dfgd
This commit is contained in:
parent
06b5260fc2
commit
4b23b06cc1
1 changed files with 20 additions and 3 deletions
|
@ -37,14 +37,31 @@
|
|||
loop: '{{ users }}'
|
||||
#no_log: true
|
||||
|
||||
# teilweiser revert von https://git.mgrote.net/mg/homeserver/commit/506fa8da8d8c4ca74d0d78d044468b991d0d560a
|
||||
# das modul hat die Sudoers falsch erstellt:
|
||||
# richtig: ansible-user ALL=(ALL) NOPASSWD:ALL
|
||||
# falsch: ansible-user ALL=NOPASSWD: ALL
|
||||
# damit failed ansible wenn der become_user != ansible-user ist
|
||||
# mit Meldung:
|
||||
# TASK [geerlingguy.postgresql : Ensure PostgreSQL Python libraries are installed.]
|
||||
# fatal: [forgejo.mgrote.net]: FAILED! => {"msg": "Missing sudo password"}
|
||||
- name: Ensure users are added to sudoers
|
||||
ansible.builtin.blockinfile:
|
||||
create: true # todo extra task fur abbau
|
||||
create: true
|
||||
path: "/etc/sudoers.d/users-sudo-{{ item.username }}"
|
||||
state: present
|
||||
state: "{{ item.state | default('present') }}"
|
||||
block: |
|
||||
{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL
|
||||
validate: 'visudo -cf %s'
|
||||
loop: '{{ users }}'
|
||||
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
||||
#no_log: true
|
||||
no_log: true
|
||||
|
||||
|
||||
- name: Ensure users are removed from sudoers
|
||||
ansible.builtin.file:
|
||||
path: "/etc/sudoers.d/users-sudo-{{ item.username }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
loop: '{{ users }}'
|
||||
when: (item.allow_sudo|default(false) and item.allow_sudo is defined) and (item.state == absent)
|
||||
no_log: true
|
||||
|
|
Loading…
Reference in a new issue