Faidon Liambotis has uploaded a new change for review.
https://gerrit.wikimedia.org/r/180509
Change subject: Replace four admin::sudo calls with sudo::user/group
......................................................................
Replace four admin::sudo calls with sudo::user/group
admin::sudo was never meant for system users and it was misused across
the tree. Replace with sudo::user & sudo::group instead. The distinction
is subtle and is about to go away as part of a broader admin/sudo
consolidation.
Change-Id: I51ccfe7a5e1d8e1c341e5c0ece4385c62aafceca
---
M modules/diamond/manifests/collector/minimalpuppetagent.pp
M modules/quarry/manifests/init.pp
M modules/releases/manifests/reprepro.pp
M modules/toollabs/manifests/mailrelay.pp
4 files changed, 11 insertions(+), 12 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/09/180509/1
diff --git a/modules/diamond/manifests/collector/minimalpuppetagent.pp
b/modules/diamond/manifests/collector/minimalpuppetagent.pp
index 572c43d..55f0914 100644
--- a/modules/diamond/manifests/collector/minimalpuppetagent.pp
+++ b/modules/diamond/manifests/collector/minimalpuppetagent.pp
@@ -9,9 +9,9 @@
# Diamond user needs sudo to access last_run_summary.yaml file generated by
# puppet, since /var/lib/puppet doesn't have +x set
- admin::sudo { 'diamond_sudo_for_puppet':
- user => 'diamond',
- privs => ['ALL=(puppet) NOPASSWD: /bin/cat
/var/lib/puppet/state/last_run_summary.yaml']
+ sudo::user { 'diamond_sudo_for_puppet':
+ user => 'diamond',
+ privileges => ['ALL=(puppet) NOPASSWD: /bin/cat
/var/lib/puppet/state/last_run_summary.yaml']
}
diamond::collector { 'MinimalPuppetAgent':
diff --git a/modules/quarry/manifests/init.pp b/modules/quarry/manifests/init.pp
index c097871..52df938 100644
--- a/modules/quarry/manifests/init.pp
+++ b/modules/quarry/manifests/init.pp
@@ -44,9 +44,8 @@
# Temp. hack until Coren figures out why normal users
# can't do 'sudo -u <user> <command' on labs
# Otherwise fabric deployment wokn't work
- admin::sudo { 'wikidev':
- is_group => true,
- privs => ['ALL=(ALL) NOPASSWD: ALL']
+ sudo::group { 'wikidev':
+ privileges => ['ALL=(ALL) NOPASSWD: ALL']
}
}
diff --git a/modules/releases/manifests/reprepro.pp
b/modules/releases/manifests/reprepro.pp
index 7c0677b..a7b7857 100644
--- a/modules/releases/manifests/reprepro.pp
+++ b/modules/releases/manifests/reprepro.pp
@@ -150,8 +150,8 @@
before => File['/usr/local/bin/deb-upload'],
}
- admin::sudo { 'releases_dput':
- user => $sudo_user,
- privs => ["ALL = (${user}) NOPASSWD: /usr/bin/dput"],
+ sudo::user { 'releases_dput':
+ user => $sudo_user,
+ privileges => ["ALL = (${user}) NOPASSWD: /usr/bin/dput"],
}
}
diff --git a/modules/toollabs/manifests/mailrelay.pp
b/modules/toollabs/manifests/mailrelay.pp
index f361d24..e68f01a 100644
--- a/modules/toollabs/manifests/mailrelay.pp
+++ b/modules/toollabs/manifests/mailrelay.pp
@@ -63,9 +63,9 @@
}
# Diamond user needs sudo to access exim
- admin::sudo { 'diamond_sudo_for_exim':
- user => 'diamond',
- privs => ['ALL=(root) NOPASSWD: /usr/sbin/exim']
+ sudo::user { 'diamond_sudo_for_exim':
+ user => 'diamond',
+ privileges => ['ALL=(root) NOPASSWD: /usr/sbin/exim']
}
diamond::collector { 'Exim':
--
To view, visit https://gerrit.wikimedia.org/r/180509
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I51ccfe7a5e1d8e1c341e5c0ece4385c62aafceca
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
