An Ansible Role to configure sudo and sudoers files.
sudo is the most common used command in Linux. Having a proper configuration is mandatory for most Linux Systems.
This role will configure sudo properly.
- configure /etc/sudoers
- configure /etc/sudoers.d/*
Used Modules:
Install from Ansible Galaxy
ansible-galaxy install while_true_do.sys_sudo
Install from Github
git clone https://github.com/while-true-do/ansible-role-sys_sudo.git while_true_do.sys_sudo
---
# defaults file for while_true_do.sys_sudo
## Package Management
wtd_sys_sudo_package: "sudo"
# State can be present|latest|absent
wtd_sys_sudo_package_state: "present"
# Configure the sudo defaults
wtd_sys_sudo_conf_defaults:
# Reset environment and use env_keep
env_reset: true
# Show asterisks, when typing a password
pwfeedback: false
# optional: lecture can be once|always|never
# lecture: "once"
# optional: define another lecture message from a file
# lecture_file: "/path/to/file"
# Configure the wheel group
wtd_sys_sudo_conf_wheel:
enable: true
host: "ALL"
runas: "ALL"
cmnd: "ALL"
# optional: use tag PASSWD|NOPASSWD
# tag: ""
# Configure the root user
wtd_sys_sudo_conf_root:
host: "ALL"
runas: "ALL"
cmnd: "ALL"
# optional: use tag PASSWD|NOPASSWD
# tag: ""
# Provide additional sudoers, the way you want them.
# All users|groups will be configured in /etc/sudoers.d/
# You can use user|group|netgroup, but not all at once.
# The result will be a lign like:
# user = (runas) tag: command
wtd_sys_sudo_conf_sudoers: []
# - name: "myname"
# user: "myuser"
# group: "mygroup"
# netgroup: "mynetgroup"
# host: "HOST_SPEC"
# runas: "RUNAS_SPEC"
# cmnd: "COMMAND"
# tag: "PASSWD|NOPASSWD"
Running Ansible Roles can be done in a playbook.
Without any parameter given, /etc/sudoers will be configured, the way %wheel
and root are allowed to use the sudo command. This is standard in most
Linux Distributions.
---
- hosts: all
roles:
- role: while_true_do.sys_sudo
Configure wheel, without a password.
- hosts: all
roles:
- role: while_true_do.sys_sudo
wtd_sys_sudo_wheel:
enable: true
host: "ALL"
runas: "ALL"
cmnd: "ALL"
tag: "NOPASSWD"
Configure a web admin group to sudo for specific commands.
- hosts: all
roles:
- role: while_true_do.sys_sudo
wtd_sys_sudo_sudoers:
- name: "webadmin"
group: "webadmin"
host: "ALL"
runas: "ALL"
cmnd: "/usr/sbin/service httpd *"
Configure multiple groups and users.
- hosts: all
roles:
- role: while_true_do.sys_sudo
wtd_sys_sudo_sudoers:
- name: "webadmin"
group: "webadmin"
host: "ALL"
runas: "ALL"
cmnd: "/usr/sbin/service httpd *"
- name: "developer"
user: "developer"
host: "ALL"
runas: "ALL"
cmnd: "cat /var/log/messages"
- RedHat Testing is currently not possible in public, due to limitations in subscriptions.
- Some services and features cannot be tested properly, due to limitations in docker.
Most of the "generic" tests are located in the Test Library.
Ansible specific testing is done with Molecule.
Infrastructure testing is done with testinfra.
Automated testing is done with Travis CI.
Thank you so much for considering to contribute. We are very happy, when somebody is joining the hard work. Please fell free to open Bugs, Feature Requests or Pull Requests after reading the Contribution Guideline.
See who has contributed already in the kudos.txt.
This work is licensed under a BSD-3-Clause License.
- Site https://while-true-do.io
- Twitter https://twitter.com/wtd_news
- Code https://github.com/while-true-do
- Mail hello@while-true-do.io
- IRC freenode, #while-true-do
- Telegram https://t.me/while_true_do