From: Dennis Gilmore ausil@fedoraproject.org
move releng-sudoers to 00releng-sudoers everywhere drop the no longer needed ftpsync-sudo file ansible-priave has some changes to match
Signed-off-by: Dennis Gilmore ausil@fedoraproject.org --- inventory/group_vars/bodhi-backend | 2 +- inventory/group_vars/bodhi-backend-stg | 2 +- inventory/group_vars/buildarm | 2 +- inventory/group_vars/buildhw | 2 +- inventory/group_vars/buildppc | 2 +- inventory/group_vars/buildppcle | 2 +- inventory/group_vars/buildvm | 2 +- inventory/group_vars/buildvm-ppc64 | 2 +- inventory/group_vars/buildvm-ppc64le | 2 +- inventory/group_vars/buildvm-stg | 2 +- inventory/group_vars/koji | 2 +- inventory/group_vars/koji-stg | 2 +- inventory/group_vars/osbs-stg | 2 +- inventory/group_vars/sign-bridge | 2 +- inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org | 2 +- inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org | 2 +- roles/releng/tasks/main.yml | 5 ----- 17 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/inventory/group_vars/bodhi-backend b/inventory/group_vars/bodhi-backend index 796c058..dfc9440 100644 --- a/inventory/group_vars/bodhi-backend +++ b/inventory/group_vars/bodhi-backend @@ -42,6 +42,6 @@ fedmsg_error_recipients: nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3"
fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
## XXX - note that the csi_ stuff is kept at the host_vars/ level. diff --git a/inventory/group_vars/bodhi-backend-stg b/inventory/group_vars/bodhi-backend-stg index a4f7723..4f9204e 100644 --- a/inventory/group_vars/bodhi-backend-stg +++ b/inventory/group_vars/bodhi-backend-stg @@ -73,7 +73,7 @@ fedmsg_certs: - bodhi.updates.fedora.sync
fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
# For the MOTD diff --git a/inventory/group_vars/buildarm b/inventory/group_vars/buildarm index c57d037..8d36e73 100644 --- a/inventory/group_vars/buildarm +++ b/inventory/group_vars/buildarm @@ -1,6 +1,6 @@ host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" ansible_ifcfg_blacklist: true
koji_server_url: "http://koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildhw b/inventory/group_vars/buildhw index ab559ca..6c2cc5e 100644 --- a/inventory/group_vars/buildhw +++ b/inventory/group_vars/buildhw @@ -1,7 +1,7 @@ --- host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" freezes: true
koji_server_url: "http://koji.fedoraproject.org/kojihub" diff --git a/inventory/group_vars/buildppc b/inventory/group_vars/buildppc index d0891f9..76c7e4c 100644 --- a/inventory/group_vars/buildppc +++ b/inventory/group_vars/buildppc @@ -21,7 +21,7 @@ virt_install_command: "{{ virt_install_command_two_nic }}" # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
koji_server_url: "http://koji.fedoraproject.org/kojihub" koji_weburl: "http://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/buildppcle b/inventory/group_vars/buildppcle index 8c001a2..9bafafe 100644 --- a/inventory/group_vars/buildppcle +++ b/inventory/group_vars/buildppcle @@ -20,7 +20,7 @@ virt_install_command: "{{ virt_install_command_two_nic }}" # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
koji_server_url: "http://koji.fedoraproject.org/kojihub" koji_weburl: "http://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/buildvm b/inventory/group_vars/buildvm index 4b3a6d2..a16019f 100644 --- a/inventory/group_vars/buildvm +++ b/inventory/group_vars/buildvm @@ -16,7 +16,7 @@ virt_install_command: "{{ virt_install_command_two_nic }}" # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
koji_server_url: "http://koji.fedoraproject.org/kojihub" koji_weburl: "http://koji.fedoraproject.org/koji" diff --git a/inventory/group_vars/buildvm-ppc64 b/inventory/group_vars/buildvm-ppc64 index dbfbab7..9012128 100644 --- a/inventory/group_vars/buildvm-ppc64 +++ b/inventory/group_vars/buildvm-ppc64 @@ -14,7 +14,7 @@ dns: 10.5.126.21 # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng,sysadmin-secondary -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
virt_install_command: "{{ virt_install_command_one_nic }} --graphics none"
diff --git a/inventory/group_vars/buildvm-ppc64le b/inventory/group_vars/buildvm-ppc64le index 8c1ebd6..376d4e2 100644 --- a/inventory/group_vars/buildvm-ppc64le +++ b/inventory/group_vars/buildvm-ppc64le @@ -14,7 +14,7 @@ dns: 10.5.126.21 # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng,sysadmin-secondary -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
virt_install_command: "{{ virt_install_command_one_nic }} --graphics none"
diff --git a/inventory/group_vars/buildvm-stg b/inventory/group_vars/buildvm-stg index 293d05b..08562ba 100644 --- a/inventory/group_vars/buildvm-stg +++ b/inventory/group_vars/buildvm-stg @@ -14,7 +14,7 @@ dns: 10.5.126.21 # the host_vars/$hostname file host_group: kojibuilder fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" datacenter: staging nfs_mount_opts: "rw,hard,bg,intr,noatime,nodev,nosuid"
diff --git a/inventory/group_vars/koji b/inventory/group_vars/koji index df2bfa2..6096adb 100644 --- a/inventory/group_vars/koji +++ b/inventory/group_vars/koji @@ -19,7 +19,7 @@ custom_rules: [ ]
fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
# These are consumed by a task in roles/fedmsg/base/main.yml fedmsg_certs: diff --git a/inventory/group_vars/koji-stg b/inventory/group_vars/koji-stg index b34c56d..4876829 100644 --- a/inventory/group_vars/koji-stg +++ b/inventory/group_vars/koji-stg @@ -36,7 +36,7 @@ fedmsg_certs:
# NOTE -- staging mounts read-only nfs_mount_opts: "ro,hard,bg,intr,noatime,nodev,nosuid,nfsvers=3" -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
koji_server_url: "http://koji.stg.fedoraproject.org/kojihub" koji_weburl: "http://koji.stg.fedoraproject.org/koji" diff --git a/inventory/group_vars/osbs-stg b/inventory/group_vars/osbs-stg index 768067e..1b6424d 100644 --- a/inventory/group_vars/osbs-stg +++ b/inventory/group_vars/osbs-stg @@ -7,4 +7,4 @@ num_cpus: 2 tcp_ports: [ 80, 443 ]
fas_client_groups: sysadmin-releng,fi-apprentice -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" diff --git a/inventory/group_vars/sign-bridge b/inventory/group_vars/sign-bridge index 55170e5..c01cbcd 100644 --- a/inventory/group_vars/sign-bridge +++ b/inventory/group_vars/sign-bridge @@ -10,4 +10,4 @@ num_cpus: 4 tcp_ports: [ 44333, 44334 ]
fas_client_groups: sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers" diff --git a/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org b/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org index 18e3815..f18bb81 100644 --- a/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org +++ b/inventory/host_vars/compose-ppc64-01.ppc.fedoraproject.org @@ -10,7 +10,7 @@ gw: 10.5.129.254 main_bridge: br1
fas_client_groups: sysadmin-noc,sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
host_group: releng
diff --git a/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org b/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org index 07d4904..c6e3970 100644 --- a/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org +++ b/inventory/host_vars/compose-ppc64le-01.ppc.fedoraproject.org @@ -10,7 +10,7 @@ gw: 10.5.129.254 main_bridge: br1
fas_client_groups: sysadmin-noc,sysadmin-releng -sudoers: "{{ private }}/files/sudo/releng-sudoers" +sudoers: "{{ private }}/files/sudo/00releng-sudoers"
host_group: releng
diff --git a/roles/releng/tasks/main.yml b/roles/releng/tasks/main.yml index cb99faf..08d0b18 100644 --- a/roles/releng/tasks/main.yml +++ b/roles/releng/tasks/main.yml @@ -185,11 +185,6 @@ copy: src="twoweek-updates" dest=/etc/cron.d/twoweek-updates when: inventory_hostname.startswith('compose-x86-01')
-- name: sudoers for ftpsync - copy: src="{{ private }}/files/sudo/ftpsync-sudo" dest=/etc/sudoers.d/ftpsync mode=0440 - tags: - - configs - - name: install compose /etc/httpd/conf.d/compose.conf file copy: > src="compose.conf"
Seems fine to me and we can back it out if it causes problems.
I guess we would know after tomorrows nightly composes?
+1
kevin
On Thu, 17 Mar 2016 09:20:37 -0600 Kevin Fenzi kevin@scrye.com wrote:
Seems fine to me and we can back it out if it causes problems.
I guess we would know after tomorrows nightly composes?
There was some fallout from this. The compose playbook didn't run sudo role on branched-composer and rawhide-composer. So, it was unable to run sudo as masher to run ftpsync to sync the content to the master mirrors.
I pushed out 2 commits that fixed this this morning.
864b4beeda6dde16f38e3f1a7f3441580a254b2d f1f716b4cf83a27bdc7688c481aee948bec9edc1
Retroactive +1s?
I will watch tomorrow's composes to make sure they don't have any sudo errors.
kevin
On Sat, Mar 19, 2016 at 5:34 PM, Kevin Fenzi kevin@scrye.com wrote:
On Thu, 17 Mar 2016 09:20:37 -0600 Kevin Fenzi kevin@scrye.com wrote:
Seems fine to me and we can back it out if it causes problems.
I guess we would know after tomorrows nightly composes?
There was some fallout from this. The compose playbook didn't run sudo role on branched-composer and rawhide-composer. So, it was unable to run sudo as masher to run ftpsync to sync the content to the master mirrors.
I pushed out 2 commits that fixed this this morning.
864b4beeda6dde16f38e3f1a7f3441580a254b2d f1f716b4cf83a27bdc7688c481aee948bec9edc1
Retroactive +1s?
+1
I will watch tomorrow's composes to make sure they don't have any sudo errors.
thanks
Turns out this was in fact not needed... the sudo errors I was seeing were from a sync Dennis was doing to sync the rc compose over. He ran it as the wrong user at first...
On the plus side it shouldn't hurt anything being there.
kevin
On Thu, Mar 17, 2016 at 3:11 PM, dennis@ausil.us wrote:
From: Dennis Gilmore ausil@fedoraproject.org
move releng-sudoers to 00releng-sudoers everywhere drop the no longer needed ftpsync-sudo file ansible-priave has some changes to match
+1 from me.
infrastructure@lists.fedoraproject.org
-
Dennis Gilmore -
Kevin Fenzi -
Peter Robinson