adding more comments

1bf7c64d · John Jarvis · 9c77bdf0 · 1bf7c64d · 1bf7c64d · 1bf7c64d
Commit 1bf7c64d authored Feb 26, 2014 by John Jarvis
Showing with 24 additions and 21 deletions

playbooks/roles/analytics-server/defaults/main.yml
+0 -8

playbooks/roles/analytics-server/meta/main.yml
+7 -4

playbooks/roles/edxapp/meta/main.yml
+4 -3

playbooks/roles/user/tasks/main.yml
+13 -6

No files found.
--- a/playbooks/roles/analytics-server/defaults/main.yml
+++ b/playbooks/roles/analytics-server/defaults/main.yml
@@ -66,14 +66,6 @@ as_env_vars:
  ANALYTICS_SERVER_LOG_LEVEL: "{{ AS_LOG_LEVEL }}"
 #
-# Used by the included role, automated.
-# See meta/main.yml
-#
-as_automated_rbash_links:
-  - /usr/bin/sudo
-  - /usr/bin/scp
-#
 # OS packages
 #

--- a/playbooks/roles/analytics-server/meta/main.yml
+++ b/playbooks/roles/analytics-server/meta/main.yml
 ---
 dependencies:
  - role: user
-    name: automator
+    user_info:
-    sudoers_template: '99-automator-analytics.j2'
+    - name: automator
-    user_authorized_keys: "{{ AS_AUTOMATOR_AUTHORIZED_KEYS }}"
+      sudoers_template: '99-automator-analytics.j2'
-    rbash_links: "{{ as_automated_rbash_links }}"
+      user_authorized_keys: "{{ AS_AUTOMATOR_AUTHORIZED_KEYS }}"
+    user_rbash_links:
+      - /usr/bin/sudo
+      - /usr/bin/scp
    when: AS_AUTOMATOR_AUTHORIZED_KEYS|length != 0
--- a/playbooks/roles/edxapp/meta/main.yml
+++ b/playbooks/roles/edxapp/meta/main.yml
@@ -7,7 +7,8 @@ dependencies:
    rbenv_ruby_version: "{{ edxapp_ruby_version }}"
  - devpi
  - role: user
-    name: automator
+    user_info:
-    sudoers_template: '99-edxapp-manage-cmds.j2'
+      name: automator
-    user_authorized_keys: "{{ EDXAPP_AUTOMATOR_AUTHORIZED_KEYS }}"
+      sudoers_template: '99-edxapp-manage-cmds.j2'
+      user_authorized_keys: "{{ EDXAPP_AUTOMATOR_AUTHORIZED_KEYS }}"
    when: EDXAPP_AUTOMATOR_AUTHORIZED_KEYS|length != 0
--- a/playbooks/roles/user/tasks/main.yml
+++ b/playbooks/roles/user/tasks/main.yml
@@ -35,26 +35,33 @@
 #
 #   - role: user
 #     user_info:
-#       - name: joe
+#       # This restricted user is defined in meta/
+#       # for edxapp, it creates a user that can only
+#       # run manage.py commands
+#       - name: automator
 #         restricted: true
 #         # The sudoers file is optional.
-#         sudoers_template: 'roles/edxapp/templates/etc/sudoers.d/99-automator-edxapp-server.j2'
+#         sudoers_template: '99-edxapp-manage-cmds.j2'
 #         authorized_keys:
 #         - ssh-rsa abcdef...
 #         - ssh-rsa ghiklm...
+#
+#       # More users passed to the role, this one is a user
+#       # with full sudo, key fetched from github
 #       - name: frank
 #         github: true
 #         admin: true
 #
+#       # This user is a normal login user without sudo, with
+#       # a couple keys passed in as parameters
 #       - name: sally
 #         authorized_keys:
 #         - ssh-rsa abcdef...
 #         - ssh-rsa ghiklm...
 #
-# Set user_rbash_links for links to be set in the restricted
+# By default for restricted users we only allow sudo, if you
-# user's bin dir by default we only allow /usr/bin/sudo
+# want to provide more binaries add them to user_rbash_links
+# which can be passed in as a paramter to the role.
 #
 - fail: you must pass in a user_info parameter to this role