Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6561

PUP-6099 breaks mounted filesystem permissions

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: PUP 4.5.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:

      Description

      Because one can only manage a file resource ONCE, PUP-6099 causes scenarios with mounted filesystems to break.

      Consider the following scenario:

      {{

      include lvm

      file

      { ['/apps'] : ensure => directory, owner => nobody, group => nobody, mode => '0700', }

      physical_volume

      { '/dev/sdb': ensure => present, }

      volume_group

      { 'vg0': ensure => present, physical_volumes => '/dev/sdb', }

      lvm::logical_volume { 'apps':
      volume_group => 'vg0',
      size => '1G',
      fs_type => 'ext3',
      mountpath_require => false,
      #before => File['/apps'], #This is the desired effect, but causes a cyclical dependency.
      {
      }

      }}
      With the above code, the permissions on /apps are not set correctly as described in the file resource until the next puppet run, in which case /apps may be unavailable or have security issues or ??? for half an hour by default.

      To address the issue, the user may feel the need to do silly things, such as this:

      {{

      lvm::logical_volume

      { 'apps': volume_group => 'vg0', size => '1G', fs_type => 'ext3', mountpath_require => false, }

      ->
      exec

      { '/bin/chown nobody /apps' : }

      ->
      exec

      { '/bin/chgrp nobody /apps' : }

      ->
      exec

      { '/bin/chmod 0700 /apps' : }

      }}

      I would therefore suggest we come up with a solution that allows us to intelligently address this situation:

      create directory -> mount filesystem -> manage ownership/permissions

      The puppetlabs-lvm module avoids this by using an exec to create the directory, which would then allow a file resource to manage the directory ownership/permissions afterwards.

      Perhaps we could add a parameter that defaults to current behavior, that if toggled would not auto require the parent directory?

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  kylo Kylo Ginsberg
                  Reporter:
                  paul.anderson Paul Anderson
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Zendesk Support