58 lines
1.7 KiB
YAML
58 lines
1.7 KiB
YAML
---
|
|
- name: Test root password
|
|
ignore_errors: yes
|
|
register: root_password_test
|
|
vars:
|
|
ansible_become_user: "{{ item }}"
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
command: id
|
|
loop:
|
|
- root
|
|
- "{{ ansible_user_id }}"
|
|
|
|
- name: Define passwords
|
|
ignore_errors: yes
|
|
vars:
|
|
ansible_become_user: "root"
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: root_password_test.rc is not defined or root_password_test.rc != 0
|
|
command:
|
|
cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}"
|
|
loop:
|
|
- root
|
|
- "{{ ansible_user_id }}"
|
|
|
|
- name: Ensure deploy user has sudo permissions.
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
copy:
|
|
dest: /etc/sudoers.d/basics
|
|
content: "{{ ansible_user_id }} ALL=(ALL) NOPASSWD: ALL\n"
|
|
|
|
- name: Ensure we include /etc/sudoers.d (Current)
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: ansible_architecture != "armv6l"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "includedir /etc/sudoers.d"
|
|
line: "@includedir /etc/sudoers.d"
|
|
|
|
- name: Ensure we include /etc/sudoers.d (Legacy)
|
|
vars:
|
|
ansible_become_method: su
|
|
ansible_become_password: "{{ passwords[inventory_hostname] }}"
|
|
become: yes
|
|
when: ansible_architecture == "armv6l"
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
regexp: "includedir /etc/sudoers.d"
|
|
line: "#includedir /etc/sudoers.d"
|