#8313 Grant lsedlar permissions to run "odcs" playbooks.
Closed: Fixed 19 days ago by mizdebsk. Opened 22 days ago by jkaluza.

Hi,

ODCS in Fedora will be soon maintained by @lsedlar (and maybe also other people in the future). I would therefore like to do following changes:

  • Create new sysadmin-odcs group and configure it in a way that members of this group can run ODCS playbooks.
  • Add @lsedlar to this group.

Metadata Update from @mizdebsk:
- Issue assigned to mizdebsk
- Issue priority set to: Waiting on Assignee (was: Needs Review)

22 days ago

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on External (was: Waiting on Assignee)

22 days ago

Hm, @mizdebsk, I did not know it needs FBR. We can just wait for freeze to end. It's not critical change, it can wait even month and half :).

FBR is not essential for implementing this - @lsedlar should already have access to bastion hosts as a member of sysadmin-releng and pungi-devel groups. The essential parts parts (access to batcave, RBAC policy change, ODCS config change) don't require FBR.

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on Assignee (was: Waiting on External)

21 days ago

The issue should be resolved

  • sysadmin-odcs group has been created in production FAS
  • staging FAS has been synced with production
  • sysadmin-odcs were allowed to login to bastion, batcave and ODCS hosts
  • sysadmin-odcs were given permission to run ODCS playbooks on batcave
  • sysadmin-odcs were given sudo permissions to run journalctl on ODCS backend

Metadata Update from @mizdebsk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

19 days ago

Login to comment on this ticket.

Metadata