creating users

[Frank]

Hi,

I am trying to create users and groups and add users to groups and keys well, you know.

Does this layout looks correct?

vars/users.yml

groups:

  admins:

    state: present

  webmasters:

    state: present

admins:

  user1:

    state: present

    authorized:

      - keys/ssh/user1.pub

webmasters:

  user2:

    state: present

    authorized:

      - keys/ssh/user2.pub

  user3:

    state: present

    authorized:

      - keys/ssh/user3.pub

  user4:

    state: present

    authorized:

      - keys/ssh/user4.pub

tasks/main.yml

- name: Admins

  user:

    name={{ item.key }}

    shell=/bin/bash

    createhome=yes

    state={{ item.value.state }}

  with_dict: admins

- name: Webmasters

  user:

    name={{ item.key }}

    shell=/home/bash

    createhome=yes

    state={{ item.value.state }}

  with_dict: webmasters

- name: Groups

  group: name={{ item.key }} state={{ item.value.state }}

  with_dict: groups

I get users admins and webmasters created but when creating groups things went wrong…

“…

TASK: [../roles/support | SUPPORT | add groups] ***************

fatal: [support] => One or more undefined variables: 'list object' has no attribute 'state'

FATAL: all hosts have already failed — aborting

…”

The question is: Is this layout the best approach for managing users/groups and keys?

Cheers,

Frank

[Frank]

Err, group is a reserved word…

I’ve changed to mygroups:

changed: [support] => (item={'key': 'admins', 'value': {'state': 'present'}})

changed: [support] => (item={'key': 'webmasters', 'value': {'state': 'present'}})

Anyway, Is there any other (better) layout to define users?

Regards,

Frank 

[Michael DeHaan]

I'd simplify by keeping a seperate list of users you want to be present and users to remove, that way you don't have to repeat all the 'state' stuff.

Just make a task to add and another to remove.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/etPan.5418431b.643c9869.9732%40Franciscos-MacBook-Air.local.

For more options, visit https://groups.google.com/d/optout.

[Frank]

The nice tip: I will assume that users are all present and removed_users are absent.

users:

  - name: user1

    keys:

      - user1.pub

    groups:

      - admins

      - webmasters

removed_users:

  - foobar

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CA%2BnsWgwA%3DMMpDNqrBjAJ2RJHuvbGw0viG9O4eFB2HWSzdxrJHw%40mail.gmail.com.