welcome: please sign in

Diff for "AddingNewAdmins"

Differences between revisions 7 and 9 (spanning 2 versions)
Revision 7 as of 2012-03-22 07:17:16
Size: 441
Editor: ClintonEbadi
Comment: oops, last despam for this page reverted to the wrong version
Revision 9 as of 2022-02-17 01:17:50
Size: 1124
Editor: StephenMichel
Comment: Add notes based on ClintonEbadi's irc comments
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)
Line 5: Line 7:
Fritz:
{{{
 - adduser NAME_admin
 - adduser NAME_admin wheel
}}}
Deleuze:		 Gibran:
Line 15: Line 12:
 - bos adduser fritz NAME_admin
 - bos adduser deleuze NAME_admin
 - visudo		  - bos adduser gibran NAME_admin
 - bos adduser lovelace NAME_admin
Line 19: Line 15:
Mire:
{{{
 - visudo
}}}
Outpost:
{{{
 - nothing, only one username created there
}}}
Then, update the `hcoop-[admin-]-common-config` package to include user in sudoers.

Additionally, grant MitKerberos administrative permissions as needed.

== Puppet ==

A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:

 * create /srv/puppet/environments/$user
 * link that from /etc/puppetlabs/code/environments/$user
 * copy in environment.conf + hiera.conf from the production env
 * clone manifests and modules/hcoop into the new user env

== Domtool ==

 * check perms for an existing _admin user and add those to the new _admin user

----
CategorySystemAdministration

TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)

1. Adding new admins

Currently, we do it this way:

Gibran: 

 - cd /afs/.hcoop.net/common/etc/scripts
 - ./create-user NAME_admin
 - pts adduser NAME_admin system:administrators
 - bos adduser gibran NAME_admin
 - bos adduser lovelace NAME_admin

Then, update the hcoop-[admin-]-common-config package to include user in sudoers.

Additionally, grant MitKerberos administrative permissions as needed.

1.1. Puppet

A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:

  • create /srv/puppet/environments/$user
  • link that from /etc/puppetlabs/code/environments/$user
  • copy in environment.conf + hiera.conf from the production env
  • clone manifests and modules/hcoop into the new user env

1.2. Domtool

  • check perms for an existing _admin user and add those to the new _admin user

CategorySystemAdministration

AddingNewAdmins (last edited 2022-03-05 20:22:28 by ClintonEbadi)