I have a role that manages my users on my boxes, problem I am having is I have two tasks that modify the “groups” properties of users. This is obviously stupid since they keep changing each other, giving my false change notifications when I run ansible.
I have separate global/group/host vars that are just a list of usernames that get “sudo” access on a box which is why I currently separate it out into a separate task.
Anyone have an idea on how to merge theses? I was thinking of using set_fact to build the list of groups first and then running the user module once. I couldn’t figure out if set_fact supports a “when” clause though.
-
name: manage user groups
user:
name: ‘{{ item.name }}’
state: ‘{{ item.state | default(“present”) }}’
groups: ‘{{ item.groups | join(“,”) }}’
append: ‘{{ item.append | default(“no”) }}’
with_flattened: -
users_global_list
-
users_group_list
-
users_host_list
when: ((item.name is defined and item.name) and (item.groups is defined and item.groups)) -
name: manage admins
user:
name: ‘{{ item.name }}’
state: ‘{{ item.state | default(“present”) }}’
groups: ‘{{ users_default_admin_group }}’
append: ‘yes’
with_flattened: -
users_global_list
-
users_group_list
-
users_host_list
when: ((item.name is defined and item.name) and
(item.name in users_global_admins or
item.name in users_group_admins or
item.name in users_host_admins))