After reimage Puppet order: sudo command failed
Open, MediumPublic
Actions

Assigned To

None

Authored By

	Volans
	Dec 19 2017, 12:25 PM

Description

It seems that recently, after reimaging a host, we get a notification for not-in-sudoers executed command for:

mw1330.eqiad.wmnet : Dec 19 12:16:50 : mwdeploy : user NOT in sudoers ; TTY=unknown ; PWD=/root ; USER=mwdeploy ; COMMAND=/usr/bin/rsync --archive --delete-delay --delay-updates --compress --delete --exclude=**/cache/l10n/*.cdb --exclude=*.swp --no-perms --exclude=**/.git tin.eqiad.wmnet::common /srv/mediawiki

That line is referenced in scap-master-sync and mw-deployment-vars.erb in our puppet. The scap-master-sync does also add a sudo rule to execute the script, so it might be it and that somehow the script, upon the first puppet run after a reimage, is run before the sudoers rule is installed.

Event Timeline

Volans created this task.Dec 19 2017, 12:25 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 19 2017, 12:25 PM

Volans triaged this task as Medium priority.Dec 19 2017, 12:25 PM

• Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 9:39 PM

is this still an issue?

After reimage Puppet order: sudo command failedOpen, MediumPublicActions

Description

Event Timeline

After reimage Puppet order: sudo command failed
Open, MediumPublic
Actions