CR fixes.

130d93b4 · e0d · fc79237e · 130d93b4
Commit 130d93b4 authored Oct 07, 2013 by e0d
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 9 deletions

playbooks/roles/automated/tasks/main.yml
+33 -9

No files found.
--- a/playbooks/roles/automated/tasks/main.yml
+++ b/playbooks/roles/automated/tasks/main.yml
@@ -21,7 +21,7 @@
 # Dependencies:
 #
 # This role depends upon variables provided by an including role
-# via the my_role/meta/main.yml file.  Includes take the following form:
+# via the my_role/meta/main.yml file.  Includes take the following forms:
 #
 #  dependencies:
 #  - {
@@ -30,6 +30,15 @@
 #  automated_sudoers_file: 'roles/my_role/files/etc/sudoers.d/99-my_role'
 #  }
 #
+# or
+#
+#  dependencies:
+#  - {
+#  role: automated,
+#  automated_rbash_links: $as_automated_rbash_links,
+#  automated_sudoers_template: 'roles/my_role/templates/etc/sudoers.d/99-my_role.j2'
+#  }
+#
 # The sudoers file is optional.  Note that for sudo to work it must be
 # included in the rbash links list.
 #
@@ -43,7 +52,7 @@
 - fail: automated_rbash_links required for role
  when: automated_rbash_links is not defined
  
- name: automated | create task user
+- name: automated | create automated user
  user: 
    name={{ automated_user }} state=present shell=/bin/rbash 
    home={{ automated_home }} createhome=yes
@@ -52,30 +61,45 @@
  - install
  - update

- name: automated | create sudoers file
+- name: automated | create sudoers file from file
  copy:
    dest=/etc/sudoers.d/{{ automated_sudoers_file.split('/').pop() }}
-    src={{ automated_sudoers_file }} owner=root
-    group=root mode=0440
+    src={{ automated_sudoers_file }} owner="root"
+    group="root" mode=0440 validate='visudo -cf %s'
  when: automated_sudoers_file is defined
  tags:
  - automated
  - install
  - update

- name: automated | update shell file mode
-  shell: chmod 640 .bash* .profile
+- name: automated | create sudoers file from template
+  template:
+    dest=/etc/sudoers.d/{{ automated_sudoers_file.split('/').pop() }}
+    src={{ automated_sudoers_template }} owner="root"
+    group="root" mode=0440 validate='visudo -cf %s'
+  when: automated_sudoers_tempate is defined
  tags:
  - automated
  - install
  - update

- name: automated | update shell file ownership
-  shell: chown root.{{ automated_user }} {{ automated_home }}/.bash* {{ automated_home }}/.profile
+  #
+  # Prevent user from updating their PATH and
+  # environment.
+  #
+- name: automated | update shell file mode
+  file:
+    path={{ automated_home }}/{{ item }} mode=0640
+    state=file owner="root" group={{ automated_user }}
  tags:
  - automated
  - install
  - update
+  with_items:
+    - .bashrc
+    - .bash_profile
+    - .profile
+    - .bash_logout
  
 - name: automated | change ~automated ownership
  file: