[BUG] Epiphany modifies /etc/sudoers

[to-bar]

Describe the bug Unlike /etc/sudoers, the contents of /etc/sudoers.d survive system upgrades, so it's preferable to create files there than to modify /etc/sudoers.

More info: https://askubuntu.com/questions/930768/adding-local-content-in-etc-sudoers-d-instead-of-directly-modifying-sodoers-fi/931207#931207

Epiphany modifies /etc/sudoers via the following files:

• roles\common\tasks\epiuser.yml
• roles\common\tasks\os_users.ym
• roles\postgresql\tasks\extensions\replication\extension.yml
• roles\postgresql\tasks\upgrade\extensions\replication\pg-old\repmgr-upgrade.yml
• roles\recovery\tasks\postgresql.yml

Expected behavior Use dedicated config files without modifying /etc/sudoers file. Example:

[vagrant@pg1 ~]$ sudo cat /etc/sudoers.d/vagrant
vagrant        ALL=(ALL)       NOPASSWD: ALL

Environment

• Cloud provider: All
• OS: All

epicli version: 1.1

Additional context Not tested whether OS upgrade overwrites configuration applied by Epiphany.

---

DoD checklist

• Changelog
  • [ ] updated
  • [ ] not needed
• COMPONENTS.md
  • [ ] updated
  • [ ] not needed
• Schema
  • [ ] updated
  • [ ] not needed
• Backport tasks
  • [ ] created
  • [ ] not needed
• Documentation
  • [ ] added
  • [ ] updated
  • [ ] not needed
• [ ] Feature has automated tests
• [ ] Automated tests passed (QA pipelines)
  • [ ] apply
  • [ ] upgrade
  • [ ] backup/restore
• [ ] Idempotency tested
• [ ] All conversations in PR resolved

[rafzei]

@to-bar this is a bug or rather feature-request? Does epicli modify the sudoers file correctly during apply (re-apply) after a system upgrade? (maybe @erzetpe ?)

[to-bar]

@rafzei I would say this a feature request to abandon bad practice which might be problematic on upgrade 😉

[rafzei]

Ok, but if we upgrade OS from 18.04 to 20.04 this file would be without 'our' records, right? So we have to tell users (in docs) to run epicli apply after the upgrade.