Add special value to variable or merge 2 variables into one (user manegment)
31 views
Skip to first unread message
Sukharev Petr
May 23, 2014, 11:41:43 AM5/23/14
to ansible...@googlegroups.com
Hello!
I try to make ssh users management via ansible and find some problem,
with blow up my brain.
My environment: some numbers of users, some numbers of hosts.
Production, test and demo projects.
I put all users in file group_vars/all and it looks like this:
user1:
- { user: 'user1', group: 'test1', comment: "Test_User_1", uid:
'10001', password: 'HaSH1' }
user2:
- { user: 'user2', group: 'test2', comment: 'Test_User_2', uid:
'10000', password: 'HaSh2' }
My role file for users looks like this:
- name: Add ssh user
user:
name={{ item.user }}
groups={{ item.group }}
comment={{ item.comment }} uid={{ item.uid }}
password={{ item.password }}
with_items: "ssh_users"
And ssh_users describes for each host group like
- hosts: app
vars:
ssh_users: "{{ssh_users_app}}"
vars_files:
- vars/production
roles:
- users
- hosts: db
vars:
ssh_users: "{{ssh_users_db}}"
vars_files:
- vars/production
roles:
- users
And last step is:
In vars/production i give list of users from group_vars/all file:
ssh_users_app:
- "{{user1}}"
- "{{user2}}"
ssh_users_db:
- "{{user2}}"
So, ansible take ssh_users_app variable from vars/production file,
put it in ssh_users variable and send to role. For each host group i can
specifies list of users and all going well... BUT!
When i need to remove user - i need to remove it from ssh_users_app
variable and then run something like this:
ansible -i hosts app -m user -a 'name=user1 state=absent'
It make me feel little uncomfortable and i try to improve my solution.
My idea was to specified special value in vars/production with will
be describe state value for user. Like this:
ssh_users_app:
- "{{user1}}" state: 'present'
- "{{user2}}" state: 'absent'
ssh_users_db:
- "{{user2}}" state: 'present'
End if i need to remove user from host group - i will changing his
state and apply role to hosts
Does any legal method to do this? Or ansible have more elegant
solution for user management case?
Thanks a lot for any help!
I try to make ssh users management via ansible and find some problem,
with blow up my brain.
My environment: some numbers of users, some numbers of hosts.
Production, test and demo projects.
I put all users in file group_vars/all and it looks like this:
user1:
- { user: 'user1', group: 'test1', comment: "Test_User_1", uid:
'10001', password: 'HaSH1' }
user2:
- { user: 'user2', group: 'test2', comment: 'Test_User_2', uid:
'10000', password: 'HaSh2' }
My role file for users looks like this:
- name: Add ssh user
user:
name={{ item.user }}
groups={{ item.group }}
comment={{ item.comment }} uid={{ item.uid }}
password={{ item.password }}
with_items: "ssh_users"
And ssh_users describes for each host group like
- hosts: app
vars:
ssh_users: "{{ssh_users_app}}"
vars_files:
- vars/production
roles:
- users
- hosts: db
vars:
ssh_users: "{{ssh_users_db}}"
vars_files:
- vars/production
roles:
- users
And last step is:
In vars/production i give list of users from group_vars/all file:
ssh_users_app:
- "{{user1}}"
- "{{user2}}"
ssh_users_db:
- "{{user2}}"
So, ansible take ssh_users_app variable from vars/production file,
put it in ssh_users variable and send to role. For each host group i can
specifies list of users and all going well... BUT!
When i need to remove user - i need to remove it from ssh_users_app
variable and then run something like this:
ansible -i hosts app -m user -a 'name=user1 state=absent'
It make me feel little uncomfortable and i try to improve my solution.
My idea was to specified special value in vars/production with will
be describe state value for user. Like this:
ssh_users_app:
- "{{user1}}" state: 'present'
- "{{user2}}" state: 'absent'
ssh_users_db:
- "{{user2}}" state: 'present'
End if i need to remove user from host group - i will changing his
state and apply role to hosts
Does any legal method to do this? Or ansible have more elegant
solution for user management case?
Thanks a lot for any help!
Michael DeHaan
May 25, 2014, 4:43:56 PM5/25/14
to ansible...@googlegroups.com
General idiom most people use is like:
ssh_users:
- # list of users
ssh_users_removed:
- # list of users
And add to _removed when people leave your company, etc. This list can gradually be pruned over time when you are sure no traces of them are around.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscribe@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/537F6C32.6010906%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages