[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: Grant clush user complete sudo rights for everything
Yuvipanda has submitted this change and it was merged.
Change subject: tools: Grant clush user complete sudo rights for everything
..
tools: Grant clush user complete sudo rights for everything
Also include toollabs::infrastructure explicitly, to
deny non root / non-admin users access.
SCARY
Change-Id: I99b067b2a76feb0281ac881d7052cceefd790a37
---
M modules/role/manifests/toollabs/clush/master.pp
1 file changed, 8 insertions(+), 3 deletions(-)
Approvals:
Yuvipanda: Verified; Looks good to me, approved
Rush: Looks good to me, but someone else must approve
diff --git a/modules/role/manifests/toollabs/clush/master.pp
b/modules/role/manifests/toollabs/clush/master.pp
index b189a4f..db2cf76 100644
--- a/modules/role/manifests/toollabs/clush/master.pp
+++ b/modules/role/manifests/toollabs/clush/master.pp
@@ -15,10 +15,9 @@
#
# This will run it on all the k8s-workers, collect the output
# from them all (the -b option), dedupes them and displays them. You can
specify fanout with -f - the default is 16.
-#
-# Right now the user has no sudo rights, but this will probably
-# change!
class role::toollabs::clush::master {
+include ::toollabs::infrastructure
+
class { '::clush::master':
username => 'clushuser',
}
@@ -76,4 +75,10 @@
mode=> '0444',
content => ini($groups_config),
}
+
+# Give it complete sudo rights
+sudo::user { 'clushuser':
+ensure => present,
+privileges => 'ALL = (ALL) NOPASSWD: ALL',
+}
}
--
To view, visit https://gerrit.wikimedia.org/r/315736
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I99b067b2a76feb0281ac881d7052cceefd790a37
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda
Gerrit-Reviewer: Andrew Bogott
Gerrit-Reviewer: Madhuvishy
Gerrit-Reviewer: Rush
Gerrit-Reviewer: Yuvipanda
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: tools: Grant clush user complete sudo rights for everything
Yuvipanda has uploaded a new change for review.
https://gerrit.wikimedia.org/r/315736
Change subject: tools: Grant clush user complete sudo rights for everything
..
tools: Grant clush user complete sudo rights for everything
SCARY
Change-Id: I99b067b2a76feb0281ac881d7052cceefd790a37
---
M modules/role/manifests/toollabs/clush/master.pp
1 file changed, 6 insertions(+), 3 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/36/315736/1
diff --git a/modules/role/manifests/toollabs/clush/master.pp
b/modules/role/manifests/toollabs/clush/master.pp
index b189a4f..5ce0b64 100644
--- a/modules/role/manifests/toollabs/clush/master.pp
+++ b/modules/role/manifests/toollabs/clush/master.pp
@@ -15,9 +15,6 @@
#
# This will run it on all the k8s-workers, collect the output
# from them all (the -b option), dedupes them and displays them. You can
specify fanout with -f - the default is 16.
-#
-# Right now the user has no sudo rights, but this will probably
-# change!
class role::toollabs::clush::master {
class { '::clush::master':
username => 'clushuser',
@@ -76,4 +73,10 @@
mode=> '0444',
content => ini($groups_config),
}
+
+# Give it complete sudo rights
+sudo::user { 'clushuser':
+ensure => present,
+privileges => 'ALL = (ALL) NOPASSWD: ALL',
+}
}
--
To view, visit https://gerrit.wikimedia.org/r/315736
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I99b067b2a76feb0281ac881d7052cceefd790a37
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Yuvipanda
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
