1

I am trying to interpolate variables within an Ansible play. I have the following variables:

target_hostname
user_account
account_password

user_account_password is in a vault, and the variable is named target_hostname.user_account.user_account_password, e.g., myhost.username.thepassword.

The variables defined:

build:
  common:
    system_accounts:
      - name: 'ansible'
        group: 'ansible'
        uid: '5000'
        gid: '5000'
      - name: 'sysadm'
        group: 'sysadm'
        uid: '5001'
        gid: '5001'

And the entries in the vault:

target_hostname:
  bootloader_password: bootloader123
  root.account_password: root123
  sysadm.account_password: sysadm123
  ansible.account_password: ansible123

Tried using varying types of interpolation:

- name: Ensure users exist with appropriate UID
  ansible.builtin.user:
    name: "{{ system_account_items.name }}"
    uid: "{{ system_account_items.uid }}"
    umask: "022"
    group: "{{ system_account_items.group }}"
    password: "{{ target_hostname.[{{ system_account_items.name }}].account_password | password_hash('sha512') }}"
    update_password: always
  with_items: "{{ build.common.system_accounts }}"
  loop_control:
    loop_var: system_account_items
Improve this question

1 Answer 1

Reset to default
2

For example,

    - debug:
        msg: |
          name:  "{{ item.name }}"
          uid:   "{{ item.uid }}"
          group: "{{ item.group }}"
          password: "{{ target_hostname[key] }}"
      loop: "{{ build.common.system_accounts }}"
      vars:
        key: "{{ item.name }}.account_password"

gives

ok: [localhost] => (item={'name': 'ansible', 'group': 'ansible', 'uid': 5000, 'gid': 5000}) => 
    msg: |-
        name:  "ansible"
        uid:   "5000"
        group: "ansible"
        password: "ansible123"
ok: [localhost] => (item={'name': 'sysadm', 'group': 'sysadm', 'uid': 5001, 'gid': 5001}) => 
    msg: |-
        name:  "sysadm"
        uid:   "5001"
        group: "sysadm"
        password: "sysadm123"

Example of a complete playbook for testing

- hosts: localhost

  vars:

    build:
      common:
        system_accounts:
          - name: ansible
            group: ansible
            uid: 5000
            gid: 5000
          - name: sysadm
            group: sysadm
            uid: 5001
            gid: 5001

    target_hostname:
      bootloader_password: bootloader123
      root.account_password: root123
      sysadm.account_password: sysadm123
      ansible.account_password: ansible123

  tasks:

    - debug:
        msg: |
          name:  "{{ item.name }}"
          uid:   "{{ item.uid }}"
          group: "{{ item.group }}"
          password: "{{ target_hostname[key] }}"
      loop: "{{ build.common.system_accounts }}"
      vars:
        key: "{{ item.name }}.account_password"
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

thank you! I haven't tried this yet (but it looks like you have). based on the yaml I understand what's going on and where I went wrong

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.