Skip to content

Instantly share code, notes, and snippets.

@wu-lee
Last active December 13, 2015 23:49
Show Gist options
  • Save wu-lee/4994831 to your computer and use it in GitHub Desktop.
Save wu-lee/4994831 to your computer and use it in GitHub Desktop.
[standard_users]
some.host.net
--- # create_userA.yml
# This get the user attributes via parameterised variables $user and $pubkey
- action: debug msg="item is '${item}' user is '${user}' pubkey is '${pubkey}'"
- name: Create the "${user}" user
action: user
state=present
name="${user}"
createhome=yes
- name: Insert authorized_keys for user "$item"
action: authorized_key
state=present
user="${user}"
key="${pubkey}"
only_if: is_set('${pubkey}')
--- # create_userB.yml
# This gets the user attributes directly via $item and $userdefs
- action: debug msg="user is '${item}' pubkey is '${userdefs.${item}.pubkey}'"
- name: Create the "${item}" user
action: user
state=present
name="${item}"
createhome=yes
- name: Insert authorized_keys for user "${item}"
action: authorized_key
state=present
user="${item}"
key="${userdefs.${item}.pubkey}"
only_if: is_set('${userdefs.${item}.pubkey}')
# Gists don't alow directories, this file must be moved to
# group_vars/standard_users to work properly.
# Define a subset of our users as "standard"
users:
- alice
- bob
--- # users.yml
- name: Create / remove users as specified in the $users list, defined in group_vars
user: root
hosts: all
vars_files:
# This defines a set of *possible* users' attributes,
# keyed by name in a dictionary $userdefs.
# (See below.)
vars_userdefs.yml
# $users list intended to be defined in group_vars/*,
# but that seems to fail to interpolate.
# However, uncomment this and things work as expected
# vars:
# users:
# - bob
# - charlie
tasks:
- name: check our variables are defined ok
action: debug msg="User $item has key ${userdefs.${item}.pubkey}"
with_items: ${users}
# This aims to call create.yml task file for each user, which does the work
# Unfortunately the variables don't get expanded.
- include: create_userA.yml user="${item}" pubkey="${userdefs.${item}.pubkey}"
with_items: ${users}
# Doing it this way with implicit parameter passing via $item also doesn't seem to work
- include: create_userB.yml
with_items: ${users}
--- # vars_userdefs.yml
# This defines the attributes of all know users. There would normally
# be more than in this stripped example.
userdefs:
root:
pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCv68suJPUZCOqOQ1CDR/Abzs+Akw6Dy+XHwSwoZdtRPbiM0jEs5LK+BiwuMcZWvsQlt5/vgvYEA7tmvRJWyBfEoWvPbMshGii69us/dV8/rsDGB31zlEzBe3jGenWjsNeFk0yCFHksx3juKWvrMP2bLa10fade2W4QOWVvSxU0MaXLW2r6TshwP3+OAML/OAmR3v1jsW7mTYsI9B9N61yGUWjbbtYY/j/EstiWnqHG+cSBpke6ZtRIukC4uvYBD4E+v2Hc12CJW3B5QIh1wt1t9L46ssXbG5ihPzNtYvc/fnyQRvg7IUPfLbMa5WOIhupdXNZOhIwH5MvXW4kiMUmX ansible-root"
alice:
pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOw7IGtvD3yr5BUm1MTX4TawkPc/21NDi0DQujEVaLlEW6WwpQA0pLgOgV/MlhUstqfPYC35vrTRpWqoLa2R2oNw3D1wsNoDgUSCBpViRsAktwCpvSadq3IjGigQY9UCkOzZZY1WIu9Tg1QBYiOWo4S9bPVe6s/tc4YoYHXXBvQZalwhZMSyfBtcOdRxhtbNxLE2lv/2TybO/gH+ch0/oObAbHd+gxdhDIc048EK1VJKIhoFEDXYdz21kIyvDBuZjAN/pGBqHn+BZXNlfBzTjwq2TsrNM0DsWdzye1BKn+uB0ZLTqAN1jx7z5I3Q7mO1iTv0+ruVTJ4/M48sydr/DL alice"
bob:
pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNcdxyfWLHH1sufVi0H709zxQlWDqHxKs00puBUEXs45BrHFjCxypmtKzx0meuekKbNECmiFpYG5IIXRXPSqyawZcY2eoxt6XK4BL7934vLsUUDNkZaLR9SETpq81G/stImbkYpEqP+5e/V/xryuguXznYM0KSICG8GAmupD6Xld8NGBqiZitgICIqmSoRehnZnv2YodHJW+Vyu5qSVcoK4I9uXTG5/aiRL9JtJl6XjE2xrcMX0juDTCn4FRTAnt/OPrycW9Sj1/QoOYQ6E/nrBfycF48Y4PfgURfmqDJsL4uY33u68/xpwkysnd10/wWdDXEYxXWAnegQS9XN+xCP bob"
charlie:
pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC32wF/OcOotV40CKKCgBvLbOqmT6c8f6d6RaY7OVSYjZezmkRXAQMLjMd+Oo0nJtGUvFVc8nQ07F/99sqIU3mbVD+9sNGcnvhLExFTyI5+YjxFP0AvTvwZDoi1kvp5o9ZWAXcEOPk1zfiSF/Z1hCHsm2X5vi2wopPuERr0MC+iRvezlHoDkzxMypFylfAzo2QJBgdaExpdCng6iCCE3c5o683RdaJT1NG4MEJ3vjzcltWmGnDf91F9ZbWhks0kgSVD5+8W3U5RJxWMV8dKvtzMRvXCxiDk7SPwy64ND9JVxuKxC93vZv+vD5JprGLvk1cANhJwRftAU0o/86O5XU/B charlie"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment