From 070d2bd56df96fb41039f96deaa5ea7b89dec160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 10 Apr 2015 15:31:07 +0000 Subject: [PATCH] make admin list extensible --- roles/container/defaults/main.yml | 4 ++++ roles/container/files/sudoers | 1 + roles/container/tasks/main.yml | 7 ++++--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/container/defaults/main.yml b/roles/container/defaults/main.yml index 56929b2..f3fc3b9 100644 --- a/roles/container/defaults/main.yml +++ b/roles/container/defaults/main.yml @@ -5,4 +5,8 @@ masked_services: - systemd-logind.service - getty.target - systemd-journal-flush.service +base_admins: + - {dest: "/home/admin", owner: "admin", group: "admin"} + - {dest: "/root", owner: "root", group: "root"} +additional_admins: [] ssh_ldap: false diff --git a/roles/container/files/sudoers b/roles/container/files/sudoers index 888749b..f514bcb 100644 --- a/roles/container/files/sudoers +++ b/roles/container/files/sudoers @@ -75,6 +75,7 @@ root ALL=(ALL) ALL ## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL) ALL admin ALL=(ALL) NOPASSWD: ALL +%admin ALL=(ALL) NOPASSWD: ALL ## Same thing without a password # %wheel ALL=(ALL) NOPASSWD: ALL diff --git a/roles/container/tasks/main.yml b/roles/container/tasks/main.yml index fdff9b8..41fc60b 100644 --- a/roles/container/tasks/main.yml +++ b/roles/container/tasks/main.yml @@ -26,13 +26,14 @@ - name: SSH Keys copy: src=authorized_keys dest=/home/admin/.ssh/authorized_keys +- set_fact: + admins: "{{ base_admins + additional_admins }}" + - name: deploy dotfiles copy: src="{{ item[0] }}" dest="{{ item[1].dest }}/.{{ item[0] }}" owner="{{ item[1].owner }}" group="{{ item[1].group }}" with_nested: - ['bashrc', 'dircolors', 'vimrc'] - - - - {dest: "/home/admin", owner: "admin", group: "admin"} - - {dest: "/root", owner: "root", group: "root"} + - admins - mount: name=/run/systemd/journal/ src=/mnt/journal fstype=none opts=bind,ro state=present