https://github.com/claranet/ansible-role-sudo
Install and configure sudo
https://github.com/claranet/ansible-role-sudo
ansible claranet role sudo
Last synced: 5 months ago
JSON representation
Install and configure sudo
- Host: GitHub
- URL: https://github.com/claranet/ansible-role-sudo
- Owner: claranet
- License: mpl-2.0
- Created: 2022-12-13T15:50:51.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-07-04T13:06:56.000Z (almost 2 years ago)
- Last Synced: 2025-06-15T19:13:38.101Z (about 1 year ago)
- Topics: ansible, claranet, role, sudo
- Language: Jinja
- Homepage:
- Size: 48.8 KB
- Stars: 2
- Watchers: 12
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Ansible role - sudo
[](https://www.claranet.fr/)
[](LICENSE)
[](https://github.com/claranet/ansible-role-sudo/releases)
[](https://github.com/claranet/ansible-role-sudo/actions?query=workflow%3A%22Ansible+Molecule%22)
[](https://github.com/ansible/ansible)
[](https://galaxy.ansible.com/claranet/sudo)
> :star: Star us on GitHub — it motivates us a lot!
Install and Configure sudo
## :warning: Requirements
Ansible >= 2.10
## :zap: Installation
```bash
ansible-galaxy install claranet.sudo
```
## :gear: Role variables
Variable | Default value | Description
----------------------------------|-----------------------------------|---------------------------------------------------------
sudo_config_directory | /etc/sudoers.d | directory which contains sudo rigths files
sudo_allow_install_package | true | install sudo package before set rigths
sudo_rights | {} | contains all sudo rigths to set: :point_right: [attributes description of variable sudo_rights](#gear-attributes-of-variable-sudo_rights)
sudo_purge_others_config | false | purge others file which aren't in our sudo rights configuration
sudo_command_aliases | {} | set command alias: name of command alias as key and list of commands as value
sudo_user_aliases | {} | set user alias: name of user alias as key and list of users as value
sudo_host_aliases | {} | set host alias: name of host alias as key and list of host as values
sudo_runas_aliases | {} | set sudoers run as
## :gear: Attributes of variable sudo_rights
- **name**: String which represent the name of user or group to give the rights. For group, use **%name_of_group**
- **no_passwd**: Boolean attribut for set if we want to use command(s) with or without password
- **from_hosts**: String which specify hosts where we can make these actions
- **as_user**: User to substitute for execute commands
- **as_group**: Group to substitute for execute commands
- **commands**: List of commands which can be execute by sudoers
- **state**: can be present or absent for add or delete rigths.
## :arrows_counterclockwise: Dependencies
N/A
## :pencil2: Example Playbook
```yaml
---
- hosts: all
vars:
sudo_purge_others_config: true
sudo_user_aliases:
test: ["secondusersudo", "firstusersudo"]
sudo_command_aliases:
SHUTDOWN: ["/usr/sbin/reboot","/usr/sbin/poweroff"]
sudo_rights:
allowrebootsudo: # required
- name: "TEST" # required
no_passwd: true # default is false
from_hosts: ALL # can be ommit, default is ALL
as_user: ALL # can be ommit, default is ALL
as_group: ALL # can be ommit, default is ALL
commands: SHUTDOWN # required
state: present # can be ommit, default is present
allowtailsudo: # second user's rights
- name: "firstusersudo"
no_passwd: true
from_hosts: ALL
as_user: ALL
as_group: ALL
commands:
- /usr/bin/tail -f /dev/null
state: present
roles:
- role: claranet.sudo
become: true
```
## :closed_lock_with_key: [Hardening](HARDENING.md)
## :heart_eyes_cat: [Contributing](CONTRIBUTING.md)
## :copyright: [License](LICENSE)
[Mozilla Public License Version 2.0](https://www.mozilla.org/en-US/MPL/2.0/)