remove the aaa::allow_sudoers_d option

2024-03-12 11:34:12 +01:00
parent b6a424727d
commit 8e1be8f7f5
4 changed files with 2 additions and 16 deletions
--- a/admin-guide/configuration/sudo.md
+++ b/admin-guide/configuration/sudo.md
@@ -8,4 +8,4 @@ aaa::sudo_rules:
   - 'telegraf ALL=(root) NOPASSWD: /usr/lib/telegraf/scripts/nxserver_report.sh'
 ```

-Beside that, if `aaa::allow_sudoers_d` is set to `true` (which is the default), you might also simply deploy a file to /etc/sudoers.d e.g. via a technique described in [Distribute Files](distribute_files).
+Beside that you might also simply deploy a file to /etc/sudoers.d e.g. via a technique described in [Distribute Files](distribute_files).
--- a/admin-guide/puppet/profiles/aaa.rst
+++ b/admin-guide/puppet/profiles/aaa.rst
@@ -16,7 +16,6 @@ Parameters
 **Name**                         **Type**  **Default**
 -------------------------------  --------  --------------------------------------------------------------
 admins                           list      hiera_array('aaa::admins')
-allow_sudoers_d                  bool      hiera('aaa::allow_sudoers_d')
 bastions                         list      hiera('aaa::bastions')
 cache_creds                      bool      hiera('aaa::cache_creds')
 create_homes                     bool      hiera('aaa::create_homes')
@@ -56,13 +55,6 @@ Example::
 Also see `users`_.


-``allow_sudoers_d``
-~~~~~~~~~~~~~~~~~~~
-
-This boolean controls whether the files in ``/etc/sudoers.d`` are taken
-into account by sudo.
-
-
 ``bastions``
 ~~~~~~~~~~~~

--- a/admin-guide/puppet/profiles/icinga/client.rst
+++ b/admin-guide/puppet/profiles/icinga/client.rst
@@ -8,12 +8,6 @@ This profile installs and configured the ``nrpe`` service:
  * Allows to configure the ``nrpe.cfg`` file with the ``icinga::client::servers`` setting which defaults to ``[ 'emonma00.psi.ch','wmonag00.psi.ch','emonag00.psi.ch' ]`` (default value on fresh *nrpe* installations)
  * SELinux policy setup to allow ``nagios_run_sudo``.

-Is strictly important to set up ``aaa::allow_sudoers_d`` to ``true``::
-  ``aaa::allow_sudoers_d: true``
-
-By setting ``allow_sudoers_d`` to ``true``, we enable by default the
-use of the directory ``/etc/sudoers.d/``. This will required for some Nagios
-alarms.

 Parameters
 ----------
--- a/admin-guide/puppet/roles/base.rst
+++ b/admin-guide/puppet/roles/base.rst
@@ -349,7 +349,7 @@ This can be used to customize some of the basic profiles::
    }

    class {'profile::aaa':
-      allow_sudoers_d => true,
+      support_nx => true,
    }

    ...