From c31355a3c498eae8abf05b0bcb988972c23f7b8a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20=20MENAGER?= <herve.menager@pasteur.fr>
Date: Fri, 4 Aug 2017 13:50:47 +0200
Subject: [PATCH] make sure deploy_user is sudoer, with no password asked in
 system setup

Former-commit-id: 5b03edeefda9ba5706dfd272059486e1b66cb837
---
 ansible/system.yaml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/ansible/system.yaml b/ansible/system.yaml
index 446f229d..218b68d9 100644
--- a/ansible/system.yaml
+++ b/ansible/system.yaml
@@ -2,8 +2,20 @@
 - hosts: all
   gather_facts: no
   tasks:
+    - name: Make sure we have a 'wheel' group
+      become: true
+      group:
+        name: wheel
+        state: present
+    - name: Allow 'wheel' group to have passwordless sudo
+      become: true
+      lineinfile:
+        dest: /etc/sudoers
+        state: present
+        regexp: '^%wheel'
+        line: '%wheel ALL=(ALL) NOPASSWD: ALL'
     - name: Create {{ deploy_user_name }} user
-      user: name={{ deploy_user_name }} generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
+      user: name={{ deploy_user_name }} groups=wheel append=yes state=present createhome=yes generate_ssh_key=yes ssh_key_bits=2048 ssh_key_file=.ssh/id_rsa
       become: true
     - name: install git
       yum: name=git state=present
-- 
GitLab