Adding better syslog

2020-10-18 23:49:25 -05:00
parent e12c8ff0c6
commit ffbd7b7bd8
6 changed files with 134 additions and 14 deletions
--- a/roles/basics/tasks/main.yml
+++ b/roles/basics/tasks/main.yml
@@ -83,17 +83,18 @@
     line: "127.0.0.1 localhost localhost.localdomain {{ inventory_hostname }} {{ inventory_hostname }}.{{ replica_domain }}"
     state: present

- - name: Identify depriv user
-   command:
-     cmd: "bash -c 'getent passwd 1001 | cut -f 1 -d :'"
-   register: depriv_user
-
   # This is an AniNIX convention to allow password management by Ansible.
- - name: Ensure 1001 has sudo permissions.
+ - name: Ensure SSH user has sudo permissions.
   become: yes
   copy:
-     dest: /etc/sudoers.d/1001  
-     content: "{{ depriv_user.stdout }} ALL=(ALL) NOPASSWD: ALL\n"
+     dest: /etc/sudoers.d/basics
+     content: "{{ lookup('env','USER') }} ALL=(ALL) NOPASSWD: ALL\n"
+
+   # Remove unneeded file
+ - file:
+     path: /etc/sudoers.d/1001
+     state: absent
+   become: yes

 - name: Test root password
   ignore_errors: yes
@@ -111,7 +112,6 @@
   command:
     cmd: /bin/bash -l -c "printf '%s\n%s\n' '{{ lookup('vars',inventory_hostname+'_password') }}' '{{ lookup('vars',inventory_hostname+'_password') }}' | passwd"

- 
 - name: Define depriv password
   become: yes
   when: root_password_test.rc is not defined or root_password_test.rc != 0