Jira (PUP-10325) Custom file mode for lastrunreport as defined in puppet.conf is ignored

16 views
Skip to first unread message

Josh Behrends (Jira)

unread,
Mar 2, 2020, 7:25:03 PM3/2/20
to puppe...@googlegroups.com
Josh Behrends created an issue
 
Puppet / Bug PUP-10325
Custom file mode for lastrunreport as defined in puppet.conf is ignored
Issue Type: Bug Bug
Affects Versions: PUP 6.13.0
Assignee: Unassigned
Created: 2020/03/02 4:24 PM
Priority: Normal Normal
Reporter: Josh Behrends

Puppet Version: 6.13.0
Puppet Server Version: 6.7.1
OS Name/Version: CentOS Linux release 7.7.1908 (Core)

 

We just attempted to upgrade puppet agent from 6.8.1 to 6.13.0 and found that after the upgrade the file permissions on the "lastrunreport" file were reset and not honored to what was defined in our puppet.conf:

Example:

[agent]
 
  lastrunreport = /var/tmp/puppet/last_run_report.yaml { mode = 0664 }
 
  lastrunfile = /var/tmp/puppet/last_run_summary.yaml { mode = 0664 }

 

Desired Behavior:

Permissions should match what's defined in puppet.conf:

 

$ ls -lah
 
total 856K
 
drwxr-xr-x. 2 root root 61 Feb 28 21:20 .
 
drwxrwxrwt. 6 root root 4.0K Feb 28 14:32 ..
 
-rw-rw-r--. 1 root root 848K Feb 28 21:20 last_run_report.yaml
 
-rw-rw-r--. 1 root root 1.7K Feb 28 21:20 last_run_summary.yaml
 
$

Both files have a mode of 664

 

 

Actual Behavior:

In reality, after the upgrade the file permissions will be correct if the puppet service is restarted... But after a manual, or scheduled run (by the service daemon) the file permissions will be incorrect:

$ ls -lah
 
total 856K
 
drwxr-xr-x. 2 root root   61 Feb 28 21:20 .
 
drwxrwxrwt. 6 root root 4.0K Feb 28 14:32 ..
 
-rw-rw----. 1 root root 848K Feb 28 21:20 last_run_report.yaml
 
-rw-rw-r--. 1 root root 1.7K Feb 28 21:20 last_run_summary.yaml
 
$

Notice that last_run_report.yaml has a mode of 660 when it should be 664

 

 
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Josh Cooper (Jira)

unread,
Mar 4, 2020, 2:02:03 PM3/4/20
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-10325
 
Re: Custom file mode for lastrunreport as defined in puppet.conf is ignored

I can reproduce also:

# puppet agent -t --debug | grep last_run
 
Debug: Using settings: adding file resource 'lastrunfile': 'File[/var/tmp/puppet/last_run_summary.yaml]{:path=>"/var/tmp/puppet/last_run_summary.yaml", :mode=>"664", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}'
 
Debug: Using settings: adding file resource 'lastrunreport': 'File[/var/tmp/puppet/last_run_report.yaml]{:path=>"/var/tmp/puppet/last_run_report.yaml", :mode=>"664", :ensure=>:file, :loglevel=>:debug, :links=>:follow, :backup=>false}'
 
Debug: /File[/var/tmp/puppet/last_run_report.yaml]/mode: mode changed '0660' to '0664'
 
# ls -la /var/tmp/puppet/last_run_report.yaml
 
-rw-rw---- 1 root root 173233 Mar  4 18:28 /var/tmp/puppet/last_run_report.yaml

Josh Cooper (Jira)

unread,
Mar 4, 2020, 2:06:03 PM3/4/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
 
Change By: Josh Cooper
Team: Night's Watch

Josh Cooper (Jira)

unread,
Mar 4, 2020, 2:06:03 PM3/4/20
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-10325
 
Re: Custom file mode for lastrunreport as defined in puppet.conf is ignored 

# git bisect start 6.13.0 6.8.1
 
Bisecting: a merge base must be tested
 
[c956ad95fcdd9aabb28e196b55d1f112b5944777] (packaging) Updating manpage file for master
 
# git bisect run ./gitcheck.rb
 
running ./gitcheck.rb
 
world readable
 
Bisecting: 464 revisions left to test after this (roughly 9 steps)
 
[0e948b8072b5aadbd04a54069f665f544d6373ff] (PUP-10033) Thread ssl_context from service to client
 
running ./gitcheck.rb
 
world readable
 
Bisecting: 230 revisions left to test after this (roughly 8 steps)
 
[a17761d60b2e5d42cc01a36e1d6ba3d790c9dcf8] Merge remote-tracking branch 'upstream/6.4.x'
 
running ./gitcheck.rb
 
world readable
 
Bisecting: 115 revisions left to test after this (roughly 7 steps)
 
[dfc5ff60d0a1df73ec9b099e11f57b8c4c71f818] Merge pull request #7939 from joshcooper/delete_sync
 
running ./gitcheck.rb
 
world readable
 
Bisecting: 57 revisions left to test after this (roughly 6 steps)
 
[d84a1f7a44f4424586729e576897c84a1498d29f] (PUP-10267) Eliminate need to pass mount and path separately
 
running ./gitcheck.rb
 
not world readable
 
Bisecting: 28 revisions left to test after this (roughly 5 steps)
 
[f8b03bab3425df2ef86231e11f9c6ff04e68594e] (PUP-10256) Add `versioned_environment_dirs` feature flag
 
running ./gitcheck.rb
 
not world readable
 
Bisecting: 13 revisions left to test after this (roughly 4 steps)
 
[695a6c210e14265de79885d0d46edf96dabb7ee4] (PUP-10171) Support changing package flavors (#7906)
 
running ./gitcheck.rb
 
world readable
 
Bisecting: 6 revisions left to test after this (roughly 3 steps)
 
[b0b6410bc659977382a2ca7fc232802d0c7c31b4] (PUP-10247) Only try to match strings in file log destination
 
running ./gitcheck.rb
 
not world readable
 
Bisecting: 3 revisions left to test after this (roughly 2 steps)
 
[b3dafffe774844ec68aadc0f1dec7c25c90f201f] Merge pull request #7807 from gimmyxd/PUP-9719_6.4.x
 
running ./gitcheck.rb
 
not world readable
 
Bisecting: 1 revision left to test after this (roughly 1 step)
 
[e4a5940d4c1113ee6b7ef28358f4f40021820459] (maint) Merge up 65eb24c to 6.4.x
 
running ./gitcheck.rb
 
world readable
 
Bisecting: 0 revisions left to test after this (roughly 0 steps)
 
[2ec4c89073d994fbee9b0abe4bfd16bcd66855f7] (PUP-9719) Fix Administrators Group Windows Permissions
 
running ./gitcheck.rb
 
not world readable
 
2ec4c89073d994fbee9b0abe4bfd16bcd66855f7 is the first bad commit
 
commit 2ec4c89073d994fbee9b0abe4bfd16bcd66855f7
 
Author: gimmy <gheorghe...@puppet.com>
 
Date:   Mon Oct 28 13:36:20 2019 +0200
 
 
 
    (PUP-9719) Fix Administrators Group Windows Permissions
 
 
 
:040000 040000 81183175a45b5eeb4bd32bac44e34936ac49f69a 0decaf1b6649c2b585fa4f6f035618f09493a983 M	acceptance
 
:040000 040000 90b91f5fe880862a66cdeb219a9b238c99b0adde 42267c954672969e5cdd92e903c871d2146f2a58 M	lib
 
:040000 040000 3e80b44b03bdff3cd0a6f87d6bfbeee7598b48eb 421583154625cf16b14419d3398adfd9e0a4420d M	spec
 
bisect run success

where gitcheck.rb contains:

#!/usr/bin/env ruby
 
 
 
`bundle update && bundle exec puppet agent -t`
 
 
 
if File.world_readable?("/var/tmp/puppet/last_run_report.yaml")
 
  puts "world readable"
 
  exit 0
 
else
 
  puts "not world readable"
 
  exit 1
 
end

The issue is Puppet::FileSystem.replace_file always enforces the mode that is passed to it, whereas Puppet::Util.replace_file only applies the mode when creating a new file. To resolve this, the various json and yaml based termini should override the Terminus#save method to enforce the mode that makes sense for that kind of model (eg Report), based on the corresponding puppet setting.

Mihai Buzgau (Jira)

unread,
Mar 5, 2020, 3:32:03 AM3/5/20
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
 
Change By: Mihai Buzgau
Sprint: NW - 2020-03-17

Mihai Buzgau (Jira)

unread,
Mar 5, 2020, 4:12:03 AM3/5/20
to puppe...@googlegroups.com
Mihai Buzgau updated an issue
Change By: Mihai Buzgau
Story Points: 2

Gheorghe Popescu (Jira)

unread,
Mar 5, 2020, 6:38:03 AM3/5/20
to puppe...@googlegroups.com
Gheorghe Popescu assigned an issue to Gheorghe Popescu
Change By: Gheorghe Popescu
Assignee: Gheorghe Popescu

Gabriel Nagy (Jira)

unread,
Apr 23, 2020, 8:09:03 AM4/23/20
to puppe...@googlegroups.com
Gabriel Nagy updated an issue
Change By: Gabriel Nagy
Fix Version/s: PUP 6.15.0

Gheorghe Popescu (Jira)

unread,
Apr 23, 2020, 8:09:03 AM4/23/20
to puppe...@googlegroups.com
Gheorghe Popescu updated an issue
Change By: Gheorghe Popescu
Release Notes Summary: Fixed a bug introduced in 6.13.0 where the mode for "lastrunreport" file was reset and not honoured to what was defined in puppet.conf.

Gheorghe Popescu (Jira)

unread,
Apr 23, 2020, 8:09:04 AM4/23/20
to puppe...@googlegroups.com
Gheorghe Popescu updated an issue
Change By: Gheorghe Popescu
Comment: Fixed a bug introduced in 6.13.0 where the mode for "lastrunreport" file was reset and not honoured to what was defined in puppet.conf:

Claire Cadman (Jira)

unread,
Apr 27, 2020, 7:02:03 AM4/27/20
to puppe...@googlegroups.com
Claire Cadman updated an issue
Change By: Claire Cadman
Labels: doc_reviewed
Reply all
Reply to author
Forward
0 new messages