[MediaWiki-commits] [Gerrit] admin simplify service permissions grants - change (operations/puppet)

Rush (Code Review) Thu, 30 Apr 2015 07:38:34 -0700

Rush has submitted this change and it was merged.

Change subject: admin simplify service permissions grants
......................................................................



admin simplify service permissions grants

Change-Id: I5f179d9c1819e327ce2200c4d84647e702f73057
---
M modules/admin/data/data.yaml
1 file changed, 8 insertions(+), 32 deletions(-)

Approvals:
  Rush: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index e6a06d1..63521f0 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -22,10 +22,7 @@
     gid: 702
     description: RT 5934
     members: [ssastry, cscott, arlolra]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service parsoid stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service parsoid reload',
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service parsoid *',
                  'ALL = (root) NOPASSWD: /usr/sbin/service parsoid-rt-client 
restart',
                  'ALL = (parsoid-rt) NOPASSWD: 
/home/parsoid-rt/update-code.sh']
   gerrit-root:
@@ -134,10 +131,7 @@
     gid: 721
     description: admins for pdf render (rt 6468)
     members: [cscott, ssastry, gwicke, arlolra]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service ocg stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service ocg start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service ocg restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service ocg reload',
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service ocg *',
                  'ALL = (ocg) NOPASSWD: ALL']
   logstash-roots:
     gid: 722
@@ -188,10 +182,7 @@
     gid: 730
     description: group of mathoid admins
     members: [gwicke, catrope]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service mathoid stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service mathoid start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service mathoid restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service mathoid reload']
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service mathoid *']
   analytics-users:
     gid: 7080
     description: Gives generic client access to the Analytics (Hadoop) cluster.
@@ -232,10 +223,7 @@
     gid: 736
     description: group of citoid admins
     members: [gwicke, catrope, mobrovac]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service citoid stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service citoid start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service citoid restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service citoid reload']
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service citoid *']
   analytics-roots:
       gid: 738
       description: Full root access to Analytics Cluster nodes.
@@ -255,23 +243,14 @@
     gid: 741
     description: group of cxserver admins
     members: [kartik, nikerabbit]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service cxserver stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service cxserver start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service cxserver restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service cxserver reload',
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service cxserver *',
                  'ALL = (cxserver) NOPASSWD: ALL']
   chromium-admin:
     gid: 742
     description: people who run benchmarking tests with chromium (and xvfb)
     members: [catrope]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service chromium stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service chromium start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service chromium restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service chromium reload',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service xvfb stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service xvfb start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service xvfb restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service xvfb reload']
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service chromium *',
+                 'ALL = (root) NOPASSWD: /usr/sbin/service xvfb *']
   snapshot-admins:
     gid: 743
     description: People who can sudo into the datasets user on snapshot hosts.
@@ -300,10 +279,7 @@
     gid: 747
     description: group of zotero admins
     members: [mobrovac]
-    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service zotero stop',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service zotero start',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service zotero restart',
-                 'ALL = (root) NOPASSWD: /usr/sbin/service zotero reload']
+    privileges: ['ALL = (root) NOPASSWD: /usr/sbin/service zotero *']
   phabricator-roots:
     gid: 748
     description: people who have full root on phabricator

-- 
To view, visit https://gerrit.wikimedia.org/r/207788
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I5f179d9c1819e327ce2200c4d84647e702f73057
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
Gerrit-Reviewer: Rush <r...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] admin simplify service permissions grants - change (operations/puppet)

Reply via email to