Alex Monk has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311211

Change subject: Attempt to fix salt key monitoring sudo rule
......................................................................

Attempt to fix salt key monitoring sudo rule

The script doesn't attempt to re-run itself with sudo, it runs 
`/usr/bin/salt-key -l un`

Bug: T144801
Change-Id: Ib594b0284029172f30929461ac45f12e5f7756ee
---
M modules/salt/manifests/monitoring.pp
1 file changed, 1 insertion(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/11/311211/1

diff --git a/modules/salt/manifests/monitoring.pp 
b/modules/salt/manifests/monitoring.pp
index b9dde9b..208e377 100644
--- a/modules/salt/manifests/monitoring.pp
+++ b/modules/salt/manifests/monitoring.pp
@@ -13,7 +13,7 @@
 
     sudo::user { 'nagios_unaccepted_keys':
         user       => 'nagios',
-        privileges => ["ALL = NOPASSWD: ${check_unaccepted_keys}"],
+        privileges => ["ALL = NOPASSWD: /usr/bin/salt-key -l un"],
     }
 
     nrpe::monitor_service { 'salt_unaccepted_keys':

-- 
To view, visit https://gerrit.wikimedia.org/r/311211
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib594b0284029172f30929461ac45f12e5f7756ee
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alex Monk <a...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to