Add cluster roles to inventory

Split server-specific configs out into server role

Add symlink to roles for playbook directory

inventory.yaml

@@ -28,6 +28,11 @@ en1:
   children:
 
     cluster:
+      vars:
+        skylab_roles:
+          - server
+          - docker-swarm-manager
+          - datastore
       hosts:
         pegasus:  # jupiter
           ansible_host: 10.42.101.100

playbooks/roles

@@ -0,0 +1 @@
+../roles

roles/server/tasks/main.yaml

@@ -1,13 +1,6 @@
 ---
-- name: Disable sudo password for WHEEL group
-  when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
-  become: true
-  ansible.builtin.copy:
-    src: wheel-group-no-sudo-password
-    dest: /etc/sudoers.d/30-wheel
-    owner: root
-    group: "{{ ansible_user }}"
-    mode: 0644
+- name: Configure sudoers file
+  ansible.builtin.import_tasks: sudoers.yaml
 
 - name: Configure SSH server
-  ansible.builtin.import_tasks: sshd.yml
+  ansible.builtin.import_tasks: sshd.yaml

roles/server/tasks/sudoers.yaml

@@ -0,0 +1,30 @@
+---
+- name: Disable sudo password for WHEEL group
+  when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
+  become: true
+  ansible.builtin.copy:
+    src: wheel-group-no-sudo-password
+    dest: /etc/sudoers.d/30-wheel
+    owner: root
+    group: "{{ ansible_user }}"
+    mode: 0644
+
+# Note that the cleanup tasks need to be after the new installation tasks
+# since one or more files being cleaned up might be being relied on to
+# allow ansible access
+- name: Fetch content of sudoers config directory
+  become: true
+  changed_when: false
+  ansible.builtin.command:
+    cmd: /usr/bin/ls /etc/sudoers.d/
+  register: _sudoers_files_raw
+
+- name: Remove legacy sudoers config files
+  when: item.strip() not in ["30-wheel"]
+  become: true
+  ansible.builtin.file:
+    path: /etc/sudoers.d/{{ item.strip() }}
+    state: absent
+  loop: "{{ _sudoers_files_raw.stdout.split(' ') }}"
+  loop_control:
+    label: "/etc/sudoers.d/{{ item.strip() }}"