Tim Landscheidt has uploaded a new change for review.
https://gerrit.wikimedia.org/r/118039
Change subject: Tools: Allow access for administrators from bastions
......................................................................
Tools: Allow access for administrators from bastions
At the moment, to access execution nodes administrators need to log
into tools-login or tools-dev and then use HBA to access the hosts.
This makes it very cumbersome to use utilities like pdsh to execute
commands on all Tools instances.
This change allows standard, non-HBA ssh-via-bastion access for
members of the tools.admin group.
Change-Id: I6ac7cae1101c7687fa03a9c982e6e8f7f0de2d7a
---
M modules/toollabs/files/project-make-access
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/39/118039/1
diff --git a/modules/toollabs/files/project-make-access
b/modules/toollabs/files/project-make-access
index ac74765..bee0189 100644
--- a/modules/toollabs/files/project-make-access
+++ b/modules/toollabs/files/project-make-access
@@ -10,4 +10,4 @@
cat $host
fi
done)
-echo '-:ALL EXCEPT root:ALL'
+echo '-:ALL EXCEPT (tools.admin) root:ALL'
--
To view, visit https://gerrit.wikimedia.org/r/118039
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6ac7cae1101c7687fa03a9c982e6e8f7f0de2d7a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <t...@tim-landscheidt.de>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
