From 66bedfcc463c493f352e6bc62533f79c79f4ba7e Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Mon, 4 Jul 2022 12:10:24 +0200 Subject: [PATCH] Added playbook to enable Touch ID authentication for 'sudo', fixed Ansible's KB --- ansible/touchid.enable-for-sudo.yml | 19 ++++++++++++ knowledge base/ansible.md | 46 ++++++++++++++++++++++++----- 2 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 ansible/touchid.enable-for-sudo.yml diff --git a/ansible/touchid.enable-for-sudo.yml b/ansible/touchid.enable-for-sudo.yml new file mode 100644 index 0000000..48462f5 --- /dev/null +++ b/ansible/touchid.enable-for-sudo.yml @@ -0,0 +1,19 @@ +--- + +- name: Enable Touch ID for sudo authentication in the terminal + tags: + - configuration + - enable + - sudo + - terminal + - touch-id + hosts: all + tasks: + - name: Enable Touch ID's PAM modules + become: true + ansible.builtin.lineinfile: + path: /etc/pam.d/sudo + line: 'auth sufficient pam_tid.so' + insertafter: '^# sudo: auth account password session$' + mode: 'ugo=r' + backup: true diff --git a/knowledge base/ansible.md b/knowledge base/ansible.md index f60acc8..32ac49a 100644 --- a/knowledge base/ansible.md +++ b/knowledge base/ansible.md @@ -1,4 +1,27 @@ -# Ansible +# Ansible + +- [TL;DR](#tldr) +- [Templating](#templating) +- [Loops](#loops) +- [Roles](#roles) + - [Get roles](#get-roles) + - [Role dependencies](#role-dependencies) +- [Output formatting](#output-formatting) +- [Troubleshooting](#troubleshooting) + - [Print all known variables](#print-all-known-variables) + - [Force notified handlers to run at a specific point](#force-notified-handlers-to-run-at-a-specific-point) + - [Run specific tasks even in check mode](#run-specific-tasks-even-in-check-mode) + - [Dry-run only specific tasks](#dry-run-only-specific-tasks) + - [Set up recursive permissions on a directory so that directories are set to 755 and files to 644](#set-up-recursive-permissions-on-a-directory-so-that-directories-are-set-to-755-and-files-to-644) + - [Only run a task when another has a specific result](#only-run-a-task-when-another-has-a-specific-result) + - [Define when a task changed or failed](#define-when-a-task-changed-or-failed) + - [Set environment variables for a play, role or task](#set-environment-variables-for-a-play-role-or-task) + - [Set variables to the value of environment variables](#set-variables-to-the-value-of-environment-variables) + - [Check if a list contains an item and fail otherwise](#check-if-a-list-contains-an-item-and-fail-otherwise) + - [Define different values for `true`/`false`/`null`](#define-different-values-for-truefalsenull) + - [Force a task or play to use a specific Python interpreter](#force-a-task-or-play-to-use-a-specific-python-interpreter) +- [Further readings](#further-readings) +- [Sources](#sources) ## TL;DR @@ -337,20 +360,20 @@ Alternatively, you can use special checks built for this: ```yaml - name: Run only on success - when: trigger_task succeeded - ansible.builtin.debug: msg="The trigger task changed" + when: trigger_task is succeeded + ansible.builtin.debug: msg="The trigger task succeeded" - name: Run only on change - when: trigger_task changed + when: trigger_task is changed ansible.builtin.debug: msg="The trigger task changed" - name: Run only on failure - when: trigger_task failed + when: trigger_task is failed ansible.builtin.debug: msg="The trigger task failed" - name: Run only on skip - when: trigger_task skipped - ansible.builtin.debug: msg="The trigger task failed" + when: trigger_task is skipped + ansible.builtin.debug: msg="The trigger task skipped" ``` ### Define when a task changed or failed @@ -415,6 +438,15 @@ Since Ansible 2.8 you can define a third value to be returned when the test retu {{ autoscaling_enabled | ternary(true, false, omit) }} ``` +### Force a task or play to use a specific Python interpreter + +Just set it in the Play's or Task's variables: + +```yaml +vars: + ansible_python_interpreter: /usr/local/bin/python3.9 +``` + ## Further readings - [Roles]