From: David Galloway <dgallowa@redhat.com>
Date: Tue, 23 Aug 2016 22:56:58 +0000 (-0400)
Subject: users: Leave managed_admin_users' other group memberships alone
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b1c40430acc562ff56f453cd427a32a647808909;p=ceph-cm-ansible.git

users: Leave managed_admin_users' other group memberships alone

This change is mainly so the users role can be run on vps_hosts.

Previously, in order to update the ubuntu user's authorized_keys on
vps_hosts, the testnodes role had to be run which caused ubuntu to be
removed from the libvirtd group.

The ubuntu user is in managed_admin_users on vps_hosts so this will
ensure the user is added to sudo and left in the libvirtd group.

managed_users, on the other hand, we want to make sure are only in
groups we specify so the "Create all users without sudo access." task is
left as-is (without append: yes).

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/users/tasks/create_users.yml b/roles/users/tasks/create_users.yml
index 4b94808f..cd4567b8 100644
--- a/roles/users/tasks/create_users.yml
+++ b/roles/users/tasks/create_users.yml
@@ -13,6 +13,7 @@
     groups: sudo
     shell: /bin/bash
     state: present
+    append: yes
   with_items: "{{ managed_admin_users }}"
 
 - name: Create all users without sudo access.