20after4 has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/324841

Change subject: phabricator: enable vcs and web user to run `git` and `ssh` via 
sudo
......................................................................

phabricator: enable vcs and web user to run `git` and `ssh` via sudo

This is needed for repository clustering, see:
https://secure.phabricator.com/book/phabricator/article/diffusion_hosting/#configuring-sudo

Change-Id: I8cb629610428f51b86006d71679c1eb4d96b0719
---
M modules/phabricator/manifests/vcs.pp
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/41/324841/1

diff --git a/modules/phabricator/manifests/vcs.pp 
b/modules/phabricator/manifests/vcs.pp
index 7581970..1ca573d 100644
--- a/modules/phabricator/manifests/vcs.pp
+++ b/modules/phabricator/manifests/vcs.pp
@@ -81,14 +81,14 @@
     # must sudo to phd to for repo work.
     sudo::user { $vcs_user:
         privileges => [
-            "ALL=(${phd_user}) SETENV: NOPASSWD: /usr/bin/git-upload-pack, 
/usr/bin/git-receive-pack, /usr/bin/svnserve",
+            "ALL=(${phd_user}) SETENV: NOPASSWD: /usr/bin/git, 
/usr/bin/git-upload-pack, /usr/bin/git-receive-pack, /usr/bin/svnserve, 
/usr/bin/ssh",
         ],
         require    => User[$vcs_user],
     }
 
     sudo::user { 'www-data':
         privileges => [
-            "ALL=(${phd_user}) SETENV: NOPASSWD: 
/usr/local/bin/git-http-backend",
+            "ALL=(${phd_user}) SETENV: NOPASSWD: /usr/bin/git, 
/usr/local/bin/git-http-backend, /usr/bin/ssh",
         ],
         require    => File['/usr/local/bin/git-http-backend'],
     }

-- 
To view, visit https://gerrit.wikimedia.org/r/324841
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I8cb629610428f51b86006d71679c1eb4d96b0719
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: 20after4 <mmod...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to