Allow sudo nopasswd for ansible (during testing)
This commit is contained in:
parent
7aa6bb65a2
commit
6d5931941f
1
fai.yml
1
fai.yml
|
@ -1,5 +1,4 @@
|
|||
- hosts: hw4f-fai
|
||||
become: true
|
||||
vars:
|
||||
# Additional entries in iPXE menu
|
||||
ipxe_additional_entries:
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
all:
|
||||
hosts:
|
||||
hw4f-fai:
|
||||
ansible_nopasswd: True
|
||||
use_apt_cache_for_server: true
|
||||
# interface for a internet connection
|
||||
wan_interface: ens18
|
||||
|
|
|
@ -8,29 +8,47 @@
|
|||
- not dhcp_interface is defined
|
||||
|
||||
- name: "Setup apt proxy cache"
|
||||
include: sudo.yml
|
||||
tags:
|
||||
- ansible_nopasswd
|
||||
|
||||
- name: "Setup apt proxy cache"
|
||||
become: True
|
||||
include: apt-cacher-ng.yml
|
||||
|
||||
- name: "Configure a time server"
|
||||
become: True
|
||||
include: time-server.yml
|
||||
|
||||
- name: "Configure a web server"
|
||||
become: True
|
||||
include: nginx.yml
|
||||
|
||||
- name: "Configure tftp"
|
||||
become: True
|
||||
include: tftpd-hpa.yml
|
||||
|
||||
- name: "Configure dns server"
|
||||
become: True
|
||||
include: unbound.yml
|
||||
|
||||
- name: "Configure nic"
|
||||
become: True
|
||||
include: network.yml
|
||||
|
||||
- name: "Setup dhcp"
|
||||
become: True
|
||||
include: isc-dhcp-server.yml
|
||||
|
||||
- include: fai-prepare.yml
|
||||
become: True
|
||||
- include: fai-configure.yml
|
||||
become: True
|
||||
- include: fai-profiles.yml
|
||||
become: True
|
||||
- include: fai-root.yml
|
||||
become: True
|
||||
- include: fai-pxe.yml
|
||||
become: True
|
||||
- include: fai-ipxe.yml
|
||||
become: True
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
### OPERATING SYSTEM CONFIGURATION
|
||||
|
||||
- name: "Debug conditions"
|
||||
debug:
|
||||
var: item
|
||||
loop:
|
||||
- "{{ ansible_nopasswd }}"
|
||||
- "{{ ansible_user_id }}"
|
||||
tags:
|
||||
- ansible_nopasswd
|
||||
|
||||
- name: "Allow ansible user to use sudo without password (only for testing)"
|
||||
become: true
|
||||
template:
|
||||
src: sudoers.d/ansible.jn2
|
||||
dest: "/etc/sudoers.d/ansible"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0440'
|
||||
lstrip_blocks: true
|
||||
backup: no
|
||||
validate: /usr/sbin/visudo -cf %s
|
||||
when:
|
||||
- ansible_nopasswd
|
||||
- ansible_user_id != "root"
|
||||
tags:
|
||||
- ansible_nopasswd
|
||||
|
||||
- name: "Make sure to remove sudo without password (only for testing)"
|
||||
become: true
|
||||
file:
|
||||
path: "/etc/sudoers.d/ansible"
|
||||
state: absent
|
||||
when: not ansible_nopasswd
|
||||
tags:
|
||||
- ansible_nopasswd
|
||||
|
Loading…
Reference in New Issue