syncing grant_sudo

2020-03-11 13:43:23 -04:00
parent 28b424c844
commit c3b42d8499
4 changed files with 74 additions and 1 deletions
--- a/playbooks/05_grant_sudo.yml
+++ b/playbooks/05_grant_sudo.yml
@@ -0,0 +1,28 @@
+---
+- name: grant sudo
+  hosts: "{{ HOSTS | default('all') }}"
+  become: yes
+  gather_facts: no
+  vars:
+    sudo_cleanup: true
+
+  tasks:
+    - name: Check if sudo user exists on system
+      getent:
+        database: passwd
+        key: "{{ sudo_user }}"
+
+    - name: create sudo rule
+      copy:
+        dest: "/etc/sudoers.d/{{ sudo_user }}"
+        owner: root
+        group: root
+        mode: 0640
+        content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL"
+
+    - name: time based cleanup
+      at:
+        command: "rm /etc/sudoers.d/{{ sudo_user }}"
+        count: "{{ sudo_count | default('10') }}"
+        units: "{{ sudo_units | default('minutes') }}"
+      when: sudo_cleanup|bool
--- a/playbooks/30_windows_iis.yml
+++ b/playbooks/30_windows_iis.yml
--- a/playbooks/group_vars/all/05_grant_sudo.yml
+++ b/playbooks/group_vars/all/05_grant_sudo.yml
@@ -0,0 +1,45 @@
+---
+fact_scan:
+  author: "Will Tome"
+  name: "SERVER / Grant Sudo"
+  description: "grant sudo privledges for specified time via survey"
+  job_type: "run"
+  inventory: "Workshop Inventory"
+  playbook: playbooks/05_grant_sudo.yml
+  credential: "Workshop Credential"
+  survey_enabled: yes
+  survey_spec:
+    name: ''
+    description: ''
+    spec:
+    - question_name: 'Enter host to configure'
+      type: text
+      variable: HOSTS
+      required: false
+    - question_name: Username
+      type: text
+      variable: sudo_user
+      required: true
+    - question_name: Time
+      type: integer
+      variable: sudo_count
+      required: true
+      default: 10
+    - question_name: Units
+      type: multiplechoice
+      variable: harden_ssh
+      required: true
+      choices:
+        - 'minutes'
+        - 'hours'
+        - 'days'
+      default: minutes
+  project:
+    name: "Ansible official demo project"
+    description: "prescriptive demos from Red Hat Management Buisness Unit"
+    organization: "Default"
+    scm_type: git
+    scm_url: "https://github.com/ansible/product-demos"
+  workshop_type:
+    - f5
+    - rhel
--- a/playbooks/group_vars/all/30_windows_iss.yml
+++ b/playbooks/group_vars/all/30_windows_iss.yml
@@ -5,7 +5,7 @@ windows_iis:
  description: "install webserver on Windows Server with a survey"
  job_type: "run"
  inventory: "Workshop Inventory"
-  playbook: "playbooks/05_windows_iis.yml"
+  playbook: "playbooks/30_windows_iis.yml"
  credential: "Demo Credential"
  survey_enabled: no
  project: