Page MenuHomeDevCentral
Differential D398

Provision ops accounts on Eglide
ClosedPublic
Actions

Authored by dereckson on Jun 8 2016, 23:14.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 14, 14:59
Unknown Object (File)
Fri, Dec 13, 18:07
Unknown Object (File)
Thu, Dec 12, 17:22
Unknown Object (File)
Thu, Dec 12, 09:58
Unknown Object (File)
Wed, Dec 11, 05:13
Unknown Object (File)
Tue, Dec 10, 21:26
Unknown Object (File)
Wed, Dec 4, 13:53
Unknown Object (File)
Tue, Dec 3, 17:24
View All Files
Subscribers
None

Details

Reviewers
dereckson
Sandlayth
Maniphest Tasks
T855: Add admin accounts on Eglide
Commits
rOPSc18cf34de2bb: Provision ops accounts on Eglide
Summary

Currently, only users have accounts on Eglide,
not operations members.

We want these last to:

  • have a regular account
  • have a gid > 5000 (users start at 2000)
  • be member of the group wheel

We create and populate the wheel group.

Fixes T855.

Test Plan

salt eglide state.highstate

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
No Lint Coverage
Unit
No Test Coverage
Branch
T855
Build Status
Buildable 544
Build 659: arc lint + arc unit

Event Timeline

dereckson updated this revision to Diff 956.Jun 8 2016, 23:14
dereckson added a task: T855: Add admin accounts on Eglide.
dereckson retitled this revision from to Provision ops accounts on Eglide.
dereckson updated this object.
dereckson edited the test plan for this revision. (Show Details)
dereckson added a reviewer: Sandlayth.
dereckson planned changes to this revision.EditedJun 8 2016, 23:17
Ysul
$ salt eglide state.highstate
eglide:
    Data failed to compile:
----------
    Rendering SLS 'base:roles/shellserver/users' failed: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 178, in render_tmpl
    output = render_str(tmplstr, context, tmplpath)
  File "/usr/lib/python2.7/dist-packages/salt/utils/templates.py", line 407, in render_jinja_tmpl
    log.debug("TmplStr: {0}".format(tmplstr))
UnicodeEncodeError: 'ascii' codec can't encode character u'\u2014' in position 75: ordinal not in range(128)
dereckson updated this revision to Diff 957.Jun 9 2016, 01:12
  • Removed diacritic from Sébastien
  • Fixed indent
  • We need to get rid of group root 0 (doesn't work currently)
dereckson added a comment.Jun 9 2016, 01:22

Works, but can't remove root group:

Ysul
$ salt eglide state.apply roles/shellserver/users
[…]
----------
          ID: root
    Function: group.absent
      Result: False
     Comment: Failed to remove group root
     Started: 01:21:15.601008
    Duration: 51.153 ms
     Changes:   
----------
          ID: wheel
    Function: group.present
      Result: False
     Comment: Group wheel is not present but gid 0 is already taken by group root
     Started: 01:21:15.654899
    Duration: 9.492 ms
     Changes:   
----------
[…]

upstreamhttps://github.com/saltstack/salt/issues/33886

Sandlayth accepted this revision.Jun 9 2016, 08:40
Sandlayth edited edge metadata.
This revision is now accepted and ready to land.Jun 9 2016, 08:40
dereckson planned changes to this revision.Jun 9 2016, 10:41

As said before, there is still the issue of the root group to solve.

dereckson accepted this revision.Jun 10 2016, 03:31
dereckson added a reviewer: dereckson.
dereckson added inline comments.
roles/shellserver/users/init.sls
56

Run sed -i 's/root:x:0:/wheel:x:0:/' /etc/group

dereckson requested a review of this revision.Jun 10 2016, 03:32
This revision is now accepted and ready to land.Jun 10 2016, 03:32
dereckson planned changes to this revision.Jun 10 2016, 03:33
dereckson updated this revision to Diff 961.EditedJun 12 2016, 22:18
dereckson edited edge metadata.

Solved root group issue and got it working on Eglide:

  • Add users/shelladmins.sls to the pillar top list
  • 'shelladmins' and list format for the pillar file
  • Perform sed -i 's/root:x:0:/wheel:x:0:/' /etc/group when a root group exists at gid 0
  • Fix list parsing issue
This revision is now accepted and ready to land.Jun 12 2016, 22:18
dereckson marked an inline comment as done.Jun 12 2016, 22:22
dereckson added a comment.Jun 12 2016, 23:47

@Sandlayth Run successfully on Eglide, okay to commit?

dereckson updated this revision to Diff 967.Jun 13 2016, 19:32

Create users before install software, so we avoid any root:root apt lock.

Closed by commit rOPSc18cf34de2bb: Provision ops accounts on Eglide (authored by dereckson, committed by dereckson). · Explain WhyJun 14 2016, 22:35
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
pillar/
users/
shelladmins.sls
shellusers.sls
19 lines
6 lines
roles/
shellserver/
users/
files/
ssh_keys/
2 lines
1 line
13 lines

Diff 957

View Options

pillar/users/shelladmins.sls

Loading...
View Options

pillar/users/shellusers.sls

Loading...
View Options

roles/shellserver/users/files/ssh_keys/dereckson

Loading...
View Options

roles/shellserver/users/files/ssh_keys/kalix

Loading...
View Options

roles/shellserver/users/init.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator