I have the following in a role:
-
name: Create readonly user groups
group:
name={{ item.name|default }}
gid={{ item.gid|default }}
with_flattened: -
users_ro
-
host_users_ro
ignore_errors: yes -
name: Create readonly users
user:
name={{ item.name|default }}
comment={{ item.fullname|default }}
groups=users
group={{ item.name|default }}
shell=/bin/bash
createhome=yes
uid={{ item.uid|default }}
password=“*”
update_password=always
with_flattened: -
users_ro
-
host_users_ro
ignore_errors: yes
I have use cases where I know that various combinations of the groups I’m looping through (users_ro and host_users_ro, in this example) are empty/undefined. I’d prefer to not use the default filter for each of my variables I’m referencing here, but this, in combination with ignore_errors, appears to be the only way I can get the play to continue if one of the lists is undefined.
If the list is undefined, I get an error, and if I use something like host_users_ro|default(omit), I get an error on ‘name’ not being defined instead.
Simply using ignore_errors: yes without using the default filter results in a fatal error and ansible also does not continue.
I assume this is expected/by design. But is there no way to tell ansible to ignore when a list is undefined or empty? I’d much rather have ansible continue if a list isn’t defined, rather than having to define an empty list with an empty user, just so ansible can create an ‘empty’ user on the system.
