From 9e1c0505d5f482571fce033aba0c8d6353af1975 Mon Sep 17 00:00:00 2001
From: Andrew Schoen <aschoen@redhat.com>
Date: Thu, 16 Apr 2015 10:05:24 -0500
Subject: [PATCH] A new playbook for setting up the ansible user and sudo
 settings.

We can use this new playbook to create the ansible user on nodes that
haven't been reimaged with our new cobbler kickstarts yet.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
---
 ansible_managed.yml                          | 10 ++++++++
 roles/ansible-managed/tasks/main.yml         | 25 ++++++++++++++++++++
 roles/ansible-managed/templates/cephlab_sudo |  5 ++++
 roles/cobbler/defaults/main.yml              |  3 ---
 4 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 ansible_managed.yml
 create mode 100644 roles/ansible-managed/tasks/main.yml
 create mode 100644 roles/ansible-managed/templates/cephlab_sudo

diff --git a/ansible_managed.yml b/ansible_managed.yml
new file mode 100644
index 00000000..fa402926
--- /dev/null
+++ b/ansible_managed.yml
@@ -0,0 +1,10 @@
+---
+# a playbook to create the necessary users, groups and
+# sudoer settings needed for ansible to manage a node.
+- hosts: all
+  # assuming the nodes we run this on will most likely
+  # have an ubuntu user already created.
+  vars:
+    ansible_ssh_user: ubuntu
+  roles:
+    - ansible-managed
diff --git a/roles/ansible-managed/tasks/main.yml b/roles/ansible-managed/tasks/main.yml
new file mode 100644
index 00000000..50856e5c
--- /dev/null
+++ b/roles/ansible-managed/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Create the sudo group.
+  group:
+    name: sudo
+    state: present
+
+- name: Create the ansible user.
+  user:
+    name: "{{ ansible_user }}"
+    group: sudo
+
+- name: Create the cephlab_sudo sudoers.d file.
+  template:
+    src: cephlab_sudo
+    dest: /etc/sudoers.d/cephlab_sudo
+    owner: root
+    group: root
+    mode: 0440
+    validate: visudo -cf %s
+
+- name: Add authorized keys for the ansible user.
+  authorized_key: 
+    user: "{{ ansible_user }}"
+    key: "{{ item }}"
+  with_items: ssh_keys
diff --git a/roles/ansible-managed/templates/cephlab_sudo b/roles/ansible-managed/templates/cephlab_sudo
new file mode 100644
index 00000000..6febac3c
--- /dev/null
+++ b/roles/ansible-managed/templates/cephlab_sudo
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+%sudo ALL=(ALL) NOPASSWD: ALL
+# For ansible pipelining
+Defaults !requiretty
+Defaults visiblepw
diff --git a/roles/cobbler/defaults/main.yml b/roles/cobbler/defaults/main.yml
index 6c061f97..eee958f9 100644
--- a/roles/cobbler/defaults/main.yml
+++ b/roles/cobbler/defaults/main.yml
@@ -1,7 +1,4 @@
 ---
-# cobbler sets up the user that ansible will use
-ansible_user: cm
-
 kickstarts:
   - cephlab_trusty.preseed
   - cephlab_rhel.ks
-- 
2.47.3