mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
Add "shell: /bin/bash" to iiab-admin so shell works??
SEE https://github.com/iiab/iiab/issues/586
This commit is contained in:
parent
73005eff34
commit
625c4925db
1 changed files with 45 additions and 33 deletions
|
@ -1,57 +1,69 @@
|
|||
- name: Create iiab-admin user and password
|
||||
user: name={{ iiab_admin_user }}
|
||||
password={{ iiab_admin_passw_hash }}
|
||||
update_password=on_create
|
||||
user:
|
||||
name: "{{ iiab_admin_user }}"
|
||||
password: "{{ iiab_admin_passw_hash }}"
|
||||
update_password: on_create
|
||||
shell: /bin/bash
|
||||
|
||||
- name: Create a wheel group
|
||||
group: name=wheel
|
||||
state=present
|
||||
group:
|
||||
name: wheel
|
||||
state: present
|
||||
|
||||
- name: Create a sudo group
|
||||
group: name=sudo
|
||||
state=present
|
||||
- name: Create a sudo group (redhat)
|
||||
group:
|
||||
name: sudo
|
||||
state: present
|
||||
when: is_redhat
|
||||
|
||||
- name: Add user to wheel group
|
||||
user: name={{ iiab_admin_user }} groups=wheel,sudo
|
||||
user:
|
||||
name: "{{ iiab_admin_user }}"
|
||||
groups: wheel,sudo
|
||||
|
||||
- name: Create root .ssh
|
||||
file: path=/root/.ssh
|
||||
mode=0700
|
||||
owner=root
|
||||
group=root
|
||||
state=directory
|
||||
file:
|
||||
path: /root/.ssh
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0700
|
||||
state: directory
|
||||
|
||||
- name: Install dummy root keys as placeholder
|
||||
copy: src=dummy_authorized_keys
|
||||
dest=/root/.ssh/authorized_keys
|
||||
force=no
|
||||
owner=root
|
||||
group=root
|
||||
mode=0600
|
||||
copy:
|
||||
src: dummy_authorized_keys
|
||||
dest: /root/.ssh/authorized_keys
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
force: no
|
||||
|
||||
# backup=yes
|
||||
|
||||
- name: Edit the sudoers file -- first make it editable
|
||||
file: path=/etc/sudoers
|
||||
mode=0640
|
||||
file:
|
||||
path: /etc/sudoers
|
||||
mode: 0640
|
||||
|
||||
- name: Have sudo log all commands it handles
|
||||
lineinfile: regexp=logfile
|
||||
line='Defaults logfile = /var/log/sudo.log'
|
||||
state=present
|
||||
dest=/etc/sudoers
|
||||
lineinfile:
|
||||
regexp: logfile
|
||||
line: 'Defaults logfile = /var/log/sudo.log'
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
|
||||
- name: Lets wheel sudo without password
|
||||
lineinfile:
|
||||
line: "%wheel ALL= NOPASSWD: ALL"
|
||||
dest: /etc/sudoers
|
||||
line: "%wheel ALL= NOPASSWD: ALL"
|
||||
dest: /etc/sudoers
|
||||
|
||||
- name: Remove the line which requires tty
|
||||
lineinfile: regexp=requiretty
|
||||
state=absent
|
||||
dest=/etc/sudoers
|
||||
lineinfile:
|
||||
regexp: requiretty
|
||||
dest: /etc/sudoers
|
||||
state: absent
|
||||
|
||||
- name: End editing the sudoers file -- protect it again
|
||||
file: path=/etc/sudoers
|
||||
mode=0440
|
||||
file:
|
||||
path: /etc/sudoers
|
||||
mode: 0440
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue