Merge "Added mirroring of salt-formulas/salt-formulas repo, script approvals updated"
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index 711f42a..aae2d67 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -32,6 +32,9 @@
- addedContains:
commentAddedCommentContains: '(recheck|reverify)'
param:
+ COMPOSE_PATH:
+ type: string
+ default: "docker/stack/docker-compose.yml"
CREDENTIALS_ID:
type: string
default: "gerrit"
diff --git a/linux/system/sudo.yml b/linux/system/sudo.yml
index 1668c12..8f03f7d 100644
--- a/linux/system/sudo.yml
+++ b/linux/system/sudo.yml
@@ -23,7 +23,21 @@
- /usr/sbin/visudo
sudo_coreutils_safe:
- /usr/bin/less
+ - /usr/bin/grep
+ - /usr/bin/fgrep
+ - /usr/bin/egrep
+ - /usr/bin/zgrep
+ - /usr/bin/tail
+ - /usr/bin/socat
+ - /usr/bin/top
+ - /usr/bin/tail
+ - /usr/bin/lsof
+ - /usr/bin/virsh
+ - /bin/ls
+ - /bin/cp
+ - /bin/netstat
sudo_rabbitmq_safe:
+ - /usr/sbin/rabbitmqctl
- /usr/sbin/rabbitmqctl status
- /usr/sbin/rabbitmqctl cluster_status
- /usr/sbin/rabbitmqctl list_queues*
@@ -41,3 +55,42 @@
- /usr/bin/salt-call saltutil*
sudo_salt_trusted:
- /usr/bin/salt*
+ sudo_networking:
+ - /sbin/ip
+ - /sbin/ss
+ - /sbin/ifconfig
+ - /sbin/route
+ - /sbin/ethtool
+ - /sbin/tcpdump
+ sudo_contrail_utilities:
+ - /usr/bin/contrail*
+ - /bin/contrail*
+ - /usr/bin/vif
+ - /usr/bin/flow
+ - /usr/bin/vrfstats
+ - /usr/bin/rt
+ - /usr/bin/dropstats
+ - /usr/bin/mpls
+ - /usr/bin/mirror
+ - /usr/bin/vxlan
+ - /usr/bin/nh
+ sudo_storage_utilities:
+ - /usr/bin/ceph*
+ - /usr/bin/rados*
+ - /usr/bin/rbd
+ - /usr/sbin/gluster
+ sudo_openstack_clients:
+ - /usr/bin/openstack
+ - /usr/bin/heat*
+ - /usr/bin/nova*
+ - /usr/bin/neutron*
+ - /usr/bin/keystone*
+ - /usr/bin/glance*
+ - /usr/bin/cinder*
+ - /usr/bin/swift*
+ - /usr/bin/ironic*
+ - /usr/bin/manila*
+ - /usr/bin/barbican*
+ - /usr/bin/ceilometer*
+ - /usr/bin/trove*
+
diff --git a/openssh/server/team/k8s_team.yml b/openssh/server/team/k8s_team.yml
index c46a2a0..36f3252 100644
--- a/openssh/server/team/k8s_team.yml
+++ b/openssh/server/team/k8s_team.yml
@@ -72,6 +72,13 @@
full_name: Stan Lagun
home: /home/slagun
email: slagun@mirantis.com
+ psiwczak:
+ enabled: true
+ sudo: true
+ name: psiwczak
+ full_name: Piotr Siwczak
+ home: /home/psiwczak
+ email: psiwczak@mirantis.com
openssh:
server:
enabled: true
@@ -147,3 +154,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0IKYIbf05K67En++os8mfi2XYTCHp5ex+KBy4Y7NqAXC3J+hnqgcMry9sHtqVJ+O6do7bCRY7sjgnWosm6TxEupxMCs+euViT3VFvQlszAvj4v/xrAu0IwUUiqA0Pn9TKCJrHtYKYixkGfNw8IdxShH2FRTh52ufBqlLP5qRhdMP/nOohbNwtk0FAX49UB4AXzcLLkHu+P3gjTkR345CH+iciBGL88rp8qpEEA6QdtEjcgk1tGY3uktJ1tTWBv4ozth6EF9A+kG4yd1Fhwv2JVPRNkcL/xKR7f4i67A9KyyNoFLv4rHfXXPOjyproNpz5CZ06V7lJ4jgU/AbyHhLgw== mmosesohn@mattymo1
slagun:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfQtpitSDDfwP1TruBs7Nlim1B2PC8NKu1lOifZGOgGaL4G6CTXJunSoU48ovg0AOks6OPb7DSU9ocLTj6q0qNuPvy4yrsKWS+ZsrywLW5qp3OGfE7wmAWj5AGxNUiUaLAFKhriVV541v57OVw322dDuxQ3YE0P5dkKKBc9Xy3Su7PoDkR029fbQFvSlIsUtrICNGKvMtrTIm8V0EQHZnV7Y44+MMJMRxCMrulHJFmtaKE5uPaRz+eVVsbEOl1jfUA/BQ1WyU52Ol3gvm34kwBStQcnqhKC2CP/5ILVhf+Omylw+mcs58vKbc0Tw6dwFEDaTQlkYHLFZij+Y24HGyr slagun@MacLagun2.local
+ psiwczak:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSHwjVOBC3nVVytH3DAaWEcfrca/cnurIn9K2elf8wn2PSet7q1OddfVTAtYdiG8pai9BX3uHswEu+TinAfgPoEnvKR4wSgk4hVf/W9eCf7xOn1X0fdSnfogQEjdP54Qk+mOmrh1vChcOL/NdBNNxJC6LGHRslVfcGu5ULaasT7EGzItMjUl8hKbbsM8tFX1IW7uRm3fZu4/HiMMaMnm+cPwH9LUB+cOaLEain5WNo0j0OKtpF6Kp53fpqCS6v4z/+wMgx0V2BMMrSla6cq4mL7iLvtufkO467j2ksa9sG8/ADD6Wh89hxkKGqF3yDm+olywNEo+WwTRfZf6Py5Uv
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
index f25149a..266bd15 100644
--- a/openssh/server/team/l1_support.yml
+++ b/openssh/server/team/l1_support.yml
@@ -38,11 +38,19 @@
L1_SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
L1_SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
L1_SUPPORT_RESTRICTED: ${_param:sudo_restricted_su}
+ L1_SUPPORT_NETWORKING: ${_param:sudo_networking}
+ L1_SUPPORT_CONTRAIL: ${_param:sudo_contrail_utilities}
+ L1_SUPPORT_STORAGE: ${_param:sudo_storage_utilities}
+ L1_SUPPORT_OPENSTACK_CLIENTS: ${_param:sudo_openstack_clients}
groups:
support:
commands:
- L1_SUPPORT_SALT
- L1_SUPPORT_COREUTILS
- L1_SUPPORT_RABBITMQ
+ - L1_SUPPORT_NETWORKING
+ - L1_SUPPORT_CONTRAIL
+ - L1_SUPPORT_STORAGE
+ - L1_SUPPORT_OPENSTACK_CLIENTS
- '!L1_SUPPORT_RESTRICTED_SHELLS'
- '!L1_SUPPORT_RESTRICTED'
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 65f1de2..428753d 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -24,3 +24,9 @@
host: ${_param:secmonkey_db_host}
createdb: true
rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (11, 1) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (1, 11, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;