ansible-roles/dnet_user_services_perms/tasks/main.yml

---
- name: Add the all the users to the dnet group
  user: name={{ item.login }} groups={{ dnet_group }}
  with_items: users_system_users
  tags: [ 'dnet', 'users' ]

- name: Install the sudoers config that permits the dnet users to restart tomcat
  template: src=dnet-sudoers.j2 dest=/etc/sudoers.d/dnet-group owner=root group=root mode=0440
  tags: [ 'tomcat', 'dnet', 'sudo', 'users' ]

- name: Create the dnet data dirs
  file: name={{ item }} state=directory owner={{ dnet_user }} group={{ dnet_group }} mode=0750
  with_items: dnet_data_directories
  tags: [ 'tomcat', 'dnet', 'users' ]

# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default
- name: Set the read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs
  acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present
  with_items:
#    - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]
    - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]
  tags: [ 'tomcat', 'dnet', 'users' ]

- name: Set the default read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs
  acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes
  with_items:
#    - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]
    - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]
  tags: [ 'tomcat', 'dnet', 'users' ]
dnet-mincyt: new VM to host the portal. Fixes to the apache virtualhosts generation tasks. library/roles/dnet_user_services_perms: New roles to configure the VM permissions in a way that allows playing with tomcat without been root. infrastructure-services: First bits of nagios configuration for the infrastructure services. 2015-07-13 17:54:21 +02:00			`---`
			`- name: Add the all the users to the dnet group`
			`user: name={{ item.login }} groups={{ dnet_group }}`
			`with_items: users_system_users`
			`tags: [ 'dnet', 'users' ]`

			`- name: Install the sudoers config that permits the dnet users to restart tomcat`
			`template: src=dnet-sudoers.j2 dest=/etc/sudoers.d/dnet-group owner=root group=root mode=0440`
			`tags: [ 'tomcat', 'dnet', 'sudo', 'users' ]`

			`- name: Create the dnet data dirs`
			`file: name={{ item }} state=directory owner={{ dnet_user }} group={{ dnet_group }} mode=0750`
			`with_items: dnet_data_directories`
			`tags: [ 'tomcat', 'dnet', 'users' ]`

			`# Note: the default is a default only. We need two commands to add acl effectively on the root dir and set the default`
			`- name: Set the read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs`
			`acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present`
			`with_items:`
			`# - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]`
			`- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]`
			`tags: [ 'tomcat', 'dnet', 'users' ]`

			`- name: Set the default read/write permissions on the tomcat webapps and common/classes directories and on a set of dnet data dirs`
			`acl: name={{ item }} entity={{ dnet_group }} etype=group permissions=rwx state=present default=yes`
			`with_items:`
			`# - [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}', '{{ dnet_data_directories }}' ]`
			`- [ '{{ tomcat_webapps_dir }}', '{{ tomcat_common_classes_dir }}' ]`
			`tags: [ 'tomcat', 'dnet', 'users' ]`