Ansible: create a user with sudo privileges

Question

I have taken over a Ubuntu 14.04 server. It has a user called "deployer" (used with Capistrano), and as such, it needs sudo privileges. With this setup, I can log into the server and do stuff like:

workstation> ssh [email protected]

myserver>  sudo apt-get install git

myserver> exit

workstation>

I am trying to figure out how to use Ansible (version 2.0.2.0 and python 2.7.3) to create a user called "deployer" and be able to log into the server with that id and then so sudo-ish things like "apt-get install". My playbook looks like this:

---

- hosts: example

  become: yes

  tasks:

  - name: Update apt cache

    apt:

      update_cache: yes

      cache_valid_time: 3600

  - group: name=sudo state=present

  - name: Add deployer user and add it to sudo

    user: name=deployer

          state=present

          createhome=yes

    become: yes

    become_method: "sudo"

  - name: Set up authorized keys for the deployer user

    authorized_key: user=deployer key="{{item}}"

    with_file:

      - /home/jaygodse/.ssh/id_rsa.pub

After running this playbook, I am able to ssh into the machine as "deployer", (e.g. ssh [email protected]) but if I run a sudo command, it always asks me for my sudo password.

I understand that the "deployer" user ultimately has to find its way into the visudo users file, but I cannot figure out which magical Ansible incantations to invoke so that I can ssh into the machine as deployer and then run a sudo command (e.g. sudo apt-get install git") without being prompted for a sudo password.

I have searched high and low, and I can't seem to find an Ansible playbook fragment which puts the user "deployer" into the sudo group without requiring a password. How is this done?

Answer 1

For this problem, you need to make some changes to your play-book which will help you can do ssh into the server as deployed. Changes are given below

- name: Make sure we have a 'wheel' group

  group:

    name: wheel

    state: present

- name: Allow 'wheel' group to have passwordless sudo

  lineinfile:

    dest: /etc/sudoers

    state: present

    regexp: '^%wheel'

    line: '%wheel ALL=(ALL) NOPASSWD: ALL'

    validate: 'visudo -cf %s'

- name: Add sudoers users to wheel group

  user: name=deployer groups=wheel append=yes state=present createhome=yes

- name: Set up authorized keys for the deployer user

  authorized_key: user=deployer key="{{item}}"

  with_file:

    - /home/railsdev/.ssh/id_rsa.pub

Here in the above code, there is a line that helps you to access 

%wheel ALL=(ALL) NOPASSWD: ALL

To /etc/sudoders. After executing this play in a subsequent time then you will be able to ssh into the server as a deployer.

You can read more about Ansible, a DevOps configuration management tool, and you can also refer to Ansible Tutorial for better understanding.