skylab/omni-ansible
Archived
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix issues with sudo not being disabled

Browse Source
This commit is contained in:
Ethan N. Paul 2018-12-13 00:50:43 -05:00
parent 16b69c51e8
commit 8ef7985233
5 changed files with 20 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
groups/servers.yml
View File

@ -5,7 +5,7 @@ enable_ssh: True
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: True disable_sudo_password: False
enable_networkd: True enable_networkd: True

2
groups/vms.yml
View File

@ -5,7 +5,7 @@ enable_ssh: True
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: False disable_sudo_password: True
enable_networkd: True enable_networkd: True

2
groups/workstations.yml
View File

@ -5,7 +5,7 @@ enable_ssh: False
enable_ssh_password_auth: False enable_ssh_password_auth: False
enable_sudo_password: True disable_sudo_password: False
enable_networkd: False enable_networkd: False

6
playbooks/files/bashrc.sh
View File

@ -8,6 +8,12 @@ alias ipconfig='ip address show'
alias cls='clear' alias cls='clear'
alias mklink='ln -s' alias mklink='ln -s'
alias ls='ls -lshF --color --group-directories-first --time-style=long-iso' alias ls='ls -lshF --color --group-directories-first --time-style=long-iso'
alias gg='cd ~/Git'
parse_git_branch() {
git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/ (\1)/'
}
export PS1="\[\e[0;97m\]\[\e[94m\]\u\[\e[0;97m\]@\[\e[1;96m\]\h\[\e[33m\]\$(parse_git_branch) \e[0m\[\e[37;3m\]\w\[\e[33m\] \[\e[0;97m\]\$\[\e[0m\] "
function venv() { function venv() {
DIR="/home/$USER/.virtualenvs" DIR="/home/$USER/.virtualenvs"

22
playbooks/update-users.yml
View File

@ -9,11 +9,11 @@
default: yes default: yes
private: no private: no
when: generate_keys is not defined when: generate_keys is not defined
- name: "enable_sudo_password" # - name: "disable_sudo_password"
prompt: "Require user password when running sudo commands?" # prompt: "Disable required user password when running sudo commands?"
default: yes # default: no
private: no # private: no
when: enable_sudo_password is not defined # when: disable_sudo_password is not defined
- name: "disable_gnome_user_list" - name: "disable_gnome_user_list"
prompt: "Disable the GNOME user list?" prompt: "Disable the GNOME user list?"
default: yes default: yes
@ -57,7 +57,7 @@
groups: "{{ item.targets | intersect(targets) }} + {{ [ 'omni' ] if item.name != 'root' else [] }}" groups: "{{ item.targets | intersect(targets) }} + {{ [ 'omni' ] if item.name != 'root' else [] }}"
system: "{{ item.svc | default('no') }}" system: "{{ item.svc | default('no') }}"
state: present state: present
generate_ssh_key: "{{ generate_keys }}" generate_ssh_key: "{{ 'yes' if generate_keys|bool == true else 'no' }}"
ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}" ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}"
ssh_key_bits: 4096 ssh_key_bits: 4096
password: "{{ item.password }}" password: "{{ item.password }}"
@ -95,11 +95,11 @@
when: ansible_distribution == "Fedora" or ansible_distribution == "Red Hat Enterprise Linux" or ansible_distribution == "CentOS" when: ansible_distribution == "Fedora" or ansible_distribution == "Red Hat Enterprise Linux" or ansible_distribution == "CentOS"
become: true become: true
user: user:
name: "{{ item.name }}" name: "{{ item }}"
groups: wheel groups: wheel
state: present state: present
with_items: with_items:
- "{{ local_users | difference([None]) }}" - "{{ local_admin_users | difference([None]) }}"
- name: Disable sudo password for ansible - name: Disable sudo password for ansible
become: true become: true
@ -110,19 +110,19 @@
mode: 0644 mode: 0644
- name: Disable sudo password for admin users - name: Disable sudo password for admin users
when: not enable_sudo_password
become: true become: true
lineinfile: lineinfile:
create: yes create: yes
path: /etc/sudoers.d/30-ansible path: /etc/sudoers.d/40-admin
line: "{{ item }} ALL=(ALL) NOPASSWD:ALL" line: "{{ item }} ALL=(ALL) NOPASSWD:ALL"
mode: 0644 mode: 0644
state: "{{ 'absent' if disable_sudo_password|bool == false else 'present' }}"
with_items: with_items:
- "{{ local_admin_users | difference([None] )}}" - "{{ local_admin_users | difference([None] )}}"
- name: Configure GNOME - name: Configure GNOME
tags: users_gnome tags: users_gnome
when: ansible_distribution == "Fedora" and disable_gnome_user_list when: ansible_distribution == "Fedora" and disable_gnome_user_list|bool == true
block: block:
- name: Configure GDM profile - name: Configure GDM profile
become: true become: true