From 5b6380e022359e05eb52745593eddef91149d8b5 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 8 Mar 2014 16:06:01 -0300
Subject: Sudo configuration for the post-update hook

---
 files/sudoers              |  5 +++++
 manifests/master/update.pp | 13 +++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 files/sudoers

diff --git a/files/sudoers b/files/sudoers
new file mode 100644
index 0000000..71b8ab8
--- /dev/null
+++ b/files/sudoers
@@ -0,0 +1,5 @@
+# Cmnd alias specification
+Cmnd_Alias PUPPETUPDATE = /usr/local/sbin/update-puppet-conf.sh
+
+# User privilege specification
+gitolite ALL=(puppet) NOPASSWD:PUPPETUPDATE
diff --git a/manifests/master/update.pp b/manifests/master/update.pp
index f996f86..4c7a42c 100644
--- a/manifests/master/update.pp
+++ b/manifests/master/update.pp
@@ -44,6 +44,19 @@ class puppet::master::update(
     require => Exec['make-puppet-repo'],
   }
 
+  # sudo configuration for the post-update hook
+  file { '/etc/sudoers.d/puppet-update':
+    owner   => root,
+    group   => root,
+    mode    => 0440,
+    ensure  => $method ? {
+      'cron'  => $ensure,
+      default => present,
+    },
+    source  => "puppet:///modules/puppet/sudoers",
+    require => Package['sudo'],
+  }
+
   # needed by the post-update hook above
   if !defined(Package['procmail']) {
     package { 'procmail':
-- 
cgit v1.2.3