Don't create "admin" group

According to the Ubuntu 12.04 release notes, up until Ubuntu 11.10 admin access was granted via the "admin" unix group, but was changed to the "sudo" group to be more consistent with Debian et al. Remove the now unnecessary group Modify the install-ansible role to set some directory ownership to root:root; there didn't seem to be any reason to use admin here. This means the "users" role is no longer required in the bridge.yaml, as it is run from the base playbook anyway. Change-Id: I6a7fdd460fb472f0d3468eb080aebbb010931e11
2018-08-23 14:27:50 +10:00 · 2018-08-23 14:27:50 +10:00 · 114953cbff
commit 114953cbff
parent 19aebca3e7
3 changed files with 5 additions and 10 deletions
--- a/playbooks/bridge.yaml
+++ b/playbooks/bridge.yaml
@ -1,7 +1,6 @@
 - hosts: bridge.openstack.org
  become: true
  roles:
-    - users
    - pip3
    - install-ansible
    - root-keys
--- a/playbooks/roles/install-ansible/tasks/main.yaml
+++ b/playbooks/roles/install-ansible/tasks/main.yaml
@ -21,7 +21,7 @@
    state: directory
    path: /var/cache/ansible
    owner: root
-    group: admin
+    group: root
    mode: 0770

 - name: Ensure ansible log dir is writable
@ -29,7 +29,7 @@
    path: /var/log/ansible
    state: directory
    owner: root
-    group: admin
+    group: root
    mode: 0775

 - name: Copy ansible.cfg in to place
--- a/playbooks/roles/users/tasks/main.yaml
+++ b/playbooks/roles/users/tasks/main.yaml
@ -1,11 +1,7 @@
- name: Add sudo admin groups
-  loop:
-    - sudo
-    - admin
+- name: Add sudo group
  group:
-    name: "{{ item }}"
+    name: "sudo"
    state: present
-  when:

 # NOTE(mordred): We replace the main file rather than dropping a file in to
 # /etc/sudoers.d to deal with divergent base sudoers files from our distros.
@ -52,7 +48,7 @@
    uid: "{{ all_users[item].uid }}"
    group: "{{ item }}"
    comment: "{{ all_users[item].comment }}"
-    groups: admin,sudo
+    groups: sudo
    shell: /bin/bash
  when:
    - item in all_users