I would like to be able to edit a variable (per host) that was originally defined in a default file.
The larger situation is this. We have a large number of servers with a defined set of local accounts. The list of accounts is defined something like this in the default.yml file for the role. The task in the role iterates over the list and creates all the accounts using the user module.
`
list_of_users:
Ideally, I’d like to be able to trim down the list of users to a much smaller set on a per-host basis. I don’t want to have to edit the per host file when the main file adds a new user. I also don’t want to have to change passwords or shells in every per-host file (which is what I’m doing now).
The ideal case would be to (in a host_vars or group_vars file) iterate over the list_of_users array and change the state variable to absent…except when username matches a local list.
It seems like such a thing should be possible somehow, but I haven’t found any way of doing that.
Thanks,
I would like to be able to edit a variable (per host) that was originally
defined in a default file.
You can overwrite variables per host, but not edit or partial overwrite a variable.
The larger situation is this. We have a large number of servers with a
defined set of local accounts. The list of accounts is defined something
like this in the default.yml file for the role. The task in the role
iterates over the list and creates all the accounts using the user module.
list_of_users:
- username: user1
state: present
shell: /bin/bash
password_hash: <hash>
- username: user2
state: present
shell: /bin/zsh
password_hash: <hash>
Ideally, I'd like to be able to trim down the list of users to a much
smaller set on a per-host basis. I don't want to have to edit the per host
file when the main file adds a new user. I also don't want to have to
change passwords or shells in every per-host file (which is what I'm doing
now).
The ideal case would be to (in a host_vars or group_vars file) iterate over
the list_of_users array and change the state variable to absent...except
when username matches a local list.
It seems like such a thing should be possible somehow, but I haven't found
any way of doing that.
What you could do is introduce a list variable called enabled_users.
Then you can list all the user that you would like to create on a host, and the role has all the users.
If you need to overwrite some of the values you could do something like list_of_user_overwrite.
- user:
name: "{{ list_of_user_overwrite[item.username] | default(item.username) }}"
state: "{{ list_of_user_overwrite[item.state] | default(item.state) }}"
...
...
when: item.username in enabled_users
with_items: "{{ list_of_users }}"