We have a fleet of systems that are collected into groups that perform different roles and we need to manage user accounts across those systems. I would like to manage this as cleanly as possible. Here is what I would like to do:
I would like to put the details about users (login, uid, ssh-key, etc) and groups (name, gid) into the group_vars/all file so it’s all in one place.
Also in group_vars/all I would like to collect the users into functional groups (where a user can be in one or more groups).
Then, in the group_vars/<host_group> files (one for each collection of hosts) I would like to define which groups of users should be provisioned on that host_group.
Here’s what my group_vars/all file looks like: