welcome: please sign in

Diff for "AddingNewAdmins"

Differences between revisions 8 and 9
Revision 8 as of 2012-09-06 06:56:34
Size: 460
Editor: ClintonEbadi
Comment: local users are deprecated for the time being
Revision 9 as of 2022-02-17 01:17:50
Size: 1124
Comment: Add notes based on ClintonEbadi's irc comments
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)
Line 5: Line 7:
Fritz: Gibran:
Line 10: Line 12:
 - bos adduser fritz NAME_admin
 - bos adduser deleuze NAME_admin
 - bos adduser gibran NAME_admin
 - bos adduser lovelace NAME_admin
Line 17: Line 19:

== Puppet ==

A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:

 * create /srv/puppet/environments/$user
 * link that from /etc/puppetlabs/code/environments/$user
 * copy in environment.conf + hiera.conf from the production env
 * clone manifests and modules/hcoop into the new user env

== Domtool ==

 * check perms for an existing _admin user and add those to the new _admin user

TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)

1. Adding new admins

Currently, we do it this way:

Gibran:

 - cd /afs/.hcoop.net/common/etc/scripts
 - ./create-user NAME_admin
 - pts adduser NAME_admin system:administrators
 - bos adduser gibran NAME_admin
 - bos adduser lovelace NAME_admin

Then, update the hcoop-[admin-]-common-config package to include user in sudoers.

Additionally, grant MitKerberos administrative permissions as needed.

1.1. Puppet

A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:

  • create /srv/puppet/environments/$user
  • link that from /etc/puppetlabs/code/environments/$user
  • copy in environment.conf + hiera.conf from the production env
  • clone manifests and modules/hcoop into the new user env

1.2. Domtool

  • check perms for an existing _admin user and add those to the new _admin user


CategorySystemAdministration

AddingNewAdmins (last edited 2022-03-05 20:22:28 by ClintonEbadi)