From b748744b98a34f11a6d7ebfb267579e693cace43 Mon Sep 17 00:00:00 2001
From: Vitaliy Kukharik <vitabaks@gmail.com>
Date: Sun, 8 Dec 2024 16:36:58 +0500
Subject: [PATCH] Update converge.yml

---
 automation/molecule/default/converge.yml | 43 ++++--------------------
 1 file changed, 6 insertions(+), 37 deletions(-)

diff --git a/automation/molecule/default/converge.yml b/automation/molecule/default/converge.yml
index 7b1369fbf..d5defb33f 100644
--- a/automation/molecule/default/converge.yml
+++ b/automation/molecule/default/converge.yml
@@ -4,52 +4,22 @@
   gather_facts: true
 
   tasks:
-    # Проверяем PAM конфигурацию для sudo
-    - name: Check PAM configuration for sudo
-      command: cat /etc/pam.d/sudo
-      register: pam_sudo_config
-      changed_when: false
-
-    - name: Debug PAM configuration for sudo
-      debug:
-        var: pam_sudo_config.stdout
-
-    # Обновляем PAM конфигурацию для sudo
-    - name: Update PAM configuration to disable password for sudo
+    - name: Update PAM configuration for sudo to disable authentication
       ansible.builtin.lineinfile:
         path: /etc/pam.d/sudo
         regexp: '^auth'
         line: 'auth sufficient pam_permit.so'
         state: present
 
-    # Проверяем system-auth
-    - name: Check system-auth configuration
-      command: cat /etc/pam.d/system-auth
-      register: pam_system_auth_config
-      changed_when: false
-
-    - name: Debug system-auth configuration
-      debug:
-        var: pam_system_auth_config.stdout
-
-    # Проверяем SELinux статус
-    - name: Check SELinux status
-      command: getenforce
-      register: selinux_status
+    - name: Check updated PAM configuration for sudo
+      command: cat /etc/pam.d/sudo
+      register: pam_sudo_updated
       changed_when: false
-      ignore_errors: yes
 
-    - name: Debug SELinux status
+    - name: Debug updated PAM configuration for sudo
       debug:
-        var: selinux_status.stdout
-
-    # Отключаем SELinux, если он включён
-    - name: Disable SELinux if enabled
-      command: setenforce 0
-      when: selinux_status.stdout == "Enforcing"
-      ignore_errors: yes
+        var: pam_sudo_updated.stdout
 
-    # Тестируем sudo без пароля
     - name: Test sudo without password
       command: sudo -n true
       register: sudo_test
@@ -60,7 +30,6 @@
       debug:
         var: sudo_test
 
-    # Проверяем логи PAM на ошибки
     - name: Check authentication logs for PAM errors
       shell: "grep -Ei 'pam|auth' /var/log/secure || true"
       register: pam_log_check