Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/331602 )
Change subject: admin: Use the debian staff group for ops
......................................................................
admin: Use the debian staff group for ops
The debian staff group by definition has some slightly elevated
privileges, such as access to webserver log files. Manage this group
fleet wise and add all ops members into it. This is expected to provide
some slightly easier and faster debuggging capabilities without having
to go through sudo. Note that we don't force the GID on purpose in order
to be future proof (not that we expect it to ever change)
Change-Id: Ic2022684b0883b948e04643bf76eabdd45e1c5be
---
M modules/admin/data/data.yaml
M modules/admin/manifests/init.pp
2 files changed, 7 insertions(+), 2 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index aac9ce1..0cb748e 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -30,6 +30,11 @@
ori, jmm, jynus, aaron, ema, elukey, gehel, volans, madhuvishy,
marostegui,
ayounsi, herron, aborrero]
privileges: ['ALL = (ALL) NOPASSWD: ALL']
+ ops-staff-group:
+ # No gid for this group on purpose, it's a system provided one
+ description: Use the standard system provided staff group to provide ops
with privileges that would allow easier administrative tasks
+ members: *ops_members
+ posix_name: staff
parsoid-roots:
gid: 701
description: RT 5934
@@ -2932,4 +2937,4 @@
tonina:
ensure: present
realname: Tonina Zhelyazkova
- email: tonina.zhelyazk...@wikimedia.de
\ No newline at end of file
+ email: tonina.zhelyazk...@wikimedia.de
diff --git a/modules/admin/manifests/init.pp b/modules/admin/manifests/init.pp
index 24eb00f..131c3c2 100644
--- a/modules/admin/manifests/init.pp
+++ b/modules/admin/manifests/init.pp
@@ -11,7 +11,7 @@
class admin(
$groups=[],
- $always_groups=['absent', 'ops', 'wikidev'],
+ $always_groups=['absent', 'ops', 'wikidev', 'ops-staff-group'],
)
{
include ::sudo
--
To view, visit https://gerrit.wikimedia.org/r/331602
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic2022684b0883b948e04643bf76eabdd45e1c5be
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Elukey <ltosc...@wikimedia.org>
Gerrit-Reviewer: Ema <e...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
