Hello!
I am newby in ansible world, but i like this tool and i try to use in my enviroment…
I have some question about user managment, and can’t get solution 
I have several projects (test, developer, production and same) I make separate folders for this projects with contain hosts, main.yml, ansible.cfg and roles folder… I try to add user accounts by adding special role- user_ssh, like this:
- name: Add ssh user
user: name={{ item.user }} shell={{ item.shell }} groups=‘admins’
with_items:
- $ssh_users
Variable ssh_users i use in play-book and use it for any host grous. It looks like this:
- hosts: apps
vars:
- ssh_users:
- $user1
- $user2
In next group (db for example) i use different values for ssh_users variable (like user1 and user3)
Main question is how to grab file with users parameters and use it in this role?.. I have no luck two days in row.
How to deal with this situation, or use other strategy?..
Hello!
I am newby in ansible world, but i like this tool and i try to use in my enviroment…
I have some question about user managment, and can’t get solution
I have several projects (test, developer, production and same) I make separate folders for this projects with contain hosts, main.yml, ansible.cfg and roles folder… I try to add user accounts by adding special role- user_ssh, like this:
- name: Add ssh user
user: name={{ item.user }} shell={{ item.shell }} groups=‘admins’
with_items:
- $ssh_users
Variable ssh_users i use in play-book and use it for any host grous. It looks like this:
- hosts: apps
vars:
- ssh_users:
- $user1
- $user2
In next group (db for example) i use different values for ssh_users variable (like user1 and user3)
-
You are mixing old style variables with new style variables… (replace $var with {{ var }})
-
in your play you have item.name and item.shell but you are only passing in a single variable
try something like this for your variables…
vars:
ssh_users:
- {{ name: user1, shell: /bin/ksh }}
- {{ name: user2, shell: /bin/bash }}
I hope that this helps,
Adam
Thanks for you reply, Adam!
I think, this solution is working like charm, but main reason for defined users like variables - is keeping all information in separate file. It is more simple for managing information and apply changes…
For example, if i have 10 host groups and 40 users, and changing some information or add field for user - i need to change each entry in my playbook (or multiple playbooks). If i use separate file - i need to change only this file 
I would suggest that you put the variables into some kind of vars file (group_vars if they are different for different groups)
then you can use the same playbook and task… If you add fields you may want to change the tasks to apply the fields…
So with your inventory file…
[group_1]
host_1
host_2
[group_2]
host_3
host_4
You would have a playbook that would have something like
I should add that you might want to look at the best practices document
http://docs.ansible.com/playbooks_best_practices.html
which will give you a clear picture of how you could lay out your files. If you want the same users on all hosts in all groups then you might want to put them in group_vars/all rather than group_vars/group_1
Adam
works like charm!
One more little question - i have user variables like this:
user1:
- { user: ‘user1’, shell: ‘/bin/sh’ }
how i can change shell value in special host group to /bin/nologin for example? And keep it default value for other groups?..
Solved by myself.
Use trick with
shell={{ variable | default(‘/bin/sh’) }} value.
Thanks a lot for help!