added sudo

author: B Stack <bgstack15@gmail.com> 2016-10-03 11:43:00 -0400
committer: B Stack <bgstack15@gmail.com> 2016-10-03 11:43:00 -0400
commit: 17c0b3e049ec09a6605d18c9325a5a69d54db8f6 (patch)
tree: 029c5ba12793fdec2e9407285a59bb3e50d19747 /roles
parent: readme (diff)
download: ansible01-17c0b3e049ec09a6605d18c9325a5a69d54db8f6.tar.gz
ansible01-17c0b3e049ec09a6605d18c9325a5a69d54db8f6.tar.bz2
ansible01-17c0b3e049ec09a6605d18c9325a5a69d54db8f6.zip
9 files changed, 181 insertions, 2 deletions
diff --git a/roles/ad/hosts/default.yml b/roles/ad/hosts/default.yml
new file mode 100644
index 0000000..d7bc1a7
--- /dev/null
+++ b/roles/ad/hosts/default.yml
@@ -0,0 +1,4 @@
+# This file exists to ensure the directory is generated if ever packed in a tarball or something.
+# This directory, hosts/, may be used for specific hosts to get specific variables
+---
+ad_access_filter: SHOULD NEVER SEE THIS
diff --git a/roles/ssh_keys/main.yml b/roles/ssh_keys/main.yml
index 9022768..430c387 100644
--- a/roles/ssh_keys/main.yml
+++ b/roles/ssh_keys/main.yml
@@ -4,5 +4,3 @@
     - vars/default.yml
   tasks:
     - include: tasks/main.yml
-  handlers:
-    - handlers/main.yml
diff --git a/roles/ssh_keys/tasks/main.yml.2016-10-03.01 b/roles/ssh_keys/tasks/main.yml.2016-10-03.01
new file mode 100644
index 0000000..89d8d89
--- /dev/null
+++ b/roles/ssh_keys/tasks/main.yml.2016-10-03.01
@@ -0,0 +1,63 @@
+---
+- name: ssh_keys get vars
+  include_vars: default.yml
+
+- name: ssh_keys get OS vars
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_distribution }}.yml'
+    - default.yml
+
+#- shell: echo "{{ item | basename | regex_replace('\.pubkeys?$','') }}"
+#  with_fileglob:
+#    - '*.pubkey'
+#    - '*.pubkeys'
+#  register: users_to_check
+
+#- debug: var=ssh_key_strings
+#- debug: var=ssh_key_files
+
+- stat: path='{{ master_home_dir}}/{{ item.user }}/.ssh'
+  with_items:
+    - '{{ ssh_key_strings }}'
+  register: "s"
+  when: ssh_key_strings is defined
+
+- stat: path='{{ master_home_dir}}/{{ item.user }}/.ssh'
+  with_items:
+    - '{{ ssh_key_files }}'
+  register: "r"
+  when: ssh_key_files is defined
+
+#- debug: msg='{{ item.stat.exists }}'
+#  with_flattened:
+#    - '{{ r.results }}'
+
+- name: ssh_keys deploy keys from files
+  template:
+    src: "roles/ssh_keys/files/{{ item.item.file }}"
+    dest: '{{ master_home_dir }}/{{ item.item.user }}/.ssh/authorized_keys'
+    mode: 0600
+    owner: '{{ item.item.user }}'
+  with_items:
+    - '{{ r.results }}'
+  when:
+    - item.stat.exists is defined
+    - '{{ item.stat.exists }}'
+    - r is defined
+
+- name: ssh_keys deploy keys from strings
+  lineinfile:
+    line: '{{ item.item.string }}'
+    regexp: "{{ item.item.string | regex_replace('^(.{40}).*$','\\1') }}"
+    dest: '{{ master_home_dir }}/{{ item.item.user }}/.ssh/authorized_keys'
+    mode: 0600
+    owner: '{{ item.item.user }}'
+    create: yes
+    state: present
+  with_items:
+    - '{{ s.results }}'
+  when:
+    - item.stat.exists is defined
+    - '{{ item.stat.exists }}'
+    - s is defined
diff --git a/roles/sudo/main.yml b/roles/sudo/main.yml
new file mode 100644
index 0000000..430c387
--- /dev/null
+++ b/roles/sudo/main.yml
@@ -0,0 +1,6 @@
+---
+- hosts: all
+  vars_files:
+    - vars/default.yml
+  tasks:
+    - include: tasks/main.yml
diff --git a/roles/sudo/tasks/2 b/roles/sudo/tasks/2
new file mode 100644
index 0000000..5dd7b7f
--- /dev/null
+++ b/roles/sudo/tasks/2
@@ -0,0 +1,25 @@
+---
+- name: sudo get vars
+  include_vars: default.yml
+
+- name: sudo get OS vars
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_distribution }}.yml'
+    - default.yml
+
+- debug: msg="{{ item | regex_replace('^.*\/','') }}"
+  with_items:
+    - '{{ sudo_files }}'
+
+- name: sudo deploy rules from files
+  template:
+    src: "roles/sudo/files/{{ item.file }}"
+    dest: "{{ sudo_rules_dir }}/{{ item.file | regex_replace('^.*\/','a') }}"
+    mode: 0440
+    owner: '{{ sudo_root_user }}'
+    group: '{{ sudo_root_group  }}'
+  with_items:
+    - '{{ sudo_files }}'
+  when:
+    - sudo_files is defined
diff --git a/roles/sudo/tasks/main.yml b/roles/sudo/tasks/main.yml
new file mode 100644
index 0000000..07fda25
--- /dev/null
+++ b/roles/sudo/tasks/main.yml
@@ -0,0 +1,63 @@
+---
+- name: sudo get vars
+  include_vars: default.yml
+
+- name: sudo get OS vars
+  include_vars: '{{ item }}'
+  with_first_found:
+    - '{{ ansible_distribution }}.yml'
+    - default.yml
+
+- stat: path='{{ sudo_rules_dir }}/{{ item.priority }}_{{ item.name }}' #'
+  with_items:
+    - '{{ sudo_strings }}'
+  register: "s"
+  when: sudo_strings is defined
+
+- name: sudo deploy rules from files
+  template:
+    src: "roles/sudo/files/{{ item.file }}"
+    dest: "{{ sudo_rules_dir }}/{{ item.file | regex_replace('.*/','') }}"
+    mode: 0440
+    owner: '{{ sudo_root_user }}'
+    group: '{{ sudo_root_group  }}'
+  with_items:
+    - '{{ sudo_files }}'
+  when:
+    - sudo_files is defined
+
+- name: sudo remove rules from files
+  file: path='{{ sudo_rules_dir }}/{{ item.file | regex_replace('.*/','') }}' state='absent'
+  with_items:
+    - '{{ sudo_files }}'
+  when:
+    - sudo_files is defined
+    - ( not item.exists ) or ( '{{ item.exists | lower }}' == 'false' )
+
+#- debug: msg='foo'
+#  with_items: '{{ s.results }}'
+
+- name: sudo deploy rules from strings
+  lineinfile:
+    line: "{{ item.item.content }}"
+    regexp: "{{ item.item.content | regex_replace('^(.{8}).*$','\\1') }}"
+    dest: '{{ sudo_rules_dir }}/{{ item.item.priority }}_{{ item.item.name }}'
+    mode: 0600
+    owner: '{{ sudo_root_user }}'
+    group: '{{ sudo_root_group }}'
+    create: yes
+    state: present
+  with_items:
+    - '{{ s.results }}'
+  when:
+    - item.stat.exists is defined
+    - s is defined
+    - '{{ item.item.exists }}'
+
+- name: sudo remove rules from strings
+  file: path='{{ sudo_rules_dir }}/{{ item.item.priority }}_{{ item.item.name }}' state='absent'
+  with_items:
+    - '{{ s.results }}'
+  when:
+    - s is defined
+    - ( not item.item.exists ) or ( '{{ item.item.exists | lower }}' == 'false' )
diff --git a/roles/sudo/tests/test.yml b/roles/sudo/tests/test.yml
new file mode 100644
index 0000000..e15f798
--- /dev/null
+++ b/roles/sudo/tests/test.yml
@@ -0,0 +1,12 @@
+---
+- name: Test playbook for sudo
+  hosts: test
+  remote_user: root
+  roles:
+    - sudo
+  vars:
+    sudo_strings:
+      - { priority: 42, exists: 'false', name: 'admins-do-all', content: 'User_Alias ADMINS = bgstack15, bgstack15, user16, user16' }
+      - { priority: 43, exists: false, name: 'a', content: "ADMINS ALL=(ALL)  ALL" }
+    sudo_files:
+      - { exists: 'false', file: '../../../company/sudo-files/40_bgstack15' }
diff --git a/roles/sudo/vars/FreeBSD.yml b/roles/sudo/vars/FreeBSD.yml
new file mode 100644
index 0000000..0205496
--- /dev/null
+++ b/roles/sudo/vars/FreeBSD.yml
@@ -0,0 +1,4 @@
+---
+sudo_rules_dir: /usr/local/etc/sudoers.d/
+sudo_root_user: root
+sudo_root_group: wheel
diff --git a/roles/sudo/vars/default.yml b/roles/sudo/vars/default.yml
new file mode 100644
index 0000000..80e6de4
--- /dev/null
+++ b/roles/sudo/vars/default.yml
@@ -0,0 +1,4 @@
+---
+sudo_rules_dir: /etc/sudoers.d/
+sudo_root_user: root
+sudo_root_group: root
author	B Stack <bgstack15@gmail.com>	2016-10-03 11:43:00 -0400
committer	B Stack <bgstack15@gmail.com>	2016-10-03 11:43:00 -0400
commit	17c0b3e049ec09a6605d18c9325a5a69d54db8f6 (patch)
tree	029c5ba12793fdec2e9407285a59bb3e50d19747 /roles
parent	readme (diff)
download	ansible01-17c0b3e049ec09a6605d18c9325a5a69d54db8f6.tar.gz ansible01-17c0b3e049ec09a6605d18c9325a5a69d54db8f6.tar.bz2 ansible01-17c0b3e049ec09a6605d18c9325a5a69d54db8f6.zip