RH/CentOS compatibility for the users role.

This commit is contained in:
Andrea Dell'Amico 2019-02-13 18:48:32 +01:00
parent b5bd8c8896
commit b542a58a8c
2 changed files with 24 additions and 4 deletions

View File

@ -5,7 +5,9 @@
# Users can have sudo privileges if the 'admin' property is 'true' # Users can have sudo privileges if the 'admin' property is 'true'
# admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true' # admin users can also directly log as root when 'user_admin_can_log_as_root' is set to 'true'
users_sudoers_group: sudo deb_users_sudoers_group: sudo
rh_users_sudoers_group: wheel
users_sudoers_group: '{{ deb_users_sudoers_group }}'
users_sudoers_create_group: False users_sudoers_create_group: False
users_sudoers_create_sudo_conf: False users_sudoers_create_sudo_conf: False
users_home_dir: /home users_home_dir: /home

View File

@ -22,10 +22,28 @@
with_items: '{{ users_system_users | default([]) }}' with_items: '{{ users_system_users | default([]) }}'
when: item.ssh_key is defined when: item.ssh_key is defined
- name: Add the admin users to the sudoers group - name: Add the admin users to the sudoers group on debian based systems
user: name={{ item.login }} groups={{ users_sudoers_group }} append=yes user: name={{ item.login }} groups={{ deb_users_sudoers_group }} append=yes
with_items: '{{ users_system_users | default([]) }}' with_items: '{{ users_system_users | default([]) }}'
when: item.admin when:
- item.admin
- ansible_distribution_file_variety == "Debian"
- name: Add the admin users to the sudoers group on rh/centos systems
user: name={{ item.login }} groups={{ rh_users_sudoers_group }} append=yes
with_items: '{{ users_system_users | default([]) }}'
when:
- item.admin
- ansible_distribution_file_variety == "RedHat"
- name: Permit sudo without password
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%{{ rh_users_sudoers_group }}\s'
line: '%{{ rh_users_sudoers_group }} ALL=(ALL) NOPASSWD: ALL'
when: ansible_distribution_file_variety == "RedHat"
tags: [ 'users', 'sudo_wheel' ]
- name: ensure that the users can login with their ssh keys as root if we want ensure direct access - name: ensure that the users can login with their ssh keys as root if we want ensure direct access
authorized_key: user=root key="{{ item.ssh_key }}" state=present authorized_key: user=root key="{{ item.ssh_key }}" state=present