I am trying to come up with a scheme for managing users on boxes. I want to be able to selectively choose users at a global, group and host level and then also who is admins (with sudo access basically) on each box at each level as well.
One of the ideas I was thinking was a pattern such as this, each of these vars would be in group_vars/all.yml, group.yml or host.yml .
users_global_list:
- username: …
sshkey: …
etc…
(same format as above)
users_group_list:
users_host_list:
And then for admins make a separate list for each level
users_global_admins: [ bob, sally ]
users_group_admins: [ john ]
users_host_admins:
The playbook would create users first and then a add the groups needed to be an “admin” on the box. I wanted to get some opinions on this and see if it seems like the right approach and managable.