On 16/04/22 22:13, Richard Hector wrote:
Hi all,
I have created a directory 'users' alongside my inventory. It has a
directory 'user_vars', intended to be used like host_vars, but for
users, obviously.
In there, I have files like this:
=====================
---
name: richard
gecos: 'Richard Hector,,,'
shell: '/bin/bash'
ssh_keys:
- richard@foo
- richard@bar
=====================
Then in host_vars/all, I have this kind of thing:
=====================
---
users:
- richard
admins:
- richard
ansible_users:
- richard
=====================
I also have users/public_keys, which has a file for each of
'richard@foo' etc, containing one key.
Where I'm stuck is reading in the user_vars file(s).
I want to get rid of what I used to have:
=====================
- name: users
user:
name: '{{ item.name }}'
comment: '{{ item.gecos }}'
shell: '{{ item.shell }}'
createhome: yes
state: present
groups: '{{ item.groups }}'
append: yes
with_items:
- { name: 'richard', gecos: 'Richard Hector,,,', shell:
'/bin/bash', groups: [ 'sudo', 'adm' ] }
tags:
- users
======================
since I want to separate data from the rest of my config.
So I'd like to either read all the user_vars files into a single
dictionary before I run that loop, or read each file in its own
iteration of the loop - or something better if that's the answer.
I thought about using set_fact in a loop, but that would give me
separate facts/variables for each user, making it harder(?) to index
them (but maybe by text templating the variable name?)
I also thought about doing a lookup in every line of the user loop
above, but that seems wasteful, and I'm not sure how I'd do it anyway.
I've got this, but it looks horrible:
==================
- name: set up user dicts
set_fact:
"user_{{ item }}": "{{ lookup('file', inventory_dir +
'/users/user_vars/' + item) |from_yaml }}"
with_items: "{{ users }}"
tags:
- users
- name: users
user:
name: "{{ lookup('vars', 'user_' + item).name }}"
comment: "{{ lookup('vars', 'user_' + item).gecos }}"
shell: "{{ lookup('vars', 'user_' + item).shell }}"
createhome: yes
state: present
append: yes
with_items: "{{ users }}"
tags:
- users
- name: admin groups
user:
name: "{{ item }}"
append: yes
groups:
- sudo
- adm
when: item in admins
with_items: "{{ users }}"
tags:
- users
- name: ansible group
user:
name: "{{ item }}"
append: yes
groups:
- sudo
- adm
when: item in ansible_users
with_items: "{{ users }}"
tags:
- users
=========================
I'm still to do the ssh key stuff - that's going to be pretty ugly too,
I think.
Are there ways to make this cleaner?
Cheers,
Richard
--
You received this message because you are subscribed to the Google Groups "Ansible
Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/af4b8c5e-3e6c-b937-48fd-b74ea32d66d0%40walnut.gen.nz.
