Reorganize provision playbook

Split server-specific configs out into server role Add symlink to roles for playbook directory
2021-11-05 21:53:47 -04:00
parent 732cf53192
commit 96ea66b77a
9 changed files with 112 additions and 118 deletions
--- a/roles/server/tasks/sudoers.yaml
+++ b/roles/server/tasks/sudoers.yaml
@@ -0,0 +1,30 @@
+---
+- name: Disable sudo password for WHEEL group
+  when: ansible_distribution == "Rocky" or ansible_distribution == "CentOS"
+  become: true
+  ansible.builtin.copy:
+    src: wheel-group-no-sudo-password
+    dest: /etc/sudoers.d/30-wheel
+    owner: root
+    group: "{{ ansible_user }}"
+    mode: 0644
+
+# Note that the cleanup tasks need to be after the new installation tasks
+# since one or more files being cleaned up might be being relied on to
+# allow ansible access
+- name: Fetch content of sudoers config directory
+  become: true
+  changed_when: false
+  ansible.builtin.command:
+    cmd: /usr/bin/ls /etc/sudoers.d/
+  register: _sudoers_files_raw
+
+- name: Remove legacy sudoers config files
+  when: item.strip() not in ["30-wheel"]
+  become: true
+  ansible.builtin.file:
+    path: /etc/sudoers.d/{{ item.strip() }}
+    state: absent
+  loop: "{{ _sudoers_files_raw.stdout.split(' ') }}"
+  loop_control:
+    label: "/etc/sudoers.d/{{ item.strip() }}"