Several host merge hierarchically

[Javier Domingo Cansino]

Hello,

I have developed a role that uses group_vars/all (usually) and very defined scope. Manage access to root user in several machines[1].

While developing it, I have realized that when I specify a site.yml like the one in the gist, I (txomon) wouldn't have access to others host group.

The reason is because all is run first, and gives me access to all the computers, and then, others' task is run, which give access to test user and leaves me out.

I have explored a little with hash_behaviour config parameter, but doesn't seem to work as I expected.

I am accustomed to Puppet's hiera, which you can go overriding level by level, but I am unable to reproduce this behaviour with ansible.

My questions are:

1.- How can I have sysadmins get access to all computers and development just in the others ones, without having to explicitly write sysadmins in all the hosts?

2.- Is there any way I can override variables to create hiera-like behaviour?

3.- Do you know any better role to control exactly who has ssh access?

Cheers,

Javier Domingo Cansino

[1] User management role: https://gist.github.com/txomon/a3afe985672358927406

[Michael DeHaan]

Hiera is a terrible over-complication, which is why Ansible has all the variable magic and support for classification of groups in core.

group_vars/all is overridden by any group in all, and so on, so the "deeper" group always wins.  Then hosts override groups.

It's there, definitely.

Can you highlight more specifically what you are having trouble with?  That's a long gist and I can't call out the behavior that you think isn't there, specifically.

What variable value in what file are you not seeing?

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/3899045c-cc2d-4a19-b940-48e75627241c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.