Here are the relevant files from my ansible playbook:
group_vars/all.yml
users:
- user1
- user2
inventories/production.yml
ungrouped:
hosts:
host1.test.de:
roles/base/defaults/main.yml
users:
- user2
- user3
- user4
all_users:
user1:
name: ..
groups: ...
user2: ...
user3: ...
user4: ...
roles/base/tasks/user.yml
- name: Create users
ansible.builtin.user:
name: "{{ item.name }}"
password: "{{ item.shadow | default(omit) }}"
groups: "{{ item.groups | default([]) }}"
append: true
shell: "/bin/bash"
state: present
loop: "{{ users | map('extract', all_users) }}"
loop_control:
label: "{{ item.name }}"
roles/base/tasks/main.yml
- name: Create Users
become: yes
import_tasks: user.yml
tags: user
site.yml
- name: Setup basic linux-server installation
hosts: all
roles:
- base
tags: base
Now I execute the user task:
$ ansible-playbook -i inventories/production.yml site.yml -t user
Then ansible loops over the elements from roles/base/defaults/main.yml {user2, user3, user4}. But it should loop over the elements from group_vars/all.yml {user1, user2} as stated in the docs:
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#understanding-variable-precedence
When I delete the users variable from roles/base/defaults/main.yml all works fine and ansible loops over the users lists from group_vars/all.yml.
Am I getting something wrong here? Why is the default var used and not the group_var?
Found the problem in my site.yml:
- hosts: all
tasks:
- name: Include vars from base role for other roles
include_vars:
file: roles/base/defaults/main.yml
tags: always
I needed that for some other roles, got to think of a way to avoid that..