From ce7ef6536a5e7189357fcb1679733409144b64fe Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Tue, 30 Mar 2021 09:28:06 +1100
Subject: [PATCH] openafs-server-config: install UserList

This was missed during recent updates; this UserList needs to be on
all servers to allow bos, vos and backup commands.

Update the documentation to reflect the centralised copy.

Change-Id: I8ada3d5035bb7ef77b19ce6aaffb48335974a124
---
 doc/source/afs.rst                                    | 9 ++++-----
 playbooks/roles/openafs-server-config/files/UserList  | 9 +++++++++
 playbooks/roles/openafs-server-config/tasks/main.yaml | 1 +
 3 files changed, 14 insertions(+), 5 deletions(-)
 create mode 100644 playbooks/roles/openafs-server-config/files/UserList

diff --git a/doc/source/afs.rst b/doc/source/afs.rst
index f1b2108977..e8c09cb716 100644
--- a/doc/source/afs.rst
+++ b/doc/source/afs.rst
@@ -165,13 +165,12 @@ Adding a Superuser
 Run the following commands to add an existing principal to AFS as a
 superuser::
 
-  bos adduser -server afsdb01.openstack.org -user $USERNAME.admin
-  bos adduser -server afsdb02.openstack.org -user $USERNAME.admin
-  bos adduser -server afs01.dfw.openstack.org -user $USERNAME.admin
-  bos adduser -server afs02.dfw.openstack.org -user $USERNAME.admin
-  bos adduser -server afs01.ord.openstack.org -user $USERNAME.admin
   pts adduser -user $USERNAME.admin -group system:administrators
 
+After this, you should update the
+:git_file:`playbooks/roles/openafs-server-config/files/UserList` file
+to ensure the new username is authorized to issue privileged commands.
+
 Deleting Files
 ~~~~~~~~~~~~~~
 
diff --git a/playbooks/roles/openafs-server-config/files/UserList b/playbooks/roles/openafs-server-config/files/UserList
new file mode 100644
index 0000000000..2efbe19c07
--- /dev/null
+++ b/playbooks/roles/openafs-server-config/files/UserList
@@ -0,0 +1,9 @@
+corvus.admin
+mordred.admin
+fungi.admin
+service.afsadmin
+nibz.admin
+pabelanger.admin
+clarkb.admin
+ianw.admin
+frickler.admin
diff --git a/playbooks/roles/openafs-server-config/tasks/main.yaml b/playbooks/roles/openafs-server-config/tasks/main.yaml
index ba0fcb5178..e53ee8eddb 100644
--- a/playbooks/roles/openafs-server-config/tasks/main.yaml
+++ b/playbooks/roles/openafs-server-config/tasks/main.yaml
@@ -24,6 +24,7 @@
   loop:
     - CellServDB
     - ThisCell
+    - UserList
 
 - name: Install rxkad.keytab
   shell: 'echo "{{ openafs_server_rxkad_keytab }}" | base64 -d > /etc/openafs/server/rxkad.keytab'