Page MenuHomeDevCentral
Differential D888

Allow nasqueron-irc to control Odderon service
ClosedPublic
Actions

Authored by dereckson on Jan 30 2017, 00:59.
Tags
None
Referenced Files
F3606613: D888.id2258.diff
Mon, Sep 30, 03:51
Unknown Object (File)
Tue, Sep 24, 12:51
Unknown Object (File)
Tue, Sep 17, 14:10
Unknown Object (File)
Mon, Sep 16, 23:28
Unknown Object (File)
Wed, Sep 11, 20:30
Unknown Object (File)
Fri, Sep 6, 04:52
Unknown Object (File)
Thu, Sep 5, 21:48
Unknown Object (File)
Thu, Sep 5, 10:20
View All Files
Subscribers
Sandlayth

Details

Reviewers
dereckson
Commits
rOPSe5ed159bf68a: Allow nasqueron-irc to control Odderon service
Summary

f7788aa69fe6 deployed a systemd unit to control the darkbot.

Before, 618a748f0998 offered to nasqueron-irc group the right
to run any command as odderon user.

This is coherent to allow the same group to stop or restart the bot
through systemd.

Test Plan

As a member of the nasqueron-irc group:
sudo systemctl restart odderon

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

dereckson created this revision.Jan 30 2017, 00:59
dereckson planned changes to this revision.Jan 30 2017, 01:00
dereckson added inline comments.
roles/shellserver/odderon/files/odderon.sudoers
4

service.sls should know it's Jinja template

dereckson updated this revision to Diff 2257.Jan 30 2017, 01:31
dereckson marked an inline comment as done.
dereckson edited edge metadata.

odderon.sudoers is now a jinja template

Harbormaster completed remote builds in B1371: Diff 2257.Jan 30 2017, 01:31
dereckson accepted this revision.Jan 30 2017, 01:39
Salt master
$ cd /opt/nasqueron-operations
$ arc patch D888
$ salt eglide state.apply roles/shellserver/odderon/account
eglide:
[…]
          ID: odderon_sudo_capabilities_file
    Function: file.managed
        Name: /etc/sudoers.d/odderon
      Result: True
     Comment: File /etc/sudoers.d/odderon updated
     Started: 01:33:07.655830
    Duration: 1149.627 ms
     Changes:   
              ----------
              diff:
                  --- 
                  +++ 
                  @@ -1 +1,12 @@
                   %nasqueron-irc ALL=(odderon) NOPASSWD: ALL
                  +
                  +# Service management
                  +
                  +%nasqueron-irc ALL= NOPASSWD: /bin/systemctl start odderon
                  +
                  +%nasqueron-irc ALL= NOPASSWD: /bin/systemctl stop odderon
                  +
                  +%nasqueron-irc ALL= NOPASSWD: /bin/systemctl restart odderon
                  +
                  +%nasqueron-irc ALL= NOPASSWD: /bin/systemctl reload odderon
                  +
Eglide
$ sudo systemctl restart odderon

01:34:51 -!- Odderon has quit [Remote host closed the connection]
01:35:08 -!- Odderon has joined #nasqueron-ops

This revision is now accepted and ready to land.Jan 30 2017, 01:39
Closed by commit rOPSe5ed159bf68a: Allow nasqueron-irc to control Odderon service (authored by dereckson, committed by dereckson). · Explain WhyJan 30 2017, 01:40
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
roles/
shellserver/
odderon/
1 line
files/
5 lines

Diff 2258

View Options

roles/shellserver/odderon/account.sls

Loading...
View Options

roles/shellserver/odderon/files/odderon.sudoers

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator