-
Notifications
You must be signed in to change notification settings - Fork 186
/
temp_sudo.yml
41 lines (36 loc) · 987 Bytes
/
temp_sudo.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
---
- name: Temporary Sudo
hosts: "{{ _hosts | default(omit) }}"
become: true
gather_facts: false
vars:
sudo_cleanup: true
sudo_user: undef
sudo_time: 10
sudo_units: minutes
tasks:
- name: Check if sudo user exists on system
ansible.builtin.getent:
database: passwd
key: "{{ sudo_user }}"
- name: Check Cleanup package
ansible.builtin.yum:
name: at
state: present
- name: Check Cleanup Service
ansible.builtin.service:
name: atd
state: started
- name: Create Sudo Rule
ansible.builtin.copy:
dest: "/etc/sudoers.d/{{ sudo_user }}"
owner: root
group: root
mode: "0640"
content: "{{ sudo_user }} ALL=(ALL) NOPASSWD:ALL"
- name: Set Permission Cleanup
ansible.posix.at:
command: "rm /etc/sudoers.d/{{ sudo_user }}"
count: "{{ sudo_time }}"
units: "{{ sudo_units }}"
when: sudo_cleanup | bool