We already have several oVirt systems managed by Ansible instead of Puppet yet the authentication system is different. Opening this ticket to port individual users to Ansible playbooks so that everyone can keep logging into machines just as they did before.
I'll create a draft and submit it for review. I'm quite OK with multiple SSH keys as we've had complaints due to this not being possible using the existing puppet module.
As I'll be out once you come back from your voyage we'll have to finalize it once I'm back.
To add sudo I would create a file into /etc/sudoers.d/ and two UNIX groups, one with password requested and tty and the other without (see noninterractive suggestion above); the way to manage such file is template + validate option, there is no specific module.
authorized_keys is managed by lininfile, there is no specific module. I think you were wondering about it so wanted to reply. This is not a problem in practice though.
We’re starting to deploy CentOS 8 system in PHX so it’s about time to port users to ansible and merge the relevant playbook ASAP. We should also figure out a way to regularly re-run the playbook to ensure new users are added to old systems and old users are removed. Can we just run ansible-pull from cron daily? Any other ideas to make it work?
FYI here’s the current way we’re doing this:
We can just add our keys here for emergency login possibility while FreeIPA will provide a full solution.
Dropping that as I've added missing infra members keys to the playbook we currently have