Allow adding "sudo" users that can authenticate via SSH key #79
Comments
|
How about using the "users::sysadmins" from https://supermarket.getchef.com/cookbooks/users ? This has two downsides:
It has upsides:
Edit: and another downside: somehow the **** data bags don't work/get uploaded with chef-solo. No idea why. |
|
Friendly bump. ✋ Can anyone have a look at PR #125, and tell me if that is completely stupid, or the right direction? |
|
@berkes Sorry did not respond earlier. I think @jvanbaarsen posted some feedback on your PR. As I see it: almost done and shippable :) Thanks for your work so far! |
|
No prob. I did not have any chef-time over the weekend and last few days. Might find some time thursday or friday-evening. |
|
👍 |
|
I've just updated the PR:
|
|
@michiels, @jvanbaarsen I think this one can be closed, since #125 is merged? |
|
Is it recommended that one add the deploy user to the "sysadmins": "sysadmins": {
"<username>": {
"password": "<hashed password: openssl passwd -1 'plaintextpassword'>",
"ssh_keys": [
"ssh-rsa AAA123...xyz== foo",
"ssh-rsa AAA456...uvw== bar"
]
}
}
"ssh_deploy_keys": [
"<enter the contents of an id_rsa.pub here>"
],Next, should there be a comma before "ssh_deploy_keys" in the above? Lastly, could someone add some comment(s) for setting the "ssh_keys"? |
Yes, this is a bug. PR here #148
Would a wiki-page be enough? Problem with json is, that it cannot contain comments. :/ |
|
@berkes Maybe we can add something like this to the README? |
|
README is fine with me too. I'll cook up a PR tomorrow (friday). |
|
You're the best! Thanks! 2014-11-27 9:31 GMT+01:00 Bèr Kessels [email protected]:
|
|
@berkes A Wiki page would be great to describe the ends-and-outs of editing this file. |
|
@jvanbaarsen I started off in the README, but found that I needed to put waay to much details and notes in there, so I went for a wiki-page: https://github.com/intercity/chef-repo/wiki/sample_host.json-explained#sysadmins This is WIP, so I did not create a PR with a change to the README to link there. The information there should cover the questions in this issue, so it can probably be closed. |
|
@jvanbaarsen It's a great start on the Wiki-Page. Also, I would recommend adding a PostgreSQL section: which has the following:
Next, I would add an example of adding a package like Memcached or something similar so the user is clear in the overall syntax. For example, if one wants to install memcached and imagemagick packages system wide on an Ubuntu system, then one would do the following: "packages": [ "memcached", "imagemagick" ], |
|
I think this ticket can be closed now, as the PRs is merged in, the feature is implemented. Any additions or changes could go into new issues, not? |
We want some way to create regular users that have sudo access on the server. Ideally we can pass in a list of users with one ore more corresponding SSH keys.
This way we can "share" the server with people so they can do emergency maintenance if necessary.
The text was updated successfully, but these errors were encountered: