sudoer.yml 708 Bytes
Newer Older
julian.gethmann's avatar
julian.gethmann committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
---
- name: Ensure sudo is installed
  dnf: pkg=sudo state=installed
  become: yes

- name: Copy sudoers file including validation
  become: yes
  template: src=sudoers.j2 dest=/etc/sudoers.d/sudoers validate='visudo -cf %s' backup=yes owner=root group=root mode=440
  register: sudoers_enrole_result

- name: requiretty in sudoers
  lineinfile: backup=yes regexp="Defaults    !?requiretty" state=present dest=/etc/sudoers line="Defaults    !requiretty" validate="visudo -c -f %s"
  become: yes

- name: Lock the root user
  become: yes
  shell: passwd -l root
  #failed_when: "'Success' not in command_result.stdout"
  when: sudoers_enrole_result|success and sudoers_enrole_result|changed
  tags: lock root