User sudoers.d

playbooks/roles/discern/files/sudoers-discern

+Defaults        env_keep+=SSH_AUTH_SOCK
\ No newline at end of file

playbooks/roles/discern/tasks/main.yml

@@ -4,10 +4,7 @@
   user: name={{ discern_user }} append=yes groups={{ "adm,edx" }} shell=/bin/bash
 
 - name: upload sudoers template to sudoers.tmp
-  template: src=sudoers.j2 dest=/etc/sudoers.tmp owner=root group=root mode=0440
-
-- name: update sudoers file with sudoers.tmp
-  shell: visudo -q -c -f /etc/sudoers.tmp && cp /etc/sudoers.tmp /etc/sudoers
+  copy: src=sudoers-discern dest=/etc/sudoers.d/{{site_name}} owner=root group=root mode=0440
 
 - name: stop all services
   service: name={{item}} state=stopped

playbooks/roles/discern/templates/sudoers.j2

-#
-# This file MUST be edited with the 'visudo' command as root.
-#
-# Please consider adding local content in /etc/sudoers.d/ instead of
-# directly modifying this file.
-#
-# See the man page for details on how to write a sudoers file.
-#
-Defaults        env_reset
-Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-Defaults        env_keep+=SSH_AUTH_SOCK
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root    ALL=(ALL:ALL) ALL
-
-# Members of the admin group may gain root privileges
-%admin ALL=(ALL) ALL
-
-# Allow members of group sudo to execute any command
-%sudo   ALL=(ALL:ALL) ALL
-
-# See sudoers(5) for more information on "#include" directives:
-
-#includedir /etc/sudoers.d