From d63857dbc9a0a3cb03f8e6555278dd6b2fc57cfc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 28 Feb 2014 20:23:05 +0000
Subject: [PATCH] Setup things so arm03 socs get nopasswd sudo so we don't need
 2fa there.

---
 inventory/group_vars/arm-packager | 1 +
 inventory/group_vars/arm-qa       | 1 +
 playbooks/groups/arm-qa.yml       | 1 -
 tasks/sudo.yml                    | 9 +++++++++
 4 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/inventory/group_vars/arm-packager b/inventory/group_vars/arm-packager
index 46eb3f8c00..84b973d3d8 100644
--- a/inventory/group_vars/arm-packager
+++ b/inventory/group_vars/arm-packager
@@ -2,4 +2,5 @@
 fas_client_groups: packager
 freezes: false
 sudoers: "{{ private }}/files/sudo/arm-packager"
+sudoers-main: nopasswd
 host_group: cloud
diff --git a/inventory/group_vars/arm-qa b/inventory/group_vars/arm-qa
index 6b978cdb51..93939531a2 100644
--- a/inventory/group_vars/arm-qa
+++ b/inventory/group_vars/arm-qa
@@ -2,5 +2,6 @@
 fas_client_groups: sysadmin-qa,arm-qa,qa
 freezes: false
 sudoers: "{{ private }}/files/sudo/arm-qa-sudoers"
+sudoers-main: nopasswd
 libdir: /usr/lib
 host_group: cloud
diff --git a/playbooks/groups/arm-qa.yml b/playbooks/groups/arm-qa.yml
index 68e7de91ec..e4fe6c70d8 100644
--- a/playbooks/groups/arm-qa.yml
+++ b/playbooks/groups/arm-qa.yml
@@ -21,7 +21,6 @@
   # this is how you include other task lists
   - include: "{{ tasks }}/hosts.yml"
   - include: "{{ tasks }}/yumrepos.yml"
-  - include: "{{ tasks }}/2fa_client.yml"
   - include: "{{ tasks }}/motd.yml"
   - include: "{{ tasks }}/sudo.yml"
 
diff --git a/tasks/sudo.yml b/tasks/sudo.yml
index ee354db640..0932f9f61a 100644
--- a/tasks/sudo.yml
+++ b/tasks/sudo.yml
@@ -10,6 +10,15 @@
   action: copy src="{{ private }}/files/sudo/sysadmin-main" dest=/etc/sudoers.d/ owner=root group=root mode=0600
   tags:
   - config
+  when: sudoers-main is not defined
+#
+# Put in place the default sysadmin-main sudoers file. (nopasswd edition)
+#
+- name: setup /etc/sudoers.d/sysadmin-main (nopasswd)
+  action: copy src="{{ private }}/files/sudo/sysadmin-main-nopassword" dest=/etc/sudoers.d/ owner=root group=root mode=0600
+  tags:
+  - config
+  when: sudoers-main == 'nopasswd'
 #
 # This will move a /etc/sudoers.d/ file in place 
 #