Dzahn has submitted this change and it was merged. Change subject: Replace manually-maintained bastiononly group with the new 'all-users' ......................................................................
Replace manually-maintained bastiononly group with the new 'all-users' I wrote a script to find the difference and put it at https://phabricator.wikimedia.org/P3574 - based on that script, the only extra user this should add to the bastions is 'dkg', whose only membership at the moment is traceback-roots, a group with access only to rhenium.wikimedia.org which currently appears to not accept SSH connections from elsewhere... Probably since I7af174be. So technically this fixes his access. Bug: T114161 Change-Id: I9dd8e08e39d2004a856dfb291d3dd9c9569066d3 --- M hieradata/role/common/bastionhost/general.yaml M modules/admin/data/data.yaml 2 files changed, 1 insertion(+), 19 deletions(-) Approvals: jenkins-bot: Verified Dzahn: Looks good to me, approved diff --git a/hieradata/role/common/bastionhost/general.yaml b/hieradata/role/common/bastionhost/general.yaml index 4c6b57a..adb233f 100644 --- a/hieradata/role/common/bastionhost/general.yaml +++ b/hieradata/role/common/bastionhost/general.yaml @@ -6,11 +6,7 @@ - esams.wmnet - ulsfo.wmnet admin::groups: - - deployment - - restricted - - parsoid-admin - - ocg-render-admins - - bastiononly + - all-users debdeploy::grains: debdeploy-bastion: value: standard diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml index 77545d8..786683f 100644 --- a/modules/admin/data/data.yaml +++ b/modules/admin/data/data.yaml @@ -70,20 +70,6 @@ ezachte, hoo, jamesur, jdlrobson, khorn, tparscal, ssastry, ironholds, nuria, leila, santhosh, amire80, legoktm, addshore, foks, chelsyx] privileges: ['ALL = (www-data,apache) NOPASSWD: ALL'] - bastiononly: - gid: 707 - description: these folks are allowed bastion _only_ access - members: [jforrester, jmorgan, dfoy, junikowski, cwdent, - mhurd, dbrant, bsitzmann, deskana, chedasaurus, - declerambaul, ellery, dduvall, nettrom, mforns, jkatz, - bmansurov, west1, jhernandez, smalyshev, tbayer, zfilipin, - joal, thcipriani, daisy, jhobs, tomasz, lpintscher, - pcoombe, mholloway-shell, niedzielski, neilpquinn-wmf, - gpaumier, moushira, aklapper, qchris, tjones, srijan, addshore, - jminor, pt1979, asherman, etonkovidova, sbisson, zhousquared, - atgomez, jgirault, jdrewniak, matmarex, elukey, jdcc, ppchelko, - nschaaf, dstrine, ladsgroup, joewalsh, mpany, hjiang, jsamra, bcohn, - jdittrich, niharika29, ovasileva, mtizzoni, panisson, paolotti, ciro] cassandra-test-roots: gid: 708 description: users with root on cassandra hosts -- To view, visit https://gerrit.wikimedia.org/r/301149 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I9dd8e08e39d2004a856dfb291d3dd9c9569066d3 Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alex Monk <[email protected]> Gerrit-Reviewer: Chasemp <[email protected]> Gerrit-Reviewer: Dzahn <[email protected]> Gerrit-Reviewer: Faidon Liambotis <[email protected]> Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]> Gerrit-Reviewer: Muehlenhoff <[email protected]> Gerrit-Reviewer: RobH <[email protected]> Gerrit-Reviewer: Yuvipanda <[email protected]> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
