From 114953cbffa261558920bd6c16bd15de7b5ae5c4 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Thu, 23 Aug 2018 14:27:50 +1000
Subject: [PATCH] Don't create "admin" group

According to the Ubuntu 12.04 release notes, up until Ubuntu 11.10
admin access was granted via the "admin" unix group, but was changed
to the "sudo" group to be more consistent with Debian et al.

Remove the now unnecessary group

Modify the install-ansible role to set some directory ownership to
root:root; there didn't seem to be any reason to use admin here.

This means the "users" role is no longer required in the bridge.yaml,
as it is run from the base playbook anyway.

Change-Id: I6a7fdd460fb472f0d3468eb080aebbb010931e11
---
 playbooks/bridge.yaml                           |  1 -
 playbooks/roles/install-ansible/tasks/main.yaml |  4 ++--
 playbooks/roles/users/tasks/main.yaml           | 10 +++-------
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/playbooks/bridge.yaml b/playbooks/bridge.yaml
index 594c2d9b94..5c59682a00 100644
--- a/playbooks/bridge.yaml
+++ b/playbooks/bridge.yaml
@@ -1,7 +1,6 @@
 - hosts: bridge.openstack.org
   become: true
   roles:
-    - users
     - pip3
     - install-ansible
     - root-keys
diff --git a/playbooks/roles/install-ansible/tasks/main.yaml b/playbooks/roles/install-ansible/tasks/main.yaml
index 26dfe67dfb..ff43453699 100644
--- a/playbooks/roles/install-ansible/tasks/main.yaml
+++ b/playbooks/roles/install-ansible/tasks/main.yaml
@@ -21,7 +21,7 @@
     state: directory
     path: /var/cache/ansible
     owner: root
-    group: admin
+    group: root
     mode: 0770
 
 - name: Ensure ansible log dir is writable
@@ -29,7 +29,7 @@
     path: /var/log/ansible
     state: directory
     owner: root
-    group: admin
+    group: root
     mode: 0775
 
 - name: Copy ansible.cfg in to place
diff --git a/playbooks/roles/users/tasks/main.yaml b/playbooks/roles/users/tasks/main.yaml
index 4f711b892c..6555b37db3 100644
--- a/playbooks/roles/users/tasks/main.yaml
+++ b/playbooks/roles/users/tasks/main.yaml
@@ -1,11 +1,7 @@
-- name: Add sudo admin groups
-  loop:
-    - sudo
-    - admin
+- name: Add sudo group
   group:
-    name: "{{ item }}"
+    name: "sudo"
     state: present
-  when:
 
 # NOTE(mordred): We replace the main file rather than dropping a file in to
 # /etc/sudoers.d to deal with divergent base sudoers files from our distros.
@@ -52,7 +48,7 @@
     uid: "{{ all_users[item].uid }}"
     group: "{{ item }}"
     comment: "{{ all_users[item].comment }}"
-    groups: admin,sudo
+    groups: sudo
     shell: /bin/bash
   when:
     - item in all_users