) }}" > comment: "{{ item.value.email | default('root@localhost') | > regex_replace('@', '%')}}" > with_dict: "{{ users }}" > tags: > - users > - accounts > > - name: manage ssh keys > authorized_key: > user: "{{ item.key }}" > manage_dir: yes > exclusive: yes > key: "{{ item.value.ssh_options }} {{ item.value.ssh_key }}" > with_dict: "{{ users }}" > tags: > - users > - sshkeys > ``` > > > ``` > # vars/users.yml > --- > users: > # users defaults > # state: present (or absent to delete entirely) > # uid: optional, numeric > # gid: optional, numeric > # groups:optional > # shell: optional, string path to installed valid shell > # email: optional, applied to GeCOS and similar fields > # ssh_options: optional, ssh-ed25519 | ssh-rsa ... > # ssh_key: required > # pgp_key: optional, for http://pgp.mit.edu/pks/lookup?op=get&search= > ansible: > uid: 333 > gid: 333 > groups: ansible,wheel > shell: /bin/sh > email: [email protected] > ssh_key: AAAAC3N1234561273451276345216 > ssh_options: ssh-ed25519 > > ops: > groups: mail,www > uid: 9000 > gid: 9000 > ssh_key: AAAAC3N1234561273451276345216 > ssh_options: ssh-ed25519 > ``` > > A+ Dave > — > Dave Cottlehuber > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/1465756675.3164282.635390425.15DBA4F9%40webmail.messagingengine.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAO3_%2BAE8GXdW75h_nphYpSy2KTbd2vN9rHw4p_uQ_pcw3kpAhg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
