| classes: |
| - system.linux.system.sudo |
| # L1 |
| - system.openssh.server.team.members.aleksandrdobdin |
| - system.openssh.server.team.members.aleksandrrubtsov |
| - system.openssh.server.team.members.anatoliineliubin |
| - system.openssh.server.team.members.antonrodionov |
| - system.openssh.server.team.members.collinmay |
| - system.openssh.server.team.members.danilakhmetov |
| - system.openssh.server.team.members.deniskostriukov |
| - system.openssh.server.team.members.dmitrygoloshubov |
| - system.openssh.server.team.members.javierdiaz |
| - system.openssh.server.team.members.jorgesorondo |
| - system.openssh.server.team.members.josuepalmerin |
| - system.openssh.server.team.members.krzysztoffranckowski |
| - system.openssh.server.team.members.matthewroark |
| - system.openssh.server.team.members.maximefimov |
| - system.openssh.server.team.members.mikhailkraynov |
| - system.openssh.server.team.members.renesoto |
| - system.openssh.server.team.members.rsafonov |
| - system.openssh.server.team.members.scottmachtmes |
| - system.openssh.server.team.members.zahedkhurasani |
| # L2OPS |
| - system.openssh.server.team.members.aepifanov |
| - system.openssh.server.team.members.apetrenko |
| - system.openssh.server.team.members.atarasov |
| - system.openssh.server.team.members.dklepikov |
| - system.openssh.server.team.members.dsutyagin |
| - system.openssh.server.team.members.ekozhemyakin |
| - system.openssh.server.team.members.enikanorov |
| - system.openssh.server.team.members.fsoppelsa |
| - system.openssh.server.team.members.manashkin |
| - system.openssh.server.team.members.nkondra |
| - system.openssh.server.team.members.nkabanova |
| - system.openssh.server.team.members.obryndzii |
| - system.openssh.server.team.members.oliemieshko |
| - system.openssh.server.team.members.sovsianikov |
| - system.openssh.server.team.members.cade |
| - system.openssh.server.team.members.jmosher |
| - system.openssh.server.team.members.ecantwell |
| - system.openssh.server.team.members.lmercl |
| - system.openssh.server.team.members.osmola |
| - system.openssh.server.team.members.pcizinsky |
| - system.openssh.server.team.members.pmathews |
| - system.openssh.server.team.members.pmichalec |
| parameters: |
| _param: |
| linux_system_user_sudo: true |
| linux: |
| system: |
| group: |
| supportl1: |
| enabled: false |
| name: supportl1 |
| supportl2: |
| enabled: false |
| name: supportl2 |
| support0: |
| enabled: false |
| name: support0 |
| support1: |
| enabled: false |
| name: support1 |
| support2: |
| enabled: false |
| name: support2 |
| support3: |
| enabled: true |
| name: support3 |
| addusers: |
| # L1 |
| - ${linux:system:user:adobdin:name} |
| - ${linux:system:user:arubtsov:name} |
| - ${linux:system:user:aneliubin:name} |
| - ${linux:system:user:arodionov:name} |
| - ${linux:system:user:cmay:name} |
| - ${linux:system:user:dakhmetov:name} |
| - ${linux:system:user:dkostriukov:name} |
| - ${linux:system:user:dgoloshubov:name} |
| - ${linux:system:user:jdiaz:name} |
| - ${linux:system:user:jpalmerin:name} |
| - ${linux:system:user:kfranckowski:name} |
| - ${linux:system:user:mroark:name} |
| - ${linux:system:user:mefimov:name} |
| - ${linux:system:user:mkraynov:name} |
| - ${linux:system:user:nkabanova:name} |
| - ${linux:system:user:rsoto:name} |
| - ${linux:system:user:rsafonov:name} |
| # L2OPS |
| - ${linux:system:user:aepifanov:name} |
| - ${linux:system:user:apetrenko:name} |
| - ${linux:system:user:atarasov:name} |
| - ${linux:system:user:dklepikov:name} |
| - ${linux:system:user:dsutyagin:name} |
| - ${linux:system:user:ekozhemyakin:name} |
| - ${linux:system:user:enikanorov:name} |
| - ${linux:system:user:fsoppelsa:name} |
| - ${linux:system:user:manashkin:name} |
| - ${linux:system:user:nkondra:name} |
| - ${linux:system:user:nkabanova:name} |
| - ${linux:system:user:obryndzii:name} |
| - ${linux:system:user:oliemieshko:name} |
| - ${linux:system:user:sovsianikov:name} |
| - ${linux:system:user:pmichalec:name} |
| - ${linux:system:user:pcizinsky:name} |
| - ${linux:system:user:osmola:name} |
| - ${linux:system:user:jmosher:name} |
| - ${linux:system:user:lmercl:name} |
| sudo: |
| enabled: true |
| aliases: |
| command: |
| SUPPORT_SALT: ${_param:sudo_salt_safe} |
| SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted} |
| SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells} |
| SUPPORT_RESTRICTED_SU: ${_param:sudo_restricted_su} |
| SUPPORT_COREUTILS: ${_param:sudo_coreutils_safe} |
| SUPPORT_RABBITMQ: ${_param:sudo_rabbitmq_safe} |
| SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted} |
| SUPPORT_NETWORKING: ${_param:sudo_networking} |
| SUPPORT_CONTRAIL: ${_param:sudo_contrail_utilities} |
| SUPPORT_STORAGE: ${_param:sudo_storage_utilities} |
| SUPPORT_OPENSTACK_CLIENTS: ${_param:sudo_openstack_clients} |
| groups: |
| support0: |
| # This group should have only RO access to non-sensitive data and commands |
| # assumed usage: common operations, non experienced, non technical users. |
| commands: |
| - SUPPORT_SALT |
| - '!SUPPORT_RESTRICTED_SHELLS' |
| - '!SUPPORT_RESTRICTED_SU' |
| support1: |
| # This group should have access to safe, trusted, commands |
| commands: |
| - SUPPORT_SALT |
| - SUPPORT_COREUTILS |
| - SUPPORT_RABBITMQ |
| - SUPPORT_NETWORKING |
| - SUPPORT_CONTRAIL |
| - SUPPORT_STORAGE |
| - SUPPORT_OPENSTACK_CLIENTS |
| - '!SUPPORT_RESTRICTED_SHELLS' |
| - '!SUPPORT_RESTRICTED_SU' |
| support2: |
| # This group should have access to any command using sudo |
| commands: |
| - SUPPORT_SALT |
| - SUPPORT_SALT_TRUSTED |
| - SUPPORT_COREUTILS |
| - SUPPORT_RABBITMQ |
| - SUPPORT_NETWORKING |
| - SUPPORT_CONTRAIL |
| - SUPPORT_STORAGE |
| - SUPPORT_OPENSTACK_CLIENTS |
| - '!SUPPORT_RESTRICTED_SHELLS' |
| - '!SUPPORT_RESTRICTED_SU' |
| support3: |
| # It's never safe to run unlimited number of commands with sudo. |
| # Use with caution. |
| setenv: true |
| commands: |
| - ALL |