Introduction
Up to now we created one block in the /etc/sudoers
file with N entries.
This is not a good solution, since sometimes we only want to update one system and give explicit pillar data. Then pillar.systems
is a list with only one entry.
Old Code
etc_sudoers:
file.blockreplace:
- name: /etc/sudoers
- marker_start: "# START managed zone etc_sudoers -DO-NOT-EDIT-"
- marker_end: "# END managed zone etc_sudoers --"
- content: |
{% for system_name in pillar.systems %}
{{system_name}} ALL = NOPASSWD: /bin/systemctl restart apache2*
{% endfor %}
- append_if_not_found: True
- backup: '.bak'
- show_changes: True
New Code
{% for system_name in pillar.systems %}
etc_sudoers_{{system_name}}:
file.blockreplace:
- name: /etc/sudoers
- marker_start: "# START managed zone etc_sudoers_{{system_name}} -DO-NOT-EDIT-"
- marker_end: "# END managed zone etc_sudoers_{{system_name}} --"
- content: |
{{system_name}} ALL = NOPASSWD: /bin/systemctl restart apache2*
- append_if_not_found: True
- backup: '.bak'
- show_changes: True
{% endfor %}
Question
How to delete the old block which is still on the servers?