welcome: please sign in

Diff for "AddingNewAdmins"

Differences between revisions 6 and 9 (spanning 3 versions)
Revision 6 as of 2011-04-22 22:50:18
Size: 66
Editor: ClintonEbadi
Comment:
Revision 9 as of 2022-02-17 01:17:50
Size: 1124
Editor: StephenMichel
Comment: Add notes based on ClintonEbadi's irc comments
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Kudos to you! I hadn't tuhoght of that! TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)

= Adding new admins =

Currently, we do it this way:

Gibran:
{{{
 - cd /afs/.hcoop.net/common/etc/scripts
 - ./create-user NAME_admin
 - pts adduser NAME_admin system:administrators
 - bos adduser gibran NAME_admin
 - bos adduser lovelace NAME_admin
}}}

Then, update the `hcoop-[admin-]-common-config` package to include user in sudoers.

Additionally, grant MitKerberos administrative permissions as needed.

== Puppet ==

A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:

 * create /srv/puppet/environments/$user
 * link that from /etc/puppetlabs/code/environments/$user
 * copy in environment.conf + hiera.conf from the production env
 * clone manifests and modules/hcoop into the new user env

== Domtool ==

 * check perms for an existing _admin user and add those to the new _admin user
Line 3: Line 34:
CategoryNeedsWork CategorySystemAdministration

TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)

1. Adding new admins

Currently, we do it this way:

Gibran: 

 - cd /afs/.hcoop.net/common/etc/scripts
 - ./create-user NAME_admin
 - pts adduser NAME_admin system:administrators
 - bos adduser gibran NAME_admin
 - bos adduser lovelace NAME_admin

Then, update the hcoop-[admin-]-common-config package to include user in sudoers.

Additionally, grant MitKerberos administrative permissions as needed.

1.1. Puppet

A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:

  • create /srv/puppet/environments/$user
  • link that from /etc/puppetlabs/code/environments/$user
  • copy in environment.conf + hiera.conf from the production env
  • clone manifests and modules/hcoop into the new user env

1.2. Domtool

  • check perms for an existing _admin user and add those to the new _admin user

CategorySystemAdministration

AddingNewAdmins (last edited 2022-03-05 20:22:28 by ClintonEbadi)