1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

Add "shell: /bin/bash" to iiab-admin so shell works??

SEE https://github.com/iiab/iiab/issues/586
This commit is contained in:
A Holt 2017-12-06 14:44:53 -05:00 committed by GitHub
parent 73005eff34
commit 625c4925db
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,57 +1,69 @@
- name: Create iiab-admin user and password
user: name={{ iiab_admin_user }}
password={{ iiab_admin_passw_hash }}
update_password=on_create
user:
name: "{{ iiab_admin_user }}"
password: "{{ iiab_admin_passw_hash }}"
update_password: on_create
shell: /bin/bash
- name: Create a wheel group
group: name=wheel
state=present
group:
name: wheel
state: present
- name: Create a sudo group
group: name=sudo
state=present
- name: Create a sudo group (redhat)
group:
name: sudo
state: present
when: is_redhat
- name: Add user to wheel group
user: name={{ iiab_admin_user }} groups=wheel,sudo
user:
name: "{{ iiab_admin_user }}"
groups: wheel,sudo
- name: Create root .ssh
file: path=/root/.ssh
mode=0700
owner=root
group=root
state=directory
file:
path: /root/.ssh
owner: root
group: root
mode: 0700
state: directory
- name: Install dummy root keys as placeholder
copy: src=dummy_authorized_keys
dest=/root/.ssh/authorized_keys
force=no
owner=root
group=root
mode=0600
copy:
src: dummy_authorized_keys
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600
force: no
# backup=yes
- name: Edit the sudoers file -- first make it editable
file: path=/etc/sudoers
mode=0640
file:
path: /etc/sudoers
mode: 0640
- name: Have sudo log all commands it handles
lineinfile: regexp=logfile
line='Defaults logfile = /var/log/sudo.log'
state=present
dest=/etc/sudoers
lineinfile:
regexp: logfile
line: 'Defaults logfile = /var/log/sudo.log'
dest: /etc/sudoers
state: present
- name: Lets wheel sudo without password
lineinfile:
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
line: "%wheel ALL= NOPASSWD: ALL"
dest: /etc/sudoers
- name: Remove the line which requires tty
lineinfile: regexp=requiretty
state=absent
dest=/etc/sudoers
lineinfile:
regexp: requiretty
dest: /etc/sudoers
state: absent
- name: End editing the sudoers file -- protect it again
file: path=/etc/sudoers
mode=0440
file:
path: /etc/sudoers
mode: 0440