Alexandros Kosiaris has uploaded a new change for review. https://gerrit.wikimedia.org/r/309992
Change subject: (WIP) puppetmaster: Experiment in defining a gitpuppet group ...................................................................... (WIP) puppetmaster: Experiment in defining a gitpuppet group We would like to have a gitpuppet group defined on puppetmasters and set ownership on /srv/private, while causing minimal issues for current users. Use YAML references to get the gitpuppet group populated with all ops group members, populate the group on frontend, backend and ensure the correct permission on /srv/private Change-Id: Ia6d78aefa459bfca3be0a9c576dfad272855c9cd --- M hieradata/role/common/puppetmaster/backend.yaml M hieradata/role/common/puppetmaster/frontend.yaml M modules/admin/data/data.yaml M modules/puppetmaster/manifests/gitclone.pp 4 files changed, 10 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/92/309992/1 diff --git a/hieradata/role/common/puppetmaster/backend.yaml b/hieradata/role/common/puppetmaster/backend.yaml index 87dfccf..2fa8f32 100644 --- a/hieradata/role/common/puppetmaster/backend.yaml +++ b/hieradata/role/common/puppetmaster/backend.yaml @@ -1,3 +1,5 @@ debdeploy::grains: debdeploy-puppetmaster-backend: value: standard +admin::groups: + - gitpuppet diff --git a/hieradata/role/common/puppetmaster/frontend.yaml b/hieradata/role/common/puppetmaster/frontend.yaml index 38f2b37..199bd13 100644 --- a/hieradata/role/common/puppetmaster/frontend.yaml +++ b/hieradata/role/common/puppetmaster/frontend.yaml @@ -1,3 +1,5 @@ debdeploy::grains: debdeploy-puppetmaster-frontend: value: standard +admin::groups: + - gitpuppet diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml index a8169f0..47fc3d3 100644 --- a/modules/admin/data/data.yaml +++ b/modules/admin/data/data.yaml @@ -18,7 +18,7 @@ ops: gid: 700 description: include everywhere ops folks - members: [filippo, jgreen, bblack, andrew, faidon, rush, oblivian, laner, yuvipanda, + members: &ops_members [filippo, jgreen, bblack, andrew, faidon, rush, oblivian, laner, yuvipanda, dzahn, akosiaris, springle, mark, ariel, cmjohnson, otto, robh, tstarling, ori, midom, jmm, jynus, aaron, ema, elukey, gehel, volans, madhuvishy, marostegui] privileges: ['ALL = (ALL) NOPASSWD: ALL'] @@ -558,6 +558,10 @@ 'ALL = NOPASSWD: /usr/sbin/service thumbor@* stop', 'ALL = NOPASSWD: /usr/sbin/service thumbor@* restart', 'ALL = (thumbor) NOPASSWD: ALL'] + gitpuppet: + gid: 998 + description: Private repo users + members: &ops_members users: rush: diff --git a/modules/puppetmaster/manifests/gitclone.pp b/modules/puppetmaster/manifests/gitclone.pp index 0560c49..dba75d6 100644 --- a/modules/puppetmaster/manifests/gitclone.pp +++ b/modules/puppetmaster/manifests/gitclone.pp @@ -88,7 +88,7 @@ ensure => directory, owner => 'gitpuppet', group => 'gitpuppet', - mode => '0644', # Will become 0755 for dir automatically + mode => '0640', # Will become 0755 for dir automatically recurse => 'true', } -- To view, visit https://gerrit.wikimedia.org/r/309992 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ia6d78aefa459bfca3be0a9c576dfad272855c9cd Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits