Dzahn has submitted this change and it was merged.
Change subject: include accounts in LDAP admin role, add demon
......................................................................
include accounts in LDAP admin role, add demon
- add demon (he had these permissions without needing
sudo, because he had root on formey in the past)
- the users who get sudo need to be included as well, duh
- add wikidev group, this is always needed in all admin classes
RT #6134 (replace formey LDAP operations)
Change-Id: I70d4418fbb5a955cfb06f4108cee18ee752e398e
---
M manifests/admins.pp
1 file changed, 8 insertions(+), 1 deletion(-)
Approvals:
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/manifests/admins.pp b/manifests/admins.pp
index 9cd6782..b8b5581 100644
--- a/manifests/admins.pp
+++ b/manifests/admins.pp
@@ -4018,6 +4018,13 @@
# (formerly directly in site.pp and on formey, now on node silver)
class admins::ldap {
+ $gid = '500' # 'wikidev' by default
+ include groups::wikidev
+
+ include accounts::robla
+ include accounts::reedy
+ include accounts::demon
+
$sudo_privs = [
'ALL = NOPASSWD: /usr/local/sbin/add-ldap-user',
'ALL = NOPASSWD: /usr/local/sbin/delete-ldap-user',
@@ -4026,7 +4033,7 @@
'ALL = NOPASSWD: /usr/local/sbin/add-labs-user',
]
- sudo_user { [ 'robla', 'reedy' ]: privileges => $sudo_privs }
+ sudo_user { [ 'robla', 'reedy', 'demon' ]: privileges => $sudo_privs }
}
--
To view, visit https://gerrit.wikimedia.org/r/131597
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I70d4418fbb5a955cfb06f4108cee18ee752e398e
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Chad <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
