From b47dbcdef0e2e4b1b30b0eab3ebf6d5ba929ea31 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Tue, 11 Oct 2011 15:56:11 -0700 Subject: [PATCH] Rework all of the slaves for virtualenv. Includes: Fixing jenkins sudoers from jeblair Removing tarmac depend from jeblair Remove wheel group from jeblair Change-Id: I86ec23f7aeafc31cc70b0f3a648739bb7316fc61 --- manifests/site.pp | 160 +----------------- modules/apt_server/files/packages | 6 - modules/apt_server/manifests/init.pp | 45 ----- modules/cowbuilder/files/E01-enable-repos | 36 ---- modules/cowbuilder/manifests/cow.pp | 78 --------- modules/cowbuilder/manifests/debgpg.pp | 11 -- modules/cowbuilder/manifests/init.pp | 57 ------- modules/jenkins_slave/files/tarmac.conf | 32 ---- modules/jenkins_slave/manifests/init.pp | 114 ++++++------- .../jenkins_slave/manifests/jenkinsuser.pp | 34 ---- modules/reprepro/files/distributions | 48 ------ modules/reprepro/manifests/init.pp | 68 -------- modules/sudoers/files/sudoers | 9 +- modules/sudoers/files/sudoers.Darwin | 25 --- modules/sudoers/files/sudoers.Ubuntu | 25 --- modules/sudoers/manifests/init.pp | 13 +- modules/user/manifests/virtual.pp | 2 +- 17 files changed, 63 insertions(+), 700 deletions(-) delete mode 100644 modules/apt_server/files/packages delete mode 100644 modules/apt_server/manifests/init.pp delete mode 100644 modules/cowbuilder/files/E01-enable-repos delete mode 100644 modules/cowbuilder/manifests/cow.pp delete mode 100644 modules/cowbuilder/manifests/debgpg.pp delete mode 100644 modules/cowbuilder/manifests/init.pp delete mode 100755 modules/jenkins_slave/files/tarmac.conf delete mode 100644 modules/reprepro/files/distributions delete mode 100644 modules/reprepro/manifests/init.pp delete mode 100644 modules/sudoers/files/sudoers.Darwin delete mode 100644 modules/sudoers/files/sudoers.Ubuntu diff --git a/manifests/site.pp b/manifests/site.pp index 674dddca88..5fefb3635e 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -8,6 +8,7 @@ class openstack_base { include ssh include snmpd include exim + include sudoers class { 'iptables': public_tcp_ports => $iptables_public_tcp_ports, @@ -30,6 +31,7 @@ class openstack_base { "bzr", "git", "python-setuptools", + "python-virtualenv", "byobu"] package { $packages: ensure => "latest" } @@ -47,15 +49,13 @@ class openstack_server { User::Virtual::Localuser["corvus"], User::Virtual::Localuser["soren"], ) + } class openstack_jenkins_slave { - include openstack_base + include openstack_server include jenkins_slave - apt::ppa { "ppa:nova-core/trunk": - ensure => present - } } # @@ -149,160 +149,10 @@ node "docs.openstack.org" { # # Jenkins slaves: # -node /^burrow-java(-\d+)?\.slave\.openstack\.org$/ { +node /^.*\.slave\.openstack\.org$/ { include openstack_jenkins_slave - - package { "maven2": - ensure => latest - } -} - -node /^burrow(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - package { "python-eventlet": - ensure => latest - } -} - -node /^libburrow(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - $slave_packages = ["build-essential", - "libcurl4-gnutls-dev", - "libtool", - "autoconf", - "automake"] - package { $slave_packages: ensure => "latest" } -} - -node /^dashboard(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - package { "python-virtualenv": - ensure => present - } -} - -node /^glance(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - apt::ppa { "ppa:glance-core/trunk": - ensure => present - } - - apt::builddep { "glance": - ensure => present, - require => Apt::Ppa["ppa:glance-core/trunk"] - } - - $slave_packages = ["python-argparse", - "python-decorator", - "python-eventlet", - "python-formencode", - "python-greenlet", - "python-migrate", - "python-mox", - "python-netifaces", - "python-openid", - "python-openssl", - "python-paste", - "python-pastedeploy", - "python-pastescript", - "python-routes", - "python-scgi", - "python-sqlalchemy", - "python-sqlalchemy-ext", - "python-swift", - "python-tempita", - "python-webob", - "python-xattr"] - package { $slave_packages: ensure => "latest" } -} - -node /^keystone(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - apt::ppa { "ppa:keystone-core/trunk": - ensure => present - } - apt::ppa { "ppa:swift-core/trunk": - ensure => present - } - - apt::builddep { "keystone": - ensure => present, - require => [Apt::Ppa["ppa:keystone-core/trunk"], - Apt::Ppa["ppa:nova-core/trunk"], - Apt::Ppa["ppa:swift-core/trunk"]] - } -} - -node /^quantum(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - $slave_packages = ["python-eventlet", - "python-paste", - "python-routes", - "python-sqlalchemy", - "python-gflags", - "python-cheetah", - "python-webtest", - "python-webob"] - - package { $slave_packages: - ensure => "latest", - require => Apt::Ppa["ppa:nova-core/trunk"] - } -} - -node /^manuals(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - package { "maven2": - ensure => latest - } -} - -node /^nova(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - apt::builddep { "nova": - ensure => present, - require => Apt::Ppa["ppa:nova-core/trunk"] - } -} - -node /^openstack-ci(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave -} - -node /^swift(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - - apt::ppa { "ppa:swift-core/trunk": - ensure => present - } - - apt::builddep { "swift": - ensure => present, - require => Apt::Ppa["ppa:swift-core/trunk"] - } } node /^driver(\d+)\.1918\.openstack\.org$/ { include openstack_jenkins_slave } - -node /^debuild(-\d+)?\.slave\.openstack\.org$/ { - include openstack_jenkins_slave - include cowbuilder - - class { "reprepro": } -} - -node /^packages\.openstack\.org$/ { - include openstack_jenkins_slave - - class { "apt_server": } -} diff --git a/modules/apt_server/files/packages b/modules/apt_server/files/packages deleted file mode 100644 index f8e5bbfe1d..0000000000 --- a/modules/apt_server/files/packages +++ /dev/null @@ -1,6 +0,0 @@ -server { - listen 80; - server_name packages.openstack.org; - root /srv/packages; - autoindex on; -} diff --git a/modules/apt_server/manifests/init.pp b/modules/apt_server/manifests/init.pp deleted file mode 100644 index 63630b15e8..0000000000 --- a/modules/apt_server/manifests/init.pp +++ /dev/null @@ -1,45 +0,0 @@ -class apt_server { - - package { "nginx": ensure => "latest" } - - file { "/etc/nginx/sites-available/default": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/apt_server/packages", - replace => 'true', - require => Package[nginx], - } - - file { "/etc/nginx/sites-enabled/default": - ensure => link, - target => "/etc/nginx/sites-available/default", - require => Package[nginx], - } - - file { "/srv": - owner => 'root', - group => 'root', - mode => 555, - ensure => directory, - } - - file {"/srv/packages": - owner => 'jenkins', - group => 'jenkins', - mode => 755, - ensure => directory, - require => File["/srv"], - } - - service { 'nginx': - name => 'nginx', - ensure => running, - enable => true, - hasrestart => true, - require => Package['nginx'], - subscribe => File['/etc/nginx/sites-available/default'], - } - -} diff --git a/modules/cowbuilder/files/E01-enable-repos b/modules/cowbuilder/files/E01-enable-repos deleted file mode 100644 index 8343d4904a..0000000000 --- a/modules/cowbuilder/files/E01-enable-repos +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -set -e - -apt-get -y install --force-yes lsb-release -release=`lsb_release --codename -s` - -if test `lsb_release --id --short` = "Ubuntu" -then - - apt-get -y install --force-yes python-software-properties - - cat > "/etc/apt/sources.list.d/extras.list" << EOF -deb http://security.ubuntu.com/ubuntu $release-security main universe -deb-src http://security.ubuntu.com/ubuntu $release-security main universe -deb http://us.archive.ubuntu.com/ubuntu/ $release-updates main universe -deb-src http://us.archive.ubuntu.com/ubuntu/ $release-updates main universe - -deb http://packages.openstack.org/trunk $release main -deb-src http://packages.openstack.org/trunk $release main -EOF - - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 32EE128C - rm -rf /etc/apt/sources.list.d/nova-core* -else - # Have I mentioned our lack of debian is a bit assy? Let's hope Maverick - # works for now - cat > "/etc/apt/sources.list.d/extras.list" << EOF -deb http://packages.openstack.org/trunk $release main -deb-src http://packages.openstack.org/trunk $release main -EOF - rm -rf /etc/apt/sources.list.d/nova.list - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 32EE128C -fi - -apt-get update diff --git a/modules/cowbuilder/manifests/cow.pp b/modules/cowbuilder/manifests/cow.pp deleted file mode 100644 index 0d678dfd04..0000000000 --- a/modules/cowbuilder/manifests/cow.pp +++ /dev/null @@ -1,78 +0,0 @@ -define cowbuilder::cow($distro = ubuntu) { - - $has_cow = "/usr/bin/test -d /var/cache/pbuilder/base-$name.cow" - $has_cow_32 = "/usr/bin/test -d /var/cache/pbuilder/base-$name-i386.cow" - case $bits { - 32: { - $env = ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"] - } - 64: { - $env = ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"] - } - } - - case $distro { - ubuntu: { - exec { "Add base cow for $name": - environment => ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"], - command => "git-pbuilder create --distribution $name --components 'main universe' --hookdir /var/cache/pbuilder/hook.d/ --mirror='http://us.archive.ubuntu.com/ubuntu/'", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - timeout => 0, - logoutput => on_failure, - unless => "$has_cow", - } - exec { "Add 32-bit base cow for $name": - environment => ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"], - command => "linux32 git-pbuilder create --distribution $name --components 'main universe' --hookdir /var/cache/pbuilder/hook.d/ --mirror='http://us.archive.ubuntu.com/ubuntu/'", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - timeout => 0, - logoutput => on_failure, - unless => "$has_cow_32", - } - } - debian: { - exec { "Add base cow for $name": - environment => ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"], - command => "git-pbuilder create --distribution $name --mirror ftp://ftp.us.debian.org/debian/ --debootstrapopts '--keyring=/usr/share/keyrings/debian-archive-keyring.gpg' --hookdir /var/cache/pbuilder/hook.d/", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - timeout => 0, - logoutput => on_failure, - unless => "$has_cow", - } - exec { "Add 32-bit base cow for $name": - environment => ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"], - command => "linux32 git-pbuilder create --distribution $name --mirror ftp://ftp.us.debian.org/debian/ --debootstrapopts '--keyring=/usr/share/keyrings/debian-archive-keyring.gpg' --hookdir /var/cache/pbuilder/hook.d/", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - timeout => 0, - logoutput => on_failure, - unless => "$has_cow_32", - } - } - } - exec { "Update base cow for $name": - environment => ["DIST=$name","APTCACHEHARDLINK=no","HOME=/root"], - command => "git-pbuilder update --hookdir /var/cache/pbuilder/hook.d/", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - logoutput => on_failure, - onlyif => "$has_cow", - } - exec { "Update 32-bit base cow for $name": - environment => ["ARCH=i386", "DIST=$name","APTCACHEHARDLINK=no","HOME=/root"], - command => "linux32 git-pbuilder update --hookdir /var/cache/pbuilder/hook.d/", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - logoutput => on_failure, - onlyif => "$has_cow_32", - } -} diff --git a/modules/cowbuilder/manifests/debgpg.pp b/modules/cowbuilder/manifests/debgpg.pp deleted file mode 100644 index 540e9a1115..0000000000 --- a/modules/cowbuilder/manifests/debgpg.pp +++ /dev/null @@ -1,11 +0,0 @@ -define cowbuilder::debgpg { - - exec { "Add gpg public key $name": - command => "gpg --keyserver keys.gnupg.net --recv-key $name", - path => "/usr/sbin:/usr/bin:/sbin:/bin", - user => root, - group => root, - logoutput => on_failure, - unless => "/usr/bin/gpg --list-keys $name >/dev/null 2>&1", - } -} diff --git a/modules/cowbuilder/manifests/init.pp b/modules/cowbuilder/manifests/init.pp deleted file mode 100644 index 78be502d7f..0000000000 --- a/modules/cowbuilder/manifests/init.pp +++ /dev/null @@ -1,57 +0,0 @@ -class cowbuilder { - - $slave_packages = ["git-buildpackage", - "pbuilder", - "cowbuilder", - "linux32", - "debian-archive-keyring"] - - $ubuntu_releases = [ "lucid", - "maverick", - "natty", - "oneiric" ] - - $debian_releases = [ "wheezy", - "squeeze" ] - - package { $slave_packages: - ensure => "latest" - } - - file { 'cowhookdir': - name => '/var/cache/pbuilder/hook.d', - ensure => 'directory', - mode => 755, - require => Package['pbuilder'], - } - - file { 'cowhook': - name => '/var/cache/pbuilder/hook.d/E01-enable-repos', - owner => 'root', - group => 'root', - mode => 755, - ensure => 'present', - source => "puppet:///modules/cowbuilder/E01-enable-repos", - replace => 'true', - require => File[cowhookdir] - } - - cowbuilder::debgpg { 'AED4B06F473041FA': } - - cowbuilder::cow { $ubuntu_releases: - distro => 'ubuntu', - require => [ Package[debian-archive-keyring], - Package[linux32], - File[cowhook] - ], - } - cowbuilder::cow { $debian_releases: - distro => 'debian', - require => [ Package[debian-archive-keyring], - Package[linux32], - File[cowhook], - Cowbuilder::Debgpg[AED4B06F473041FA], - ], - } - -} diff --git a/modules/jenkins_slave/files/tarmac.conf b/modules/jenkins_slave/files/tarmac.conf deleted file mode 100755 index fcfd87099b..0000000000 --- a/modules/jenkins_slave/files/tarmac.conf +++ /dev/null @@ -1,32 +0,0 @@ -[Tarmac] -rejected_branch_status = Work in progress - -[lp:nova] -verify_command=/home/jenkins/openstack-ci/test_nova.sh - -[lp:~hudson-openstack/nova/milestone-proposed] -verify_command=/home/jenkins/openstack-ci/test_nova.sh - -[lp:openstack-dashboard] -verify_command=bash run_tests.sh - -[lp:glance] -verify_command=python setup.py test - -[lp:~hudson-openstack/glance/milestone-proposed] -verify_command=python setup.py test - -[lp:swift] -verify_command=python setup.py test - -[lp:swift/1.1] -verify_command=python setup.py test - -[lp:swift/1.2] -verify_command=python setup.py test - -[lp:~hudson-openstack/swift/milestone-proposed] -verify_command=python setup.py test - -[lp:burrow] -verify_command=python setup.py test diff --git a/modules/jenkins_slave/manifests/init.pp b/modules/jenkins_slave/manifests/init.pp index 9d543aed9c..fda2b240ff 100644 --- a/modules/jenkins_slave/manifests/init.pp +++ b/modules/jenkins_slave/manifests/init.pp @@ -1,22 +1,68 @@ class jenkins_slave { jenkinsuser { "jenkins": - ensure => present + ensure => present, } slavecirepo { "openstack-ci": ensure => present, - require => [ Package[git], Jenkinsuser[jenkins] ] + require => [ Package[git], Jenkinsuser[jenkins] ], } - apt::ppa { "ppa:tarmac/ppa": - ensure => present, + apt::ppa { "ppa:openstack-ci/build-depends": + ensure => present + } + + $packages = ["apache2", + "autoconf", + "automake", + "cdbs", + "curl", + "build-essential", + "devscripts", + "dnsmasq-base", + "ebtables", + "gawk", + "graphviz", + "kpartx", + "kvm", + "iptables", + "libapache2-mod-wsgi", + "libcurl4-gnutls-dev", + "libldap2-dev", + "libsasl2-dev", + "libtool", + "libvirt-bin", + "libxml2-dev", + "libxslt1-dev", + "maven2", + "openjdk-6-jre", + "pep8", + "psmisc", + "pylint", + "python-libvirt", + "python-pip", + "python-all-dev", + "python-sphinx", + "python-unittest2", + "python3-all-dev", + "screen", + "socat", + "sqlite3", + "swig", + "unzip", + "vlan", + "wget"] + package { $packages: + ensure => "latest", + require => Apt::Ppa["ppa:openstack-ci/build-depends"], } cron { "updateci": user => jenkins, minute => "*/15", - command => "cd /home/jenkins/openstack-ci && /usr/bin/git pull -q origin master" + command => "cd /home/jenkins/openstack-ci && /usr/bin/git pull -q origin master", + require => [ Jenkinsuser[jenkins] ], } file { 'aptsources': @@ -41,62 +87,4 @@ class jenkins_slave { ], } - package { "openjdk-6-jre": - ensure => latest - } - - package { "cdbs": - ensure => latest - } - - package { "devscripts": - ensure => latest - } - - package { "python-sphinx": - ensure => latest - } - - package { "graphviz": - ensure => latest - } - - package { "pep8": - ensure => latest - } - - package { "pylint": - ensure => latest - } - - package { "python-dev": - ensure => latest - } - - package { "tarmac": - ensure => latest, - require => Apt::Ppa["ppa:tarmac/ppa"] - } - - package { "python-pip": - ensure => latest, - require => Package[python-dev] - } - - package { "python-coverage": - ensure => latest, - require => [Apt::Ppa["ppa:nova-core/trunk"], - Package[python-nose]] - } - - package { "python-nose": - ensure => latest, - require => Apt::Ppa["ppa:nova-core/trunk"], - } - - package { "python-nosexcover": - ensure => latest, - require => [Apt::Ppa["ppa:nova-core/trunk"], - Package[python-coverage]] - } } diff --git a/modules/jenkins_slave/manifests/jenkinsuser.pp b/modules/jenkins_slave/manifests/jenkinsuser.pp index 67f1cb376c..0254726fc5 100644 --- a/modules/jenkins_slave/manifests/jenkinsuser.pp +++ b/modules/jenkins_slave/manifests/jenkinsuser.pp @@ -10,7 +10,6 @@ define jenkinsuser($ensure = present) { home => '/home/jenkins', gid => 'jenkins', shell => '/bin/bash', - groups => ['wheel','sudo'], membership => 'minimum', } @@ -171,37 +170,4 @@ define jenkinsuser($ensure = present) { require => File['jenkinshome'], } - file { 'jenkinsconftarmacdir': - name => '/home/jenkins/.config/tarmac', - owner => 'jenkins', - group => 'jenkins', - mode => 755, - ensure => 'directory', - require => File['jenkinsconfigdir'], - } - - file { 'jenkinstarmacconf': - name => '/home/jenkins/.config/tarmac/tarmac.conf', - owner => 'jenkins', - group => 'jenkins', - mode => 644, - ensure => 'present', - require => File['jenkinsconftarmacdir'], - source => [ - "puppet:///modules/jenkins_slave/tarmac.conf", - ], - } - - file { 'jenkinstarmaccredentials': - name => '/home/jenkins/.config/tarmac/credentials', - owner => 'jenkins', - group => 'jenkins', - mode => 640, - ensure => 'present', - require => File['jenkinsconftarmacdir'], - source => [ - "puppet:///modules/jenkins_slave/slave_tarmac_key", - ], - } - } diff --git a/modules/reprepro/files/distributions b/modules/reprepro/files/distributions deleted file mode 100644 index e0bbe9b04e..0000000000 --- a/modules/reprepro/files/distributions +++ /dev/null @@ -1,48 +0,0 @@ -Origin: OpenStack -Label: OpenStack -Codename: lucid -Architectures: i386 amd64 source -Components: main -Description: OpenStack APT Repository -SignWith: yes - -Origin: OpenStack -Label: OpenStack -Codename: maverick -Architectures: i386 amd64 source -Components: main -Description: OpenStack APT Repository -SignWith: yes - -Origin: OpenStack -Label: OpenStack -Codename: natty -Architectures: i386 amd64 source -Components: main -Description: OpenStack APT Repository -SignWith: yes - -Origin: OpenStack -Label: OpenStack -Codename: oneiric -Architectures: i386 amd64 source -Components: main -Description: OpenStack APT Repository -SignWith: yes - -Origin: OpenStack -Label: OpenStack -Codename: wheezy -Architectures: i386 amd64 source -Components: main -Description: OpenStack APT Repository -SignWith: yes - -Origin: OpenStack -Label: OpenStack -Codename: squeeze -Architectures: i386 amd64 source -Components: main -Description: OpenStack APT Repository -SignWith: yes - diff --git a/modules/reprepro/manifests/init.pp b/modules/reprepro/manifests/init.pp deleted file mode 100644 index 43256fa1ee..0000000000 --- a/modules/reprepro/manifests/init.pp +++ /dev/null @@ -1,68 +0,0 @@ -class reprepro { - - package { "reprepro": ensure => "latest" } - - file { "/srv": - owner => 'root', - group => 'root', - mode => 555, - ensure => directory, - } - - file {"/srv/packages": - owner => 'root', - group => 'root', - mode => 555, - ensure => directory, - require => File["/srv"], - } - - file {"/srv/packages/trunk": - owner => 'jenkins', - group => 'jenkins', - mode => 755, - ensure => directory, - require => [File["/srv/packages"], User[jenkins]] - } - - file {"/srv/packages/trunk/conf": - owner => 'root', - group => 'root', - mode => 555, - ensure => directory, - require => File["/srv/packages/trunk"], - } - - file {"/srv/packages/trunk/conf/distributions": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/reprepro/distributions", - } - - file {"/srv/packages/diablo": - owner => 'jenkins', - group => 'jenkins', - mode => 755, - ensure => directory, - require => [File["/srv/packages"], User[jenkins]] - } - - file {"/srv/packages/diablo/conf": - owner => 'root', - group => 'root', - mode => 555, - ensure => directory, - require => File["/srv/packages/diablo"], - } - - file {"/srv/packages/diablo/conf/distributions": - owner => 'root', - group => 'root', - mode => 444, - ensure => 'present', - source => "puppet:///modules/reprepro/distributions", - } - -} diff --git a/modules/sudoers/files/sudoers b/modules/sudoers/files/sudoers index 693e87ea8b..d5f2ccb83a 100644 --- a/modules/sudoers/files/sudoers +++ b/modules/sudoers/files/sudoers @@ -12,13 +12,14 @@ Defaults env_reset # User alias specification # Cmnd alias specification -#drizzle ALL = NOPASSWD: /usr/bin/pbuilder - # User privilege specification root ALL=(ALL) ALL -# Uncomment to allow members of group sudo to not need a password +# Allow members of group sudo to execute any command after they have +# provided their password # (Note that later entries override this, so you might need to move # it further down) -%wheel ALL=NOPASSWD: ALL +%sudo ALL=(ALL) NOPASSWD: ALL +# +#includedir /etc/sudoers.d diff --git a/modules/sudoers/files/sudoers.Darwin b/modules/sudoers/files/sudoers.Darwin deleted file mode 100644 index 16125f90e1..0000000000 --- a/modules/sudoers/files/sudoers.Darwin +++ /dev/null @@ -1,25 +0,0 @@ -# /etc/sudoers -# -# This file MUST be edited with the 'visudo' command as root. -# -# See the man page for details on how to write a sudoers file. -# - -Defaults env_reset - -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification -root ALL=(ALL) ALL - -# Allow members of group sudo to execute any command after they have -# provided their password -# (Note that later entries override this, so you might need to move -# it further down) -%admin ALL=(ALL) NOPASSWD: ALL -# -#includedir /etc/sudoers.d diff --git a/modules/sudoers/files/sudoers.Ubuntu b/modules/sudoers/files/sudoers.Ubuntu deleted file mode 100644 index d5f2ccb83a..0000000000 --- a/modules/sudoers/files/sudoers.Ubuntu +++ /dev/null @@ -1,25 +0,0 @@ -# /etc/sudoers -# -# This file MUST be edited with the 'visudo' command as root. -# -# See the man page for details on how to write a sudoers file. -# - -Defaults env_reset - -# Host alias specification - -# User alias specification - -# Cmnd alias specification - -# User privilege specification -root ALL=(ALL) ALL - -# Allow members of group sudo to execute any command after they have -# provided their password -# (Note that later entries override this, so you might need to move -# it further down) -%sudo ALL=(ALL) NOPASSWD: ALL -# -#includedir /etc/sudoers.d diff --git a/modules/sudoers/manifests/init.pp b/modules/sudoers/manifests/init.pp index bad9c25e8c..fe927e02de 100644 --- a/modules/sudoers/manifests/init.pp +++ b/modules/sudoers/manifests/init.pp @@ -1,7 +1,4 @@ class sudoers { - group { 'wheel': - ensure => 'present' - } group { 'sudo': ensure => 'present' } @@ -14,15 +11,7 @@ class sudoers { group => 'root', mode => 440, ensure => 'present', - source => [ - "puppet:///modules/sudoers/sudoers.$operatingsystem", - "puppet:///modules/sudoers/sudoers" - ], + source => "puppet:///modules/sudoers/sudoers", replace => 'true', } - - file { '/etc/alternatives/editor': - ensure => link, - target => "/usr/bin/vim.basic", - } } diff --git a/modules/user/manifests/virtual.pp b/modules/user/manifests/virtual.pp index ce7f15f36f..27b772e15e 100644 --- a/modules/user/manifests/virtual.pp +++ b/modules/user/manifests/virtual.pp @@ -10,7 +10,7 @@ class user::virtual { home => "/home/$title", shell => $shell, gid => $title, - groups => ['wheel','sudo','admin'], + groups => ['sudo','admin'], membership => 'minimum', managehome => true, # creates the home directory (does not actually manage it) require => Group[$title],