Details
Normal Description
Puppet Version: 5.5.3
Puppet Server Version: 5.3.3
OS Name/Version: RHEL 7
We're managing /etc/puppetlabs/code/environments/production by r10k with a dedicated non-root user for security reasons.
Now the puppet-agent package owns /etc/puppetlabs/code/environments and some files and folders below.
On every puppet-agent upgrade directories in the production env will be owned and grouped into root again and r10k has no more permissions to change.
Also files marked as config-files get added with *.rpmnew extension owned by root. But these can be deleted if the containing directories are owned by the non-root user.
List of files and directories owned by puppet-agent rpm:
[root@79a996617dea /]# rpm -ql puppet-agent | grep /etc/puppetlabs/code/environments
|
/etc/puppetlabs/code/environments
|
/etc/puppetlabs/code/environments/production
|
/etc/puppetlabs/code/environments/production/data
|
/etc/puppetlabs/code/environments/production/environment.conf
|
/etc/puppetlabs/code/environments/production/hiera.yaml
|
/etc/puppetlabs/code/environments/production/manifests
|
/etc/puppetlabs/code/environments/production/modules
|
Desired Behavior:
puppet-agent should not reset owner/group of directories in /etc/puppetlabs/code/environments
Actual Behavior:
puppet-agent rpm upgrade resets ownership and group of directories in /etc/puppetlabs/code/environments/production
