Help simplify my user management
47 views
Skip to first unread message
Pete Emerson
Jun 25, 2014, 2:09:10 PM6/25/14
to ansible...@googlegroups.com
I haven't seen the "right" way to organizer users, so here's my attempt, but it seems to me like it should be a bit simpler.
Why I organized things this way:
1) I want to only define users once, in one place (users.yaml)
2) I want to map groups of users in one place as well (user_groups.yaml)
3) I want the definition of a user to be in one place (user_definition.yaml)
4) Right now I'm saving usergroups for later (this is an MVP)
5) I'm saving *disabling* of users for later as well (in a pinch I can revoke their ssh key)
Where I'd like some guidance:
The playbook that I run (users_playbook.yaml) maps hosts to groups of users. But I currently specify the host group twice:
- hosts: haproxy
include: user_definition.yaml accounts_to_add=users_haproxy hosts=haproxy
It seems strange to have the "- hosts: " section in both the users_playbook.yaml and the user_definition.yaml file, passing the host group from one to the other in a variable. Is there a nicer way to do this?
Any other comments such as "this is a very un-Ansible way of organizing things, try it this way" et cetera are very welcome. I'd love to see a "best practices" document come to life centered around these sorts of things.
Thanks,
Pete
Michael DeHaan
Jun 25, 2014, 8:15:37 PM6/25/14
to ansible...@googlegroups.com
I'll leave others to comment, but in the era of roles, a raw parameterized include is becoming increasingly a rare thing.
--Michael
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/97ef96d3-e55c-491a-bb3e-9d7715a7e04d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pete Emerson
Jun 26, 2014, 12:18:16 AM6/26/14
to ansible...@googlegroups.com
Does that mean you'd recommend creating a "user" role, or that in my "haproxy" role I'd include user definitions? I'm not sure what the organization would look like.
Pete
Reply all
Reply to author
Forward
0 new messages