raff and groups wbadm, keyring, and debadmin. And wbadm's update-buildd-sshkeys job

diff --git a/manifests/site.pp b/manifests/site.pp
index a30dca3..d5398f8 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -45,7 +45,7 @@ node default {
 
     # test here first
     case $hostname {
-        handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa,gluck,rietz,unger,tartini,mahler:    { include sudo }
+        handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa,gluck,rietz,unger,tartini,mahler,raff:    { include sudo }
         default:   {}
     }
 }

diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index 3a0018b..0dde267 100644 (file)
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -48,9 +48,11 @@ nagios               ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
 
 # groups and their role accounts
 %buildd                ALL=(buildd)    ALL
+%debadmin      ALL=(dak)       ALL
 %debbugs       ALL=(debbugs)   ALL
 %debwww                ALL=(debwww)    ALL
 %forums                ALL=(forums)    ALL
+%keyring       ALL=(keyring)   ALL
 %lintian       ALL=(lintian)   ALL
 %mirroradm     ALL=(archvsync) ALL
 %piuparts      ALL=(piupartsm) ALL
@@ -60,6 +62,7 @@ nagios                ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
 %popcon                ALL=(popcon)    ALL
 %snapshot      ALL=(snapshot)  ALL
 %uddadm                ALL=(udd)       ALL
+%wbadm         ALL=(wbadm)     ALL
 %wikiadm       ALL=(wiki)      ALL
 
 # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost
@@ -69,6 +72,7 @@ nagios                ALL=(ALL)       NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
 # FIXME: change that ALL for hosts to a hostlist of buildds?
 Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
 buildd         ALL=(ALL)               NOPASSWD: ALL
+
 # The piuparts slave needs to handle chroots
 piupartss      piatti=(ALL)            NOPASSWD: ALL
 # trigger of mirror run for packages
@@ -77,3 +81,4 @@ pkg_user      powell=(archvsync)      NOPASSWD: /home/archvsync/bin/pushpdo
 %adm           ALL=(root)              NOPASSWD: /etc/init.d/bind9 reload
 # remote power to babylon5 in the same rack:
 joerg          unger=(ALL)             /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1
+%wbadm         raff=(root)             /usr/local/bin/update-buildd-sshkeys

diff --git a/modules/sudo/files/per-host/raff.debian.org/sudoers b/modules/sudo/files/per-host/raff.debian.org/sudoers
deleted file mode 100644 (file)
index f55aefa..0000000
--- a/modules/sudo/files/per-host/raff.debian.org/sudoers
+++ /dev/null
@@ -1,45 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# sudoers file.
-#
-# This file MUST be edited with the 'visudo' command as root.
-#
-# See the man page for details on how to write a sudoers file.
-#
-
-# Host alias specification
-
-# User alias specification
-
-# Cmnd alias specification
-
-# User privilege specification
-root   ALL=(ALL) ALL
-
-# DSA
-%adm ALL=(ALL) ALL
-%adm    ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none
-
-# HP local admin group
-%hpadmins      ALL=(ALL) ALL
-
-%debadmin      ALL=(dak) ALL
-%keyring       ALL=(keyring) ALL
-%apachectrl    ALL=(root) /usr/sbin/apache2-vhost-update
-
-# buildd
-%buildd                ALL=(buildd) ALL
-%wbadm         ALL=(wbadm) ALL
-%wbadm         ALL=(root) /usr/local/bin/update-buildd-sshkeys
-
-nagios  ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
-nagios  ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status
-nagios  ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none