I haven't seen the "right" way to organizer users, so here's my attempt, but it seems to me like it should be a bit simpler.
https://gist.github.com/pete0emerson/ba331fd0defba6d2dd7c Why I organized things this way: 1) I want to only define users once, in one place (users.yaml) 2) I want to map groups of users in one place as well (user_groups.yaml) 3) I want the definition of a user to be in one place (user_definition.yaml) 4) Right now I'm saving usergroups for later (this is an MVP) 5) I'm saving *disabling* of users for later as well (in a pinch I can revoke their ssh key) Where I'd like some guidance: The playbook that I run (users_playbook.yaml) maps hosts to groups of users. But I currently specify the host group twice: - hosts: haproxy include: user_definition.yaml accounts_to_add=users_haproxy hosts=haproxy It seems strange to have the "- hosts: " section in both the users_playbook.yaml and the user_definition.yaml file, passing the host group from one to the other in a variable. Is there a nicer way to do this? Any other comments such as "this is a very un-Ansible way of organizing things, try it this way" et cetera are very welcome. I'd love to see a "best practices" document come to life centered around these sorts of things. Thanks, Pete -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/97ef96d3-e55c-491a-bb3e-9d7715a7e04d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
