iiab/roles/iiab-admin/tasks/admin-user.yml

- name: Create iiab-admin user and password
  user: name={{ iiab_admin_user }}
        password={{ iiab_admin_passw_hash }}
        update_password=on_create

- name: Create a wheel group
  group: name=wheel
         state=present

- name: Create a sudo group
  group: name=sudo
         state=present
  when: is_redhat

- name: Add user to wheel group
  user: name={{ iiab_admin_user }} groups=wheel,sudo

- name: Create root .ssh
  file: path=/root/.ssh
        mode=0700
        owner=root
        group=root
        state=directory

- name: Install dummy root keys as placeholder
  copy: src=dummy_authorized_keys
        dest=/root/.ssh/authorized_keys
        force=no
        owner=root
        group=root
        mode=0600

#        backup=yes

- name: edit the sudoers file--first make it editable
  file: path=/etc/sudoers
        mode=0640

- name: have sudo log all commands it handles
  lineinfile: regexp=logfile
              line='Defaults     logfile = /var/log/sudo.log'
              state=present
              dest=/etc/sudoers

- name: lets wheel sudo without password
  lineinfile:
     line: "%wheel ALL= NOPASSWD: ALL"
     dest: /etc/sudoers

- name: remove the line which requires tty
  lineinfile: regexp=requiretty
              state=absent
              dest=/etc/sudoers

- name: end editing the sudoers file-- protect it again
  file: path=/etc/sudoers
        mode=0440