On 16/04/22 22:13, Richard Hector wrote:
Hi all,
I have created a directory 'users' alongside my inventory. It has a
directory 'user_vars', intended to be used like host_vars, but for
users, obviously.
In there, I have files like this:
=====================
---
name: richard
gecos: 'Richard Hector,,,'
shell: '/bin/bash'
ssh_keys:
- richard@foo
- richard@bar
=====================
Then in host_vars/all, I have this kind of thing:
=====================
---
users:
- richard
admins:
- richard
ansible_users:
- richard
=====================
I also have users/public_keys, which has a file for each of
'richard@foo' etc, containing one key.
Where I'm stuck is reading in the user_vars file(s).
I want to get rid of what I used to have:
=====================
- name: users
user:
name: '{{ item.name }}'
comment: '{{ item.gecos }}'
shell: '{{ item.shell }}'
createhome: yes
state: present
groups: '{{ item.groups }}'
append: yes
with_items:
- { name: 'richard', gecos: 'Richard Hector,,,', shell:
'/bin/bash', groups: [ 'sudo', 'adm' ] }
tags:
- users
======================
since I want to separate data from the rest of my config.
So I'd like to either read all the user_vars files into a single
dictionary before I run that loop, or read each file in its own
iteration of the loop - or something better if that's the answer.
I thought about using set_fact in a loop, but that would give me
separate facts/variables for each user, making it harder(?) to index
them (but maybe by text templating the variable name?)
I also thought about doing a lookup in every line of the user loop
above, but that seems wasteful, and I'm not sure how I'd do it anyway.
I've got this, but it looks horrible:
==================
- name: set up user dicts
set_fact:
"user_{{ item }}": "{{ lookup('file', inventory_dir +
'/users/user_vars/' + item) |from_yaml }}"
with_items: "{{ users }}"
tags:
- users
- name: users
user:
name: "{{ lookup('vars', 'user_' + item).name }}"
comment: "{{ lookup('vars', 'user_' + item).gecos }}"
shell: "{{ lookup('vars', 'user_' + item).shell }}"
createhome: yes
state: present
append: yes
with_items: "{{ users }}"
tags:
- users
- name: admin groups
user:
name: "{{ item }}"
append: yes
groups:
- sudo
- adm
when: item in admins
with_items: "{{ users }}"
tags:
- users
- name: ansible group
user:
name: "{{ item }}"
append: yes
groups:
- sudo
- adm
when: item in ansible_users
with_items: "{{ users }}"
tags:
- users
=========================
I'm still to do the ssh key stuff - that's going to be pretty ugly too,
I think.
Are there ways to make this cleaner?
Cheers,
Richard
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/af4b8c5e-3e6c-b937-48fd-b74ea32d66d0%40walnut.gen.nz.
