Ansible - Conditionnally change an option value

Question

I have an Ansible task that ensures that a list (dict) of users is created and create them if needed.

I want that this task don't update the passwords (only on_creation) except when I set a global variable enforce_config to true. In that case i want to all managed users get there password updated with the default one (stored in my users dict).

In a short I want based on the value of enforce_config variable change this user module option:

update_password: on_create

into:

update_password: always

Here is the complete task:

  - name: Manage users and their password
  user:
    name: "{{ item.key }}"
    home: "{{ item.value.home }}"
    createhome: yes
    shell: "{{ item.value.shell }}"
    password: "{{ item.value.password }}"
  # IF `enforce_config` == true
  #   update_password: always
  # ELSE
    update_password: on_create
  with_dict: "{{ users }}"

techraf · Answer 1 · 2017-11-08T12:25:17.133

1

update_password: "{{ ‘always’ if (`enforce_config` == true) else ‘on_create’ }}"

Or

update_password: "{{ (`enforce_config` == true) | ternary(‘always’, ‘on_create’) }}"

edited Nov 08 '17 at 12:25

answered Nov 08 '17 at 12:19

techraf

64,883
27
193
198

score 0 · Accepted Answer · answered Nov 08 '17 at 12:47

0

After read this question here, I actually found an answer to my own question.

Directly with a Jinja2 if-else in the update_password option of the task:

update_password: "{% if enforce_config==true %}always{% else %}on_create{% endif %}"

answered Nov 08 '17 at 12:47

xenlo

761
1
7
21

Ansible - Conditionnally change an option value

2 Answers2