Re: [ansible-project] How to edit a variable in a later variable file

[Kai Stian Olstad]

On 22. mai 2017 19:01, Adam Lininger wrote:
> I would like to be able to edit a variable (per host) that was originally
> defined in a default file.

You can overwrite variables per host, but not edit or partial overwrite a 
variable.


> The larger situation is this. We have a large number of servers with a
> defined set of local accounts. The list of accounts is defined something
> like this in the default.yml file for the role. The task in the role
> iterates over the list and creates all the accounts using the user module.
> 
> list_of_users:
>   - username: user1
>     state: present
>     shell: /bin/bash
>     password_hash: <hash>
> 
>   - username: user2
>     state: present
>     shell: /bin/zsh
>     password_hash: <hash>
> 
> Ideally, I'd like to be able to trim down the list of users to a much
> smaller set on a per-host basis. I don't want to have to edit the per host
> file when the main file adds a new user. I also don't want to have to
> change passwords or shells in every per-host file (which is what I'm doing
> now).
> 
> The ideal case would be to (in a host_vars or group_vars file) iterate over
> the list_of_users array and change the state variable to absent...except
> when username matches a local list.
> 
> It seems like such a thing should be possible somehow, but I haven't found
> any way of doing that.
What you could do is introduce a list variable called enabled_users.
Then you can list all the user that you would like to create on a host, and the 
role has all the users.

If you need to overwrite some of the values you could do something like 
list_of_user_overwrite.

- user:
    name: "{{ list_of_user_overwrite[item.username] | default(item.username) }}"
    state: "{{ list_of_user_overwrite[item.state] | default(item.state) }}"
    ...
    ...
  when: item.username in enabled_users
  with_items: "{{ list_of_users }}"

-- 
Kai Stian Olstad

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/d1d5e0dc-9839-752c-a497-1d6445420912%40olstad.com.
For more options, visit https://groups.google.com/d/optout.