Dzahn has submitted this change and it was merged.

Change subject: Attempt to fix salt key monitoring sudo rule
......................................................................


Attempt to fix salt key monitoring sudo rule

The script doesn't attempt to re-run itself with sudo, it runs 
`/usr/bin/salt-key -l un`

Bug: T144801
Change-Id: Ib594b0284029172f30929461ac45f12e5f7756ee
---
M modules/salt/manifests/monitoring.pp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  Dzahn: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/salt/manifests/monitoring.pp 
b/modules/salt/manifests/monitoring.pp
index b9dde9b..6206a41 100644
--- a/modules/salt/manifests/monitoring.pp
+++ b/modules/salt/manifests/monitoring.pp
@@ -13,7 +13,7 @@
 
     sudo::user { 'nagios_unaccepted_keys':
         user       => 'nagios',
-        privileges => ["ALL = NOPASSWD: ${check_unaccepted_keys}"],
+        privileges => ['ALL = NOPASSWD: /usr/bin/salt-key -l un'],
     }
 
     nrpe::monitor_service { 'salt_unaccepted_keys':

-- 
To view, visit https://gerrit.wikimedia.org/r/311211
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib594b0284029172f30929461ac45f12e5f7756ee
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alex Monk <a...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <a...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to