31 lines
953 B
YAML
31 lines
953 B
YAML
|
---
|
||
|
- name: Disable sudo password for WHEEL group
|
||
|
when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
|
||
|
become: true
|
||
|
ansible.builtin.copy:
|
||
|
src: wheel-group-no-sudo-password
|
||
|
dest: /etc/sudoers.d/30-wheel
|
||
|
owner: root
|
||
|
group: "{{ ansible_user }}"
|
||
|
mode: 0644
|
||
|
|
||
|
# Note that the cleanup tasks need to be after the new installation tasks
|
||
|
# since one or more files being cleaned up might be being relied on to
|
||
|
# allow ansible access
|
||
|
- name: Fetch content of sudoers config directory
|
||
|
become: true
|
||
|
changed_when: false
|
||
|
ansible.builtin.command:
|
||
|
cmd: /usr/bin/ls /etc/sudoers.d/
|
||
|
register: _sudoers_files_raw
|
||
|
|
||
|
- name: Remove legacy sudoers config files
|
||
|
when: item.strip() not in ["30-wheel"]
|
||
|
become: true
|
||
|
ansible.builtin.file:
|
||
|
path: /etc/sudoers.d/{{ item.strip() }}
|
||
|
state: absent
|
||
|
loop: "{{ _sudoers_files_raw.stdout.split(' ') }}"
|
||
|
loop_control:
|
||
|
label: "/etc/sudoers.d/{{ item.strip() }}"
|