Append to/merge lists in defaults/vars files outside of play

SUMMARY

As far as I’m aware, there’s no way to append to or merge lists (or other data structures) in defaults/vars files, outside of plays, during definition time. This has led myself and others to use hacky filters to try and replicate this functionality (see here for an example). It would be a huge improvement if this was possible to do; see example below.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

Core?

ADDITIONAL INFORMATION

An example: you have a role, roles/ssh, that configures OpenSSH to only allow specific users to SSH to the server. The list valid_ssh_users controls what users get added to /etc/ssh/sshd_config. Many different roles or inventory files could want to add users to the valid_ssh_users list for various reasons. Ideally, something like this would be possible:

roles/ssh/defaults/main.yml:

valid_ssh_users:
  - superuser

roles/monitoring/vars/main.yml:

valid_ssh_users+:
  - zabbix

inventory/server1:

valid_ssh_users+:
  - server1-admin

valid_ssh_users would then resolve to [ 'server1-admin', 'superuser', 'zabbix' ] during a play on server1.

This would obviously be a big change in how ansible resolves variables, but it would be a huge improvement in my (and hopefully other’s) environments.

Edit: My example above obviously isn’t valid yaml, see below for a more practical solution.

1 possible answer(s) on “Append to/merge lists in defaults/vars files outside of play

  1. This will work since the evaluation happens before the assignment, ‘vars:’ are lazy and do not work the same way.

    set_fact: 
     valid_ssh_users: "{{ valid_ssh_users + [ 'zabbix' ] }}"