How to edit a variable in a later variable file

[Adam Lininger]

I would like to be able to edit a variable (per host) that was originally defined in a default file.

The larger situation is this. We have a large number of servers with a defined set of local accounts. The list of accounts is defined something like this in the default.yml file for the role. The task in the role iterates over the list and creates all the accounts using the user module.

list_of_users:
 - username: user1
   state: present
   shell: /bin/bash
   password_hash: <hash>

 - username: user2
   state: present
   shell: /bin/zsh
   password_hash: <hash>

Ideally, I'd like to be able to trim down the list of users to a much smaller set on a per-host basis. I don't want to have to edit the per host file when the main file adds a new user. I also don't want to have to change passwords or shells in every per-host file (which is what I'm doing now).

The ideal case would be to (in a host_vars or group_vars file) iterate over the list_of_users array and change the state variable to absent...except when username matches a local list.

It seems like such a thing should be possible somehow, but I haven't found any way of doing that.

Thanks,

[Kai Stian Olstad]

On 22. mai 2017 19:01, Adam Lininger wrote:
> I would like to be able to edit a variable (per host) that was originally
> defined in a default file.

You can overwrite variables per host, but not edit or partial overwrite a variable.

What you could do is introduce a list variable called enabled_users.
Then you can list all the user that you would like to create on a host, and the role has all the users.

If you need to overwrite some of the values you could do something like list_of_user_overwrite.

- user:
name: "{{ list_of_user_overwrite[item.username] | default(item.username) }}"
state: "{{ list_of_user_overwrite[item.state] | default(item.state) }}"
...
...
when: item.username in enabled_users
with_items: "{{ list_of_users }}"

--
Kai Stian Olstad