fedora-infrastructure

Clone
Source Code
GIT

#8313 Grant lsedlar permissions to run "odcs" playbooks.
Closed: Fixed 4 years ago by mizdebsk. Opened 4 years ago by jkaluza.

Closed: Fixed
Reopen Issue

Hi,

ODCS in Fedora will be soon maintained by @lsedlar (and maybe also other people in the future). I would therefore like to do following changes:

  • Create new sysadmin-odcs group and configure it in a way that members of this group can run ODCS playbooks.
  • Add @lsedlar to this group.

Metadata Update from @mizdebsk:
- Issue assigned to mizdebsk
- Issue priority set to: Waiting on Assignee (was: Needs Review)
4 years ago

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on External (was: Waiting on Assignee)
4 years ago

Hm, @mizdebsk, I did not know it needs FBR. We can just wait for freeze to end. It's not critical change, it can wait even month and half :).

FBR is not essential for implementing this - @lsedlar should already have access to bastion hosts as a member of sysadmin-releng and pungi-devel groups. The essential parts parts (access to batcave, RBAC policy change, ODCS config change) don't require FBR.

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on Assignee (was: Waiting on External)
4 years ago

The issue should be resolved

  • sysadmin-odcs group has been created in production FAS
  • staging FAS has been synced with production
  • sysadmin-odcs were allowed to login to bastion, batcave and ODCS hosts
  • sysadmin-odcs were given permission to run ODCS playbooks on batcave
  • sysadmin-odcs were given sudo permissions to run journalctl on ODCS backend

Metadata Update from @mizdebsk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)
4 years ago

Login to comment on this ticket.

Metadata
None
None
None
Waiting on Assignee
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.