Dropping that as I've added missing infra members keys to the playbook we currently have

FYI here’s the current way we’re doing this:

https://gerrit.ovirt.org/gitweb?p=infra-ansible.git;a=tree;f=roles/admin_ssh_keys;h=28b5f3a3bac0adca39e33ba5d68e629c214b7d9b;hb=refs/heads/master

We can just add our keys here for emergency login possibility while FreeIPA will provide a full solution.

We’re starting to deploy CentOS 8 system in PHX so it’s about time to port users to ansible and merge the relevant playbook ASAP. We should also figure out a way to regularly re-run the playbook to ensure new users are added to old systems and old users are removed. Can we just run ansible-pull from cron daily? Any other ideas to make it work?

To add sudo I would create a file into /etc/sudoers.d/ and two UNIX groups, one with password requested and tty and the other without (see noninterractive suggestion above); the way to manage such file is template + validate option, there is no specific module.

authorized_keys is managed by lininfile, there is no specific module. I think you were wondering about it so wanted to reply. This is not a problem in practice though.

I'll create a draft and submit it for review. I'm quite OK with multiple SSH keys as we've had complaints due to this not being possible using the existing puppet module.

As I'll be out once you come back from your voyage we'll have to finalize it once I'm back.