Romeo Theriault wrote:
> Thanks for posting this, I find it useful as well. I don't understand
> why you have separate steps of building sudo and installing it though.
> Why do you do that? Does it have something to do with ansible using
> sudo and it could potentially mess up your ansible session?
I believe the issue I was working around has been fixed in ansible now
(as in 0.9), but it has been the case that templating/copying a file
into place with ansible has been a two (or more) stage operation where
the file is put into place, and then (in a separate sudo invocation) the
file has its permissions set.
For sudoers this meant the permissions were wrong on the file at the
time of invocation of the permissions setting stage, which meant you
were locked out of the system - which is sorta embarrassing!
Hence templating it into a different file and then an atomic operation
to put it in place with the correct permissions.
Michael also picked up on my use of last_result in that stage - which no
longer works as written in 0.8. Unfortunately the copy in my laptop git
repo didn't have the most recent changes on it - but the only thing I
had done was add a 'register: last_result' to the template action, which
is the bare minimum to make it work.
The general rule of course is to be *very* careful when playing with
sudoers - and make sure you test the case where you actually update it
because it can be a nasty surprise when it goes pear shaped. Thankfully
I am only working on our dev network, but plans are well underway for a
slow roll out on production.
Nigel.