update sudo

jperm/ansible_api.py

@@ -248,6 +248,7 @@ class Tasks(Command):
               forks=10,
               group='default_group',
               pattern='*',
+              become=False,
               ):
         """
         run command from andible ad-hoc.
@@ -261,7 +262,7 @@ class Tasks(Command):
                      subset=group,
                      pattern=pattern,
                      forks=forks,
-                     become=False,
+                     become=become,
                      )
 
         self.results = hoc.run()
@@ -324,7 +325,7 @@ class Tasks(Command):
         """
         encrypt_pass = sha512_crypt.encrypt(password)
         module_args = 'name=%s shell=/bin/bash password=%s' % (username, encrypt_pass)
-        self.__run(module_args, "user")
+        self.__run(module_args, "user", become=True)
 
         return {"status": "failed", "msg": self.msg} if self.msg else {"status": "ok"}
 
@@ -402,7 +403,7 @@ class Tasks(Command):
           default_mac is string
           product_name is string
         """
-        self.__run('', 'setup')
+        self.__run('', 'setup', become=True)
 
         result = {}
         all = self.results.get("contacted")
@@ -439,21 +440,8 @@ class Tasks(Command):
         :return:
         """
         module_args1 = file_path
-        ret1 = self.__run(module_args1, "script")
-        module_args2 = 'visudo -c | grep "parsed OK" &> /dev/null && echo "ok" || echo "failed"'
-        ret2 = self.__run(module_args2, "shell")
-        ret2_status = [host_value.get("stdout") for host_value in ret2["result"]["contacted"].values()]
-
-        result = {}
-        if not ret1["msg"]:
-            result["step1"] = "ok"
-        else:
-            result["step1"] = "failed"
-
-        if not ret2["msg"] and "failed" not in ret2_status:
-            result["step2"] = "ok"
-        else:
-            result["step2"] = "failed"
+        result = self.__run(module_args1, "script")
+        print result
 
         return result
 

jperm/views.py

@@ -463,9 +463,8 @@ def perm_role_push(request):
         add_sudo_script = get_add_sudo_script(role_chosen_aliase, sudo_alias)
         ret_sudo = task.push_sudo_file(add_sudo_script)
 
-        if ret_sudo["step1"] != "ok" or ret_sudo["step2"] != "ok":
-            ret_failed["step3"] = "failed"
-        os.remove(add_sudo_script)
+        print add_sudo_script
+        # os.remove(add_sudo_script)
 
         print ret
 

templates/jperm/role_sudo.j2

@@ -2,8 +2,12 @@
 
 
 sudo_file=/etc/sudoers
+sudo_file_bak=/etc/sudoers.bak
 
 
+# Backup sudoers file
+cp ${sudo_file} ${sudo_file_bak}
+
 # Add Command Aliases
 add_cmd_alias() {
     {% for sudo in sudo_alias %}
@@ -16,18 +20,33 @@ add_cmd_alias() {
 }
 
 
+# Add Command Aliases to role
 add_role_chosen() {
     {% for role, sudos in role_chosen_aliase.items %}
         {% for sudo in sudos %}
-        if $(grep '^{{ role }}.*sudo.name' ${sudo_file} &> /dev/null); then
-            sed -i 's@^{{ role }}.*sudo.name@{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}@g' ${sudo_file}
+        if $(grep '^{{ role }}.*{{ sudo.name }}' ${sudo_file} &> /dev/null); then
+            sed -i 's@^{{ role }}.*{{ sudo.name }}@{{ role }} ALL = NOPASSWD: {{ sudo.name }}@g' ${sudo_file}
         else
-            echo "{{ role }} ALL = ({{ sudo.runas }}) NOPASSWD: {{ sudo.name }}"  >> ${sudo_file}
+            echo "{{ role }} ALL = NOPASSWD: {{ sudo.name }}"  >> ${sudo_file}
         fi
         {% endfor %}
     {% endfor %}
 }
 
+# Check sudoers file configured correctly
+check_sudo_file() {
+    status=$(visudo -c &> /dev/null && echo "ok" || echo "failed")
+    if [ ${status} == "failed" ]; then
+        mv ${sudo_file_bak} ${sudo_file}
+        ret="failed"
+    else
+        ret="ok"
+    fi
+}
+
 
 add_cmd_alias
-add_role_chosen
+add_role_chosen
+check_sudo_file
+
+echo ${ret}