From c3b42d8499d0f1ee936d70a1d786397f7480f11c Mon Sep 17 00:00:00 2001 From: ipvsean Date: Wed, 11 Mar 2020 13:43:23 -0400 Subject: [PATCH] syncing grant_sudo --- playbooks/05_grant_sudo.yml | 28 ++++++++++++ ...{05_windows_iis.yml => 30_windows_iis.yml} | 0 playbooks/group_vars/all/05_grant_sudo.yml | 45 +++++++++++++++++++ ...{05_windows_iss.yml => 30_windows_iss.yml} | 2 +- 4 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 playbooks/05_grant_sudo.yml rename playbooks/{05_windows_iis.yml => 30_windows_iis.yml} (100%) create mode 100644 playbooks/group_vars/all/05_grant_sudo.yml rename playbooks/group_vars/all/{05_windows_iss.yml => 30_windows_iss.yml} (92%) diff --git a/playbooks/05_grant_sudo.yml b/playbooks/05_grant_sudo.yml new file mode 100644 index 0000000..ce69b36 --- /dev/null +++ b/playbooks/05_grant_sudo.yml @@ -0,0 +1,28 @@ +--- +- name: grant sudo + hosts: "{{ HOSTS | default('all') }}" + become: yes + gather_facts: no + vars: + sudo_cleanup: true + + tasks: + - name: Check if sudo user exists on system + getent: + database: passwd + key: "{{ sudo_user }}" + + - name: create sudo rule + copy: + dest: "/etc/sudoers.d/{{ sudo_user }}" + owner: root + group: root + mode: 0640 + content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL" + + - name: time based cleanup + at: + command: "rm /etc/sudoers.d/{{ sudo_user }}" + count: "{{ sudo_count | default('10') }}" + units: "{{ sudo_units | default('minutes') }}" + when: sudo_cleanup|bool diff --git a/playbooks/05_windows_iis.yml b/playbooks/30_windows_iis.yml similarity index 100% rename from playbooks/05_windows_iis.yml rename to playbooks/30_windows_iis.yml diff --git a/playbooks/group_vars/all/05_grant_sudo.yml b/playbooks/group_vars/all/05_grant_sudo.yml new file mode 100644 index 0000000..8f7433d --- /dev/null +++ b/playbooks/group_vars/all/05_grant_sudo.yml @@ -0,0 +1,45 @@ +--- +fact_scan: + author: "Will Tome" + name: "SERVER / Grant Sudo" + description: "grant sudo privledges for specified time via survey" + job_type: "run" + inventory: "Workshop Inventory" + playbook: playbooks/05_grant_sudo.yml + credential: "Workshop Credential" + survey_enabled: yes + survey_spec: + name: '' + description: '' + spec: + - question_name: 'Enter host to configure' + type: text + variable: HOSTS + required: false + - question_name: Username + type: text + variable: sudo_user + required: true + - question_name: Time + type: integer + variable: sudo_count + required: true + default: 10 + - question_name: Units + type: multiplechoice + variable: harden_ssh + required: true + choices: + - 'minutes' + - 'hours' + - 'days' + default: minutes + project: + name: "Ansible official demo project" + description: "prescriptive demos from Red Hat Management Buisness Unit" + organization: "Default" + scm_type: git + scm_url: "https://github.com/ansible/product-demos" + workshop_type: + - f5 + - rhel diff --git a/playbooks/group_vars/all/05_windows_iss.yml b/playbooks/group_vars/all/30_windows_iss.yml similarity index 92% rename from playbooks/group_vars/all/05_windows_iss.yml rename to playbooks/group_vars/all/30_windows_iss.yml index 2e8ebf8..5a3aaee 100644 --- a/playbooks/group_vars/all/05_windows_iss.yml +++ b/playbooks/group_vars/all/30_windows_iss.yml @@ -5,7 +5,7 @@ windows_iis: description: "install webserver on Windows Server with a survey" job_type: "run" inventory: "Workshop Inventory" - playbook: "playbooks/05_windows_iis.yml" + playbook: "playbooks/30_windows_iis.yml" credential: "Demo Credential" survey_enabled: no project: