I haven’t seen the “right” way to organizer users, so here’s my attempt, but it seems to me like it should be a bit simpler.
https://gist.github.com/pete0emerson/ba331fd0defba6d2dd7c
Why I organized things this way:
-
I want to only define users once, in one place (users.yaml)
-
I want to map groups of users in one place as well (user_groups.yaml)
-
I want the definition of a user to be in one place (user_definition.yaml)
-
Right now I’m saving usergroups for later (this is an MVP)
-
I’m saving disabling of users for later as well (in a pinch I can revoke their ssh key)
Where I’d like some guidance:
The playbook that I run (users_playbook.yaml) maps hosts to groups of users. But I currently specify the host group twice:
- hosts: haproxy
include: user_definition.yaml accounts_to_add=users_haproxy hosts=haproxy
It seems strange to have the "- hosts: " section in both the users_playbook.yaml and the user_definition.yaml file, passing the host group from one to the other in a variable. Is there a nicer way to do this?
Any other comments such as “this is a very un-Ansible way of organizing things, try it this way” et cetera are very welcome. I’d love to see a “best practices” document come to life centered around these sorts of things.
Thanks,
Pete