I already have tasks for creating users, groups, authorized_keys, etc. from the existing lists of users, by setting a variable that’s linked to each of those.
What I want to do is have group_vars for an inventory that lists which groups I want added to servers. And then another inventory might have other group_vars where the groups are different. I want to define all users and what groups they’re in in users.yml, and then simply specify which groups get different access to servers in my inventory by creating my user_groups list in a group_var.
in group_vars/users.yml:
devs:
- “{{ ronda }}”
- “{{ abe }}”
- “{{ kathy }}”
sysadmins:
- “{{ york }}”
- “{{ kathy }}”
- “{{ george }}”
managers:
- “{{ brown }}”
- “{{ lee }}”
ronda:
- { name: “ronda”, fullname: “Ronda”, uid: “1001”, gid: “1001”, state: “present”, remove: “no”, ssh_key: “…/ssh_keys/ronda.pub” }
etc…
in inventory/group_vars/single-environment.yml:
user_groups:
- devs
- sysadmins
- managers
There could be another file in inventory/group_vars/second-environment.yml that defines user_groups differently:
user_groups:
- sysadmins
Is this possible, at all? I feel like I should be able to reference this doing something like user_groups[item.name], user_groups[item.fullname], user_groups[uid], etc. I know that method isn’t possible, but, there’s gotta’ be a way?