First off, allow me to thank you for your post. I was able to get what I
wanted by looking over your code. However, perhaps I am grossly over
simplifying things, but here's my set up now:
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *$ cat /etc/ansible/users.yaml all_users: - user1 - user2 -
> user3 - user4 - user5 - user6Ops: - user1 - user2 -
> user3 - user4databaseTeam: - user5 - user6*
Then, in my add_users.yaml file:
>
>
>
>
>
>
>
>
>
>
> *---- hosts: all vars_files: - /etc/ansible/users.yaml tasks: -
> name: Create user. user: home=/home/{{ item }} name={{ item }}
> shell=/bin/bash state=present with_items: Ops - name: copy per-user ssh
> key (authorized_keys2) to the destination server action: copy
> src=/usr/share/ansible/files/ssh/{{ item }}/authorized_keys2 dest=/home/{{
> item }}/.ssh/authorized_keys2 mode=755 with_items: Ops*
This works, and I like it becuase I have one centralized users.yaml file to
edit whenever someone joins/leaves.
The only question remaining I have, is how to make the add_users.yaml file
even more generic. What I'd like to do is something like:
*---*
> *- hosts: all*
> * vars_files:*
> * - /etc/ansible/users.yaml *
> * tasks:*
> * - name: Create user.*
> * user: home=/home/{{ item }} name={{ item }} shell=/bin/bash
> state=present*
> * with_items: accounts_to_add*
> * - name: copy per-user ssh key (authorized_keys2) to the destination
> server*
> * action: copy src=/usr/share/ansible/files/ssh/{{ item
> }}/authorized_keys2 dest=/home/{{ item }}/.ssh/authorized_keys2 mode=755*
> * with_items: accounts_to_add*
>
and then run: *ansible-playbook add_users.yaml -u root --check --extra-vars
"accounts_to_add=databaseTeam"*
to only add the databaseTeam.
Basically, I'm looking to make this thing as modular as humanly possible,
and hardcode as little as possible.
(Note: the above throws an error and does not "expand" on accounts_to_add)
*TASK: [Create user.]
********************************************************** changed:
[xxxxxxxxx] => (item=databaseTeam)TASK: [copy per-user ssh key
(authorized_keys2) to the destination server] **** failed: [xxxxxxxxx] =>
(item=databaseTeam)*
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
