Sudo configuration for the post-update hook

author: Silvio Rhatto <rhatto@riseup.net> 2014-03-08 16:06:01 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2014-03-08 16:06:01 -0300
commit: 5b6380e022359e05eb52745593eddef91149d8b5 (patch)
tree: f166d5d595cebf581e35ca20901ad3037d8989c9
parent: 51868a5fb2766dd0e55c6c05c45c7e2fd02e1d49 (diff)
download: puppet-puppet-5b6380e022359e05eb52745593eddef91149d8b5.tar.gz
puppet-puppet-5b6380e022359e05eb52745593eddef91149d8b5.tar.bz2
2 files changed, 18 insertions, 0 deletions
diff --git a/files/sudoers b/files/sudoers
new file mode 100644
index 0000000..71b8ab8
--- /dev/null
+++ b/files/sudoers
@@ -0,0 +1,5 @@
+# Cmnd alias specification
+Cmnd_Alias PUPPETUPDATE = /usr/local/sbin/update-puppet-conf.sh
+
+# User privilege specification
+gitolite ALL=(puppet) NOPASSWD:PUPPETUPDATE
diff --git a/manifests/master/update.pp b/manifests/master/update.pp
index f996f86..4c7a42c 100644
--- a/manifests/master/update.pp
+++ b/manifests/master/update.pp
@@ -44,6 +44,19 @@ class puppet::master::update(
     require => Exec['make-puppet-repo'],
   }
 
+  # sudo configuration for the post-update hook
+  file { '/etc/sudoers.d/puppet-update':
+    owner   => root,
+    group   => root,
+    mode    => 0440,
+    ensure  => $method ? {
+      'cron'  => $ensure,
+      default => present,
+    },
+    source  => "puppet:///modules/puppet/sudoers",
+    require => Package['sudo'],
+  }
+
   # needed by the post-update hook above
   if !defined(Package['procmail']) {
     package { 'procmail':
author	Silvio Rhatto <rhatto@riseup.net>	2014-03-08 16:06:01 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2014-03-08 16:06:01 -0300
commit	5b6380e022359e05eb52745593eddef91149d8b5 (patch)
tree	f166d5d595cebf581e35ca20901ad3037d8989c9
parent	51868a5fb2766dd0e55c6c05c45c7e2fd02e1d49 (diff)
download	puppet-puppet-5b6380e022359e05eb52745593eddef91149d8b5.tar.gz puppet-puppet-5b6380e022359e05eb52745593eddef91149d8b5.tar.bz2