Yuvipanda has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/315736

Change subject: tools: Grant clush user complete sudo rights for everything
......................................................................

tools: Grant clush user complete sudo rights for everything

SCARY

Change-Id: I99b067b2a76feb0281ac881d7052cceefd790a37
---
M modules/role/manifests/toollabs/clush/master.pp
1 file changed, 6 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/36/315736/1

diff --git a/modules/role/manifests/toollabs/clush/master.pp 
b/modules/role/manifests/toollabs/clush/master.pp
index b189a4f..5ce0b64 100644
--- a/modules/role/manifests/toollabs/clush/master.pp
+++ b/modules/role/manifests/toollabs/clush/master.pp
@@ -15,9 +15,6 @@
 #
 # This will run it on all the k8s-workers, collect the output
 # from them all (the -b option), dedupes them and displays them. You can 
specify fanout with -f - the default is 16.
-#
-# Right now the user has no sudo rights, but this will probably
-# change!
 class role::toollabs::clush::master {
     class { '::clush::master':
         username => 'clushuser',
@@ -76,4 +73,10 @@
         mode    => '0444',
         content => ini($groups_config),
     }
+
+    # Give it complete sudo rights
+    sudo::user { 'clushuser':
+        ensure     => present,
+        privileges => 'ALL = (ALL) NOPASSWD: ALL',
+    }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/315736
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I99b067b2a76feb0281ac881d7052cceefd790a37
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda <yuvipa...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to