From 625c4925dbd8da3e00a15cae653d5fbc6f0f19a7 Mon Sep 17 00:00:00 2001 From: A Holt Date: Wed, 6 Dec 2017 14:44:53 -0500 Subject: [PATCH] Add "shell: /bin/bash" to iiab-admin so shell works?? SEE https://github.com/iiab/iiab/issues/586 --- roles/iiab-admin/tasks/admin-user.yml | 78 +++++++++++++++------------ 1 file changed, 45 insertions(+), 33 deletions(-) diff --git a/roles/iiab-admin/tasks/admin-user.yml b/roles/iiab-admin/tasks/admin-user.yml index f9c06ca26..23c5b4984 100644 --- a/roles/iiab-admin/tasks/admin-user.yml +++ b/roles/iiab-admin/tasks/admin-user.yml @@ -1,57 +1,69 @@ - name: Create iiab-admin user and password - user: name={{ iiab_admin_user }} - password={{ iiab_admin_passw_hash }} - update_password=on_create + user: + name: "{{ iiab_admin_user }}" + password: "{{ iiab_admin_passw_hash }}" + update_password: on_create + shell: /bin/bash - name: Create a wheel group - group: name=wheel - state=present + group: + name: wheel + state: present -- name: Create a sudo group - group: name=sudo - state=present +- name: Create a sudo group (redhat) + group: + name: sudo + state: present when: is_redhat - name: Add user to wheel group - user: name={{ iiab_admin_user }} groups=wheel,sudo + user: + name: "{{ iiab_admin_user }}" + groups: wheel,sudo - name: Create root .ssh - file: path=/root/.ssh - mode=0700 - owner=root - group=root - state=directory + file: + path: /root/.ssh + owner: root + group: root + mode: 0700 + state: directory - name: Install dummy root keys as placeholder - copy: src=dummy_authorized_keys - dest=/root/.ssh/authorized_keys - force=no - owner=root - group=root - mode=0600 + copy: + src: dummy_authorized_keys + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + force: no # backup=yes - name: Edit the sudoers file -- first make it editable - file: path=/etc/sudoers - mode=0640 + file: + path: /etc/sudoers + mode: 0640 - name: Have sudo log all commands it handles - lineinfile: regexp=logfile - line='Defaults logfile = /var/log/sudo.log' - state=present - dest=/etc/sudoers + lineinfile: + regexp: logfile + line: 'Defaults logfile = /var/log/sudo.log' + dest: /etc/sudoers + state: present - name: Lets wheel sudo without password lineinfile: - line: "%wheel ALL= NOPASSWD: ALL" - dest: /etc/sudoers + line: "%wheel ALL= NOPASSWD: ALL" + dest: /etc/sudoers - name: Remove the line which requires tty - lineinfile: regexp=requiretty - state=absent - dest=/etc/sudoers + lineinfile: + regexp: requiretty + dest: /etc/sudoers + state: absent - name: End editing the sudoers file -- protect it again - file: path=/etc/sudoers - mode=0440 + file: + path: /etc/sudoers + mode: 0440