Create users with same-named primary group

If adding sudo, add as secondary group ('groups:').  This is more
standard, and allows for quick enumeration of "who's in sudo" by
examining /etc/group

Signed-off-by: Dan Mick <dan.mick@redhat.com>

diff --git a/roles/ansible-managed/tasks/main.yml b/roles/ansible-managed/tasks/main.yml
index c840a4312a2cbdd0ab29f45889a4b04368a5de7d..9a82c7b7d03f25777d7cc7fd77b922ef7b031c76 100644 (file)
--- a/roles/ansible-managed/tasks/main.yml
+++ b/roles/ansible-managed/tasks/main.yml
@@ -9,7 +9,8 @@
 - name: Create the ansible user.
   user:
     name: "{{ ansible_user }}"
-    group: sudo
+    group: "{{ ansible_user }}"
+    groups: sudo
     shell: /bin/bash
     uid: "{{ ansible_user_uid_ }}"
     update_password: on_create

diff --git a/roles/testnode/tasks/user.yml b/roles/testnode/tasks/user.yml
index 401e154c4879ae2e53c3485d3fcbff0036548eb5..cc127e8078a9bc321785bbac2d24b8bba0567081 100644 (file)
--- a/roles/testnode/tasks/user.yml
+++ b/roles/testnode/tasks/user.yml
@@ -15,8 +15,8 @@
     # apparently some ceph tests fail without this uid
     # https://github.com/ceph/ceph-qa-chef/commit/5678cc3893fd1cc291254e4d1abe6705e6a9bbb0
     uid: 1000
-    group: sudo
-    groups: "{{ teuthology_user }}"
+    group: "{{ teuthology_user }}"
+    groups: sudo
     shell: /bin/bash
     state: present
   # If we're currently running as teuthology_user, we won't be able to modify

diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
index ed7034b2f7eca6bac3f172e9be15c652fc3303ea..f74a35ca883e5f99489e24bebdb58a8889bc8821 100644 (file)
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@@ -22,7 +22,8 @@
 - name: Create all admin users with sudo access.
   user:
     name: "{{ item.name }}"
-    group: sudo
+    group: "{{ item.name }}"
+    groups: sudo
     shell: /bin/bash
     state: present
   with_items: managed_admin_users