[MediaWiki-commits] [Gerrit] labs_vagrant: Allow wikidev group to sudo as vagrant - change (operations/puppet)

Ori.livneh (Code Review) Sun, 20 Apr 2014 13:39:07 -0700

Ori.livneh has submitted this change and it was merged.

Change subject: labs_vagrant: Allow wikidev group to sudo as vagrant
......................................................................



labs_vagrant: Allow wikidev group to sudo as vagrant

Grant the wikidev (and svn) groups sudoer rights as the vagrant user.
This allows easier management of MediaWiki-Vagrant controlled content.

Bug: 61397
Change-Id: I577f219bc6a187e02de755cb96269a80e45352d6
---
D modules/labs_vagrant/files/vagrant-sudoers
M modules/labs_vagrant/manifests/init.pp
2 files changed, 27 insertions(+), 6 deletions(-)

Approvals:
  Ori.livneh: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/labs_vagrant/files/vagrant-sudoers 
b/modules/labs_vagrant/files/vagrant-sudoers
deleted file mode 100644
index f090f45..0000000
--- a/modules/labs_vagrant/files/vagrant-sudoers
+++ /dev/null
@@ -1 +0,0 @@
-vagrant ALL=(ALL) NOPASSWD:ALL
\ No newline at end of file
diff --git a/modules/labs_vagrant/manifests/init.pp 
b/modules/labs_vagrant/manifests/init.pp
index e4cecb4..db7e112 100644
--- a/modules/labs_vagrant/manifests/init.pp
+++ b/modules/labs_vagrant/manifests/init.pp
@@ -1,3 +1,7 @@
+# == labs_vagrant
+#
+# Configure a labs host to use MediaWiki-Vagrant to manage local wikis
+#
 class labs_vagrant {
     user { 'vagrant':
         ensure     => 'present',
@@ -5,11 +9,29 @@
         managehome => true,
     }
 
-    file { '/etc/sudoers.d/vagrant':
-        source  => 'puppet:///modules/labs_vagrant/vagrant-sudoers',
-        owner   => 'root',
-        group   => 'root',
-        mode    => '0440',
+    sudo_user { 'vagrant' :
+        privileges => [
+            'ALL=(ALL) NOPASSWD:ALL',
+        ],
+        require => User['vagrant'],
+    }
+
+    # Primary group for modern wikitech accounts
+    sudo_group { 'wikidev_vagrant':
+        privileges => [
+            'ALL = (vagrant) NOPASSWD: ALL',
+        ],
+        group => 'wikidev',
+        require => User['vagrant'],
+    }
+
+    # Primary group for users imported from old svn credentials
+    # Bug: 63028
+    sudo_group { 'svn_vagrant':
+        privileges => [
+            'ALL = (vagrant) NOPASSWD: ALL',
+        ],
+        group => 'svn',
         require => User['vagrant'],
     }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/125523
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I577f219bc6a187e02de755cb96269a80e45352d6
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BryanDavis <[email protected]>
Gerrit-Reviewer: Ori.livneh <[email protected]>
Gerrit-Reviewer: Ottomata <[email protected]>
Gerrit-Reviewer: Spage <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] labs_vagrant: Allow wikidev group to sudo as vagrant - change (operations/puppet)

Reply via email to