Let me show you how I do this.
I have a vars file with al my users containing:
1/ A list of users with config details:
user:
paul:
description: Paul McCartney
uid: 1001
ringo
description: Ringo Star
uid: 1002
...
2/ several lists of users, e.g.
users_apple_admin:
- paul
- john
users_apple_dev:
- ringo
- george
...
Then, in the inventory, e.g. for the group "apple", I define:
users_admin:
- "{{users_apple_admin}}"
users_dev:
- "{{users_apple_dev}}"
- "{{users_virgin_dev}}
Finally, in a playbooks role, where I create all users, I call the role
with:
- role: real_user
real_user_list:
- "{{users_admin}}"
- "{{users_dev}}"
and in the role, the create user tasks uses this loop
action:
module: user
name: "{{ item }}"
comment: "{{ user[item]['description'] }}"
uid: "{{ user[item]['uid'] }}"
with_flattened: real_user_list
Elsewhere, where I create groups, I'll do something like this
- name: Assign Developer roles
action:
module: user
name: "{{ item }}"
groups: "{{ lookup('flattened', groups_dev) }}"
append: "yes"
state: present
with_flattened: users_dev
Where groups_dev is set somewhere in the inventory, and is a list of groups
that developers should be member of, for the group where it was set.
groups_dev:
- developers
- tomcat_user
...
Hope this helps,
Serge
On 29 November 2013 03:45, BrianAI <[email protected]> wrote:
> Good evening all!
>
> I am new to Ansible (only 2 days in), but am quite excited by the
> prospects.
>
> I have a laundry list of questions but I figured it'd be best to separate
> them into multiple posts to help people searching these lists in the future.
>
> The first question is:....
>
> - After much searching, I found an archived exchange that points out a way
> to have a list of users in a group_vars/xxxx.yaml file, and then in a
> "add_users.yaml" playbook, do something like the following:
>
>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> * 1 --- 2 - hosts: all 3 vars_files: 4 -
>> /etc/ansible/group_vars/[some-group-name-goes-here]/users.yaml 5
>> tasks: 6 - name: Create user. 7 user: home=/home/{{ item }} name={{
>> item }} shell=/bin/bash state=present 8 with_items: users 9 - name:
>> copy per-user ssh key (authorized_keys2) to the destination server 10
>> action: copy src=/usr/share/ansible/files/ssh/{{ item }}/authorized_keys2
>> dest=/home/{{ item }}/.ssh/authorized_keys2 mode=755 11 with_items:
>> users*
>>
>
>
> This works quite well (thank to to whomever it was who posted that
> solution). However, I personally don't like the idea of having to maintain
> multiple files of users per group/pattern. What I'd like to be able to do,
> is the same way I have 1 hosts file (/etc/ansible/hosts) that has *all* of
> my hosts and groups in one nicely organized file, I would like to have one
> giant users.yaml which has different groups of users (ie: one for the
> database boxes, one for the staging boxes, one for the production boxes,
> etc.)
>
> Perhaps I'm thinking of this the wrong way, but it seems like something
> that should be easy to do. This is kind of a "global variable" concept,
> I'd just like to centralize the management of this.
>
> Any thoughts on the syntax to properly do this? Thanks!!! :o)
>
>
>>
>>
>>
>>
>>
>>
>>
>> *$ cat /etc/ansible/group_vars/[some-group-name-goes-here]/users.yaml
>> users: - user1 - user2 - user3group_name: - users*
>
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/groups/opt_out.
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
