Ansible Best Practices - Group_Vars Not Being Applied As Expected

[Jeff Baldwin]

All,

I have been setting up my environment to match the best practices provided here:  https://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html#best-practices  -- However, I am running into some issues with how variables are being

Goal:  

- The system administrator user/group defined in group_vars/all.yml will be created on BOTH hosts

- The oracle dba user/group defined in group_vars/oracle.yml will be created on the oracle box ONLY

What I Am Seeing: 

- The 'jeff5' user (system adminstrator) and AIXAdmin group are being created on the lx00011010d box ONLY (the expectation is that it would be created on both)

- The oracle/DBA users are being created on lx00016141d, which is NOT the oracle box (expectation is that these would get created on lx00011010d only)

Code and output below:

[jeff@lx00010300p ansible-help]$ tree

.
|-- ansible.cfg
|-- common.yml
|-- group_vars
|   |-- all.yml
|   `-- oracle.yml
|-- inventory
|   |-- oracle
|   `-- other
|-- oracle.yml
|-- roles
|   `-- ansible-users
|       |-- defaults
|       |   `-- main.yml
|       |-- README.md
|       `-- tasks
|           `-- main.yml
`-- site.yml

[jeff@lx00010300p ansible-help]$ cat site.yml common.yml oracle.yml

---
# file: site.yml
- import_playbook: common.yml
- import_playbook: oracle.yml

---
# file: common.yml
- hosts: all
  become: yes
  roles:
    - ansible-users

---
# file: oracle.yml
- hosts: oracle
  become: yes
  roles:
    - ansible-users

[ifreling@lx00010300p ansible-help]$ cat inventory/*

# file: inventory/oracle

[oracle]
lx00011010d

# file: inventory/other

[other]
lx00016141d

[ifreling@lx00010300p ansible-help]$ cat group_vars/*
---
# file: group_vars/all.yml
users:
  - username: jeff5
    name: Jeff - AIX Linux Engineer
    group: AIXAdmin
    uid: 318427

groups_to_create:
  - name: "AIXAdmin"
    gid: "901"

    state: "present"

---
file: group_vars/oracle.yml
users:

########################
# Create the Oracle
########################

  - username: oracle
    name: Oracle
    group: dba
    uid: 202

########################
# Create the DBA Team
########################

  - username: kwhit
    name: Kathryn - DBA
    group: dba
    uid: 225114

groups_to_create:
  - name: dba
    gid: 201

OUTPUT

PLAY [all] ******************************

*****************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [lx00011010d]
ok: [lx00016141d]

TASK [ansible-users : Creating groups] *******************************************************************************************************************************
ok: [lx00011010d] => (item={u'state': u'present', u'gid': u'901', u'name': u'AIXAdmin'})
ok: [lx00016141d] => (item={u'gid': 201, u'name': u'dba'})

TASK [ansible-users : Per-user group creation] ***********************************************************************************************************************
skipping: [lx00016141d] => (item={u'username': u'oracle', u'group': u'dba', u'name': u'Oracle', u'uid': 202})
skipping: [lx00016141d] => (item={u'username': u'kwhit', u'group': u'dba', u'name': u'Kathryn - DBA', u'uid': 225114})
skipping: [lx00011010d] => (item={u'username': u'jeff5', u'group': u'AIXAdmin', u'name': u'Jeff - AIX Linux Engineer', u'uid': 318427})

TASK [ansible-users : User creation] *********************************************************************************************************************************
changed: [lx00011010d] => (item={u'username': u'jeff5', u'group': u'AIXAdmin', u'name': u'Jeff - AIX Linux Engineer', u'uid': 318427})
changed: [lx00016141d] => (item={u'username': u'oracle', u'group': u'dba', u'name': u'Oracle', u'uid': 202})
changed: [lx00016141d] => (item={u'username': u'kwhit', u'group': u'dba', u'name': u'Kathryn - DBA', u'uid': 225114})

TASK [ansible-users : SSH keys] **************************************************************************************************************************************

TASK [ansible-users : Setup user profiles] ***************************************************************************************************************************
skipping: [lx00016141d] => (item={u'username': u'oracle', u'group': u'dba', u'name': u'Oracle', u'uid': 202})
skipping: [lx00016141d] => (item={u'username': u'kwhit', u'group': u'dba', u'name': u'Kathryn - DBA', u'uid': 225114})
skipping: [lx00011010d] => (item={u'username': u'jeff5', u'group': u'AIXAdmin', u'name': u'Jeff - AIX Linux Engineer', u'uid': 318427})

TASK [ansible-users : Deleted user removal] **************************************************************************************************************************

TASK [ansible-users : Deleted per-user group removal] ****************************************************************************************************************

PLAY [oracle] ********************************************************************************************************************************************************

TASK [Gathering Facts] ***********************************************************************************************************************************************
ok: [lx00016141d]

TASK [ansible-users : Creating groups] *******************************************************************************************************************************
ok: [lx00016141d] => (item={u'gid': 201, u'name': u'dba'})

TASK [ansible-users : Per-user group creation] ***********************************************************************************************************************
skipping: [lx00016141d] => (item={u'username': u'oracle', u'group': u'dba', u'name': u'Oracle', u'uid': 202})
skipping: [lx00016141d] => (item={u'username': u'kwhit', u'group': u'dba', u'name': u'Kathryn - DBA', u'uid': 225114})

TASK [ansible-users : User creation] *********************************************************************************************************************************
changed: [lx00016141d] => (item={u'username': u'oracle', u'group': u'dba', u'name': u'Oracle', u'uid': 202})
changed: [lx00016141d] => (item={u'username': u'kwhit', u'group': u'dba', u'name': u'Kathryn - DBA', u'uid': 225114})

TASK [ansible-users : SSH keys] **************************************************************************************************************************************

TASK [ansible-users : Setup user profiles] ***************************************************************************************************************************
skipping: [lx00016141d] => (item={u'username': u'oracle', u'group': u'dba', u'name': u'Oracle', u'uid': 202})
skipping: [lx00016141d] => (item={u'username': u'kwhit', u'group': u'dba', u'name': u'Kathryn - DBA', u'uid': 225114})

TASK [ansible-users : Deleted user removal] **************************************************************************************************************************

TASK [ansible-users : Deleted per-user group removal] ****************************************************************************************************************

PLAY RECAP ***********************************************************************************************************************************************************
lx00011010d                : ok=3    changed=1    unreachable=0    failed=0    skipped=5    rescued=0    ignored=0
lx00016141d                : ok=6    changed=2    unreachable=0    failed=0    skipped=10   rescued=0    ignored=0

[Vladimir Botka]

On Thu, 17 Oct 2019 23:35:30 -0700 (PDT)
Jeff Baldwin <tarhe...@gmail.com> wrote:

> *What I Am Seeing: *

> - The 'jeff5' user (system adminstrator) and AIXAdmin group are being
> created on the lx00011010d box ONLY (the expectation is that it would be
> created on both)
> - The oracle/DBA users are being created on lx00016141d, which is NOT the
> oracle box (expectation is that these would get created on lx00011010d only)

> [...]
> ################################### INVENTORY
> # file: *inventory/oracle*
> [oracle]
> lx00011010d
>
> # file: *inventory/other*
> [other]
> lx00016141d
> [...]
> ################################### GROUP_VARS
> # file: *group_vars/all.yml*

> users:
> - username: jeff5
> name: Jeff - AIX Linux Engineer
> group: AIXAdmin
> uid: 318427

> [...]
>
> file: *group_vars/oracle.yml*
> users:

> - username: oracle
> name: Oracle
> group: dba
> uid: 202

> - username: kwhit
> name: Kathryn - DBA
> group: dba
> uid: 225114

> [...]
> ################################### PLAYBOOKS
> # file: *site.yml*

> - import_playbook: common.yml
> - import_playbook: oracle.yml
> ---

> # file: *common.yml*

> - hosts: all
> become: yes
> roles:
> - ansible-users
> ---

> # file: *oracle.yml*

> - hosts: oracle
> become: yes
> roles:
> - ansible-users

It's not possible to explain the output below and other results you observe
with the input provided. You'll have to minimise the example and make it
verifiable. It's simply out of scope this way.

PLAY [oracle]
*************************
TASK [Gathering Facts]
*************************
ok: [lx00016141d]

Notes
* How does the command-line look like?
* Output of "ansible-inventory --list --vars"
* Output of "ansible-config dump"
* Role ansible-users

Cheers,

-vlado

[Jeff Baldwin]

Thank you for your time vlado.   Below is the information you have requested:

Command Line:

ansible-playbook site.yml -C

ansible-inventory --list --vars

Question:  Why is group 'AIXAdmin' and user 'jeff5' vars not getting applied to both boxes?

[admin@lx00010300p ansible-help]$ ansible-inventory --list --vars
{
    "_meta": {
        "hostvars": {
            "lx00011010d": {
                "groups_to_create": [
                    {
                        "gid": "901",
                        "name": "AIXAdmin",
                        "state": "present"
                    }
                ],
                "users": [
                    {
                        "group": "AIXAdmin",
                        "name": "Jeff - AIX Linux Engineer",
                        "uid": 318427,
                        "username": "jeff5"
                    }
                ]
            },
            "lx00016141d": {
                "file": "group_vars/oracle.yml",
                "groups_to_create": [
                    {
                        "gid": 201,
                        "name": "dba"
                    }
                ],
                "users": [
                    {
                        "group": "dba",
                        "name": "Oracle",
                        "uid": 202,
                        "username": "oracle"
                    },
                    {
                        "group": "dba",
                        "name": "Kathryn - DBA",
                        "uid": 225114,
                        "username": "kwhit"
                    }
                ]
            }
        }
    },
    "all": {
        "children": [
            "oracle",
            "other",
            "ungrouped"
        ]
    },
    "oracle": {
        "hosts": [
            "lx00016141d"
        ]
    },
    "other": {
        "hosts": [
            "lx00011010d"
        ]
    }
}

Ansible-Users role details:

There are only two files in this role.  Details below:

[admin@lx00010300p ansible-users]$ cat defaults/main.yml
---
# Create a group for every user and make that their primary group
users_create_per_user_group: true
# If we're not creating a per-user group, then this is the group all users
# belong to
users_group: users
# The default shell for a user if none is specified
users_default_shell: /bin/bash
# Create home dirs for new users? Set this to false if you manage home
# directories in some other way.
users_create_homedirs: true

# Lists of users to create and delete
users: []
users_deleted: []

# List of groups to create
# Example:
#   groups_to_create:
#     - name: developers
#       gid: 10000
groups_to_create: []

authorized_keys_file: ".ssh/authorized_keys"

[admin@lx00010300p ansible-users]$ cat tasks/main.yml
---
- name: Creating groups
  group:
    name: "{{ item.name }}"
    gid: "{{ item.gid | default(omit) }}"
    gname: "{{ item.gname | default(omit) }}"
  with_items: "{{ groups_to_create }}"
  tags: ["users", "groups", "configuration"]

- name: Per-user group creation
  group:
    name: "{{ item.username }}"
    gid: "{{ item.gid | default(item.uid) | default(omit) }}"
  with_items: "{{ users }}"
  when: "'group' not in item and users_create_per_user_group"
  tags: ["users", "configuration"]

- name: User creation
  user:
    name: "{{ item.username }}"
    group: "{{ item.group | default(item.username if users_create_per_user_group else users_group) }}"
    # empty string removes user from all secondary groups
    groups: "{{ item.groups | join(',') if 'groups' in item else '' }}"
    append: "{{ item.append | default(omit) }}"
    shell: "{{ item.shell if item.shell is defined else users_default_shell }}"
    expires: "{{ item.expires | default(omit) }}"
    password: "{{ item.password if item.password is defined else '!' }}"
    comment: "{{ item.name if item.name is defined else '' }}"
    uid: "{{ item.uid | default(omit) }}"
    home: "{{ item.home | default('/home/' + item.username) }}"
    createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
    generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
    update_password: "{{ item.update_password | default(omit) }}"
  with_items: "{{ users }}"
  tags: ["users", "configuration"]

- name: SSH keys
  authorized_key:
    user: "{{ item.0.username }}"
    key: "{{ item.1 }}"
    path: "{{ item.0.home | default('/home/' + item.0.username) }}/{{ authorized_keys_file }}"
  with_subelements:
    - "{{ users }}"
    - ssh_key
    - skip_missing: yes
  tags: ["users", "configuration"]

- name: Setup user profiles
  blockinfile:
    block: "{{ item.profile }}"
    dest: "{{ item.home | default('/home/' + item.username) }}/.profile"
    owner: "{{ item.username }}"
    group: "{{ item.group | default(item.username if users_create_per_user_group else users_group) }}"
    mode: 0644
    create: true
  when: users_create_homedirs and item.profile is defined
  with_items: "{{ users }}"

- name: Deleted user removal
  user:
    name: "{{ item.username }}"
    state: absent
    remove: "{{ item.remove | default(omit) }}"
    force: "{{ item.force | default(omit) }}"
  with_items: "{{ users_deleted }}"
  tags: ["users", "configuration"]

- name: Deleted per-user group removal
  group:
    name: "{{ item.username }}"
    state: absent
  with_items: "{{ users_deleted }}"
  when: users_create_per_user_group
  tags: ["users", "configuration"]

ANSIBLE CONFIG DUMP

[admin@lx00010300p ansible-help]$ ansible-config dump
ACTION_WARNINGS(default) = True
AGNOSTIC_BECOME_PROMPT(default) = True
ALLOW_WORLD_READABLE_TMPFILES(default) = False
ANSIBLE_CONNECTION_PATH(default) = None
ANSIBLE_COW_PATH(default) = None
ANSIBLE_COW_SELECTION(default) = default
ANSIBLE_COW_WHITELIST(default) = ['bud-frogs', 'bunny', 'cheese', 'daemon', 'default', 'dragon', 'elephant-in-snake', 'elephant', 'eyes', 'hellokitty', 'kitty', 'luke
ANSIBLE_FORCE_COLOR(default) = False
ANSIBLE_NOCOLOR(default) = False
ANSIBLE_NOCOWS(default) = False
ANSIBLE_PIPELINING(default) = False
ANSIBLE_SSH_ARGS(default) = -C -o ControlMaster=auto -o ControlPersist=60s
ANSIBLE_SSH_CONTROL_PATH(default) = None
ANSIBLE_SSH_CONTROL_PATH_DIR(default) = ~/.ansible/cp
ANSIBLE_SSH_EXECUTABLE(default) = ssh
ANSIBLE_SSH_RETRIES(default) = 0
ANY_ERRORS_FATAL(default) = False
BECOME_ALLOW_SAME_USER(default) = False
BECOME_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/become', u'/usr/share/ansible/plugins/become']
CACHE_PLUGIN(default) = memory
CACHE_PLUGIN_CONNECTION(default) = None
CACHE_PLUGIN_PREFIX(default) = ansible_facts
CACHE_PLUGIN_TIMEOUT(default) = 86400
COLLECTIONS_PATHS(default) = [u'/home/ifreling/.ansible/collections', u'/usr/share/ansible/collections']
COLOR_CHANGED(default) = yellow
COLOR_CONSOLE_PROMPT(default) = white
COLOR_DEBUG(default) = dark gray
COLOR_DEPRECATE(default) = purple
COLOR_DIFF_ADD(default) = green
COLOR_DIFF_LINES(default) = cyan
COLOR_DIFF_REMOVE(default) = red
COLOR_ERROR(default) = red
COLOR_HIGHLIGHT(default) = white
COLOR_OK(default) = green
COLOR_SKIP(default) = cyan
COLOR_UNREACHABLE(default) = bright red
COLOR_VERBOSE(default) = blue
COLOR_WARN(default) = bright purple
COMMAND_WARNINGS(default) = True
CONDITIONAL_BARE_VARS(default) = True
CONNECTION_FACTS_MODULES(default) = {'junos': 'junos_facts', 'eos': 'eos_facts', 'frr': 'frr_facts', 'iosxr': 'iosxr_facts', 'nxos': 'nxos_facts', 'ios': 'ios_facts',
DEFAULT_ACTION_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/action', u'/usr/share/ansible/plugins/action']
DEFAULT_ALLOW_UNSAFE_LOOKUPS(default) = False
DEFAULT_ASK_PASS(default) = False
DEFAULT_ASK_SUDO_PASS(default) = False
DEFAULT_ASK_SU_PASS(default) = False
DEFAULT_ASK_VAULT_PASS(default) = False
DEFAULT_BECOME(default) = False
DEFAULT_BECOME_ASK_PASS(default) = False
DEFAULT_BECOME_EXE(default) = None
DEFAULT_BECOME_FLAGS(default) =
DEFAULT_BECOME_METHOD(default) = sudo
DEFAULT_BECOME_USER(default) = root
DEFAULT_CACHE_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/cache', u'/usr/share/ansible/plugins/cache']
DEFAULT_CALLABLE_WHITELIST(default) = []
DEFAULT_CALLBACK_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/callback', u'/usr/share/ansible/plugins/callback']
DEFAULT_CALLBACK_WHITELIST(default) = []
DEFAULT_CLICONF_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/cliconf', u'/usr/share/ansible/plugins/cliconf']
DEFAULT_CONNECTION_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/connection', u'/usr/share/ansible/plugins/connection']
DEFAULT_DEBUG(default) = False
DEFAULT_EXECUTABLE(default) = /bin/sh
DEFAULT_FACT_PATH(default) = None
DEFAULT_FILTER_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/filter', u'/usr/share/ansible/plugins/filter']
DEFAULT_FORCE_HANDLERS(default) = False
DEFAULT_FORKS(default) = 5
DEFAULT_GATHERING(default) = implicit
DEFAULT_GATHER_SUBSET(default) = ['all']
DEFAULT_GATHER_TIMEOUT(default) = 10
DEFAULT_HANDLER_INCLUDES_STATIC(default) = False
DEFAULT_HASH_BEHAVIOUR(default) = replace
DEFAULT_HOST_LIST(/sdd/ansible-help/ansible.cfg) = [u'/sdd/ansible-production/inventory']
DEFAULT_HTTPAPI_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/httpapi', u'/usr/share/ansible/plugins/httpapi']
DEFAULT_INTERNAL_POLL_INTERVAL(default) = 0.001
DEFAULT_INVENTORY_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/inventory', u'/usr/share/ansible/plugins/inventory']
DEFAULT_JINJA2_EXTENSIONS(default) = []
DEFAULT_JINJA2_NATIVE(default) = False
DEFAULT_KEEP_REMOTE_FILES(default) = False
DEFAULT_LIBVIRT_LXC_NOSECLABEL(default) = False
DEFAULT_LOAD_CALLBACK_PLUGINS(default) = False
DEFAULT_LOCAL_TMP(default) = /home/ifreling/.ansible/tmp/ansible-local-10705WmW2Mw
DEFAULT_LOG_FILTER(default) = []
DEFAULT_LOG_PATH(default) = None
DEFAULT_LOOKUP_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/lookup', u'/usr/share/ansible/plugins/lookup']
DEFAULT_MANAGED_STR(default) = Ansible managed
DEFAULT_MODULE_ARGS(default) =
DEFAULT_MODULE_COMPRESSION(default) = ZIP_DEFLATED
DEFAULT_MODULE_LANG(default) = {{ CONTROLLER_LANG }}
DEFAULT_MODULE_NAME(default) = command
DEFAULT_MODULE_PATH(default) = [u'/home/ifreling/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
DEFAULT_MODULE_SET_LOCALE(default) = False
DEFAULT_MODULE_UTILS_PATH(default) = [u'/home/ifreling/.ansible/plugins/module_utils', u'/usr/share/ansible/plugins/module_utils']
DEFAULT_NETCONF_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/netconf', u'/usr/share/ansible/plugins/netconf']
DEFAULT_NO_LOG(default) = False
DEFAULT_NO_TARGET_SYSLOG(default) = False
DEFAULT_NULL_REPRESENTATION(default) = None
DEFAULT_POLL_INTERVAL(default) = 15
DEFAULT_PRIVATE_KEY_FILE(default) = None
DEFAULT_PRIVATE_ROLE_VARS(default) = False
DEFAULT_REMOTE_PORT(default) = None
DEFAULT_REMOTE_USER(default) = None
DEFAULT_ROLES_PATH(/sdd/ansible-help/ansible.cfg) = [u'/sdd/ansible-production/roles']
DEFAULT_SCP_IF_SSH(default) = smart
DEFAULT_SELINUX_SPECIAL_FS(default) = ['fuse', 'nfs', 'vboxsf', 'ramfs', '9p']
DEFAULT_SFTP_BATCH_MODE(default) = True
DEFAULT_SQUASH_ACTIONS(default) = ['apk', 'apt', 'dnf', 'homebrew', 'openbsd_pkg', 'pacman', 'pip', 'pkgng', 'yum', 'zypper']
DEFAULT_SSH_TRANSFER_METHOD(default) = None
DEFAULT_STDOUT_CALLBACK(default) = default
DEFAULT_STRATEGY(default) = linear
DEFAULT_STRATEGY_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/strategy', u'/usr/share/ansible/plugins/strategy']
DEFAULT_SU(default) = False
DEFAULT_SU_EXE(default) = su
DEFAULT_SU_FLAGS(default) =
DEFAULT_SU_USER(default) = None
DEFAULT_SYSLOG_FACILITY(default) = LOG_USER
DEFAULT_TASK_INCLUDES_STATIC(default) = False
DEFAULT_TERMINAL_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/terminal', u'/usr/share/ansible/plugins/terminal']
DEFAULT_TEST_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/test', u'/usr/share/ansible/plugins/test']
DEFAULT_TIMEOUT(default) = 10
DEFAULT_TRANSPORT(default) = smart
DEFAULT_UNDEFINED_VAR_BEHAVIOR(default) = True
DEFAULT_VARS_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/vars', u'/usr/share/ansible/plugins/vars']
DEFAULT_VAULT_ENCRYPT_IDENTITY(default) = None
DEFAULT_VAULT_IDENTITY(default) = default
DEFAULT_VAULT_IDENTITY_LIST(default) = []
DEFAULT_VAULT_ID_MATCH(default) = False
DEFAULT_VAULT_PASSWORD_FILE(default) = None
DEFAULT_VERBOSITY(default) = 0
DEPRECATION_WARNINGS(default) = True
DIFF_ALWAYS(default) = False
DIFF_CONTEXT(default) = 3
DISPLAY_ARGS_TO_STDOUT(default) = False
DISPLAY_SKIPPED_HOSTS(default) = True
DOCSITE_ROOT_URL(default) = https://docs.ansible.com/ansible/
DOC_FRAGMENT_PLUGIN_PATH(default) = [u'/home/ifreling/.ansible/plugins/doc_fragments', u'/usr/share/ansible/plugins/doc_fragments']
ENABLE_TASK_DEBUGGER(default) = False
ERROR_ON_MISSING_HANDLER(default) = True
FACTS_MODULES(default) = ['smart']
GALAXY_IGNORE_CERTS(default) = False
GALAXY_ROLE_SKELETON(default) = None
GALAXY_ROLE_SKELETON_IGNORE(default) = ['^.git$', '^.*/.git_keep$']
GALAXY_SERVER(default) = https://galaxy.ansible.com
GALAXY_TOKEN(default) = None
HOST_KEY_CHECKING(default) = True
HOST_PATTERN_MISMATCH(default) = warning
INJECT_FACTS_AS_VARS(default) = True
INTERPRETER_PYTHON(default) = auto_legacy
INTERPRETER_PYTHON_DISTRO_MAP(default) = {'centos': {'8': '/usr/libexec/platform-python', '6': '/usr/bin/python'}, 'rhel': {'8': '/usr/libexec/platform-python', '6':
INTERPRETER_PYTHON_FALLBACK(default) = ['/usr/bin/python', 'python3.7', 'python3.6', 'python3.5', 'python2.7', 'python2.6', '/usr/libexec/platform-python', '/usr/bin/
INVALID_TASK_ATTRIBUTE_FAILED(default) = True
INVENTORY_ANY_UNPARSED_IS_FAILED(default) = False
INVENTORY_CACHE_ENABLED(default) = False
INVENTORY_CACHE_PLUGIN(default) = None
INVENTORY_CACHE_PLUGIN_CONNECTION(default) = None
INVENTORY_CACHE_PLUGIN_PREFIX(default) = ansible_facts
INVENTORY_CACHE_TIMEOUT(default) = 3600
INVENTORY_ENABLED(default) = ['host_list', 'script', 'auto', 'yaml', 'ini', 'toml']
INVENTORY_EXPORT(default) = False
INVENTORY_IGNORE_EXTS(default) = {{(BLACKLIST_EXTS + ( '.orig', '.ini', '.cfg', '.retry'))}}
INVENTORY_IGNORE_PATTERNS(default) = []
INVENTORY_UNPARSED_IS_FAILED(default) = False
LOCALHOST_WARNING(default) = True
MAX_FILE_SIZE_FOR_DIFF(default) = 104448
NETCONF_SSH_CONFIG(default) = None
NETWORK_GROUP_MODULES(default) = ['eos', 'nxos', 'ios', 'iosxr', 'junos', 'enos', 'ce', 'vyos', 'sros', 'dellos9', 'dellos10', 'dellos6', 'asa', 'aruba', 'aireos', 'b
OLD_PLUGIN_CACHE_CLEARING(default) = False
PARAMIKO_HOST_KEY_AUTO_ADD(default) = False
PARAMIKO_LOOK_FOR_KEYS(default) = True
PERSISTENT_COMMAND_TIMEOUT(default) = 30
PERSISTENT_CONNECT_RETRY_TIMEOUT(default) = 15
PERSISTENT_CONNECT_TIMEOUT(default) = 30
PERSISTENT_CONTROL_PATH_DIR(default) = /home/ifreling/.ansible/pc
PLAYBOOK_VARS_ROOT(default) = top
PLUGIN_FILTERS_CFG(default) = None
PYTHON_MODULE_RLIMIT_NOFILE(default) = 0
RETRY_FILES_ENABLED(default) = False
RETRY_FILES_SAVE_PATH(default) = None
SHOW_CUSTOM_STATS(default) = False
STRING_CONVERSION_ACTION(default) = warn
STRING_TYPE_FILTERS(default) = ['string', 'to_json', 'to_nice_json', 'to_yaml', 'ppretty', 'json']
SYSTEM_WARNINGS(default) = True
TAGS_RUN(default) = []
TAGS_SKIP(default) = []
TASK_DEBUGGER_IGNORE_ERRORS(default) = True
TRANSFORM_INVALID_GROUP_CHARS(default) = never
USE_PERSISTENT_CONNECTIONS(default) = False
VARIABLE_PRECEDENCE(default) = ['all_inventory', 'groups_inventory', 'all_plugins_inventory', 'all_plugins_play', 'groups_plugins_inventory', 'groups_plugins_play']
VERBOSE_TO_STDERR(default) = False
YAML_FILENAME_EXTENSIONS(default) = ['.yml', '.yaml', '.json']
(END)

[Vladimir Botka]

> > > ################################### INVENTORY
> > > # file: *inventory/oracle*
> > > [oracle]
> > > lx00011010d
> > >
> > > # file: *inventory/other*
> > > [other]
> > > lx00016141d
> > > [...]
> > > ################################### GROUP_VARS

> *ansible-inventory --list --vars*
> [...]

> "oracle": {
> "hosts": [
> "lx00016141d"
> ]
> },
> "other": {
> "hosts": [
> "lx00011010d"
> ]
> }
> }

> [admin@lx00010300p ansible-help]$ ansible-config dump

> [...]
> DEFAULT_HOST_LIST(/sdd/ansible-help/ansible.cfg) =
> [u'/sdd/ansible-production/inventory']

The problem might be DEFAULT_HOST_LIST. The doc says
DEFAULT_HOST_LIST: "Comma separated list of Ansible inventory sources"
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-host-list

Fix the configuration. For example in ansible.cfg

[defaults]
inventory = /sdd/ansible-production/inventory/oracle,
/sdd/ansible-production/inventory/other

(note: ini_file doesn't handle multi-line entries #4413)
https://github.com/ansible/ansible-modules-core/issues/4413

If this does not help proceed with the simplified test below.

I had set this option also to *directory* "inventory", but this does not seem
to be a problem and I was not able to reproduce the behaviour where the groups
"oracle" and "other" swap the hosts.

$ grep inventory ansible.cfg
inventory = $PWD/inventory

$ tree inventory/
inventory/
├── oracle
└── other

$ cat inventory/oracle
[oracle]
lx00011010d

$ cat inventory/other
[other]
lx00016141d

$ tree group_vars
group_vars
├── all.yml
└── oracle.yml

$ cat group_vars/all.yml
users:
- username: jeff5

$ cat group_vars/oracle.yml
users:
- username: oracle

$ ansible-inventory --list --var
[...]
"oracle": {
"hosts": [
"lx00011010d"
]
},
"other": {
"hosts": [
"lx00016141d"
]
}

The goal is to explain why you see the groups "oracle" and "other" swapping
the hosts. Try to reproduce the simplified test above, step by step increase
the complexity of the use-case and isolate the problem.

Cheers,

-vlado

[Jeff Baldwin]

Hi Vladimir,

Thank you again for your time.  

https://justpaste.it/4jmp1 <--  I have put my steps/output here in case it is easier to view.

Also, I simplified my example a bit. I am still unclear on why 'jeff' is not getting added to both servers:

[jeff@lx00010300p ansible-production3]$ ansible -i hosts -m ping all
lx00011010d | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
lx00016141d | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
[jeff@lx00010300p ansible-production3]$ ansible -i hosts -m ping oracle
lx00011010d | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}

[ifreling@lx00010300p ansible-production3]$ cat group_vars/oracle
---
users:
- username: roy
name: Roy

[ifreling@lx00010300p ansible-production3]$ cat group_vars/all
---
users:
- username: jeff
name: Jeff

[ifreling@lx00010300p ansible-production3]$ ansible-inventory -i hosts --list --vars
{
"_meta": {
"hostvars": {
"lx00011010d": {
"users": [
{
"name": "Roy",
"username": "roy"
}
]
},
"lx00016141d": {
"users": [
{
"name": "Jeff",
"username": "jeff"

}
]
}
}
},
"all": {
"children": [
"oracle",

"ungrouped",
"webmethods"
]
},
"oracle": {
"hosts": [
"lx00011010d"
]
},
"webmethods": {
"hosts": [
"lx00016141d"
]
}
}

[ifreling@lx00010300p ansible-production3]$ ansible-playbook -i hosts site.yml -C

PLAY [all] *********************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************
ok: [lx00011010d]
ok: [lx00016141d]

TASK [singleplatform-eng.users : Creating groups] ******************************************************************************************************************************

TASK [singleplatform-eng.users : Per-user group creation] **********************************************************************************************************************
changed: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})
changed: [lx00016141d] => (item={u'username': u'jeff', u'name': u'Jeff'})

TASK [singleplatform-eng.users : User creation] ********************************************************************************************************************************
changed: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})
changed: [lx00016141d] => (item={u'username': u'jeff', u'name': u'Jeff'})

TASK [singleplatform-eng.users : SSH keys] *************************************************************************************************************************************

TASK [singleplatform-eng.users : Setup user profiles] **************************************************************************************************************************
skipping: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})
skipping: [lx00016141d] => (item={u'username': u'jeff', u'name': u'Jeff'})

TASK [singleplatform-eng.users : Deleted user removal] *************************************************************************************************************************

TASK [singleplatform-eng.users : Deleted per-user group removal] ***************************************************************************************************************

PLAY [oracle] ******************************************************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************************************************
ok: [lx00011010d]

TASK [singleplatform-eng.users : Creating groups] ******************************************************************************************************************************

TASK [singleplatform-eng.users : Per-user group creation] **********************************************************************************************************************
changed: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})

TASK [singleplatform-eng.users : User creation] ********************************************************************************************************************************
changed: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})

TASK [singleplatform-eng.users : SSH keys] *************************************************************************************************************************************

TASK [singleplatform-eng.users : Setup user profiles] **************************************************************************************************************************
skipping: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})

TASK [singleplatform-eng.users : Deleted user removal] *************************************************************************************************************************

TASK [singleplatform-eng.users : Deleted per-user group removal] ***************************************************************************************************************

PLAY RECAP *********************************************************************************************************************************************************************
lx00011010d : ok=6 changed=4 unreachable=0 failed=0 skipped=10 rescued=0 ignored=0
lx00016141d : ok=3 changed=2 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0

[Vladimir Botka]

On Fri, 25 Oct 2019 03:15:45 -0400
Jeff Baldwin <tarhe...@gmail.com> wrote:

> Also, I simplified my example a bit. I am still unclear on why 'jeff' is
> not getting added to both servers:

> [...]
> *[ifreling@lx00010300p ansible-production3]$ ansible-inventory -i hosts
> --list --vars*
> {

> "_meta": {
> "hostvars": {
> "lx00011010d": {
> "users": [
> {
> "name": "Roy",
> "username": "roy"
> }
> ]
> },
> "lx00016141d": {
> "users": [
> {
> "name": "Jeff",
> "username": "jeff"
> }

> [...]
> *[ifreling@lx00010300p ansible-production3]$ ansible-playbook -i hosts
> site.yml -C
>
> TASK [singleplatform-eng.users : User creation]

> changed: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})
> changed: [lx00016141d] => (item={u'username': u'jeff', u'name': u'Jeff'})

> [...]
> PLAY [oracle]
> TASK [singleplatform-eng.users : User creation]

> changed: [lx00011010d] => (item={u'username': u'roy', u'name': u'Roy'})

Short story is that variables from "group_vars/all" are overridden by
variables from "group_vars/oracle".

See *Variable precedence: Where should I put a variable?*
https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable

It's possible to configure "hash_behaviour = merge", but quoting from the
doc:" This is not the default behavior and it does not affect variables whose
values are scalars (integers, strings) or arrays. We generally recommend not
using this setting unless you think you have an absolute need for it, ..."
https://docs.ansible.com/ansible/latest/reference_appendices/config.html#default-hash-behaviour

There are other options how to merge dictionaries. For example
*How to extend dict in ansible, not overwriting it?*
https://stackoverflow.com/questions/57335762/how-to-extend-dict-in-ansible-not-overwriting-it/

Details
-------

Given "lx00011010d" is member of the group "oracle" and "lx00016141d" is
member of the group "webmethods"

"all": {
"children": [
"oracle",
"ungrouped",
"webmethods"
]
},
"oracle": {
"hosts": [
"lx00011010d"
]
},
"webmethods": {
"hosts": [
"lx00016141d"
]
}

the playbook "common.yml" is running on all(both) hosts

# file: *site.yml*
- import_playbook: common.yml
- import_playbook: oracle.yml

# file: *common.yml*
- hosts: all
become: yes
roles:
- ansible-users

# file: *oracle.yml*
- hosts: oracle
become: yes
roles:
- ansible-users

All hosts include variables from "group_vars/all". Then the host from the
group "oracle" include variables from "group_vars/oracle" replacing variables
included with lower precedence

$ cat group_vars/oracle

users:
- username: roy
name: Roy

$ cat group_vars/all

users:
- username: jeff
name: Jeff

The playbook *oracle.yml* repeatedly creates the same user again.

Cheers,

-vlado

[alicia]

For anyone looking to control the priority of variables at the same parent/child level of group variables, there’s also the `ansible_group_priority` setting. See https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#how-variables-are-merged.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20191025113532.3197a8a3%40gmail.com.

[Jeff Baldwin]

Thank you alicia. 

Given my examples, would you be able to advise on how I could apply this here to accomplish my goal?

Thanks.

You received this message because you are subscribed to a topic in the Google Groups "Ansible Project" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ansible-project/Qq7AL-GkeK0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6AF48FC8-5833-4178-B738-85A6ED696CED%40redhat.com.