Coder Social home page Coder Social logo

havlasme / ansible-role-sudo Goto Github PK

View Code? Open in Web Editor NEW
0.0 1.0 1.0 64 KB

An Ansible role to install sudo and manage sudoers configuration - defaults, aliases, and specifications.

Home Page: https://galaxy.ansible.com/tomashavlas/sudo/

License: BSD 3-Clause "New" or "Revised" License

Makefile 100.00%

ansible-role-sudo's Introduction

sudo

Ansible Galaxy Build Status Latest Tag

An Ansible role to install sudo and manage sudoers configuration - defaults, aliases, and specifications.

Aliases and global defaults are stored in main configuration file /etc/sudoers. Specifications and more specific defaults are stored in separate files in /etc/sudoers.d/ directory.

Requirements

None.

Role Variables

# list of global sudo defaults
sudo__defaults: []
## sudo defaults option
#  - name: string
## OPTIONAL: sudo defaults value(s), mutiple values are concatenated with space and enclosed by double quotes, can be
## skipped for boolean defaults
#    value: int | string | [ string ]
## OPTIONAL: should value(s) be added to value list
#    include: bool
## OPTIONAL: should value(s) be removed from value list
#    exclude: bool

# list of sudo command aliases
sudo__cmnd_aliases: []
## command alias
#  - name: string
## alias value(s), mutiple values are concatenated with comma
#    command: string | [ string ]

# list of sudo host aliases
sudo__host_aliases: []
## sudo alias
#  - name: string
## alias value(s), mutiple values are concatenated with comma
#    host: string | [ string ]

# list of sudo operator aliases
sudo__runas_aliases: []
## operator alias
#  - name: string
## alias value(s), mutiple values are concatenated with comma
#    operator: string | [ string ]

# list of sudo user aliases
sudo__user_aliases: []
## user alias
#  - name: string
## alias value(s), mutiple values are concatenated with comma
#    user: string | [ string ]

# list of sudo specifications, defaults, specification or both must be set for specification file to be created
sudo__specs: []
## filename of sudo specification file
#  - name: string
## OPTIONAL: list of sudo defaults, if command, host, operator, and user option are not set, then sudo default is
## recognized as global
#    defaults:
## sudo defaults option
#      - name: string
## OPTIONAL: make this defaults option command(s) specific, mutiple values are concatenated with comma
#        command: string | [ string ]
## OPTIONAL: make this defaults option host(s) specific, mutiple values are concatenated with comma
#        host: string | [ string ]
## OPTIONAL: make this defaults option operator(s) specific, mutiple values are concatenated with comma
#        operator: string | [ string ]
## OPTIONAL: make this defaults option user(s) specific, mutiple values are concatenated with comma
#        user: string | [ string ]
## OPTIONAL: sudo defaults value(s), mutiple values are concatenated with space and enclosed by double quotes, can be
## skipped for boolean defaults
#        value: int | string | [ string ]
## OPTIONAL: should value(s) be added to value list
#        include: bool
## OPTIONAL: should value(s) be removed from value list
#        exclude: bool
## OPTIONAL: list of sudo specifications
#    specs: []
## specification user(s), mutiple values are concatenated with comma
#      - user: string | [ string ]
## specification host(s), mutiple values are concatenated with comma
#        host: string | [ string ]
## OPTIONAL: specification operator(s), mutiple values are concatenated with comma
#        operator: string | [ string ]
## OPTIONAL: specification tag(s), mutiple values are concatenated with colon
#        tag: string | [ string ]
## specification command(s), mutiple values are concatenated with comma
#        command: string | [ string ]
## OPTIONAL: if set to true, file is removed from host
#    disabled: bool

# if set to true all files located in sudo configuration dropins directory not created by this role are renamed,
# at least one of sudo__specs_rename_prefix and sudo__specs_rename_suffix must be set
sudo__specs_rename_unmanaged: false

# prefix to prepend to filenames of files located in sudo configuration dropins directory not created by this role
sudo__specs_rename_prefix: ""

# suffix to append to filenames of files located in sudo configuration dropins directory not created by this role
sudo__specs_rename_suffix: ""

# if set to true all files located in sudo configuration dropins directory not created by this role are removed
sudo__specs_purge_unmanaged: false

## OPTIONAL: path to sudo I/O log directory, defaults to OS specific value
# sudo__iolog_dir: string

## OPTIONAL: filename pattern for sudo I/O log files, defaults to OS specific value
# sudo__iolog_filename: string

## OPTIONAL: list of sudo packages, defaults to OS specific value
# sudo__packages: string | [ string ]

Dependencies

None.

Example Playbook

- hosts: all
  roles:
    - role: "tomashavlas.sudo"
      sudo__defaults:
        - name: "env_reset"
        - name: "!visiblepw"
        - name: "secure_path"
          value: "/sbin:/bin:/usr/sbin:/usr/bin"
      sudo__specs:
        - name: "wheel"
          specs:
            - user: "%wheel"
              host: "ALL"
              operator: "ALL"
              command: "ALL"

For more examples see test cases.

License

BSD

Author Information

Created by Tomáš Havlas in 2016.

ansible-role-sudo's People

Watchers

avatar

Forkers

ifireball

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.