A file mode change is reported inaccurately, for example, if the desired file mode value is '0640' and the actual value is '0660', the 'desired_value' is reported as '640', i.e. losing the leading zero.
We can observe this behaviour in PE 2016.4 (with puppet 4.10.1) and later but we didn't dive deeper in history, so this bug might have been there even since much older versions.
Here's a snippet of a real report containing a trimmed file mode value in the event:
File[pe-internal-mcollective-servers.cert.pem]: !ruby/object:Puppet::Resource::Status
|
title: pe-internal-mcollective-servers.cert.pem
|
file: "/opt/puppetlabs/puppet/modules/puppet_enterprise/manifests/master/keypair.pp"
|
line: 30
|
resource: File[pe-internal-mcollective-servers.cert.pem]
|
resource_type: File
|
containment_path:
|
- Stage[main]
|
- Puppet_enterprise::Profile::Master::Mcollective
|
- Puppet_enterprise::Master::Keypair[pe-internal-mcollective-servers]
|
- File[pe-internal-mcollective-servers.cert.pem]
|
evaluation_time: 0.002628581
|
tags:
|
- file
|
- pe-internal-mcollective-servers.cert.pem
|
- puppet_enterprise::master::keypair
|
- puppet_enterprise
|
- master
|
- keypair
|
- pe-internal-mcollective-servers
|
- class
|
- puppet_enterprise::profile::master::mcollective
|
- profile
|
- mcollective
|
- node
|
- default
|
time: '2017-04-28T11:07:47.359181163+00:00'
|
failed: false
|
changed: true
|
out_of_sync: true
|
skipped: false
|
change_count: 1
|
out_of_sync_count: 1
|
events:
|
- !ruby/object:Puppet::Transaction::Event
|
audited: false
|
property: mode
|
previous_value: '0660'
|
desired_value: '640'
|
historical_value:
|
message: mode changed '0660' to '0640'
|
name: :mode_changed
|
status: success
|
time: 2017-04-28 11:07:47.360815071 +00:00
|
redacted:
|
corrective_change: true
|
corrective_change: true
|
This is the related puppet manifest that does contain the leading zero:
define puppet_enterprise::master::keypair(
|
$keypair_name = $title,
|
){
|
File {
|
owner => $puppet_enterprise::params::puppet_user,
|
group => $puppet_enterprise::params::puppet_group,
|
mode => '0640',
|
require => Package['pe-puppetserver'],
|
}
|
|
$cert_dir = "${puppet_enterprise::params::ssl_dir}/certs"
|
$private_key_dir = "${puppet_enterprise::params::ssl_dir}/private_keys"
|
$public_key_dir = "${puppet_enterprise::params::ssl_dir}/public_keys"
|
|
file { "${keypair_name}.cert.pem":
|
path => "${cert_dir}/${keypair_name}.pem",
|
content => file("${cert_dir}/${keypair_name}.pem", '/dev/null'),
|
}
|
|
file { "${keypair_name}.private_key.pem":
|
path => "${private_key_dir}/${keypair_name}.pem",
|
content => Sensitive(file("${private_key_dir}/${keypair_name}.pem", '/dev/null')),
|
}
|
|
file { "${keypair_name}.public_key.pem":
|
path => "${public_key_dir}/${keypair_name}.pem",
|
content => file("${public_key_dir}/${keypair_name}.pem", '/dev/null'),
|
}
|
}
|
|