Update access targets to be optional parameter

Add server role to iridium

inventory.yaml

@@ -24,6 +24,8 @@ en1:
       ansible_host: 10.42.101.200
       skylab_description: Local Monitor Node
       skylab_targets: [network]
+      skylab_roles:
+        - server
 
   children:
 

playbooks/update.yaml

@@ -47,6 +47,7 @@
         state: present
         update_cache: true
 
+
 - name: Update unix accounts
   hosts: linux
   tags:
@@ -75,38 +76,55 @@
         cmd: 'grep "{{ skylab_group.name }}:" /etc/group | cut --delimiter : --fields 4 | tr "," "\n"'
       register: _existing_skylab_accounts
 
+    - name: Determine deleted skylab users
+      vars:
+        _deleted_accounts: []
+      when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid'))
+      ansible.builtin.set_fact:
+        _deleted_accounts: "{{ _deleted_accounts + [item] }}"
+      loop: "{{ _existing_skylab_accounts.stdout_lines }}"
+
+    - name: Delete accounts
+      when: _deleted_accounts | default(false)
+      block:
         - name: Delete removed user accounts
           become: true
-      when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid'))
           ansible.builtin.user:
             name: "{{ item }}"
             state: absent
-      loop: "{{ _existing_skylab_accounts.stdout_lines }}"
+          loop: "{{ _deleted_accounts }}"
 
         - name: Delete removed user groups
           become: true
-      when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid'))
           ansible.builtin.group:
             name: "{{ item }}"
             state: absent
-      loop: "{{ _existing_skylab_accounts.stdout_lines }}"
+          loop: "{{ _deleted_accounts }}"
 
         - name: Delete removed user home directories
           become: true
-      when: item not in (skylab_accounts | items2dict(key_name='name', value_name='uid'))
           ansible.builtin.file:
             path: "/home/{{ item }}"
             state: absent
-      loop: "{{ _existing_skylab_accounts.stdout_lines }}"
+          loop: "{{ _deleted_accounts }}"
+
+    - name: Determine active users
+      when: item.targets | default([]) | intersect(skylab_targets)
+      vars:
+        _active_accounts: []
+      ansible.builtin.set_fact:
+        _active_accounts: "{{ _active_accounts + [item] }}"
+      loop: "{{ skylab_accounts }}"
+      loop_control:
+        label: "{{ item.uid }},{{ item.name }}"
 
     - name: Create account groups
-      when: item.targets | intersect(skylab_targets)
       become: true
       ansible.builtin.group:
         name: "{{ item.name }}"
         gid: "{{ item.uid }}"
         state: present
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
 
@@ -119,12 +137,11 @@
           skylab_group_admin.name if item.admin | default(false) else '',
           skylab_group_automation.name if item.service | default(false) else '',
         ]}) }}"
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
 
     - name: Create accounts
-      when: item.targets | intersect(skylab_targets)
       become: true
       ansible.builtin.user:
         name: "{{ item.name }}"
@@ -136,7 +153,7 @@
         system: "{{ item.service | default(false) }}"
         generate_ssh_key: false
         password: "{{ item.password }}"
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
 
@@ -148,17 +165,10 @@
         group: "{{ item.name }}"
         owner: "{{ item.name }}"
         mode: 0700
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
 
-    - name: Enforce root password
-      become: true
-      ansible.builtin.user:
-        name: root
-        password: "{{ skylab_root_password }}"
-        state: present
-
     - name: Create SSH directory
       become: true
       ansible.builtin.file:
@@ -167,31 +177,36 @@
         group: "{{ item.name }}"
         state: directory
         mode: 0700
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
 
     - name: Update authorized keys
       become: true
-      when: item.targets | intersect(skylab_targets)
       ansible.builtin.authorized_key:
         user: "{{ item.name }}"
         key: "{{ skylab_ssh_keys[item.name] | join('\n') }}"
         state: present
         exclusive: true
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
 
     - name: Enforce ownership of authorized keys
       become: true
-      when: item.targets | intersect(skylab_targets)
       ansible.builtin.file:
         path: /home/{{ item.name }}/.ssh/authorized_keys
         state: file
         owner: "{{ item.name }}"
         group: "{{ item.name }}"
         mode: 0400
-      loop: "{{ skylab_accounts }}"
+      loop: "{{ _active_accounts }}"
       loop_control:
         label: "{{ item.uid }},{{ item.name }}"
+
+    - name: Enforce root password
+      become: true
+      ansible.builtin.user:
+        name: root
+        password: "{{ skylab_root_password }}"
+        state: present

roles/swarm/tasks/configure.yaml

@@ -39,7 +39,7 @@
 
 - name: Add administrators to docker group
   become: true
-  when: item.admin | default(false) and 'cluster' in item.targets
+  when: item.admin | default(false) and 'cluster' in (item.targets | default([]))
   ansible.builtin.user:
     name: "{{ item.name }}"
     group: "{{ item.name }}"