#8313 Grant lsedlar permissions to run "odcs" playbooks.
Closed: Fixed 9 months ago by mizdebsk. Opened 9 months ago by jkaluza.


ODCS in Fedora will be soon maintained by @lsedlar (and maybe also other people in the future). I would therefore like to do following changes:

  • Create new sysadmin-odcs group and configure it in a way that members of this group can run ODCS playbooks.
  • Add @lsedlar to this group.

Metadata Update from @mizdebsk:
- Issue assigned to mizdebsk
- Issue priority set to: Waiting on Assignee (was: Needs Review)

9 months ago

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on External (was: Waiting on Assignee)

9 months ago

Hm, @mizdebsk, I did not know it needs FBR. We can just wait for freeze to end. It's not critical change, it can wait even month and half :).

FBR is not essential for implementing this - @lsedlar should already have access to bastion hosts as a member of sysadmin-releng and pungi-devel groups. The essential parts parts (access to batcave, RBAC policy change, ODCS config change) don't require FBR.

Metadata Update from @mizdebsk:
- Issue priority set to: Waiting on Assignee (was: Waiting on External)

9 months ago

The issue should be resolved

  • sysadmin-odcs group has been created in production FAS
  • staging FAS has been synced with production
  • sysadmin-odcs were allowed to login to bastion, batcave and ODCS hosts
  • sysadmin-odcs were given permission to run ODCS playbooks on batcave
  • sysadmin-odcs were given sudo permissions to run journalctl on ODCS backend

Metadata Update from @mizdebsk:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

9 months ago

Login to comment on this ticket.