forked from ISTI-ansible-roles/ansible-roles
RH/CentOS compatibility for the users role.
This commit is contained in:
parent
b5bd8c8896
commit
b542a58a8c
|
@ -5,7 +5,9 @@
|
||||||
# Users can have sudo privileges if the 'admin' property is 'true'
|
# Users can have sudo privileges if the 'admin' property is 'true'
|
||||||
# admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true'
|
# admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true'
|
||||||
|
|
||||||
users_sudoers_group: sudo
|
deb_users_sudoers_group: sudo
|
||||||
|
rh_users_sudoers_group: wheel
|
||||||
|
users_sudoers_group: '{{ deb_users_sudoers_group }}'
|
||||||
users_sudoers_create_group: False
|
users_sudoers_create_group: False
|
||||||
users_sudoers_create_sudo_conf: False
|
users_sudoers_create_sudo_conf: False
|
||||||
users_home_dir: /home
|
users_home_dir: /home
|
||||||
|
|
|
@ -22,10 +22,28 @@
|
||||||
with_items: '{{ users_system_users | default([]) }}'
|
with_items: '{{ users_system_users | default([]) }}'
|
||||||
when: item.ssh_key is defined
|
when: item.ssh_key is defined
|
||||||
|
|
||||||
- name: Add the admin users to the sudoers group
|
- name: Add the admin users to the sudoers group on debian based systems
|
||||||
user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes
|
user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes
|
||||||
with_items: '{{ users_system_users | default([]) }}'
|
with_items: '{{ users_system_users | default([]) }}'
|
||||||
when: item.admin
|
when:
|
||||||
|
- item.admin
|
||||||
|
- ansible_distribution_file_variety == "Debian"
|
||||||
|
|
||||||
|
- name: Add the admin users to the sudoers group on rh/centos systems
|
||||||
|
user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes
|
||||||
|
with_items: '{{ users_system_users | default([]) }}'
|
||||||
|
when:
|
||||||
|
- item.admin
|
||||||
|
- ansible_distribution_file_variety == "RedHat"
|
||||||
|
|
||||||
|
- name: Permit sudo without password
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: '^%{{ rh_users_sudoers_group }}\s'
|
||||||
|
line: '%{{ rh_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL'
|
||||||
|
when: ansible_distribution_file_variety == "RedHat"
|
||||||
|
tags: [ 'users', 'sudo_wheel' ]
|
||||||
|
|
||||||
- name: ensure that the users can login with their ssh keys as root if we want ensure direct access
|
- name: ensure that the users can login with their ssh keys as root if we want ensure direct access
|
||||||
authorized_key: user=root key="{{ item.ssh_key }}" state=present
|
authorized_key: user=root key="{{ item.ssh_key }}" state=present
|
||||||
|
|
Loading…
Reference in New Issue