sudoer.yml 708 Bytes
Newer Older
julian.gethmann's avatar
julian.gethmann committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
---
- name: Ensure sudo is installed
  dnf: pkg=sudo state=installed
  become: yes

- name: Copy sudoers file including validation
  become: yes
  template: src=sudoers.j2 dest=/etc/sudoers.d/sudoers validate='visudo -cf %s' backup=yes owner=root group=root mode=440
  register: sudoers_enrole_result

- name: requiretty in sudoers
  lineinfile: backup=yes regexp="Defaults    !?requiretty" state=present dest=/etc/sudoers line="Defaults    !requiretty" validate="visudo -c -f %s"
  become: yes

- name: Lock the root user
  become: yes
  shell: passwd -l root
  #failed_when: "'Success' not in command_result.stdout"
  when: sudoers_enrole_result|success and sudoers_enrole_result|changed
  tags: lock root