[tor-bugs] #29663 [Internal Services/Services Admin Team]: Deploy /etc/puppet as a role account
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Mar 5 13:46:30 UTC 2019
#29663: Deploy /etc/puppet as a role account
-------------------------+-------------------------------------------------
Reporter: ln5 | Owner: (none)
Type: enhancement | Status: new
Priority: Medium | Component: Internal Services/Services
| Admin Team
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+-------------------------------------------------
On our puppet master (alberti.tpo), the post-receive git hook deploys the
tor-puppet repo in /etc/puppet as the user pushing. As long as umask is
correct and the stars are aligned, things are good. Sometimes files end up
with 0644 when we need them to be 0664 in order for other accounts (in
group 'adm') to be able to change existing files.
Start using a role account instead of individual admin accounts for
deploying to /etc/puppet.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29663>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list