TODO: Write a create-admin-user script that does this all automatically (add it to the scripts git repo)
1. Adding new admins
Currently, we do it this way:
Gibran:
- cd /afs/.hcoop.net/common/etc/scripts - ./create-user NAME_admin - pts adduser NAME_admin system:administrators - bos adduser gibran NAME_admin - bos adduser lovelace NAME_admin
Then, update the hcoop-[admin-]-common-config package to include user in sudoers.
Additionally, grant MitKerberos administrative permissions as needed.
1.1. Puppet
A puppet environment needs to be added. The new admin has to be added to the admin users variable in puppet, which *should* add sudoers and login.restrict entries as needed. IIRC all that is needed is:
- create /srv/puppet/environments/$user
- link that from /etc/puppetlabs/code/environments/$user
- copy in environment.conf + hiera.conf from the production env
- clone manifests and modules/hcoop into the new user env
1.2. Domtool
- check perms for an existing _admin user and add those to the new _admin user