Those seem to have been created April 2013 and earlier; they should be removed as to not confuse the upcoming tool usernames change.
Version: unspecified
Severity: normal
Those seem to have been created April 2013 and earlier; they should be removed as to not confuse the upcoming tool usernames change.
Version: unspecified
Severity: normal
... and /etc/sudoers.d/tools-{dev,login} (configuration for the above to work on the respective hosts) as well.
(In reply to comment #1)
Deleted /data/project/.system/sudoers; all entries also in LDAP.
Yes, but only as rules for the new service group system; no old ones, and so broke "become" for the affected tools.
I'll diff [[wikitech:Special:NovaServiceGroup]] and [[wikitech:Special:NovaSudoer]] to create a list of affected tools, deploy a hot fix to /etc/sudoers.d and submit a change to Puppet.
List of affected tools:
Change 112666 had a related patch set uploaded by Tim Landscheidt:
Tools: Work around missing LDAP sudo rules
Change 112666 abandoned by Tim Landscheidt:
Tools: Work around missing LDAP sudo rules
Reason:
In eqiad no longer necessary.