diff options
author | Andy Doan <andy.doan@linaro.org> | 2016-06-10 13:17:41 -0500 |
---|---|---|
committer | Andy Doan <andy.doan@linaro.org> | 2016-06-10 13:17:41 -0500 |
commit | 8cbaa71387bad0e9c4795a55378a0d3326164273 (patch) | |
tree | c52c5d2119788316880cd66ae7d342a1faf56c93 | |
parent | b7834acfa4715e2dd0bcca20986d325984afcfcd (diff) |
ssh-ldap: support sudo access by groupldap-login
Makes things a lot easier to manage
Change-Id: I0c27c697693c73a1371a42b5fcb7f1cc3f176c3c
-rw-r--r-- | group_vars/all | 3 | ||||
-rw-r--r-- | group_vars/dev-cloud | 6 | ||||
-rw-r--r-- | roles/ssh-ldap/templates/ansible_sudoers | 3 |
3 files changed, 9 insertions, 3 deletions
diff --git a/group_vars/all b/group_vars/all index e29666fc..295c8747 100644 --- a/group_vars/all +++ b/group_vars/all @@ -4,3 +4,6 @@ secrets_dir: secrets install_base: /srv apache_user: www-data + +sudo_groups: + - infrastructure diff --git a/group_vars/dev-cloud b/group_vars/dev-cloud index 53288fd5..2c9092b4 100644 --- a/group_vars/dev-cloud +++ b/group_vars/dev-cloud @@ -3,6 +3,6 @@ login_groups: sudoers: - andy.doan - - martin.stadtler - - christian.allen - - yazen.ghannam + +sudo_groups: + - dev-cloud-admins diff --git a/roles/ssh-ldap/templates/ansible_sudoers b/roles/ssh-ldap/templates/ansible_sudoers index 0f063f8b..5e769128 100644 --- a/roles/ssh-ldap/templates/ansible_sudoers +++ b/roles/ssh-ldap/templates/ansible_sudoers @@ -2,3 +2,6 @@ {% for user in sudoers %} {{user}} ALL=(ALL:ALL) ALL {% endfor %} +{% for group in sudo_groups %} +%{{group}} ALL=(ALL:ALL) ALL +{% endfor %} |