[MediaWiki-commits] [Gerrit] operations/puppet[production]: Allow contint-admins to interact with zuul service

Mon, 18 Sep 2017 10:12:01 -0700 

Dzahn has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/378664 )

Change subject: Allow contint-admins to interact with zuul service
......................................................................


Allow contint-admins to interact with zuul service

We were able to reload/restart the zuul service as the zuul user via the
sudo rule:

    ALL = (zuul) NOPASSWD: ALL

Since 4f0df3e8b, zuul is behind systemd which requires root access as I
understand it.

Bug: T167845
Change-Id: I09579510031d4924e974d09e4e1fc7cfde0e833c
---
M modules/admin/data/data.yaml
1 file changed, 5 insertions(+), 0 deletions(-)

Approvals:
  Paladox: Looks good to me, but someone else must approve
  Krinkle: Looks good to me, but someone else must approve
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index f14f625..c3a4b71 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -151,6 +151,11 @@
                  'ALL = NOPASSWD: /usr/sbin/service nodepool stop',
                  'ALL = NOPASSWD: /usr/sbin/service nodepool restart',
                  'ALL = NOPASSWD: /usr/sbin/service nodepool status',
+                 'ALL = NOPASSWD: /usr/sbin/service zuul reload',
+                 'ALL = NOPASSWD: /usr/sbin/service zuul restart',
+                 'ALL = NOPASSWD: /usr/sbin/service zuul start',
+                 'ALL = NOPASSWD: /usr/sbin/service zuul stop',
+                 'ALL = NOPASSWD: /usr/sbin/service zuul status',
                  'ALL = NOPASSWD: /usr/sbin/service zuul-merger reload',
                  'ALL = NOPASSWD: /usr/sbin/service zuul-merger restart',
                  'ALL = NOPASSWD: /usr/sbin/service zuul-merger start',

-- 
To view, visit https://gerrit.wikimedia.org/r/378664
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I09579510031d4924e974d09e4e1fc7cfde0e833c
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Hashar <has...@free.fr>
Gerrit-Reviewer: Addshore <addshorew...@gmail.com>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Krinkle <krinklem...@gmail.com>
Gerrit-Reviewer: Legoktm <lego...@member.fsf.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: Paladox <thomasmulhall...@yahoo.com>
Gerrit-Reviewer: Thcipriani <tcipri...@wikimedia.org>
Gerrit-Reviewer: Zfilipin <zfili...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to