Alexandros Kosiaris has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/331602 )
Change subject: admin: Use the debian staff group for ops
......................................................................
admin: Use the debian staff group for ops
The debian staff group by definition has some slightly elevated
privileges, such as access to webserver log files. Manage this group
fleet wise and add all ops members into it. This is expected to provide
some slightly easier and faster debuggging capabilities without having
to go through sudo. Note that we don't force the GID on purpose in order
to be future proof (not that we expect it to ever change)
Change-Id: Ic2022684b0883b948e04643bf76eabdd45e1c5be
---
M modules/admin/data/data.yaml
M modules/admin/manifests/init.pp
2 files changed, 7 insertions(+), 2 deletions(-)
Approvals:
Alexandros Kosiaris: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/admin/data/data.yaml b/modules/admin/data/data.yaml
index aac9ce1..0cb748e 100644
--- a/modules/admin/data/data.yaml
+++ b/modules/admin/data/data.yaml
@@ -30,6 +30,11 @@
ori, jmm, jynus, aaron, ema, elukey, gehel, volans, madhuvishy,
marostegui,
ayounsi, herron, aborrero]
privileges: ['ALL = (ALL) NOPASSWD: ALL']
+ ops-staff-group:
+ # No gid for this group on purpose, it's a system provided one
+ description: Use the standard system provided staff group to provide ops
with privileges that would allow easier administrative tasks
+ members: *ops_members
+ posix_name: staff
parsoid-roots:
gid: 701
description: RT 5934
@@ -2932,4 +2937,4 @@
tonina:
ensure: present
realname: Tonina Zhelyazkova
- email: [email protected]
\ No newline at end of file
+ email: [email protected]
diff --git a/modules/admin/manifests/init.pp b/modules/admin/manifests/init.pp
index 24eb00f..131c3c2 100644
--- a/modules/admin/manifests/init.pp
+++ b/modules/admin/manifests/init.pp
@@ -11,7 +11,7 @@
class admin(
$groups=[],
- $always_groups=['absent', 'ops', 'wikidev'],
+ $always_groups=['absent', 'ops', 'wikidev', 'ops-staff-group'],
)
{
include ::sudo
--
To view, visit https://gerrit.wikimedia.org/r/331602
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ic2022684b0883b948e04643bf76eabdd45e1c5be
Gerrit-PatchSet: 5
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Elukey <[email protected]>
Gerrit-Reviewer: Ema <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Filippo Giunchedi <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
