Page MenuHomeDevCentral

D1021.id2606.diff
No OneTemporary

D1021.id2606.diff

diff --git a/roles/saltmaster/sudo/files/deploy b/roles/saltmaster/sudo/files/deploy
new file mode 100644
--- /dev/null
+++ b/roles/saltmaster/sudo/files/deploy
@@ -0,0 +1,17 @@
+# -------------------------------------------------------------
+# SaltStack deployment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2017-09-28
+# License: Trivial work, not eligible to copyright
+# Source file: roles/saltmaster/sudo/files/deploy
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+%deploy ALL = (deploy) NOPASSWD: ALL
diff --git a/roles/saltmaster/sudo/init.sls b/roles/saltmaster/sudo/init.sls
--- a/roles/saltmaster/sudo/init.sls
+++ b/roles/saltmaster/sudo/init.sls
@@ -12,9 +12,12 @@
# Sudo capabilities
#
# Ops should be able to sudo -u salt …
+# Deployers should be able to sudo -u deploy <anything>
# -------------------------------------------------------------
-saltmaster_sudo_capabilities_file:
+{% for sudofile in ['salt', 'deploy'] %}
+saltmaster_sudo_capabilities_{{ sudofile }}:
file.managed:
- - name: {{ dirs.etc }}/sudoers.d/salt
- - source: salt://roles/saltmaster/sudo/files/salt
+ - name: {{ dirs.etc }}/sudoers.d/{{ sudofile }}
+ - source: salt://roles/saltmaster/sudo/files/{{ sudofile }}
+{% endfor %}

File Metadata

Mime Type
text/plain
Expires
Sat, Nov 16, 21:27 (21 h, 3 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2248095
Default Alt Text
D1021.id2606.diff (1 KB)

Event Timeline