From 8ec92df8e373cdd97ebf724ca6c7b85ed6ebd608 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Mon, 9 Jul 2018 19:07:22 +0100
Subject: [PATCH] Make sudoers config optional in bootstrap-servers

In some environments it may not be desirable to modify the sudoers
configuration. This change makes this part of bootstrap-servers
optional, based on the create_kolla_user_sudoers variable.

Change-Id: I653403bfc5431741807edef57df58e05e679900b
---
 ansible/roles/baremetal/defaults/main.yml                 | 1 +
 ansible/roles/baremetal/tasks/post-install.yml            | 4 ++--
 releasenotes/notes/optional-sudoers-f5ea08d6f7cbed2b.yaml | 7 +++++++
 3 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 releasenotes/notes/optional-sudoers-f5ea08d6f7cbed2b.yaml

diff --git a/ansible/roles/baremetal/defaults/main.yml b/ansible/roles/baremetal/defaults/main.yml
index 36ff1f2241..64d32a9bad 100644
--- a/ansible/roles/baremetal/defaults/main.yml
+++ b/ansible/roles/baremetal/defaults/main.yml
@@ -9,6 +9,7 @@ docker_gpg_fingerprint: "58118E89F3A912897C070ADBF76221572C52609D"
 customize_etc_hosts: True
 
 create_kolla_user: True
+create_kolla_user_sudoers: "{{ create_kolla_user }}"
 
 kolla_user: "kolla"
 kolla_group: "kolla"
diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index ef29cfcd9d..498453a368 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -21,7 +21,7 @@
     path: /etc/sudoers.d/kolla-ansible-users
     state: touch
   become: True
-  when: create_kolla_user | bool
+  when: create_kolla_user_sudoers | bool
 
 - name: Grant kolla user passwordless sudo
   lineinfile:
@@ -30,7 +30,7 @@
     regexp: '^{{ kolla_group }}'
     line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
   become: True
-  when: create_kolla_user | bool
+  when: create_kolla_user_sudoers | bool
 
 - name: Ensure virtualenv has correct ownership
   file:
diff --git a/releasenotes/notes/optional-sudoers-f5ea08d6f7cbed2b.yaml b/releasenotes/notes/optional-sudoers-f5ea08d6f7cbed2b.yaml
new file mode 100644
index 0000000000..7455d426df
--- /dev/null
+++ b/releasenotes/notes/optional-sudoers-f5ea08d6f7cbed2b.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    Adds support for skipping the configuration of sudoers files in the
+    ``kolla-ansible bootstrap-servers`` command. This depends on the
+    ``create_kolla_user_sudoers`` variable, which defaults to the same value as
+    ``create_kolla_user``.