This repository has been archived on 2023-05-19. You can view files and clone it, but cannot push or open issues or pull requests.
skylab-ansible/roles/server/tasks/sudoers.yaml

31 lines
956 B
YAML
Raw Normal View History

---
- name: Disable sudo password for WHEEL group
when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
become: true
ansible.builtin.copy:
content: "%wheel ALL=(ALL) NOPASSWD: ALL"
dest: /etc/sudoers.d/30-wheel
owner: root
group: "{{ ansible_user }}"
mode: 0644
# Note that the cleanup tasks need to be after the new installation tasks
# since one or more files being cleaned up might be being relied on to
# allow ansible access
- name: Fetch content of sudoers config directory
become: true
changed_when: false
ansible.builtin.command:
cmd: /usr/bin/ls /etc/sudoers.d/
register: _sudoers_files_raw
- name: Remove legacy sudoers config files
when: item.strip() not in ["30-wheel"]
become: true
ansible.builtin.file:
path: /etc/sudoers.d/{{ item.strip() }}
state: absent
2021-11-06 05:16:05 +00:00
loop: "{{ _sudoers_files_raw.stdout_lines }}"
loop_control:
label: "/etc/sudoers.d/{{ item.strip() }}"