Commit 130d93b4 by e0d

CR fixes.

parent fc79237e
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
# Dependencies: # Dependencies:
# #
# This role depends upon variables provided by an including role # This role depends upon variables provided by an including role
# via the my_role/meta/main.yml file. Includes take the following form: # via the my_role/meta/main.yml file. Includes take the following forms:
# #
# dependencies: # dependencies:
# - { # - {
...@@ -30,6 +30,15 @@ ...@@ -30,6 +30,15 @@
# automated_sudoers_file: 'roles/my_role/files/etc/sudoers.d/99-my_role' # automated_sudoers_file: 'roles/my_role/files/etc/sudoers.d/99-my_role'
# } # }
# #
# or
#
# dependencies:
# - {
# role: automated,
# automated_rbash_links: $as_automated_rbash_links,
# automated_sudoers_template: 'roles/my_role/templates/etc/sudoers.d/99-my_role.j2'
# }
#
# The sudoers file is optional. Note that for sudo to work it must be # The sudoers file is optional. Note that for sudo to work it must be
# included in the rbash links list. # included in the rbash links list.
# #
...@@ -43,7 +52,7 @@ ...@@ -43,7 +52,7 @@
- fail: automated_rbash_links required for role - fail: automated_rbash_links required for role
when: automated_rbash_links is not defined when: automated_rbash_links is not defined
- name: automated | create task user - name: automated | create automated user
user: user:
name={{ automated_user }} state=present shell=/bin/rbash name={{ automated_user }} state=present shell=/bin/rbash
home={{ automated_home }} createhome=yes home={{ automated_home }} createhome=yes
...@@ -52,30 +61,45 @@ ...@@ -52,30 +61,45 @@
- install - install
- update - update
- name: automated | create sudoers file - name: automated | create sudoers file from file
copy: copy:
dest=/etc/sudoers.d/{{ automated_sudoers_file.split('/').pop() }} dest=/etc/sudoers.d/{{ automated_sudoers_file.split('/').pop() }}
src={{ automated_sudoers_file }} owner=root src={{ automated_sudoers_file }} owner="root"
group=root mode=0440 group="root" mode=0440 validate='visudo -cf %s'
when: automated_sudoers_file is defined when: automated_sudoers_file is defined
tags: tags:
- automated - automated
- install - install
- update - update
- name: automated | update shell file mode - name: automated | create sudoers file from template
shell: chmod 640 .bash* .profile template:
dest=/etc/sudoers.d/{{ automated_sudoers_file.split('/').pop() }}
src={{ automated_sudoers_template }} owner="root"
group="root" mode=0440 validate='visudo -cf %s'
when: automated_sudoers_tempate is defined
tags: tags:
- automated - automated
- install - install
- update - update
- name: automated | update shell file ownership #
shell: chown root.{{ automated_user }} {{ automated_home }}/.bash* {{ automated_home }}/.profile # Prevent user from updating their PATH and
# environment.
#
- name: automated | update shell file mode
file:
path={{ automated_home }}/{{ item }} mode=0640
state=file owner="root" group={{ automated_user }}
tags: tags:
- automated - automated
- install - install
- update - update
with_items:
- .bashrc
- .bash_profile
- .profile
- .bash_logout
- name: automated | change ~automated ownership - name: automated | change ~automated ownership
file: file:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment