In this lesson, you will learn how to effectively use Ansible loops in Ansible. Loops are useful for automating repetitive tasks. By the end of this lesson, you will be able to utilize loops in your Ansible playbooks.

We'll start by adding a list of users and passwords to our secret.yml file for secure storage, then we'll create a new playbook that will loop over the list and create the user accounts with their respective passwords.

Adding a List of Users To Our Ansible Vault File

You already have an Ansible Vault file at ~/secret.yml. This file will store user passwords securely. We will edit this file to add user information.

ansible-vault edit ~/secret.yml

users:
  - username: user1
    password: password1
  - username: user2
    password: password2
  - username: user3
    password: password3
  - username: user4
    password: password4
  - username: user5
    password: password5

Note that we are using insecure passwords for each user, you are free to change this how you see fit. Save and close the file with the :wq key sequence.

Creating the Playbook

Let’s create a playbook called loops_test.yml. This playbook will loop through the user information stored in the Ansible Vault to create user accounts on your managed node.

   nano loops_test.yml

   ---
   - name: Create multiple users
     hosts: managed-node-1
     become: yes
     vars_files:
       - ~/secret.yml
     tasks:
       - name: Create user accounts
         user:
           name: "{{ item.username }}"
           password: "{{ item.password | password_hash('sha512') }}"
           state: present
         loop: "{{ users }}"

The loop in this playbook is defined by loop: "{{ users }}". This line is crucial because it tells Ansible to repeat the task for each item within the users variable. The users variable is expected to be a list where each item represents a user account's details.

Each iteration of the loop picks up an item from the users list. In the context of this task, each item would typically contain a username and a password.

Now, within the task, we reference elements of the current item using the {{ item }} notation. For instance, {{ item.username }} retrieves the username of the current item in the loop, and {{ item.password ... fetches the password.

|: This is a pipe character used in Jinja2 to apply a filter to the variable on its left. Filters are functions that transform the variable in some way.

password_hash('sha512'): This is a Jinja2 filter provided by Ansible that takes a plain text string and returns a hashed version of the string. The argument 'sha512' indicates that the SHA-512 hashing algorithm should be used. Hashing is a one-way function, making it a secure way to store passwords.

The loop runs the user module for each item in the users list. It creates a user account with the specified username and password for each item. What's clever here is how Ansible handles each account creation as a separate task, but it's all written in a concise, easy-to-manage way thanks to the loop.

This loop structure is a powerful feature in Ansible, allowing us to manage multiple items with a single task definition. It's a fundamental concept for efficient playbook writing, reducing repetition and enhancing readability.

Executing the Playbook

Run the playbook with the following command:

ansible-playbook loops_test.yml

Verifying the Task

To ensure the users have been created, you can log into managed-node-1 and check the user list:

getent passwd

The new usernames should appear in the list.

Conclusion

You've successfully created a playbook that uses Ansible loops to automate the creation of user accounts, leveraging an existing Ansible Vault file for secure data handling. This approach exemplifies how Ansible's automation capabilities can be combined with security best practices.

Server Academy Members Only

Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.

Sign In Get Instant Access