Brian, I know it took me a long while, but I finally got to working on this and your suggestion was extremely helpful. I implemented a variation that works really well for me. In this example, user "original" is the one the OS ships with and that we want to disable. User "newuser" is the one we want to enable.
## Secure the server and disable user original if this is a new instance - hosts: all:!localhost gather_facts: false user: original sudo: yes tasks: - name: Attempt basic command as user original to determine setup status. Failure means the machine has been secured raw: hostname ignore_errors: yes register: setup_status - include: roles/common/tasks/user-newuser.yml when: not "Account disabled." in setup_status.stdout handlers: - include: roles/common/handlers/main.yml # Continue with standard setup when user newuser is enabled and original disabled - hosts: all:!localhost user: newuser sudo: yes roles: - common handlers: - include: roles/common/handlers/main.yml On Thursday, November 7, 2013 3:09:13 PM UTC-5, Brian Coca wrote: > > you might want your first play to be something like this: > > - hosts: all > gather_facts: False > remote_user: normal_one > tasks: > - setup: > ignore_errors: true > register: normalworks > > - include: bootstrap.yml remote_user: bootsrap_user > when: normalworks is not defined > # bootstrap should call setup again to make sure you have host > facts > > .... continue as normal > > > -- > Brian Coca > Stultorum infinitus est numerus > > 0110000101110010011001010110111000100111011101000010000001111001011011110111010100100000011100110110110101100001011100100111010000100001 > Pedo mellon a minno > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.