From c0d1978ee9346ce19e1139ef6a1f6f0f89ea2284 Mon Sep 17 00:00:00 2001
From: Jonathan Rosser <jonathan.rosser@rd.bbc.co.uk>
Date: Thu, 26 May 2022 12:09:04 +0100
Subject: [PATCH] Fix pam_env config for debian

Debian requires a different fix for pam_env config than centos-9,
and this was broken in [1]. Return the original task to adjust pam
config on debian.

[1] Ibe4ab810ba48c9735af187d39fc34a7451c12d8a

Change-Id: Ib287ac4805aac8be8b71537e9c52f0c7e57fb8d4
---
 tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/tasks/main.yml b/tasks/main.yml
index 2332f00f..3e3b2b9b 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -52,6 +52,14 @@
   tags:
     - openstack_hosts-config
 
+- name: Ensure environement is applied during sudo
+  lineinfile:
+    path: /etc/pam.d/sudo
+    line: "session    required   pam_env.so readenv=1 user_readenv=0"
+    regexp: 'session\s+required\s+pam_env\.so'
+    insertbefore: '^@include'
+  when: ansible_facts['distribution'] | lower == 'debian'
+
 # NOTE(jrosser) Remove this task when https://access.redhat.com/errata/RHBA-2022:4082
 # has a fix merged to Centos-9 as well as RHEL.
 - name: Ensure environement is applied during su