From 8ef7985233505e4e29c202da8cf9230b87c43d7e Mon Sep 17 00:00:00 2001 From: "Ethan N. Paul" Date: Thu, 13 Dec 2018 00:50:43 -0500 Subject: [PATCH] Fix issues with sudo not being disabled --- groups/servers.yml | 2 +- groups/vms.yml | 2 +- groups/workstations.yml | 2 +- playbooks/files/bashrc.sh | 6 ++++++ playbooks/update-users.yml | 22 +++++++++++----------- 5 files changed, 20 insertions(+), 14 deletions(-) diff --git a/groups/servers.yml b/groups/servers.yml index f6748df..d9c6255 100644 --- a/groups/servers.yml +++ b/groups/servers.yml @@ -5,7 +5,7 @@ enable_ssh: True enable_ssh_password_auth: False -enable_sudo_password: True +disable_sudo_password: False enable_networkd: True diff --git a/groups/vms.yml b/groups/vms.yml index b63a2d3..9d06122 100644 --- a/groups/vms.yml +++ b/groups/vms.yml @@ -5,7 +5,7 @@ enable_ssh: True enable_ssh_password_auth: False -enable_sudo_password: False +disable_sudo_password: True enable_networkd: True diff --git a/groups/workstations.yml b/groups/workstations.yml index 05ca823..1c762cf 100644 --- a/groups/workstations.yml +++ b/groups/workstations.yml @@ -5,7 +5,7 @@ enable_ssh: False enable_ssh_password_auth: False -enable_sudo_password: True +disable_sudo_password: False enable_networkd: False diff --git a/playbooks/files/bashrc.sh b/playbooks/files/bashrc.sh index dcbe608..30789c5 100644 --- a/playbooks/files/bashrc.sh +++ b/playbooks/files/bashrc.sh @@ -8,6 +8,12 @@ alias ipconfig='ip address show' alias cls='clear' alias mklink='ln -s' alias ls='ls -lshF --color --group-directories-first --time-style=long-iso' +alias gg='cd ~/Git' +parse_git_branch() { + git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/ (\1)/' +} + +export PS1="\[\e[0;97m\]\[\e[94m\]\u\[\e[0;97m\]@\[\e[1;96m\]\h\[\e[33m\]\$(parse_git_branch) \e[0m\[\e[37;3m\]\w\[\e[33m\] \[\e[0;97m\]\$\[\e[0m\] " function venv() { DIR="/home/$USER/.virtualenvs" diff --git a/playbooks/update-users.yml b/playbooks/update-users.yml index 9ac4f70..6e3107c 100644 --- a/playbooks/update-users.yml +++ b/playbooks/update-users.yml @@ -9,11 +9,11 @@ default: yes private: no when: generate_keys is not defined - - name: "enable_sudo_password" - prompt: "Require user password when running sudo commands?" - default: yes - private: no - when: enable_sudo_password is not defined + # - name: "disable_sudo_password" + # prompt: "Disable required user password when running sudo commands?" + # default: no + # private: no + # when: disable_sudo_password is not defined - name: "disable_gnome_user_list" prompt: "Disable the GNOME user list?" default: yes @@ -57,7 +57,7 @@ groups: "{{ item.targets | intersect(targets) }} + {{ [ 'omni' ] if item.name != 'root' else [] }}" system: "{{ item.svc | default('no') }}" state: present - generate_ssh_key: "{{ generate_keys }}" + generate_ssh_key: "{{ 'yes' if generate_keys|bool == true else 'no' }}" ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}" ssh_key_bits: 4096 password: "{{ item.password }}" @@ -95,11 +95,11 @@ when: ansible_distribution == "Fedora" or ansible_distribution == "Red Hat Enterprise Linux" or ansible_distribution == "CentOS" become: true user: - name: "{{ item.name }}" + name: "{{ item }}" groups: wheel state: present with_items: - - "{{ local_users | difference([None]) }}" + - "{{ local_admin_users | difference([None]) }}" - name: Disable sudo password for ansible become: true @@ -110,19 +110,19 @@ mode: 0644 - name: Disable sudo password for admin users - when: not enable_sudo_password become: true lineinfile: create: yes - path: /etc/sudoers.d/30-ansible + path: /etc/sudoers.d/40-admin line: "{{ item }} ALL=(ALL) NOPASSWD:ALL" mode: 0644 + state: "{{ 'absent' if disable_sudo_password|bool == false else 'present' }}" with_items: - "{{ local_admin_users | difference([None] )}}" - name: Configure GNOME tags: users_gnome - when: ansible_distribution == "Fedora" and disable_gnome_user_list + when: ansible_distribution == "Fedora" and disable_gnome_user_list|bool == true block: - name: Configure GDM profile become: true