Faidon Liambotis has submitted this change and it was merged. Change subject: Replace admin::sudo calls with sudo::user/group ......................................................................
Replace admin::sudo calls with sudo::user/group admin::sudo was never meant for system users and it was misused across the tree. Replace with sudo::user & sudo::group instead. The distinction is subtle and is about to go away as part of a broader admin/sudo consolidation. Change-Id: I51ccfe7a5e1d8e1c341e5c0ece4385c62aafceca --- M modules/diamond/manifests/collector/minimalpuppetagent.pp M modules/releases/manifests/reprepro.pp M modules/toollabs/manifests/mailrelay.pp 3 files changed, 9 insertions(+), 9 deletions(-) Approvals: Giuseppe Lavagetto: Looks good to me, but someone else must approve Faidon Liambotis: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/diamond/manifests/collector/minimalpuppetagent.pp b/modules/diamond/manifests/collector/minimalpuppetagent.pp index 572c43d..55f0914 100644 --- a/modules/diamond/manifests/collector/minimalpuppetagent.pp +++ b/modules/diamond/manifests/collector/minimalpuppetagent.pp @@ -9,9 +9,9 @@ # Diamond user needs sudo to access last_run_summary.yaml file generated by # puppet, since /var/lib/puppet doesn't have +x set - admin::sudo { 'diamond_sudo_for_puppet': - user => 'diamond', - privs => ['ALL=(puppet) NOPASSWD: /bin/cat /var/lib/puppet/state/last_run_summary.yaml'] + sudo::user { 'diamond_sudo_for_puppet': + user => 'diamond', + privileges => ['ALL=(puppet) NOPASSWD: /bin/cat /var/lib/puppet/state/last_run_summary.yaml'] } diamond::collector { 'MinimalPuppetAgent': diff --git a/modules/releases/manifests/reprepro.pp b/modules/releases/manifests/reprepro.pp index 7c0677b..a7b7857 100644 --- a/modules/releases/manifests/reprepro.pp +++ b/modules/releases/manifests/reprepro.pp @@ -150,8 +150,8 @@ before => File['/usr/local/bin/deb-upload'], } - admin::sudo { 'releases_dput': - user => $sudo_user, - privs => ["ALL = (${user}) NOPASSWD: /usr/bin/dput"], + sudo::user { 'releases_dput': + user => $sudo_user, + privileges => ["ALL = (${user}) NOPASSWD: /usr/bin/dput"], } } diff --git a/modules/toollabs/manifests/mailrelay.pp b/modules/toollabs/manifests/mailrelay.pp index f361d24..e68f01a 100644 --- a/modules/toollabs/manifests/mailrelay.pp +++ b/modules/toollabs/manifests/mailrelay.pp @@ -63,9 +63,9 @@ } # Diamond user needs sudo to access exim - admin::sudo { 'diamond_sudo_for_exim': - user => 'diamond', - privs => ['ALL=(root) NOPASSWD: /usr/sbin/exim'] + sudo::user { 'diamond_sudo_for_exim': + user => 'diamond', + privileges => ['ALL=(root) NOPASSWD: /usr/sbin/exim'] } diamond::collector { 'Exim': -- To view, visit https://gerrit.wikimedia.org/r/180509 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I51ccfe7a5e1d8e1c341e5c0ece4385c62aafceca Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: coren <mpellet...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits