I'm a new ansible user, switching from a collection of shell scripts to ansible playbooks. My current user management system allows for adding a user to a system only if that user has been granted access to that Server class, Location, and environment (or if any of those are set to wildcard/any).
The server class, location, and environment are stored locally on the client server itself, in the form of a (root readable/writeable only) file that looks like:
LD_CLASS="app" LD_LOC="dfw" LD_ENV="prod" I have found a few examples that I think are similar to what I want, I'm still unsure how to grab the variables from the ansible client, and also how to make sure all 3 class, location, and environment requirements are met before adding the user. I envision a variable file like this:
users: -name: user1 uid: 60001 gid: 60001 class: app location: any env: dev -name: user2 uid: 60002 gid: 60002 class: app location: dfw env: prod With a user module entry that looks something like this based on the variables gathered from the ansible client I'm configuring (note the pseudo code because I'm not sure how I'd actually accomplish this):
- user: name: '{{ item.name }}' state: '{ (If $LD_LOC matches location variable, or is set to any) & ($LD_ENV matches env variable, or is set to any) & ($LD_CLASS matches class variable, or is set to any) } present{% else %}absent{% endif %}' uid: '{{ item.uid }}' with_items: users I'd prefer to not rely on ansible roles, but instead get the class, location, and environment data from the ansible client itself, at least partially because this is the system we currently have and it helps us easily transition to ansible while keeping some existing and familiar tools. Is what I'm looking for possible?
