From: Peter Palfrader Date: Wed, 8 Apr 2009 08:01:00 +0000 (+0200) Subject: raff and groups wbadm, keyring, and debadmin. And wbadm's update-buildd-sshkeys job X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=984cecae1aeba2ae9b8e799ea962d425da943940;p=mirror%2Fdsa-puppet.git raff and groups wbadm, keyring, and debadmin. And wbadm's update-buildd-sshkeys job --- diff --git a/manifests/site.pp b/manifests/site.pp index a30dca3b8..d5398f827 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -45,7 +45,7 @@ node default { # test here first case $hostname { - handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa,gluck,rietz,unger,tartini,mahler: { include sudo } + handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti,powell,samosa,gluck,rietz,unger,tartini,mahler,raff: { include sudo } default: {} } } diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers index 3a0018b8f..0dde2670c 100644 --- a/modules/sudo/files/common/sudoers +++ b/modules/sudo/files/common/sudoers @@ -48,9 +48,11 @@ nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status # groups and their role accounts %buildd ALL=(buildd) ALL +%debadmin ALL=(dak) ALL %debbugs ALL=(debbugs) ALL %debwww ALL=(debwww) ALL %forums ALL=(forums) ALL +%keyring ALL=(keyring) ALL %lintian ALL=(lintian) ALL %mirroradm ALL=(archvsync) ALL %piuparts ALL=(piupartsm) ALL @@ -60,6 +62,7 @@ nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status %popcon ALL=(popcon) ALL %snapshot ALL=(snapshot) ALL %uddadm ALL=(udd) ALL +%wbadm ALL=(wbadm) ALL %wikiadm ALL=(wiki) ALL # some groups are in apachectrl on "their" hosts so they can reload apache and update their vhost @@ -69,6 +72,7 @@ nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status # FIXME: change that ALL for hosts to a hostlist of buildds? Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" buildd ALL=(ALL) NOPASSWD: ALL + # The piuparts slave needs to handle chroots piupartss piatti=(ALL) NOPASSWD: ALL # trigger of mirror run for packages @@ -77,3 +81,4 @@ pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo %adm ALL=(root) NOPASSWD: /etc/init.d/bind9 reload # remote power to babylon5 in the same rack: joerg unger=(ALL) /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1 +%wbadm raff=(root) /usr/local/bin/update-buildd-sshkeys diff --git a/modules/sudo/files/per-host/raff.debian.org/sudoers b/modules/sudo/files/per-host/raff.debian.org/sudoers deleted file mode 100644 index f55aefaa0..000000000 --- a/modules/sudo/files/per-host/raff.debian.org/sudoers +++ /dev/null @@ -1,45 +0,0 @@ -## -## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. -## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git -## - -# sudoers file. -# -# This file MUST be edited with the 'visudo' command as root. -# -# See the man page for details on how to write a sudoers file. -# - -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification -root ALL=(ALL) ALL - -# DSA -%adm ALL=(ALL) ALL -%adm ALL=(ALL) NOPASSWD: /usr/bin/apt-get update, /usr/bin/apt-get dist-upgrade, /usr/bin/apt-get clean, /usr/sbin/samhain -t check -i -p err -s none -l none -m none - -# HP local admin group -%hpadmins ALL=(ALL) ALL - -%debadmin ALL=(dak) ALL -%keyring ALL=(keyring) ALL -%apachectrl ALL=(root) /usr/sbin/apache2-vhost-update - -# buildd -%buildd ALL=(buildd) ALL -%wbadm ALL=(wbadm) ALL -%wbadm ALL=(root) /usr/local/bin/update-buildd-sshkeys - -nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe "" -nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup "" -nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show -nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd all show -nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]\:[0-9] show -nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 pd [0-9]I\:[0-9]\:[0-9] show -nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=0 show status -nagios ALL=(ALL) NOPASSWD: /usr/sbin/samhain -t check --foreground -p err -s none -l none -m none