From 9195c2d39a30aebe468f3bbf2ca825e228eac0a5 Mon Sep 17 00:00:00 2001 From: Nils Philippsen Date: Fri, 19 Mar 2021 17:25:38 +0100 Subject: [PATCH] ipa/client: enable for pkgs in prod ...and grant shell access to the packager group. Signed-off-by: Nils Philippsen --- inventory/group_vars/pkgs | 9 ++------- inventory/group_vars/pkgs_stg | 1 + playbooks/groups/pkgs.yml | 5 +---- 3 files changed, 4 insertions(+), 11 deletions(-) diff --git a/inventory/group_vars/pkgs b/inventory/group_vars/pkgs index 0c09de1ffe..63cc3ce320 100644 --- a/inventory/group_vars/pkgs +++ b/inventory/group_vars/pkgs @@ -16,15 +16,10 @@ wsgi_threads: 6 pagure_static_uid: 600 - -fas_client_groups: sysadmin-main,sysadmin-cvs,sysadmin-noc,sysadmin-veteran -fas_client_restricted_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/libexec/pagure/aclchecker.py %(username)s -fas_client_admin_app: PAGURE_CONFIG=/etc/pagure/pagure_hook.cfg HOME=/srv/git /usr/libexec/pagure/aclchecker.py %(username)s -fas_client_ssh_groups: "@cvs,sysadmin-main,sysadmin-cvs,sysadmin-releng,sysadmin-noc,sysadmin-veteran" -admin_groups: "@sysadmin-cvs @sysadmin-releng" - +primary_auth_source: ipa ipa_host_group: pkgs ipa_client_shell_groups: +- packager - sysadmin-cvs - sysadmin-main - sysadmin-noc diff --git a/inventory/group_vars/pkgs_stg b/inventory/group_vars/pkgs_stg index 91fc2026ee..02e0b71030 100644 --- a/inventory/group_vars/pkgs_stg +++ b/inventory/group_vars/pkgs_stg @@ -20,6 +20,7 @@ fedmsg_active: True ipa_host_group: pkgs ipa_client_shell_groups: +- packager - sysadmin-cvs - sysadmin-main - sysadmin-noc diff --git a/playbooks/groups/pkgs.yml b/playbooks/groups/pkgs.yml index 4bf5558c8d..d49b4145fe 100644 --- a/playbooks/groups/pkgs.yml +++ b/playbooks/groups/pkgs.yml @@ -15,8 +15,7 @@ - hosts - rkhunter - nagios_client - - { role: fas_client, when: env != "staging" } - - { role: ipa/client, when: env == "staging" } + - ipa/client - collectd/base - sudo - apache @@ -31,8 +30,6 @@ - import_tasks: "{{ tasks_path }}/yumrepos.yml" - import_tasks: "{{ tasks_path }}/motd.yml" - - import_tasks: "{{ tasks_path }}/2fa_client.yml" - when: env != "staging" handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml"