summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndy Doan <andy.doan@linaro.org>2016-06-10 13:17:41 -0500
committerAndy Doan <andy.doan@linaro.org>2016-06-10 13:17:41 -0500
commit8cbaa71387bad0e9c4795a55378a0d3326164273 (patch)
treec52c5d2119788316880cd66ae7d342a1faf56c93
parentb7834acfa4715e2dd0bcca20986d325984afcfcd (diff)
downloadansible-playbooks-ldap-login.tar.gz
ssh-ldap: support sudo access by groupldap-login
Makes things a lot easier to manage Change-Id: I0c27c697693c73a1371a42b5fcb7f1cc3f176c3c
-rw-r--r--group_vars/all3
-rw-r--r--group_vars/dev-cloud6
-rw-r--r--roles/ssh-ldap/templates/ansible_sudoers3
3 files changed, 9 insertions, 3 deletions
diff --git a/group_vars/all b/group_vars/all
index e29666f..295c874 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -4,3 +4,6 @@ secrets_dir: secrets
install_base: /srv
apache_user: www-data
+
+sudo_groups:
+ - infrastructure
diff --git a/group_vars/dev-cloud b/group_vars/dev-cloud
index 53288fd..2c9092b 100644
--- a/group_vars/dev-cloud
+++ b/group_vars/dev-cloud
@@ -3,6 +3,6 @@ login_groups:
sudoers:
- andy.doan
- - martin.stadtler
- - christian.allen
- - yazen.ghannam
+
+sudo_groups:
+ - dev-cloud-admins
diff --git a/roles/ssh-ldap/templates/ansible_sudoers b/roles/ssh-ldap/templates/ansible_sudoers
index 0f063f8..5e76912 100644
--- a/roles/ssh-ldap/templates/ansible_sudoers
+++ b/roles/ssh-ldap/templates/ansible_sudoers
@@ -2,3 +2,6 @@
{% for user in sudoers %}
{{user}} ALL=(ALL:ALL) ALL
{% endfor %}
+{% for group in sudo_groups %}
+%{{group}} ALL=(ALL:ALL) ALL
+{% endfor %}