Puppet Class: mediawiki::users
- Defined in:
- modules/mediawiki/manifests/users.pp
Overview
Class: mediawiki::users
Provisions system accounts for running, deploying and updating MediaWiki.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'modules/mediawiki/manifests/users.pp', line 6
class mediawiki::users(
String $web = 'www-data',
Optional[Array[String]] $extra_privileges = [],
) {
# The mwdeploy account is used by various scripts in the MediaWiki
# deployment process to run rsync.
group { 'mwdeploy':
ensure => present,
system => true,
}
user { 'mwdeploy':
ensure => present,
shell => '/bin/bash',
home => '/var/lib/mwdeploy',
system => true,
managehome => true,
}
ssh::userkey { 'mwdeploy':
content => secret('keyholder/mwdeploy.pub'),
}
# Grant mwdeploy sudo rights to run anything as itself and the apache user.
# This allows MediaWiki deployers to deploy as mwdeploy.
sudo::user { 'mwdeploy':
privileges => [
"ALL = (${web},mwdeploy) NOPASSWD: ALL",
'ALL = (root) NOPASSWD: /usr/sbin/service apache2 start',
'ALL = (root) NOPASSWD: /usr/sbin/apache2ctl graceful-stop',
]+$extra_privileges,
}
}
|