Ensure sudoers.d will work with ansible_managed.yml.

If the includedir directive isn't enabled in /etc/sudoers then our
custom cephlab_sudo file in sudoers.d won't be loaded.  This means that
our new ansible user can't use sudo and nothing works.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

diff --git a/roles/ansible-managed/tasks/main.yml b/roles/ansible-managed/tasks/main.yml
index 50856e5c1031dc96f66c81a502867d0698f3f870..08a7ad6ae51a5f1086139b0fc1976934e39ab6a5 100644 (file)
--- a/roles/ansible-managed/tasks/main.yml
+++ b/roles/ansible-managed/tasks/main.yml
@@ -9,6 +9,15 @@
     name: "{{ ansible_user }}"
     group: sudo
 
+- name: Ensure includedir is present in sudoers.
+  lineinfile:
+    dest: /etc/sudoers
+    line: "#includedir /etc/sudoers.d"
+    regexp: "#includedir /etc/sudoers.d"
+    backrefs: yes
+    state: present
+    validate: visudo -cf %s
+
 - name: Create the cephlab_sudo sudoers.d file.
   template:
     src: cephlab_sudo