- name: "Adding William account"
    hosts: fc19andbelow
    remote_user: phil
    become: yes
    become_method: su  
    become_user: root
    vars:
      users:
       - {name: 'dave', uid: 1501, groups: ['tig_sysadmin','tig_logview']}  
       - {name: 'william', uid: 1505, groups: ['tig_logview', 'tig_power']}
       - {name: 'kathy', uid: 1506, groups: ['tig_logview']}  
       - {name: 'haresh', uid: 1507, groups: ['tig_sysadmin']}  
       - {name: 'rvadde', uid: 1508, groups: ['tig_sysadmin']}  
       - {name: 'michael', uid: 1511, groups: ['tig_sysadmin']}  
       - {name: 'timnolan', uid: 1512, groups: ['tig_logview']}  

    tasks:

     - name: Install the latest version tar
       package: name=tar state=latest  

     - name: Install the latest version dimidecode
       package: name=dmidecode state=latest  

     - name: Ensure group "tig_sysadmin" exists with correct gid
       group:
        name: tig_sysadmin
        state: present
        gid: 2001

     - name: Ensure group "tig_app" exists with correct gid
       group:
        name: tig_app
        state: present
        gid: 2002

     - name: Ensure group "tig_webapp" exists with correct gid
       group:
        name: tig_webapp
        state: present
        gid: 2003

     - name: Ensure group "tig_logview" exists with correct gid
       group:
        name: tig_logview
        state: present
        gid: 2004

     - name: Ensure group "tig_power" exists with correct gid
       group:
        name: tig_power
        state: present
        gid: 2005

     - name: "Create user accounts"
       user:
        name: "{{ item.name }}"
        uid: "{{ item.uid }}"
        groups: "{{ item.groups }}"
        state: present
       with_items: "{{ users }}"
 
     - name: "Add authorized keys"
       authorized_key:
        user: "{{ item.name }}"
        key: "{{ lookup('file', 'files/'+ item.name + '_ssh_pubic.key') }}"
       with_items: "{{ users }}"

     - name: Sudo access for tig_sysadmin
       copy:
          dest: "/etc/sudoers.d/tig_sysadmin"
          content: |
              %tig_sysadmin ALL=(ALL) NOPASSWD: ALL

     - name: Sudo access for tig_power
       copy:
          dest: "/etc/sudoers.d/tig_power"
          content: |
              Cmnd_Alias POWER_CMDS = /usr/sbin/dmidecode, /home/william/server_config.sh
              %tig_power  ALL= NOPASSWD: POWER_CMDS

     - name: Sudo access for tig_dba
       copy:
          dest: "/etc/sudoers.d/tig_dba"
          content: |
              Cmnd_Alias MYSQL_CMDS = /usr/bin/systemctl * mysql,/usr/bin/cat /etc/mysql/*
              %tig_power  ALL= NOPASSWD: MYSQL_CMDS


     - name: Sudo access for tig_logview
       copy:
          dest: "/etc/sudoers.d/tig_logview"
          content: |
              Cmnd_Alias SYSLOG_CMDS = /usr/bin/ls * /var/log/*, /usr/bin/tail /var/log/*, /bin/more  /var/log/*, /bin/cat /var/log/*, /bin/grep * /var/log/*
              Cmnd_Alias TIGLOG_CMDS = /usr/bin/ls * /home/phil/*/Logs/*, /usr/bin/tail /home/phil/*/Logs/*, /bin/more  /home/phil/*/Logs/*, /bin/cat /home/phil/*/Logs/*, /bin/grep * /home/phil/*/Logs/*
              %tig_power  ALL= NOPASSWD: SYSLOG_CMDS, TIGLOG_CMDS

     - name: Copy  server_config.sh file
       copy:
          src:  files/server_config.sh 
          dest: /home/william 
          force: yes
          mode: '0775'
          owner: william
          group: william