search

aristanetworks / avd

Arista Validated Designs
https://avd.arista.com
Apache License 2.0
251 stars 186 forks source link

File permissions on intended config and doc files #4157

Open rich9474 opened 4 days ago

rich9474 commented 4 days ago

Issue Summary

for every build run, any files that have been pulled from git that have had a change from someone else have the perms 0644, when I run the build playbook, I get a lot of change messages as part of the [arista.avd.eos_cli_config_gen : Generate eos intended configuration] and [arista.avd.eos_cli_config_gen : Generate device documentation] tasks.

I think this is due to the default perms git gives files, vs the perms that arista ansible avd is setting. I see that the mode is set to 0664 in a lot of places in the arista.avd collection.

Ideally I would like to not see a change for hosts that have not got a config change. This file perms change is masking that.

The umask on the system is set to 0022, which is our company default, and I think generally the system default on most distributions. Would it be more sensible to have the permissions in AVD set to 0644 which would align with system umask defaults?

Which component(s) of AVD impacted

[arista.avd.eos_cli_config_gen : Generate eos intended configuration] [arista.avd.eos_cli_config_gen : Generate device documentation]

How do you run AVD ?

Ansible CLI (with virtual-env or native python)

Steps to reproduce

1. git pull the repo that someone else has changed some host config on, built and committed.
2. run the build locally

Relevant log output

changed: [lotnlom208 -> localhost]
--- before
+++ after
@@ -1,2 +1,2 @@
-mode: '0644'
+mode: '0664'
 path: /data/home/rhall/git/ansible-avd/inventory/prod/documentation/devices/lotnlom2a.md

Contributing Guide

ClausHolbechArista commented 3 days ago

Today the the changed mode is also considered a change, so the file will be updated. It is the first time I have heard about issues with this, so I do not agree it is a general issue as such. My suggestion would be a configuration knob to control the mode of the generated artifacts. I think this might have been changed/fixed as part of the recent refactoring of eos_cli_config_gen, so if you could run a test with 4.9.0-dev1 (remember to install updated python dependencies).