WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
6706723eea466bc9ffedc00a2fc86a0797279113
fedora-infra_ansible/roles/ipa/client/tasks/sudo.yml
Kevin Fenzi 9af79d19ee handlers: fix another name change 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2025-01-24 14:11:11 -08:00

54 lines
2.1 KiB
YAML
Raw Blame History

---
## This will only run once per play (as per `main.yml`), so needs to consider all affected hosts.
- name: "Give members of `sysadmin-main` sudo access to anything, anywhere"
delegate_to: "{{ item }}"
ipasudorule:
name: "usergroup/sysadmin-main"
description: "Allow members of `sysadmin-main` to use sudo to do anything, anywhere"
ipaadmin_password: "{{ ipa_server_admin_passwords[item] }}"
state: present
cmdcategory: "all"
hostcategory: "all"
runasusercategory: "all"
runasgroupcategory: "all"
group:
- sysadmin-main
notify: Clean sss caches
no_log: true
loop: "{{ ipa_servers }}"
when: ipa_servers is defined
- name: Give certain groups sudo access to anything per host group
delegate_to: "{{ item[0] }}"
ipasudorule:
name: "hostgroup/{{ item[1] }}"
description: "Grant sudo access to anything on host group {{ item[1] }}"
ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
state: present
group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] }}"
hostgroup: "{{ item[1] }}"
cmdcategory: "all"
runasusercategory: "all"
runasgroupcategory: "all"
notify: Clean sss caches
loop: "{{ ipa_server_host_groups }}"
when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_groups'] is defined
- name: Give certain groups passwordless sudo access to anything per host group
delegate_to: "{{ item[0] }}"
ipasudorule:
name: "hostgroup/{{ item[1] }}/nopasswd"
description: "Grant passwordless sudo access to anything on host group {{ item[1] }}"
ipaadmin_password: "{{ ipa_server_admin_passwords[item[0]] }}"
state: present
group: "{{ ipa_server_host_groups_dict[item[0]][item[1]]['sudo_nopasswd_groups'] }}"
hostgroup: "{{ item[1] }}"
cmdcategory: "all"
runasusercategory: "all"
runasgroupcategory: "all"
options: "!authenticate"
notify: Clean sss caches
loop: "{{ ipa_server_host_groups }}"
when: ipa_server_host_groups is defined and ipa_server_host_groups_dict[item[0]][item[1]]['sudo_nopasswd_groups'] is defined
Reference in New Issue View Git Blame Copy Permalink