From 9038f8a2bab5589f72dc4c92fd97f85fc9a9fdb3 Mon Sep 17 00:00:00 2001 From: Bertrand Lanson Date: Sun, 3 Dec 2023 18:10:56 +0100 Subject: [PATCH] feat: remove become from role, fix #1 --- handlers/main.yml | 1 - molecule/default/converge.yml | 1 + molecule/default/verify.yml | 20 ++--------------- molecule/default_vagrant/converge.yml | 1 + molecule/default_vagrant/verify.yml | 22 +------------------ molecule/with_ssh_keys/converge.yml | 1 + molecule/with_ssh_keys/verify.yml | 22 ++----------------- molecule/with_ssh_keys_vagrant/converge.yml | 1 + molecule/with_ssh_keys_vagrant/verify.yml | 24 +-------------------- tasks/add_ssh_keys.yml | 2 +- tasks/configure_host.yml | 4 ++-- tasks/create_user.yml | 6 +++--- 12 files changed, 16 insertions(+), 89 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 24c5627..7afcc90 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,5 +4,4 @@ ansible.builtin.service: name: sshd state: restarted - become: true listen: "systemctl-restart-sshd" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 6bfdef7..7396bed 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.provision_management_user" ansible.builtin.include_role: diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index cbd9747..d30fc81 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -1,23 +1,9 @@ --- - name: Verify hosts: all - gather_facts: false + gather_facts: true + become: true tasks: - - name: "Test: file /etc/hosts" - block: - - name: "Stat file /etc/hosts" - ansible.builtin.stat: - path: "/etc/hosts" - register: stat_etc_hosts - - - name: "Verify file /etc/hosts" - ansible.builtin.assert: - that: - - stat_etc_hosts.stat.exists - - stat_etc_hosts.stat.isreg - - stat_etc_hosts.stat.pw_name == 'root' - - stat_etc_hosts.stat.gr_name == 'root' - - name: "Test: ubuntu user and group" block: - name: "Getent user ansible" @@ -48,7 +34,6 @@ ansible.builtin.stat: path: "/etc/sudoers.d/ubuntu" register: stat_etc_sudoers_d_ubuntu - become: true - name: "Verify file /etc/sudoers.d/ubuntu" ansible.builtin.assert: @@ -61,7 +46,6 @@ ansible.builtin.stat: path: "/home/ubuntu/.ssh/authorized_keys" register: stat_home_ubuntu_ssh_authorized_keys - become: true - name: "Verify file /home/ubuntu/.ssh/authorized_keys" ansible.builtin.assert: diff --git a/molecule/default_vagrant/converge.yml b/molecule/default_vagrant/converge.yml index 6bfdef7..7396bed 100644 --- a/molecule/default_vagrant/converge.yml +++ b/molecule/default_vagrant/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.provision_management_user" ansible.builtin.include_role: diff --git a/molecule/default_vagrant/verify.yml b/molecule/default_vagrant/verify.yml index 2a3d45f..d30fc81 100644 --- a/molecule/default_vagrant/verify.yml +++ b/molecule/default_vagrant/verify.yml @@ -2,26 +2,8 @@ - name: Verify hosts: all gather_facts: true + become: true tasks: - - name: "Test: file /etc/hosts" - block: - - name: "Stat file /etc/hosts" - ansible.builtin.stat: - path: "/etc/hosts" - register: stat_etc_hosts - - - name: "Verify file /etc/hosts" - vars: - etc_hosts_group: - ubuntu: "adm" - debian: "root" - ansible.builtin.assert: - that: - - stat_etc_hosts.stat.exists - - stat_etc_hosts.stat.isreg - - stat_etc_hosts.stat.pw_name == 'root' - - stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)] - - name: "Test: ubuntu user and group" block: - name: "Getent user ansible" @@ -52,7 +34,6 @@ ansible.builtin.stat: path: "/etc/sudoers.d/ubuntu" register: stat_etc_sudoers_d_ubuntu - become: true - name: "Verify file /etc/sudoers.d/ubuntu" ansible.builtin.assert: @@ -65,7 +46,6 @@ ansible.builtin.stat: path: "/home/ubuntu/.ssh/authorized_keys" register: stat_home_ubuntu_ssh_authorized_keys - become: true - name: "Verify file /home/ubuntu/.ssh/authorized_keys" ansible.builtin.assert: diff --git a/molecule/with_ssh_keys/converge.yml b/molecule/with_ssh_keys/converge.yml index 6bfdef7..7396bed 100644 --- a/molecule/with_ssh_keys/converge.yml +++ b/molecule/with_ssh_keys/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.provision_management_user" ansible.builtin.include_role: diff --git a/molecule/with_ssh_keys/verify.yml b/molecule/with_ssh_keys/verify.yml index be88ff0..0c19414 100644 --- a/molecule/with_ssh_keys/verify.yml +++ b/molecule/with_ssh_keys/verify.yml @@ -1,23 +1,9 @@ --- - name: Verify hosts: all - gather_facts: false + gather_facts: true + become: true tasks: - - name: "Test: file /etc/hosts" - block: - - name: "Stat file /etc/hosts" - ansible.builtin.stat: - path: "/etc/hosts" - register: stat_etc_hosts - - - name: "Verify file /etc/hosts" - ansible.builtin.assert: - that: - - stat_etc_hosts.stat.exists - - stat_etc_hosts.stat.isreg - - stat_etc_hosts.stat.pw_name == 'root' - - stat_etc_hosts.stat.gr_name == 'root' - - name: "Test: ubuntu user and group" block: - name: "Getent user ansible" @@ -48,13 +34,11 @@ ansible.builtin.stat: path: "/etc/sudoers.d/ubuntu" register: stat_etc_sudoers_d_ubuntu - become: true - name: "Slurp file /etc/sudoers.d/ubuntu" ansible.builtin.slurp: src: "/etc/sudoers.d/ubuntu" register: slurp_etc_sudoers_d_ubuntu - become: true - name: "Verify file /etc/sudoers.d/ubuntu" ansible.builtin.assert: @@ -72,13 +56,11 @@ ansible.builtin.stat: path: "/home/ubuntu/.ssh/authorized_keys" register: stat_home_ubuntu_ssh_authorized_keys - become: true - name: "Slurp file /home/ubuntu/.ssh/authorized_keys" ansible.builtin.slurp: src: "/home/ubuntu/.ssh/authorized_keys" register: slurp_home_ubuntu_ssh_authorized_keys - become: true - name: "Verify file /home/ubuntu/.ssh/authorized_keys" ansible.builtin.assert: diff --git a/molecule/with_ssh_keys_vagrant/converge.yml b/molecule/with_ssh_keys_vagrant/converge.yml index 6bfdef7..7396bed 100644 --- a/molecule/with_ssh_keys_vagrant/converge.yml +++ b/molecule/with_ssh_keys_vagrant/converge.yml @@ -1,6 +1,7 @@ --- - name: Converge hosts: all + become: true tasks: - name: "Include ednxzu.provision_management_user" ansible.builtin.include_role: diff --git a/molecule/with_ssh_keys_vagrant/verify.yml b/molecule/with_ssh_keys_vagrant/verify.yml index 348b245..0c19414 100644 --- a/molecule/with_ssh_keys_vagrant/verify.yml +++ b/molecule/with_ssh_keys_vagrant/verify.yml @@ -2,26 +2,8 @@ - name: Verify hosts: all gather_facts: true + become: true tasks: - - name: "Test: file /etc/hosts" - block: - - name: "Stat file /etc/hosts" - ansible.builtin.stat: - path: "/etc/hosts" - register: stat_etc_hosts - - - name: "Verify file /etc/hosts" - vars: - etc_hosts_group: - ubuntu: "adm" - debian: "root" - ansible.builtin.assert: - that: - - stat_etc_hosts.stat.exists - - stat_etc_hosts.stat.isreg - - stat_etc_hosts.stat.pw_name == 'root' - - stat_etc_hosts.stat.gr_name == etc_hosts_group[(ansible_distribution|lower)] - - name: "Test: ubuntu user and group" block: - name: "Getent user ansible" @@ -52,13 +34,11 @@ ansible.builtin.stat: path: "/etc/sudoers.d/ubuntu" register: stat_etc_sudoers_d_ubuntu - become: true - name: "Slurp file /etc/sudoers.d/ubuntu" ansible.builtin.slurp: src: "/etc/sudoers.d/ubuntu" register: slurp_etc_sudoers_d_ubuntu - become: true - name: "Verify file /etc/sudoers.d/ubuntu" ansible.builtin.assert: @@ -76,13 +56,11 @@ ansible.builtin.stat: path: "/home/ubuntu/.ssh/authorized_keys" register: stat_home_ubuntu_ssh_authorized_keys - become: true - name: "Slurp file /home/ubuntu/.ssh/authorized_keys" ansible.builtin.slurp: src: "/home/ubuntu/.ssh/authorized_keys" register: slurp_home_ubuntu_ssh_authorized_keys - become: true - name: "Verify file /home/ubuntu/.ssh/authorized_keys" ansible.builtin.assert: diff --git a/tasks/add_ssh_keys.yml b/tasks/add_ssh_keys.yml index 623870c..2f7eae4 100644 --- a/tasks/add_ssh_keys.yml +++ b/tasks/add_ssh_keys.yml @@ -7,4 +7,4 @@ comment: "{{ provision_management_user_name }}@{{ ansible_hostname }}" key_options: "{{ provision_management_user_ssh_key_options }}" exclusive: "{{ provision_management_user_ssh_key_exclusive }}" - become: true + diff --git a/tasks/configure_host.yml b/tasks/configure_host.yml index 07c82b5..45dff68 100644 --- a/tasks/configure_host.yml +++ b/tasks/configure_host.yml @@ -10,7 +10,7 @@ notify: - systemctl-restart-sshd when: provision_management_user_disable_root_password_auth - become: true + - name: "Lock root authentication" ansible.builtin.lineinfile: @@ -22,4 +22,4 @@ notify: - systemctl-restart-sshd when: provision_management_user_disable_root_login - become: true + diff --git a/tasks/create_user.yml b/tasks/create_user.yml index ac2c08f..439fbcd 100644 --- a/tasks/create_user.yml +++ b/tasks/create_user.yml @@ -5,7 +5,7 @@ name: "{{ provision_management_user_group }}" state: present system: "{{ provision_management_user_is_system }}" - become: true + - name: "Create user {{ provision_management_user_name }}" ansible.builtin.user: @@ -17,7 +17,7 @@ shell: "{{ provision_management_user_shell }}" system: "{{ provision_management_user_is_system }}" create_home: true - become: true + - name: "Add user to sudoers" community.general.sudoers: @@ -27,4 +27,4 @@ nopassword: true setenv: true when: provision_management_user_sudoer - become: true +