RH/CentOS compatibility for the users role.

2019-02-13 18:48:32 +01:00 · 2019-02-13 18:48:32 +01:00 · b542a58a8c
parent b5bd8c8896
commit b542a58a8c
2 changed files with 24 additions and 4 deletions
--- a/users/defaults/main.yml
+++ b/users/defaults/main.yml
@ -5,7 +5,9 @@
 # Users can have sudo privileges if the 'admin' property is 'true'
 # admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true'

-users_sudoers_group: sudo
+deb_users_sudoers_group: sudo
+rh_users_sudoers_group: wheel
+users_sudoers_group: '{{ deb_users_sudoers_group }}'
 users_sudoers_create_group: False
 users_sudoers_create_sudo_conf: False
 users_home_dir: /home
--- a/users/tasks/main.yml
+++ b/users/tasks/main.yml
@ -22,10 +22,28 @@
      with_items: '{{ users_system_users | default([]) }}'
      when: item.ssh_key is defined

-    - name: Add the admin users to the sudoers group
-      user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes
+    - name: Add the admin users to the sudoers group on debian based systems
+      user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes
      with_items: '{{ users_system_users | default([]) }}'
-      when: item.admin
+      when:
+        - item.admin
+        - ansible_distribution_file_variety == "Debian" 
+
+    - name: Add the admin users to the sudoers group on rh/centos systems
+      user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes
+      with_items: '{{ users_system_users | default([]) }}'
+      when:
+        - item.admin
+        - ansible_distribution_file_variety == "RedHat" 
+
+    - name: Permit sudo without password
+      lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%{{ rh_users_sudoers_group }}\s'
+        line: '%{{ rh_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL'
+      when: ansible_distribution_file_variety == "RedHat" 
+      tags: [ 'users', 'sudo_wheel' ]

    - name: ensure that the users can login with their ssh keys as root if we want ensure direct access
      authorized_key: user=root key="{{ item.ssh_key }}" state=present