Several host merge hierarchically

Hello,

I have developed a role that uses group_vars/all (usually) and very defined scope. Manage access to root user in several machines[1].

While developing it, I have realized that when I specify a site.yml like the one in the gist, I (txomon) wouldn’t have access to others host group.

The reason is because all is run first, and gives me access to all the computers, and then, others’ task is run, which give access to test user and leaves me out.

I have explored a little with hash_behaviour config parameter, but doesn’t seem to work as I expected.

I am accustomed to Puppet’s hiera, which you can go overriding level by level, but I am unable to reproduce this behaviour with ansible.

My questions are:
1.- How can I have sysadmins get access to all computers and development just in the others ones, without having to explicitly write sysadmins in all the hosts?
2.- Is there any way I can override variables to create hiera-like behaviour?
3.- Do you know any better role to control exactly who has ssh access?

Cheers,

Javier Domingo Cansino

[1] User management role: https://gist.github.com/txomon/a3afe985672358927406

Hiera is a terrible over-complication, which is why Ansible has all the variable magic and support for classification of groups in core.

group_vars/all is overridden by any group in all, and so on, so the “deeper” group always wins. Then hosts override groups.

It’s there, definitely.

Can you highlight more specifically what you are having trouble with? That’s a long gist and I can’t call out the behavior that you think isn’t there, specifically.

What variable value in what file are you not seeing?