From f937fe4807e1e9d8937277b903fa05928b92aa37 Mon Sep 17 00:00:00 2001 From: Vitaliy Kukharik Date: Sun, 8 Dec 2024 16:54:58 +0500 Subject: [PATCH] Update converge.yml --- automation/molecule/default/converge.yml | 35 +++++++----------------- 1 file changed, 10 insertions(+), 25 deletions(-) diff --git a/automation/molecule/default/converge.yml b/automation/molecule/default/converge.yml index aa8690b79..c5ec93d24 100644 --- a/automation/molecule/default/converge.yml +++ b/automation/molecule/default/converge.yml @@ -4,7 +4,14 @@ gather_facts: true tasks: - - name: Allow passwordless sudo for all users in sudo group + - name: Ensure sudo group exists + become: true + become_method: su + ansible.builtin.group: + name: "sudo" + state: present + + - name: Allow passwordless sudo for users in sudo group become: true become_method: su ansible.builtin.lineinfile: @@ -13,37 +20,15 @@ regexp: '^%sudo' line: '%sudo ALL=(ALL) NOPASSWD: ALL' validate: 'visudo -cf %s' - ignore_errors: yes - - name: Ensure user is part of sudo group + - name: Ensure ansible user is part of the correct sudo group become: true become_method: su ansible.builtin.user: name: "{{ ansible_facts.user | default('root') }}" - groups: sudo + groups: "sudo" append: true - - name: Update PAM configuration for sudo to allow all - become: true - become_method: su - ansible.builtin.lineinfile: - path: /etc/pam.d/sudo - state: present - regexp: '^auth.*pam_permit.so' - line: 'auth sufficient pam_permit.so' - ignore_errors: yes - - - name: Disable PAM for sudo in sudoers - become: true - become_method: su - ansible.builtin.lineinfile: - path: /etc/sudoers - state: present - regexp: '^Defaults.*!pam' - line: 'Defaults !pam' - validate: 'visudo -cf %s' - ignore_errors: yes - - name: Test sudo without password command: sudo -n true register: sudo_test