# Host alias specification
Host_Alias VOIPHOSTS = vogler
Host_Alias WEBHOSTS = wolkenstein
-Host_Alias SECHOSTS = chopin
+Host_Alias SECHOSTS = seger
Host_Alias FTPHOSTS = franck
Host_Alias ZIVITHOSTS = zelenka, zandonai
Host_Alias AACRAIDHOSTS = beethoven, pettersson
Host_Alias MEGACTLHOSTS = nielsen
Host_Alias LISTHOSTS = bendel
Host_Alias BUILDD_MASTER = wuiet
-Host_Alias PORTERBOXES = abel, asachi, barriere, eder, falla, fischer, gabrielli, harris, merulo, minkus, partch, plummer, smetana, zelenka
+Host_Alias BUILDD_PORTS_MASTER = portman
+Host_Alias PORTERBOXES = abel, asachi, barriere, eder, etler, falla, fischer, harris, merulo, minkus, partch, plummer, pizzetti, smetana, zelenka
Host_Alias PIUPARTS_SLAVE_HOSTS = piu-slave-bm-a
Host_Alias MQ_HOSTS = rainier, rapoport
Host_Alias NOVAHOSTS = oyens, bm-bl9, bm-bl10, bm-bl11, bm-bl12
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-libs ""
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-stunnel-sanity ""
nagios ALL=(ALL) NOPASSWD: /usr/local/sbin/dsa-check-libs ""
+nagios handel=(puppet) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-cert-expire /var/lib/puppet/ssl/certs/ca.pem
# with smartarray controllers
nagios ALL=(ALL) NOPASSWD: /sbin/hpasmcli ""
nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
nagios MEGARAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/megarc -AllAdpInfo -nolog, /usr/local/bin/megarc -dispCfg -a0 -nolog
nagios MEGACTLHOSTS=(ALL) NOPASSWD: /usr/sbin/megactl -Hv
# other nagios things
+nagios backuphost=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
nagios storace=(debbackup) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-backuppg ""
# groups and their role accounts
+%appstream ALL=(appstream) ALL
%auditor ALL=(accounting) ALL
%backports ALL=(backports) ALL
%blends ALL=(blends) ALL
%debwww ALL=(debwww) ALL
%dedup ALL=(dedup) ALL
%dgit ALL=(dgit) ALL
+%dgit ALL=(dgit-unpriv) ALL
%emdebian ALL=(emdebian) ALL
%forums ALL=(forums) ALL
+%gitdoadm ALL=(gitdoadm) ALL
%httpredir ALL=(httpredir) ALL
%httpredir ALL=(httpredir-app) ALL
%keyring ALL=(keyring) ALL
+%jenkins-adm ALL=(jenkins-adm) ALL
%lintian ALL=(lintian) ALL
%listweb ALL=(listweb) ALL
%list LISTHOSTS=(list) ALL
%security ALL=(security) ALL
%snapshot ALL=(snapshot) ALL
%uddadm ALL=(udd) ALL
+%videoteam vittoria=(veyepar) ALL
%volatile ALL=(volatile) ALL
%wbadm ALL=(wbadm) ALL
%wbadm-ports ALL=(wbadm-ports) ALL
%gobby gombert=(gobby) ALL
%dacshelper diabelli=(www-data) ALL
%debsso diabelli=(debsso) ALL
+%debsso-web diabelli=(debsso-web) ALL
# the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
%ftptrainee FTPHOSTS=(dak-unpriv) NOPASSWD: /usr/bin/lintian
Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
buildd ALL=(ALL) NOPASSWD: ALL
+%appstream mekeel=(staticsync) NOPASSWD: /usr/local/bin/static-update-component appstream.debian.org
%backports franck,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org
-%debbits master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
+%publicity master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
%debdelta donizetti=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debdeltas.debian.net
%webwml master=(staticsync) NOPASSWD: /usr/local/bin/static-update-component network-test.debian.org
planet philp=(staticsync) NOPASSWD: /usr/local/bin/static-update-component planet.debian.org
%ports dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component www.ports.debian.org
%debvoip dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component rtc.debian.org
%security dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component security-team.debian.org
+%publicity dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component timeline.debian.net
+pabs dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component timeline.debian.net
%lintian lindsay=(staticsync) NOPASSWD: /usr/local/bin/static-update-component lintian.debian.org
# The piuparts slave needs to handle chroots
# wbadm can update all buildd* users' keys on buildd.d.o
%wbadm BUILDD_MASTER=(wb-buildd) ALL
%wbadm BUILDD_MASTER=(root) /usr/local/bin/update-buildd-sshkeys
+# wbadm can update all buildd* users' keys on buildd.d.o
+%wbadm-ports BUILDD_PORTS_MASTER=(wb-buildd) ALL
+%wbadm-ports BUILDD_PORTS_MASTER=(root) /usr/local/bin/update-buildd-sshkeys
# mirror push
dak FTPHOSTS,SECHOSTS=(archvsync) NOPASSWD:/home/archvsync/runmirrors
dak franck=(backports) NOPASSWD: /home/backports/bin/update-archive
dak SECHOSTS=(archvsync) NOPASSWD: /home/archvsync/signal_security
# web stuff
debwww WEBHOSTS=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors
-%press WEBHOSTS=(debwww) /srv/www.debian.org/update-part News
+%publicity WEBHOSTS=(debwww) /srv/www.debian.org/update-part News
%debvote WEBHOSTS=(debwww) /srv/www.debian.org/update-part vote
# more list stuff
%list LISTHOSTS=(root) /usr/sbin/postfix reload
# voip stuff
%debvoip VOIPHOSTS=(root) /usr/sbin/service resiprocate-turn-server restart, /usr/sbin/service repro restart
+%debvoip VOIPHOSTS=(root) /usr/sbin/service prosody restart, /usr/sbin/service prosody reload, /usr/sbin/service prosody stop, /usr/sbin/service prosody start
# Openstack stuff
Defaults:neutron !requiretty
nova NOVAHOSTS=(root) NOPASSWD: /usr/bin/nova-rootwrap *
neutron NOVAHOSTS=(root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
cinder NOVAHOSTS=(root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
+%openstack NOVAHOSTS=(keystone) ALL
+%openstack NOVAHOSTS=(memcache) ALL
+%openstack NOVAHOSTS=(ceilometer) ALL
+%openstack NOVAHOSTS=(cinder) ALL
+%openstack NOVAHOSTS=(glance) ALL
+%openstack NOVAHOSTS=(heat) ALL
+%openstack NOVAHOSTS=(neutron) ALL
+%openstack NOVAHOSTS=(nova) ALL