From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 8 Mar 2014 19:06:01 +0000 (-0300)
Subject: Sudo configuration for the post-update hook
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=5b6380e022359e05eb52745593eddef91149d8b5;p=puppet-puppet.git

Sudo configuration for the post-update hook
---

diff --git a/files/sudoers b/files/sudoers
new file mode 100644
index 0000000..71b8ab8
--- /dev/null
+++ b/files/sudoers
@@ -0,0 +1,5 @@
+# Cmnd alias specification
+Cmnd_Alias PUPPETUPDATE = /usr/local/sbin/update-puppet-conf.sh
+
+# User privilege specification
+gitolite ALL=(puppet) NOPASSWD:PUPPETUPDATE
diff --git a/manifests/master/update.pp b/manifests/master/update.pp
index f996f86..4c7a42c 100644
--- a/manifests/master/update.pp
+++ b/manifests/master/update.pp
@@ -44,6 +44,19 @@ class puppet::master::update(
     require => Exec['make-puppet-repo'],
   }
 
+  # sudo configuration for the post-update hook
+  file { '/etc/sudoers.d/puppet-update':
+    owner   => root,
+    group   => root,
+    mode    => 0440,
+    ensure  => $method ? {
+      'cron'  => $ensure,
+      default => present,
+    },
+    source  => "puppet:///modules/puppet/sudoers",
+    require => Package['sudo'],
+  }
+
   # needed by the post-update hook above
   if !defined(Package['procmail']) {
     package { 'procmail':