Hi all,
I'm using ansible to set up lxc containers, using delegation to the container host.
One task looks like this:
- name: add ansible user to sudoers
lineinfile:
dest: "/var/lib/lxc/{{ inventory_hostname }}/rootfs/etc/sudoers"
state: present
regexp: "^ansible"
line: 'ansible ALL=(ALL) NOPASSWD: ALL'
insertafter: '^root'
validate: '/usr/sbin/visudo -cf %s'
delegate_to: "{{ container_host }}"
when: start_container|bool
That has been working fine, until I tried to create a debian bullseye container on a buster host. Unfortunately, the sudoers format has changed slightly, so the buster visudo won't accept the bullseye sudoers file (#includedir is now @includedir).
I tried giving the path to the bullseye visudo, but it's dynamically linked and doesn't work on the buster system.
I could potentially use the lxc_container module to run a command in the container, but that means I lose lineinfile, and have to do more stuff manually.
Or I could use my temporary workaround, and just assume my sudoers file is ok, and skip validation.
Another option is to add an extra lineinfile task (before that one) to replace @includedir with #includedir, since it's backwards compatible, but that seems too hackish.
Any other suggestions?
Cheers,
Richard