Page MenuHomePhabricator

Make clush safer
Open, LowPublic

Description

AFAIUI, currently clush works by sudoing to root, then sshing (standard protocol) into the selected instances as clushuser, then (if necessary) sudoing from clushuser to root.

We already have set up Toolforge so that every member of the tools.admin group can ssh into any host, and HBA should be working between instances in the Toolforge project as well.

i would prefer if we could switch clush to (for example) ssh as the logged-in user with HBA to the selected instances. There, if necessary, sudo can be used as normal. Thus, there would be less root involved when it is not needed and we could remove role::toollabs::clush::target's:

# Give it complete sudo rights
sudo::user { 'clushuser':
    ensure     => present,
    privileges => ['ALL = (ALL) NOPASSWD: ALL'],
}