我将用户创建角色导入到应用程序角色中,以便仅从用户创建角色安装应用程序用户。我无法将用户创建角色限制为仅创建应用程序用户。导入后,它会运行 common/vars/users.yml 定义的所有用户。
那个树:
└── roles
├── application-role
| └── tasks
| ├── main.yml
| └── application.yml
└── common
├── defaults
│ └── main.yml
├── tasks
│ ├── main.yml
│ └── usercreation.yml
└── vars
├── main.yml
└── users.yml
应用任务:
- name: create applicationuser from commonrole
become: yes
include_role:
name: common
tasks_from: usercreation.yml
vars_from: users.yml
public: yes
apply:
tags: present-test
vars:
username: applicationuser
tags: usertest1
以及常见的用户创建任务:
- include_vars: users.yml
tags: present-test
- name: Create users
become: yes
user:
name: "{{ item.username }}"
shell: "{{ item.shell }}"
groups: "{{ item.groups }}"
createhome: yes
comment: "{{ item.comment }}"
password: "{{ item.OSpass }}"
uid: "{{ item.uid }}"
state: "{{ item.status }}"
with_items:
"{{ users }}"
tags: present-test
最后是 users.yml
users:
- username: applicationuser
comment: "ansible test user 2 "
shell: "/bin/bash"
profile: prod
uid: "599"
dev: no
key: "ssh-rsa AAAAAxxXXxxXX666666666XX66X"
groups: "wheel"
OSpass: "$6$9rywWxjz4XFDxQ2H$mb1qvD1dGe.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxHSrcwfCmqa438WqEqg/eV/IY3KjRjBty56spCOUsxfNH/"
status: present
- username: otheruser
...
运行此命令时,它会在 vars/users.yml 中创建所有用户,完全忽略我的 vars:限制
我只想创建应用程序用户。
这可行吗?
答案1
您已经定义了您的“用户名”,但实际上并没有对该变量执行任何操作。
也许您想添加“何时”之类的词?可能是这样的?
- name: Create users
become: yes
user:
name: "{{ item.username }}"
shell: "{{ item.shell }}"
groups: "{{ item.groups }}"
createhome: yes
comment: "{{ item.comment }}"
password: "{{ item.OSpass }}"
uid: "{{ item.uid }}"
state: "{{ item.status }}"
with_items:
"{{ users }}"
tags: present-test
when: username == item.username