As far as I’m aware, there’s no way to append to or merge lists (or other data structures) in defaults/vars files, outside of plays, during definition time. This has led myself and others to use hacky filters to try and replicate this functionality (see here for an example). It would be a huge improvement if this was possible to do; see example below.
- Feature Idea
An example: you have a role,
roles/ssh, that configures OpenSSH to only allow specific users to SSH to the server. The list
valid_ssh_users controls what users get added to
/etc/ssh/sshd_config. Many different roles or inventory files could want to add users to the
valid_ssh_users list for various reasons. Ideally, something like this would be possible:
valid_ssh_users: - superuser
valid_ssh_users+: - zabbix
valid_ssh_users+: - server1-admin
valid_ssh_users would then resolve to
[ 'server1-admin', 'superuser', 'zabbix' ] during a play on server1.
This would obviously be a big change in how ansible resolves variables, but it would be a huge improvement in my (and hopefully other’s) environments.
Edit: My example above obviously isn’t valid yaml, see below for a more practical solution.