I have different environments and for each an inventory: production.ini and
development.ini.
I have a users.yml containing user data:
users:
- username: foo
uid: 1001
gid: 1001
pw_hash: $6$...
ssh_key: ssh-rsa AAAA...
- username: bar
uid: 1002
gid: 1002
pw_hash: $6$...
ssh_key: ssh-rsa AAAA...
I use the users in a user task.
user:
name: "{{ item.username }}"
uid: "{{ item.uid }}"
gid: "{{ item.gid }}"
with_items: "{{ users }}"
And I use the SSH keys in an authorized_key task.
authorized_key: user={{ item.username }} key={{ item.ssh_key }}
with_items: "{{ users }}"
This works in the production end development environment.
Now I have the requirement to use different SSH keys for some but not all
users in production and development.
How to get the different SSH keys in the users.yml without duplicating all
the remaining data for each environment?
My first idea was to make the ssh_key attribute a hash:
users:
- username: foo
uid: 1001
gid: 1001
pw_hash: $6$...
ssh_key:
production: ssh-rsa AAAA...
development: ssh-rsa BBBB...
By this I can select the right key based on the environment:
authorized_key: user={{ item.username }} key={{ item.ssh_key[environment] |
default(item.ssh_key.production) }}
with_items: "{{ users }}"
But how to know in a playbook in which environment the playbook is executed?
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/2ea7d335-6c99-4647-91a6-6f38522cc6fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
