Sudo configuration for the post-update hook

author Silvio Rhatto <rhatto@riseup.net>

Sat, 8 Mar 2014 19:06:01 +0000 (16:06 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Sat, 8 Mar 2014 19:06:01 +0000 (16:06 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Sat, 8 Mar 2014 19:06:01 +0000 (16:06 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Sat, 8 Mar 2014 19:06:01 +0000 (16:06 -0300)
diff --git a/files/sudoers b/files/sudoers

new file mode 100644 (file)

index 0000000..71b8ab8
--- /dev/null
+++ b/files/sudoers
@@ -0,0 +1,5 @@
+# Cmnd alias specification
+Cmnd_Alias PUPPETUPDATE = /usr/local/sbin/update-puppet-conf.sh
+
+# User privilege specification
+gitolite ALL=(puppet) NOPASSWD:PUPPETUPDATE
diff --git a/manifests/master/update.pp b/manifests/master/update.pp

index f996f8610d55f982f85f1cd9f0eeb90f3d67291c..4c7a42ca7c3eb5ea53df0a8e8ff41457f8409436 100644 (file)
--- a/manifests/master/update.pp
+++ b/manifests/master/update.pp
@@ -44,6 +44,19 @@ class puppet::master::update(
      require => Exec['make-puppet-repo'],
    }
  
+  # sudo configuration for the post-update hook
+  file { '/etc/sudoers.d/puppet-update':
+    owner   => root,
+    group   => root,
+    mode    => 0440,
+    ensure  => $method ? {
+      'cron'  => $ensure,
+      default => present,
+    },
+    source  => "puppet:///modules/puppet/sudoers",
+    require => Package['sudo'],
+  }
+
    # needed by the post-update hook above
    if !defined(Package['procmail']) {
      package { 'procmail':
author	Silvio Rhatto <rhatto@riseup.net>
	Sat, 8 Mar 2014 19:06:01 +0000 (16:06 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Sat, 8 Mar 2014 19:06:01 +0000 (16:06 -0300)
files/sudoers	[new file with mode: 0644]	patch \| blob
manifests/master/update.pp		patch \| blob \| history