Faidon Liambotis has uploaded a new change for review. https://gerrit.wikimedia.org/r/214346
Change subject: sudo: fix sudo::user/group's ensure => absent ...................................................................... sudo: fix sudo::user/group's ensure => absent We don't currently use ensure => absent for sudo::user or sudo::group anywhere yet, but it was broken (the template gets evaluated anyway and borks if there are no privileges defined) and needed fixing anyway. Change-Id: I706e891c8ce7d858d8ef59a1fabbc03a84ac2858 --- M modules/sudo/manifests/group.pp M modules/sudo/manifests/user.pp 2 files changed, 24 insertions(+), 16 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/46/214346/1 diff --git a/modules/sudo/manifests/group.pp b/modules/sudo/manifests/group.pp index 2ee2118..7c234f4 100644 --- a/modules/sudo/manifests/group.pp +++ b/modules/sudo/manifests/group.pp @@ -32,20 +32,24 @@ $title_safe = regsubst($title, '\W', '-', 'G') $filename = "/etc/sudoers.d/${title_safe}" - file { $filename: - ensure => $ensure, - owner => 'root', - group => 'root', - mode => '0440', - content => template('sudo/sudoers.erb'), - } - if $ensure == 'present' { + file { $filename: + ensure => $ensure, + owner => 'root', + group => 'root', + mode => '0440', + content => template('sudo/sudoers.erb'), + } + exec { "sudo_group_${title}_linting": command => "/bin/rm -f ${filename} && /bin/false", unless => "/usr/sbin/visudo -cqf ${filename}", refreshonly => true, subscribe => File[$filename], } + } else { + file { $filename: + ensure => $ensure, + } } } diff --git a/modules/sudo/manifests/user.pp b/modules/sudo/manifests/user.pp index 6a64fdc..424491f 100644 --- a/modules/sudo/manifests/user.pp +++ b/modules/sudo/manifests/user.pp @@ -32,20 +32,24 @@ $title_safe = regsubst($title, '\W', '-', 'G') $filename = "/etc/sudoers.d/${title_safe}" - file { $filename: - ensure => $ensure, - owner => 'root', - group => 'root', - mode => '0440', - content => template('sudo/sudoers.erb'), - } - if $ensure == 'present' { + file { $filename: + ensure => $ensure, + owner => 'root', + group => 'root', + mode => '0440', + content => template('sudo/sudoers.erb'), + } + exec { "sudo_user_${title}_linting": command => "/bin/rm -f ${filename} && /bin/false", unless => "/usr/sbin/visudo -cqf ${filename}", refreshonly => true, subscribe => File[$filename], } + } else { + file { $filename: + ensure => $ensure, + } } } -- To view, visit https://gerrit.wikimedia.org/r/214346 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I706e891c8ce7d858d8ef59a1fabbc03a84ac2858 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits