SSH users via ansible

[Петр Сухарев]

Hello!

I am newby in ansible world, but i like this tool and i try to use in my enviroment..
I have some question about user managment, and can't get solution :(
I have several projects (test, developer, production and same) I make separate folders for this projects with contain hosts, main.yml, ansible.cfg and roles folder... I try to add user accounts by adding special role- user_ssh, like this:

- name: Add ssh user
user: name={{ item.user }} shell={{ item.shell }} groups='admins'
with_items:
- $ssh_users

Variable ssh_users i use in play-book and use it for any host grous. It looks like this:

- hosts: apps
vars:
- ssh_users:
- $user1
  - $user2

In next group (db for example) i use different values for ssh_users variable (like user1 and user3)

Main question is how to grab file with users parameters and use it in this role?... I have no luck two days in row.
How to deal with this situation, or use other strategy?...

[Adam Morris]

On Tuesday, February 25, 2014 8:58:26 AM UTC-8, Petr Sukharev wrote:

Hello!

I am newby in ansible world, but i like this tool and i try to use in my enviroment..
I have some question about user managment, and can't get solution :(
I have several projects (test, developer, production and same) I make separate folders for this projects with contain hosts, main.yml, ansible.cfg and roles folder... I try to add user accounts by adding special role- user_ssh, like this:

- name: Add ssh user
user: name={{ item.user }} shell={{ item.shell }} groups='admins'
with_items:
- $ssh_users

Variable ssh_users i use in play-book and use it for any host grous. It looks like this:

- hosts: apps
vars:
- ssh_users:
- $user1
  - $user2

In next group (db for example) i use different values for ssh_users variable (like user1 and user3)

1) You are mixing old style variables with new style variables...  (replace $var with {{ var }})

2) in your play you have item.name and item.shell but you are only passing in a single variable

try something like this for your variables...
vars:
  ssh_users:
    - {{ name: user1, shell: /bin/ksh }}
    - {{ name: user2, shell: /bin/bash }}

I hope that this helps,

Adam

 

[Petr Sukharev]

Thanks for you reply, Adam!
I think, this solution is working like charm, but main reason for defined users like variables - is keeping all information in separate file. It is more simple for managing information and apply changes...
For example, if i have 10 host groups and 40 users, and changing some information or add field for user - i need to change each entry in my playbook (or multiple playbooks). If i use separate file - i need to change only this file :)


среда, 26 февраля 2014 г., 8:56:49 UTC+4 пользователь Adam Morris написал:

[Adam Morris]

On Wednesday, February 26, 2014 1:05:33 AM UTC-8, Petr Sukharev wrote:

Thanks for you reply, Adam!
I think, this solution is working like charm, but main reason for defined users like variables - is keeping all information in separate file. It is more simple for managing information and apply changes...
For example, if i have 10 host groups and 40 users, and changing some information or add field for user - i need to change each entry in my playbook (or multiple playbooks). If i use separate file - i need to change only this file :)

I would suggest that you put the variables into some kind of vars file (group_vars if they are different for different groups)

then you can use the same playbook and task... If you add fields you may want to change the tasks to apply the fields...


So with your inventory file...

[group_1]
host_1
host_2

[group_2]
host_3
host_4


You would have a playbook that would have something like
---
- hosts: all
  tasks:

  - name: Add ssh user
    user: name={{ item.user }} shell={{ item.shell }} groups='admins'

    with_items: {{ ssh_users }}

then you would have a group_vars directory with a group_1 file and a group_2 file each one looking like...

ssh_users:
  - {{ name: user1, shell: /bin/ksh }}
  - {{ name: user2, shell: /bin/bash }}

host_1 and host_2 would create the users from group_1 while host_3 and host_4 would create the users from group_2

[Adam Morris]

I should add that you might want to look at the best practices document

http://docs.ansible.com/playbooks_best_practices.html

which will give you a clear picture of how you could lay out your files.  If you want the same users on all hosts in all groups then you might want to put them in group_vars/all rather than group_vars/group_1

Adam

[Petr Sukharev]

works like charm!

One more little question - i have user variables like this:

user1:

  - { user: 'user1', shell: '/bin/sh' }

how i can change shell value in special host group to /bin/nologin for example? And keep it default value for other groups?...

[Petr Sukharev]

Solved by myself.

Use trick with

shell={{ variable | default('/bin/sh') }} value.

Thanks a lot for help!