Faidon Liambotis has submitted this change and it was merged.
Change subject: Switch ops to passwordless sudo in labs
......................................................................
Switch ops to passwordless sudo in labs
Do not require a password for ops people to sudo to root as this would
potentially reveal their password to project admins.
Change-Id: I5304ca95a3fc6e4aa47ca8a8e18ddbb3805bfb6a
---
M manifests/sudo.pp
1 file changed, 2 insertions(+), 2 deletions(-)
Approvals:
Faidon Liambotis: Looks good to me, approved
jenkins-bot: Verified
diff --git a/manifests/sudo.pp b/manifests/sudo.pp
index 44d93d7..e5b0b6f 100644
--- a/manifests/sudo.pp
+++ b/manifests/sudo.pp
@@ -30,7 +30,7 @@
include sudo::default
# Was handled via sudo ldap, now handled via puppet
- sudo_group { ops: privileges => ['ALL=(ALL) ALL'] }
+ sudo_group { ops: privileges => ['ALL=(ALL) NOPASSWD: ALL'] }
# Old way of handling this.
sudo_group { $instanceproject: ensure => absent }
# Another old way, before per-project sudo
@@ -61,4 +61,4 @@
ensure => present;
}
-}
\ No newline at end of file
+}
--
To view, visit https://gerrit.wikimedia.org/r/81267
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I5304ca95a3fc6e4aa47ca8a8e18ddbb3805bfb6a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: Faidon Liambotis <fai...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
